[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Feb 18 11:08:44 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3000730 by Moritz Muehlenhoff at 2019-02-18T11:08:22Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,15 +9,15 @@ CVE-2019-8438
 CVE-2019-8437
 	RESERVED
 CVE-2019-8436 (imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2019-8435 (admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. ...)
-	TODO: check
+	NOT-FOR-US: PHPMyWind
 CVE-2019-8434 (In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. ...)
-	TODO: check
+	NOT-FOR-US: CmsEasy
 CVE-2019-8433 (JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the ...)
-	TODO: check
+	NOT-FOR-US: JTBC(PHP)
 CVE-2019-8432 (In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. ...)
-	TODO: check
+	NOT-FOR-US: CmsEasy
 CVE-2019-8431
 	RESERVED
 CVE-2019-8430
@@ -37,15 +37,15 @@ CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.ph
 CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the ...)
 	TODO: check
 CVE-2019-8422 (A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2019-8421 (upload/protected/modules/admini/views/post/index.php in BageCMS through ...)
-	TODO: check
+	NOT-FOR-US: BageCMS
 CVE-2019-8420
 	RESERVED
 CVE-2019-8419 (VNote 2.2 has XSS via a new text note. ...)
-	TODO: check
+	NOT-FOR-US: VNote
 CVE-2019-8418 (SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2019-8417
 	RESERVED
 CVE-2019-8416
@@ -1677,7 +1677,7 @@ CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 h
 	NOTE: Debian specific issue as respective scripts are overwritten in Debian
 	NOTE: packaging as wrappers invoking python -m.
 CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies ...)
-	TODO: check
+	NOT-FOR-US: CMSWing
 CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in Hotels_Server ...)
 	NOT-FOR-US: Hotels_Server
 CVE-2019-7647
@@ -220370,7 +220370,7 @@ CVE-2013-2518
 CVE-2013-2517
 	REJECTED
 CVE-2013-2516 (Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command ...)
-	TODO: check
+	- ruby-fileutils <itp> (bug #900515)
 CVE-2013-2515
 	RESERVED
 CVE-2013-2514



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3000730fd11ee1763f32458587eb651515f60be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3000730fd11ee1763f32458587eb651515f60be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190218/c49f161a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list