[Git][security-tracker-team/security-tracker][master] Move some older NFUs associated with Apache Airflow to itp tagged entry

Wed Feb 27 20:19:17 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
117d6306 by Salvatore Bonaccorso at 2019-02-27T20:17:37Z
Move some older NFUs associated with Apache Airflow to itp tagged entry

Apache Airflow CVEs were marked as NFU previously but there is an
ITP/RFP for src:airflow corresponding to the Apache Airflow. Update the
older entries and cross-checked with CVEs on masterlist from MITRE
associated with 'Apache Airflow'.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14566,7 +14566,7 @@ CVE-2018-20247 (In Foxit Quick PDF Library (all versions prior to 16.12), issue
 CVE-2018-20246
 	REJECTED
 CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior ...)
-	NOT-FOR-US: Apache Airflow
+	- airflow <itp> (bug #819700)
 CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could edit the ...)
 	- airflow <itp> (bug #819700)
 CVE-2018-20243
@@ -67034,9 +67034,9 @@ CVE-2017-17838
 CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...)
 	NOT-FOR-US: Apache DeltaSpike-JSF module
 CVE-2017-17836 (In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature ...)
-	NOT-FOR-US: Apache Airflow
+	- airflow <itp> (bug #819700)
 CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for ...)
-	NOT-FOR-US: Apache Airflow
+	- airflow <itp> (bug #819700)
 CVE-2017-17834
 	REJECTED
 CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a ...)
@@ -81735,7 +81735,7 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP me
 	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
 	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
 CVE-2017-15720 (In Apache Airflow 1.8.2 and earlier, an authenticated user can execute ...)
-	NOT-FOR-US: Apache Airflow
+	- airflow <itp> (bug #819700)
 CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and ...)
 	NOT-FOR-US: Wicket jQuery UI
 CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the ...)
@@ -91413,7 +91413,7 @@ CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.8
 CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs ...)
 	- tomcat7 <not-affected> (Windows-specific)
 CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to ...)
-	NOT-FOR-US: Apache Airflow
+	- airflow <itp> (bug #819700)
 CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...)
 	{DLA-1162-1}
 	- apr 1.6.3-1 (low; bug #879708)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/117d6306a25c10931e2df3fe24f351e4fd2b2e0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/117d6306a25c10931e2df3fe24f351e4fd2b2e0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190227/4a7bfd8e/attachment.html>
