[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Jan 4 16:20:45 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7087a62 by Moritz Muehlenhoff at 2019-01-04T16:20:00Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4350,7 +4350,7 @@ CVE-2018-1000824 (MegaMek version < v0.45.1 contains a Other/Unknown vulnerab
CVE-2018-1000823 (exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) ...)
TODO: check
CVE-2018-1000822 (codelibs fess version before commit faa265b contains a XML External ...)
- TODO: check
+ NOT-FOR-US: codelibs fess
CVE-2018-1000821 (MicroMathematics version before commit 5c05ac8 contains a XML External ...)
NOT-FOR-US: MicroMathematics
CVE-2018-1000820 (neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c ...)
@@ -4363,7 +4363,7 @@ CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross
CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains ...)
NOT-FOR-US: Brave Software Inc. Brave
CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a ...)
- TODO: check
+ NOT-FOR-US: aio-libs aiohttp-session
CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site ...)
- backdrop <itp> (bug #914257)
CVE-2018-1000812 (Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 ...)
@@ -19056,15 +19056,15 @@ CVE-2018-17163
CVE-2018-17162
RESERVED
CVE-2018-17161 (In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, ...)
- TODO: check
+ NOT-FOR-US: FreeBSD bootpd
CVE-2018-17160 (In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, ...)
- TODO: check
+ NOT-FOR-US: FreeBSD bhyve
CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS ...)
- TODO: check
+ NOT-FOR-US: FreeBSD nfs server
CVE-2018-17158 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
- TODO: check
+ NOT-FOR-US: FreeBSD nfs server
CVE-2018-17157 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
- TODO: check
+ NOT-FOR-US: FreeBSD nfs server
CVE-2018-17156 (In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-EN-18:13.icmp.asc
@@ -20838,7 +20838,7 @@ CVE-2018-16480
CVE-2018-16479
RESERVED
CVE-2018-16478 (A Path Traversal in simplehttpserver versions <=0.2.1 allows to list ...)
- TODO: check
+ NOT-FOR-US: simplehttpserver
CVE-2018-16477 (A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud ...)
- rails <not-affected> (Only affects >= 5.2.0; vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/5
@@ -22630,7 +22630,7 @@ CVE-2018-15803
CVE-2018-15802
REJECTED
CVE-2018-15801 (Spring Security versions 5.1.x prior to 5.1.2 contain an authorization ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
CVE-2018-15800 (Cloud Foundry Bits Service, versions prior to 2.18.0, includes an ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15799
@@ -23760,9 +23760,9 @@ CVE-2018-15337
CVE-2018-15336
RESERVED
CVE-2018-15335 (When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2018-15334 (A cross-site request forgery (CSRF) vulnerability in the APM webtop ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2018-15333 (On versions 11.2.1. and greater, unrestricted Snapshot File Access ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-15332 (The svpn component of the F5 BIG-IP APM client prior to version ...)
@@ -48244,7 +48244,7 @@ CVE-2018-6337 (folly::secureRandom will re-use a buffer between parent and child
NOTE: https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
NOTE: https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
CVE-2018-6336 (An issue was discovered in osquery. A maliciously crafted ...)
- TODO: check
+ NOT-FOR-US: osquery
CVE-2018-6335 (A Malformed h2 frame can cause 'std::out_of_range' exception when ...)
- hhvm 3.24.7+dfsg-1
NOTE: https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
@@ -48259,7 +48259,7 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of .
- hhvm 3.24.7+dfsg-1 (bug #895194)
NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized ...)
- TODO: check
+ NOT-FOR-US: Buck parser-cache
CVE-2018-6330
RESERVED
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7087a62163f1dd195b4ce41423c284fe17a6243
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7087a62163f1dd195b4ce41423c284fe17a6243
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190104/49ac3b9d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list