[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ec7fa1d by Salvatore Bonaccorso at 2019-01-29T20:47:06Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2019-7174
 CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...)
 	TODO: check
 CVE-2019-7172 (A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2019-7171 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...)
 	TODO: check
 CVE-2019-7170 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker ...)
@@ -35,7 +35,7 @@ CVE-2019-7162
 CVE-2019-7161
 	RESERVED
 CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory ...)
-	TODO: check
+	NOT-FOR-US: idreamsoft iCMS
 CVE-2019-7159
 	RESERVED
 CVE-2019-7158
@@ -399,7 +399,7 @@ CVE-2019-6991 (A classic Stack-based buffer overflow exists in the zmLoadUser()
 CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php of ...)
 	TODO: check
 CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1 allow remote ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Crowd
 CVE-2019-1000018 [Remote code execution in scp support]
 	- rssh 2.3.4-9 (bug #919623)
 	NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/
@@ -428,7 +428,7 @@ CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka ...)
 CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into ...)
 	- yii <itp> (bug #597899)
 CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a ...)
-	TODO: check
+	NOT-FOR-US: Olivier Poitrey Go CORS handler
 CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the ...)
 	- libgd2 <unfixed> (bug #920728)
 	NOTE: https://github.com/libgd/libgd/issues/492
@@ -65988,7 +65988,7 @@ CVE-2018-1978
 CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...)
 	NOT-FOR-US: IBM
 CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1975
 	RESERVED
 CVE-2018-1974
@@ -66474,7 +66474,7 @@ CVE-2018-1735
 CVE-2018-1734
 	RESERVED
 CVE-2018-1733 (IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1732 (IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized ...)
 	NOT-FOR-US: IBM
 CVE-2018-1731
@@ -66604,7 +66604,7 @@ CVE-2018-1670 (IBM Financial Transaction Manager for ACH Services for Multi-Plat
 CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
 	NOT-FOR-US: IBM
 CVE-2018-1668 (IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1667 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through ...)
 	NOT-FOR-US: IBM
 CVE-2018-1666



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ec7fa1d2be95ff6c6c56449d3912d0a884745fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ec7fa1d2be95ff6c6c56449d3912d0a884745fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190129/3eef26aa/attachment.html>