[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 30 14:13:26 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03b09e87 by Moritz Muehlenhoff at 2021-06-30T15:12:44+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -404994,7 +404994,7 @@ CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authentica
 CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. ...)
 	- pithos 0.3.5-1
 CVE-2010-4816 (It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null  ...)
-	TODO: check
+	NOT-FOR-US: Historic freeBSD issue
 CVE-2010-4815 (Coppermine gallery before 1.4.26 has an input validation vulnerability ...)
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2011-3169 (Unspecified vulnerability in the SMTP service implementation in HP TCP ...)
@@ -415428,11 +415428,11 @@ CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in io/h
 	{DSA-2152-1}
 	- hplip 3.10.6-2 (bug #610960)
 CVE-2010-4266 (It was found in vanilla forums before 2.0.10 a potential linkbait vuln ...)
-	TODO: check
+	NOT-FOR-US: Vanilla Forums
 CVE-2010-4265 (The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$Second ...)
 	- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
 CVE-2010-4264 (It was found in vanilla forums before 2.0.10 a cross-site scripting vu ...)
-	TODO: check
+	NOT-FOR-US: Vanilla Forums
 CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the Inte ...)
 	- linux-2.6 2.6.32-30
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -418017,7 +418017,7 @@ CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia3
 	- linux-2.6 2.6.32-23
 	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27)
 CVE-2010-3300 (It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are v ...)
-	TODO: check
+	NOT-FOR-US: OWASP ESAPI
 CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...)
 	- rails <unfixed> (unimportant)
 	NOTE: http://seclists.org/oss-sec/2010/q3/415



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b09e873aba3a0893fa9b37fcb27bd6685f48f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b09e873aba3a0893fa9b37fcb27bd6685f48f8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210630/b99582e4/attachment.htm>

More information about the debian-security-tracker-commits mailing list