Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7bfdbac0 by Salvatore Bonaccorso at 2018-01-30T22:28:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,13 +11,13 @@ CVE-2018-6400
CVE-2018-6399
RESERVED
CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component
for ...)
- TODO: check
+ NOT-FOR-US: CP Event Calendar component for Joomla!
CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4
component for ...)
- TODO: check
+ NOT-FOR-US: Picture Calendar component for Joomla!
CVE-2018-6396
RESERVED
CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for
Joomla! ...)
- TODO: check
+ NOT-FOR-US: Visual Calendar component for Joomla!
CVE-2018-6394
RESERVED
CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection
via the ...)
@@ -51,15 +51,15 @@ CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation
fault caused by inval
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/12
CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes
leads ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri
class ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2018-6378
RESERVED
CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in
com_fields leads ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable
in a ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2018-1000029
RESERVED
CVE-2018-1000026
@@ -145,7 +145,7 @@ CVE-2018-6357 (The acx_asmw_saveorder_callback function in
function.php in the .
CVE-2018-6356
RESERVED
CVE-2018-6355 (/goform/setLang on iBall 300M devices with
"iB-WRB302N_1.0.1-Sep 8 ...)
- TODO: check
+ NOT-FOR-US: iBall 300M devices
CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23
allows XSS ...)
NOT-FOR-US: Formspree
CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through
3.0.5 ...)
@@ -2414,7 +2414,7 @@ CVE-2018-5443 (A SQL Injection issue was discovered in
Advantech WebAccess/SCADA
CVE-2018-5442
RESERVED
CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was
discovered in ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT mGuard firmware
CVE-2018-5440
RESERVED
CVE-2018-5439
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bfdbac054b99b302a60acd2f2884e0e818ee61f
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bfdbac054b99b302a60acd2f2884e0e818ee61f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
