[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Wed, 28 Feb 2018 06:49:14 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e7bef0e1 by Moritz Muehlenhoff at 2018-02-28T15:48:24+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15714,7 +15714,7 @@ CVE-2018-1427
 CVE-2018-1426
        RESERVED
 CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses 
weaker ...)
-       TODO: check
+       NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1424
        RESERVED
 CVE-2018-1423
@@ -15766,7 +15766,7 @@ CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 
is vulnerable to cross-sit
 CVE-2018-1400
        RESERVED
 CVE-2018-1399 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5 
and 5.0 is ...)
-       TODO: check
+       NOT-FOR-US: IBM Daeja ViewONE Professional
 CVE-2018-1398
        RESERVED
 CVE-2018-1397
@@ -81742,7 +81742,7 @@ CVE-2016-6232 (Directory traversal vulnerability in 
KArchive before 5.24, as use
        NOTE: https://lists.debian.org/debian-lts/2016/07/msg00144.html
        NOTE: Fix: https://git.reviewboard.kde.org/r/128185/
 CVE-2016-6217 (Cross-site scripting (XSS) vulnerability in Sophos PureMessage 
for ...)
-       TODO: check
+       NOT-FOR-US: Sophos
 CVE-2016-6216
        RESERVED
 CVE-2016-6215
@@ -139800,7 +139800,7 @@ CVE-2014-4707 (Huawei Campus S7700 with software 
V200R001C00SPC300, ...)
 CVE-2014-4706 (Huawei Campus S3700HI with software V200R001C00SPC300; Campus 
S5700 ...)
        NOT-FOR-US: Huawei
 CVE-2014-4705 (Multiple heap-based buffer overflows in the eSap software 
platform in ...)
-       TODO: check
+       NOT-FOR-US: eSap
 CVE-2014-4704
        RESERVED
 CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble 
SketchUp ...)
@@ -141182,7 +141182,7 @@ CVE-2014-4147
 CVE-2014-4146
        REJECTED
 CVE-2014-4145 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4144
        REJECTED
 CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote 
attackers to ...)
@@ -141248,7 +141248,7 @@ CVE-2014-4114 (Microsoft Windows Vista SP2, Windows 
Server 2008 SP2 and R2 SP1, 
 CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows 
Server 2003 ...)
        NOT-FOR-US: Microsoft
 CVE-2014-4112 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote 
attackers to ...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4110 (Microsoft Internet Explorer 6 through 11 allows remote 
attackers to ...)
@@ -141340,7 +141340,7 @@ CVE-2014-4068 (The Response Group Service in 
Microsoft Lync Server 2010 and 2013
 CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers 
to ...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4066 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4065 (Microsoft Internet Explorer 6 through 11 allows remote 
attackers to ...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4064 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows 
Server ...)
@@ -141607,7 +141607,7 @@ CVE-2014-3973 (Multiple SQL injection vulnerabilities 
in FrontAccounting (FA) be
        [squeeze] - frontaccounting <no-dsa> (Minor issue)
        [wheezy] - frontaccounting <no-dsa> (Minor issue)
 CVE-2014-3972 (Directory traversal vulnerability in Apexis APM-J601-WS cameras 
with ...)
-       TODO: check
+       NOT-FOR-US: Apexis cameras
 CVE-2014-3971 (The CmdAuthenticate::_authenticateX509 function in ...)
        - mongodb <not-affected> (X.509 certifictate authentication introduced 
in 2.6.x)
        NOTE: https://jira.mongodb.org/browse/SERVER-13753
@@ -142501,7 +142501,7 @@ CVE-2014-3631 (The assoc_array_gc function in the 
associative-array implementati
        NOTE: Introduced by 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
 (v3.13)
        NOTE: Fixed by 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e
 CVE-2014-3630 (XML external entity (XXE) vulnerability in the Java XML 
processing ...)
-       TODO: check
+       NOT-FOR-US: Play framework
 CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange 
module in ...)
        - qpid-cpp <removed> (low; bug #772794)
        [wheezy] - qpid-cpp <no-dsa> (Minor issue)
@@ -143769,7 +143769,7 @@ CVE-2014-3246 (SQL injection vulnerability in 
Collabtive 1.2 allows remote ...)
 CVE-2014-3245
        RESERVED
 CVE-2014-3244 (XML external entity (XXE) vulnerability in the RSSDashlet 
dashlet in ...)
-       TODO: check
+       NOT-FOR-US: SugarCRM
 CVE-2014-3241
        RESERVED
 CVE-2014-3240
@@ -143914,9 +143914,9 @@ CVE-2014-3210 (SQL injection vulnerability in 
dopbs-backend-forms.php in the Boo
 CVE-2014-3208
        RESERVED
 CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute 
arbitrary ...)
-       TODO: check
+       NOT-FOR-US: Seagate
 CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS 
contains a ...)
-       TODO: check
+       NOT-FOR-US: Seagate
 CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly 
handle ...)
        NOT-FOR-US: Unity
 CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly 
...)
@@ -147159,7 +147159,7 @@ CVE-2014-2018 (Cross-site scripting (XSS) 
vulnerability in Mozilla Thunderbird 1
        - icedove 24.2.0-1
        [squeeze] - icedove <end-of-life>
 CVE-2014-2017 (CRLF injection vulnerability in OXID eShop Professional Edition 
before ...)
-       TODO: check
+       NOT-FOR-US: OXID eShop
 CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID 
eShop ...)
        NOT-FOR-US: OXID eShop
 CVE-2014-2012
@@ -171504,7 +171504,7 @@ CVE-2012-6349 (Buffer overflow in the .mdb parser in 
Autonomy KeyView IDOL, as u
 CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in 
Centrify ...)
        NOT-FOR-US: Centrify
 CVE-2012-6347 (Multiple cross-site scripting (XSS) vulnerabilities in Java 
number ...)
-       TODO: check
+       NOT-FOR-US: FortiGate
 CVE-2012-6346 (Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb 
before ...)
        NOT-FOR-US: FortiWeb
 CVE-2012-6345



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7bef0e1d7919823a01abaff9d4089423b9d935e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7bef0e1d7919823a01abaff9d4089423b9d935e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to