[Secure-testing-commits] r25998 - data/CVE

Henri Salo fgeek-guest at moszumanska.debian.org
Fri Mar 7 07:00:16 UTC 2014 

Author: fgeek-guest
Date: 2014-03-07 07:00:16 +0000 (Fri, 07 Mar 2014)
New Revision: 25998

Modified:
   data/CVE/list
Log:
CVE-2014-1695 fixed in, NFU

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-07 06:36:59 UTC (rev 25997)
+++ data/CVE/list	2014-03-07 07:00:16 UTC (rev 25998)
@@ -925,9 +925,9 @@
 CVE-2013-7320 (Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 ...)
 	NOT-FOR-US: D-Link hardware
 CVE-2013-7319 (Cross-site scripting (XSS) vulnerability in the Download Manager ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Download Manager
 CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Apache Cordova
 CVE-2012-6636 (The Android API before 17 does not properly restrict the ...)
 	TODO: check
 CVE-2013-7322 [OTP token invalidation]
@@ -1483,7 +1483,7 @@
 CVE-2014-1696 (Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash ...)
 	NOT-FOR-US: Siemens SIMATIC WinCC OA
 CVE-2014-1695 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
-	TODO: check
+	- otrs2 3.3.5-1
 CVE-2013-7323 [Unrestricted use of unquoted strings in a shell]
 	RESERVED
 	- python-gnupg 0.3.6-1 (bug #738509)
@@ -3735,7 +3735,7 @@
 	NOTE: https://bugs.php.net/bug.php?id=66356
 	NOTE: http://www.php.net/manual/en/function.imagecrop.php
 CVE-2013-7219 (SQL injection vulnerability in vote.php in the 2Glux Sexy Polling ...)
-	TODO: check
+	NOT-FOR-US: Joomla component com_sexypolling
 CVE-2013-7218
 	RESERVED
 CVE-2013-7217 (Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and ...)
@@ -4879,7 +4879,7 @@
 CVE-2014-0335
 	RESERVED
 CVE-2014-0334 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive ...)
 	- libpng <not-affected> (Only affects libpng 1.6.0 through 1.6.9)
 	NOTE: Filed #740585 for src:libpng1.6 in experimental
@@ -5125,15 +5125,15 @@
 CVE-2013-6953 (BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read ...)
 	NOT-FOR-US: BlogEngine.NET
 CVE-2013-6952 (The Belkin WeMo Home Automation firmware before 3949 has a hardcoded ...)
-	TODO: check
+	NOT-FOR-US: Belkin WeMo
 CVE-2013-6951 (The Belkin WeMo Home Automation firmware before 3949 does not maintain ...)
-	TODO: check
+	NOT-FOR-US: Belkin WeMo
 CVE-2013-6950 (The Belkin WeMo Home Automation firmware before 3949 does not use SSL ...)
-	TODO: check
+	NOT-FOR-US: Belkin WeMo
 CVE-2013-6949 (The Belkin WeMo Home Automation firmware before 3949 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Belkin WeMo
 CVE-2013-6948 (The peerAddresses API in the Belkin WeMo Home Automation firmware ...)
-	TODO: check
+	NOT-FOR-US: Belkin WeMo
 CVE-2013-6947
 	RESERVED
 CVE-2013-6946

More information about the Secure-testing-commits mailing list