[Secure-testing-commits] r26847 - data/CVE

Helmut Grohne helmutg at moszumanska.debian.org
Wed May 7 06:36:23 UTC 2014 

Author: helmutg
Date: 2014-05-07 06:36:21 +0000 (Wed, 07 May 2014)
New Revision: 26847

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-05-07 05:19:59 UTC (rev 26846)
+++ data/CVE/list	2014-05-07 06:36:21 UTC (rev 26847)
@@ -502,7 +502,7 @@
 CVE-2013-7372 (The engineNextBytes function in ...)
 	TODO: check
 CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft IIS
 CVE-2014-3122 [mm: try_to_unmap_cluster() should lock_page() before mlocking]
 	RESERVED
 	- linux <unfixed>
@@ -541,7 +541,7 @@
 CVE-2014-2977
 	RESERVED
 CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 ...)
-	TODO: check
+	NOT-FOR-US: Sixnet SixView
 CVE-2014-2975
 	RESERVED
 CVE-2014-2974
@@ -1337,13 +1337,14 @@
 CVE-2014-2660
 	RESERVED
 CVE-2014-2659 (Cross-site request forgery (CSRF) vulnerability in the admin UI in ...)
-	TODO: check
+	NOT-FOR-US: Papercut MF/NG
+	NOTE: This is not the papercut NNTP server.
 CVE-2014-2658 (Unspecified vulnerability in Papercut MF and NG before 14.1 (Build ...)
 	TODO: check
 CVE-2014-2657 (Unspecified vulnerability in the print release functionality in ...)
 	TODO: check
 CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and ...)
-	TODO: check
+	NOT-FOR-US: MobFox mAdserve
 CVE-2013-7346 (Cross-site request forgery (CSRF) vulnerability in Symphony CMS before ...)
 	NOT-FOR-US: Symphony CMS
 CVE-2013-7351 [several XSS]
@@ -4202,7 +4203,7 @@
 CVE-2014-1616
 	RESERVED
 CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon ...)
-	TODO: check
+	NOT-FOR-US: Carbon Black
 CVE-2014-1614
 	RESERVED
 CVE-2014-1613
@@ -5902,7 +5903,7 @@
 CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2014-0769 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and ...)
-	TODO: check
+	NOT-FOR-US: Festo controller
 CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
@@ -5920,7 +5921,7 @@
 CVE-2014-0761
 	RESERVED
 CVE-2014-0760 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and ...)
-	TODO: check
+	NOT-FOR-US: Festo controller
 CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider Electric ...)
 	NOT-FOR-US: Schneider Electric Floating License Manager
 CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, ...)
@@ -8189,7 +8190,7 @@
 	RESERVED
 	NOT-FOR-US: Cumin
 CVE-2014-0173 (The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin Jetpack
 CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf.c in ...)
 	- elfutils 0.158-1 (low; bug #744017)
 	[squeeze] - elfutils <no-dsa> (Minor issue)
@@ -9202,7 +9203,7 @@
 CVE-2013-6739
 	RESERVED
 CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2013-6737
 	RESERVED
 CVE-2013-6736
@@ -11263,7 +11264,7 @@
 CVE-2013-5949
 	RESERVED
 CVE-2013-5948 (The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS ...)
-	TODO: check
+	NOT-FOR-US: ASUS router
 CVE-2013-5947
 	RESERVED
 CVE-2013-5946 (The runShellCmd function in systemCheck.htm in D-Link DSR-150 with ...)
@@ -12622,7 +12623,7 @@
 CVE-2013-5460
 	RESERVED
 CVE-2013-5459 (Unspecified vulnerability in IBM Rational Software Architect (RSA) ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2013-5458 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows ...)
 	NOT-FOR-US: IBM JDK
 CVE-2013-5457 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 ...)
@@ -23770,7 +23771,7 @@
 CVE-2013-1422
 	RESERVED
 CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...)
-	TODO: check
+	- webcalendar <removed>
 CVE-2013-1420
 	RESERVED
 CVE-2013-1419
@@ -29356,7 +29357,7 @@
 CVE-2012-5724
 	RESERVED
 CVE-2012-5723 (Cisco ASR 1000 devices with software before 3.8S, when BDI routing is ...)
-	TODO: check
+	NOT-FOR-US: Cisco devices
 CVE-2012-5722
 	RESERVED
 CVE-2012-5721
@@ -40962,7 +40963,7 @@
 CVE-2012-1318
 	RESERVED
 CVE-2012-1317 (The multicast implementation in Cisco IOS before 15.1(1)SY allows ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2012-1316
 	RESERVED
 CVE-2012-1315 (Memory leak in the SIP inspection feature in the Zone-Based Firewall ...)

More information about the Secure-testing-commits mailing list