[Secure-testing-commits] r26948 - data/CVE

Helmut Grohne helmutg at moszumanska.debian.org
Sat May 17 06:25:39 UTC 2014 

Author: helmutg
Date: 2014-05-17 06:25:39 +0000 (Sat, 17 May 2014)
New Revision: 26948

Modified:
   data/CVE/list
Log:
NFUs, undetermined kfreebsd issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-05-17 06:07:03 UTC (rev 26947)
+++ data/CVE/list	2014-05-17 06:25:39 UTC (rev 26948)
@@ -501,9 +501,9 @@
 CVE-2014-3221
 	RESERVED
 CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IQ
 CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the ...)
 	- linux 3.14.4-1
 	- linux-2.6 <removed>
@@ -1018,7 +1018,7 @@
 CVE-2014-3002
 	RESERVED
 CVE-2014-3001 (The device file system (aka devfs) in FreeBSD 10.0 before p2 does not ...)
-	TODO: check
+	- kfreebsd-10 <undetermined>
 CVE-2014-3000 (The TCP reassembly function in the inet module in FreeBSD 8.3 before ...)
 	- kfreebsd-10 10.0-5 (bug #746949)
 	- kfreebsd-9 <unfixed> (bug #746951)
@@ -1400,7 +1400,7 @@
 	- llvm-toolchain-3.3 <unfixed>
 	- llvm-toolchain-3.4 <unfixed>
 CVE-2014-2854 (Cross-site scripting (XSS) vulnerability in the SemanticTitle ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension SemanticTitle
 CVE-2014-2853 (Cross-site scripting (XSS) vulnerability in ...)
 	- mediawiki <not-affected> (Vulnerable code not present)
 CVE-2014-2852 (OpenAFS before 1.6.7 delays the listen thread when an ...)
@@ -1817,7 +1817,7 @@
 CVE-2014-2690 (Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows ...)
 	NOT-FOR-US: Citrix VDI-in-a-Box
 CVE-2014-2689 (Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Offiria
 CVE-2014-2688
 	RESERVED
 CVE-2014-2687
@@ -2744,7 +2744,7 @@
 CVE-2014-2348
 	RESERVED
 CVE-2014-2347 (Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage ...)
-	TODO: check
+	NOT-FOR-US: Amtelco miSecureMessages
 CVE-2014-2346
 	RESERVED
 CVE-2014-2345
@@ -3635,9 +3635,9 @@
 CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...)
 	NOT-FOR-US: TOSHIBA TEC e-Studio
 CVE-2014-1989 (Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2014-1987
 	RESERVED
 CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...)
@@ -6112,7 +6112,7 @@
 CVE-2014-0912
 	RESERVED
 CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere MQ
 CVE-2014-0910
 	RESERVED
 CVE-2014-0909
@@ -9800,7 +9800,7 @@
 CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 ...)
 	NOT-FOR-US: IBM Sametime
 CVE-2013-6726 (Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv ...)
-	TODO: check
+	NOT-FOR-US: IBM TRIRIGA Application Platform
 CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2013-6724 (Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS ...)
@@ -17718,7 +17718,7 @@
 CVE-2013-3737
 	RESERVED
 CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka ...)
-	TODO: check
+	NOT-FOR-US: Request Tracker extension MobileUI
 CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: exploitable by malicious scripts only
@@ -22917,7 +22917,7 @@
 CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2013-1803 (Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict ...)
 	- ruby-extlib 0.9.15-3 (bug #697895)
 	- libextlib-ruby <removed> (bug #697895)

More information about the Secure-testing-commits mailing list