[Secure-testing-commits] r33367 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Apr 3 17:32:23 UTC 2015


Author: carnil
Date: 2015-04-03 17:32:23 +0000 (Fri, 03 Apr 2015)
New Revision: 33367

Modified:
   data/CVE/list
Log:
Process couple of NFUs from the TODO list

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-03 17:23:25 UTC (rev 33366)
+++ data/CVE/list	2015-04-03 17:32:23 UTC (rev 33367)
@@ -29,27 +29,27 @@
 CVE-2015-2822
 	RESERVED
 CVE-2015-2821 (TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 Neos
 CVE-2015-2820 (Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote ...)
-	TODO: check
+	NOT-FOR-US: SAP Afaria
 CVE-2015-2819 (SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: SAP Sybase SQL Anywhere
 CVE-2015-2818 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 ...)
-	TODO: check
+	NOT-FOR-US: SAP Mobile Platform
 CVE-2015-2817 (The SAP Management Console in SAP NetWeaver 7.40 allows remote ...)
-	TODO: check
+	NOT-FOR-US: SAP NetWeaver
 CVE-2015-2816 (The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict ...)
-	TODO: check
+	NOT-FOR-US: SAP Afaria
 CVE-2015-2815 (Buffer overflow in the C_SAPGPARAM function in the NetWeaver ...)
-	TODO: check
+	NOT-FOR-US: NetWeaver Dispatcher in SAP KERNEL
 CVE-2015-2814 (SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task ...)
-	TODO: check
+	NOT-FOR-US: SAP EMR Unwired and Clinical Task Tracker
 CVE-2015-2813 (XML external entity (XXE) vulnerability in SAP Mobile Platform allows ...)
-	TODO: check
+	NOT-FOR-US: SAP Mobile Platform
 CVE-2015-2812 (XML external entity (XXE) vulnerability in XMLValidationComponent in ...)
-	TODO: check
+	NOT-FOR-US: SAP NetWeaver Portal
 CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP ...)
-	TODO: check
+	NOT-FOR-US: SAP NetWeaver Portal
 CVE-2015-2830 [Linux mishandles int80 fork from 64-bit tasks]
 	- linux <unfixed>
 	- linux-2.6 <removed>
@@ -64,7 +64,7 @@
 CVE-2015-2810
 	RESERVED
 CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, does ...)
 	NOTE: This CVE is specific to the design of the RC4 protocol and not to its
 	NOTE: implementations.
@@ -103,9 +103,9 @@
 CVE-2015-2791 (The "menu sync" function in the WPML plugin before 3.1.9 for WordPress ...)
 	NOT-FOR-US: WPML plugin for WordPress
 CVE-2015-2790 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader, Enterprise Reader, and PhantomPDF
 CVE-2015-2789 (Unquoted Windows search path vulnerability in the Foxit Cloud Safe ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2015-XXXX [xdeb: disables apt's signature checks]
 	- xdeb <unfixed> (bug #781595)
 	[wheezy] - xdeb <no-dsa> (Minor issue)
@@ -114,7 +114,7 @@
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2015-2784
 	RESERVED
 CVE-2015-2783
@@ -131,39 +131,39 @@
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1437145
 	NOTE: https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html
 CVE-2015-2773 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON V-Series appliances
 CVE-2015-2772 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON V-Series appliances
 CVE-2015-2771 (The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-EMAIL and V-Series appliances
 CVE-2015-2770 (Cross-site request forgery (CSRF) vulnerability in the command line ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON V-Series appliances
 CVE-2015-2769 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-EMAIL
 CVE-2015-2768 (Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-EMAIL
 CVE-2015-2767 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-EMAIL
 CVE-2015-2766 (The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-EMAIL
 CVE-2015-2765 (The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-EMAIL
 CVE-2015-2764 (Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-DATA
 CVE-2015-2763 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-EMAIL
 CVE-2015-2762 (Websense TRITON AP-WEB before 8.0.0 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-WEB
 CVE-2015-2761 (Cross-site scripting (XSS) vulnerability in the Exceptions and ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-WEB
 CVE-2015-2760 (Cross-site scripting (XSS) vulnerability in the ePO extension in ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2015-2759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2015-2758 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2015-2757 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2014-9712 (Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 ...)
 	TODO: check
 CVE-2013-7438 (Multiple buffer overflows in pbm212030 allow remote attackers to cause ...)
@@ -207,11 +207,11 @@
 	[wheezy] - xen <not-affected> (Affected functionality introduced in 4.2)
 	NOTE: http://xenbits.xen.org/xsa/advisory-127.html
 CVE-2015-2748 (Websense TRITON AP-WEB before 8.0.0 does not properly restrict access ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON AP-WEB
 CVE-2015-2747 (Multiple cross-site scripting (XSS) vulnerabilities in the data loss ...)
-	TODO: check
+	NOT-FOR-US: Websense Triton
 CVE-2015-2746 (The network diagnostics tool (CommandLineServlet) in the Appliance ...)
-	TODO: check
+	NOT-FOR-US: Websense TRITON
 CVE-2010-5323
 	RESERVED
 CVE-2015-2774 [Erlang POODLE TLS vulnerability]
@@ -361,17 +361,17 @@
 CVE-2015-2685
 	RESERVED
 CVE-2015-2683 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 ...)
-	TODO: check
+	NOT-FOR-US: Citrix Command Center
 CVE-2015-2682 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 ...)
-	TODO: check
+	NOT-FOR-US: Citrix Command Center
 CVE-2015-2681 (Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 ...)
 	NOT-FOR-US: Asus
 CVE-2015-2680 (Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS ...)
-	TODO: check
+	NOT-FOR-US: MetalGenix GeniXCMS
 CVE-2015-2679 (Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before ...)
-	TODO: check
+	NOT-FOR-US: MetalGenix GeniXCMS
 CVE-2015-2678 (Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix ...)
-	TODO: check
+	NOT-FOR-US: MetalGenix GeniXCMS
 CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before ...)
 	- ocportal <itp> (bug #625865)
 CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 ...)




More information about the Secure-testing-commits mailing list