[Secure-testing-commits] r33717 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Apr 20 17:50:44 UTC 2015 

Author: carnil
Date: 2015-04-20 17:50:44 +0000 (Mon, 20 Apr 2015)
New Revision: 33717

Modified:
   data/CVE/list
Log:
Process list of NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-20 17:38:51 UTC (rev 33716)
+++ data/CVE/list	2015-04-20 17:50:44 UTC (rev 33717)
@@ -30,15 +30,15 @@
 CVE-2015-3325
 	RESERVED
 CVE-2015-3324 (The ThinkServer System Manager (TSM) Baseboard Management Controller ...)
-	TODO: check
+	NOT-FOR-US: ThinkServer
 CVE-2015-3323 (The ThinkServer System Manager (TSM) Baseboard Management Controller ...)
-	TODO: check
+	NOT-FOR-US: ThinkServer
 CVE-2015-3322 (Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers ...)
-	TODO: check
+	NOT-FOR-US: ThinkServer
 CVE-2015-3321
 	RESERVED
 CVE-2015-3320 (Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Lenovo USB Enhanced Performance Keyboard software
 CVE-2014-9717 [USERNS allows circumventing MNT_LOCKED]
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
@@ -55,7 +55,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/3
 	NOTE: For details on scope of the CVE assignment: http://www.openwall.com/lists/oss-security/2015/04/17/7
 CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...)
-	TODO: check
+	NOT-FOR-US: Hotspot Express hotEx Billing Manager
 CVE-2015-3318
 	RESERVED
 CVE-2015-3317
@@ -114,7 +114,7 @@
 CVE-2015-3294
 	RESERVED
 CVE-2015-3293 (FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain ...)
-	TODO: check
+	NOT-FOR-US: FortiMail
 CVE-2015-3292
 	RESERVED
 CVE-2015-3291
@@ -646,7 +646,7 @@
 CVE-2015-3031
 	RESERVED
 CVE-2015-3027 (Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect ...)
-	TODO: check
+	NOT-FOR-US: Clang in LLVM as used in Apple Xcode
 CVE-2015-3025
 	RESERVED
 CVE-2015-3024
@@ -760,13 +760,13 @@
 CVE-2015-3006
 	RESERVED
 CVE-2015-3005 (Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2015-3004 (J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2015-3003 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2015-3002 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2015-3001
 	RESERVED
 CVE-2015-3000
@@ -1222,9 +1222,9 @@
 CVE-2015-2824 (Multiple SQL injection vulnerabilities in sam-ajax-admin.php in the ...)
 	NOT-FOR-US: WordPress plugin simple-ads-manager
 CVE-2015-2823 (Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2015-2822 (Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2015-2821 (TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote ...)
 	NOT-FOR-US: TYPO3 Neos
 CVE-2015-2820 (Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote ...)
@@ -1379,7 +1379,7 @@
 	NOTE: https://bugs.php.net/bug.php?id=69324
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
 CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi ...)
-	TODO: check
+	NOT-FOR-US: Hotspot Express hotEx Billing Manager
 CVE-2015-2780
 	RESERVED
 CVE-2015-2777
@@ -1851,17 +1851,17 @@
 CVE-2015-2580
 	RESERVED
 CVE-2015-2579 (Unspecified vulnerability in the Oracle Health Sciences Argus Safety ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2015-2578 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2015-2577 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2015-2576 (Unspecified vulnerability in the MySQL Utilities component in Oracle ...)
 	NOT-FOR-US: MySQL Utilities component of MySQL on Windows
 CVE-2015-2575 (Unspecified vulnerability in the MySQL Connectors component in Oracle ...)
 	NOT-FOR-US: MySQL Connector/J
 CVE-2015-2574 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Solaris
 CVE-2015-2573 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
 	{DSA-3229-1}
 	- mysql-5.5 5.5.42-1
@@ -1869,7 +1869,7 @@
 	- percona-xtradb-cluster-5.5 <undetermined>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
 CVE-2015-2572 (Unspecified vulnerability in the Oracle Hyperion Smart View for Office ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2015-2571 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
 	{DSA-3229-1}
 	- mysql-5.5 <unfixed> (bug #782645)
@@ -1878,7 +1878,7 @@
 	- percona-xtradb-cluster-5.5 <undetermined>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
 CVE-2015-2570 (Unspecified vulnerability in the Oracle Demand Planning component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2015-2569
 	RESERVED
 CVE-2015-2568 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
@@ -1898,7 +1898,7 @@
 	- percona-xtradb-cluster-5.5 <undetermined>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
 CVE-2015-2565 (Unspecified vulnerability in the Oracle Installed Base component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2015-2564 (SQL injection vulnerability in client-edit.php in ProjectSend ...)
 	NOT-FOR-US: ProjectSend
 CVE-2015-2563 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID ...)
@@ -2585,7 +2585,7 @@
 CVE-2015-2299
 	RESERVED
 CVE-2015-2295 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2015-2294 (Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in ...)
 	NOT-FOR-US: pfSense
 CVE-2015-2293 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
@@ -3069,11 +3069,11 @@
 CVE-2015-2168
 	REJECTED
 CVE-2015-2167 (Open redirect vulnerability in the 3PI Manager in Ericsson Drutt ...)
-	TODO: check
+	NOT-FOR-US: Ericsson
 CVE-2015-2166 (Directory traversal vulnerability in the Instance Monitor in Ericsson ...)
-	TODO: check
+	NOT-FOR-US: Ericsson
 CVE-2015-2165 (Multiple cross-site scripting (XSS) vulnerabilities in the Report ...)
-	TODO: check
+	NOT-FOR-US: Ericsson
 CVE-2015-2164
 	RESERVED
 CVE-2015-2163
@@ -3719,9 +3719,9 @@
 CVE-2015-1899
 	RESERVED
 CVE-2015-1898 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1897 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1896
 	RESERVED
 CVE-2015-1895

More information about the Secure-testing-commits mailing list