[Secure-testing-commits] r33864 - data/CVE

Helmut Grohne helmutg at moszumanska.debian.org
Sun Apr 26 14:38:37 UTC 2015 

Author: helmutg
Date: 2015-04-26 14:38:37 +0000 (Sun, 26 Apr 2015)
New Revision: 33864

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-26 14:38:28 UTC (rev 33863)
+++ data/CVE/list	2015-04-26 14:38:37 UTC (rev 33864)
@@ -3032,7 +3032,7 @@
 CVE-2015-2248
 	RESERVED
 CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows ...)
-	TODO: check
+	NOT-FOR-US: Boosted Boards skateboards
 CVE-2015-2246
 	RESERVED
 CVE-2015-2245
@@ -3110,7 +3110,7 @@
 CVE-2015-2224
 	RESERVED
 CVE-2015-2223 (Multiple cross-site scripting (XSS) vulnerabilities in Palo Alto ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks Traps
 CVE-2015-2222
 	RESERVED
 CVE-2015-2221
@@ -5564,7 +5564,7 @@
 CVE-2015-1416
 	RESERVED
 CVE-2015-1415 (The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD installer
 CVE-2015-1414 (Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 ...)
 	{DSA-3175-1}
 	- kfreebsd-10 10.1~svn274115-4 (bug #779195)
@@ -5814,7 +5814,7 @@
 CVE-2015-1315 (Buffer overflow in the charset_to_intern function in unix/unix.c in ...)
 	- unzip <not-affected> (*-unzip60-alt-iconv-utf8 patch not applied in Debian)
 CVE-2015-1314 (The USAA Mobile Banking application before 7.10.1 for Android displays ...)
-	TODO: check
+	NOT-FOR-US: USAA Mobile Banking application for Android
 CVE-2015-1313
 	RESERVED
 CVE-2015-1312 (The Dealer Portal in SAP ERP does not properly restrict access, which ...)
@@ -6389,7 +6389,7 @@
 CVE-2015-1150
 	RESERVED
 CVE-2015-1149 (Integer overflow in the simulator in Swift in Apple Xcode before 6.3 ...)
-	TODO: check
+	NOT-FOR-US: Apple Xcode
 CVE-2015-1148 (Screen Sharing in Apple OS X before 10.10.3 stores the password of a ...)
 	NOT-FOR-US: Apple
 CVE-2015-1147 (Open Directory Client in Apple OS X before 10.10.3 sends unencrypted ...)
@@ -6429,15 +6429,15 @@
 CVE-2015-1130 (The XPC implementation in Admin Framework in Apple OS X before 10.10.3 ...)
 	NOT-FOR-US: Apple
 CVE-2015-1129 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2015-1128 (The private-browsing implementation in Apple Safari before 6.2.5, 7.x ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2015-1127 (The private-browsing implementation in WebKit in Apple Safari before ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2015-1126 (WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1125 (The touch-events implementation in WebKit in Apple iOS before 8.3 ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1124 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1123 (WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, ...)
@@ -7354,7 +7354,7 @@
 CVE-2015-0904
 	RESERVED
 CVE-2015-0903 (Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Saitoh Kikaku Maruo Editor
 CVE-2015-0902 (The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress ...)
 	NOT-FOR-US: WordPress plugin all-in-one-seo-pack
 CVE-2015-0901 (Cross-site scripting (XSS) vulnerability in the duwasai flashy theme ...)
@@ -7420,9 +7420,9 @@
 CVE-2015-0878 (Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d ...)
 	NOT-FOR-US: CREAR AL-Mail32
 CVE-2015-0877 (Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD ...)
-	TODO: check
+	NOT-FOR-US: C-BOARD Moyuku
 CVE-2015-0876 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Saurus CMS
 CVE-2015-0875 (The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for ...)
 	NOT-FOR-US: Ogaki Kyoritsu Bank Smartphone Passbook application for Android
 CVE-2015-0874
@@ -7889,7 +7889,7 @@
 CVE-2015-0699 (SQL injection vulnerability in the Interactive Voice Response (IVR) ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0698 (Multiple cross-site scripting (XSS) vulnerabilities in filter search ...)
-	TODO: check
+	NOT-FOR-US: Cisco WSA
 CVE-2015-0697 (Open redirect vulnerability in the login page in Cisco TC Software ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0696 (Cross-site scripting (XSS) vulnerability in the login page in Cisco TC ...)
@@ -7897,11 +7897,11 @@
 CVE-2015-0695 (Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2015-0694 (Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0693 (Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 ...)
-	TODO: check
+	NOT-FOR-US: Cisco WSA
 CVE-2015-0692 (Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 ...)
-	TODO: check
+	NOT-FOR-US: Cisco WSA
 CVE-2015-0691 (A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco ...)
 	NOT-FOR-US: Cisco Secure Desktop Cache Cleaner
 CVE-2015-0690 (Cross-site scripting (XSS) vulnerability in the HTML help system on ...)
@@ -10036,7 +10036,6 @@
 CVE-2015-0346 (Double free vulnerability in Adobe Flash Player before 13.0.0.281 and ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2015-0345 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
-	TODO: check
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2015-0344
 	RESERVED
@@ -10216,9 +10215,9 @@
 CVE-2014-9147
 	RESERVED
 CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS ...)
-	TODO: check
+	NOT-FOR-US: Fiyo CMS
 CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow ...)
-	TODO: check
+	NOT-FOR-US: Fiyo CMS
 CVE-2014-9144 (Technicolor Router TD5130 with firmware 2.05.C29GV allows remote ...)
 	NOT-FOR-US: Technicolor routers
 CVE-2014-9143 (Open redirect vulnerability in Technicolor Router TD5130 with firmware ...)
@@ -13123,7 +13122,7 @@
 CVE-2014-8391
 	RESERVED
 CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2014-8389
 	RESERVED
 CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin ...)
@@ -20206,17 +20205,17 @@
 CVE-2014-5406
 	RESERVED
 CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password to ...)
-	TODO: check
+	NOT-FOR-US: Hospira MedNet
 CVE-2014-5404
 	RESERVED
 CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for ...)
-	TODO: check
+	NOT-FOR-US: Hospira MedNet
 CVE-2014-5402
 	RESERVED
 CVE-2014-5401
 	RESERVED
 CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places ...)
-	TODO: check
+	NOT-FOR-US: Hospira MedNet
 CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2014-5398 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)
@@ -40867,7 +40866,7 @@
 CVE-2013-4867
 	RESERVED
 CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android ...)
-	TODO: check
+	NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android
 CVE-2013-4865
 	RESERVED
 CVE-2013-4864

More information about the Secure-testing-commits mailing list