[Secure-testing-commits] r32053 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Feb 7 11:58:12 UTC 2015 

Author: carnil
Date: 2015-02-07 11:58:12 +0000 (Sat, 07 Feb 2015)
New Revision: 32053

Modified:
   data/CVE/list
Log:
Process couple of NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-07 11:53:24 UTC (rev 32052)
+++ data/CVE/list	2015-02-07 11:58:12 UTC (rev 32053)
@@ -66,7 +66,7 @@
 CVE-2015-1477 (SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager ...)
 	TODO: check
 CVE-2015-1476 (Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor ...)
-	TODO: check
+	NOT-FOR-US: xlinkerz ecommerceMajor
 CVE-2015-1475 (Multiple cross-site scripting (XSS) vulnerabilities in my little forum ...)
 	NOT-FOR-US: My Little Forum
 CVE-2015-1474
@@ -340,7 +340,7 @@
 CVE-2015-1368 (Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2015-1367 (SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: CatBot
 CVE-2015-1366 (Cross-site scripting (XSS) vulnerability in pixabay-images.php in the ...)
 	NOT-FOR-US: Wordpress plugin Pixabay Images
 CVE-2015-1365 (Directory traversal vulnerability in pixabay-images.php in the Pixabay ...)
@@ -350,7 +350,7 @@
 CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables ...)
 	NOT-FOR-US: ArticleFR
 CVE-2015-1362 (Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot ...)
-	TODO: check
+	NOT-FOR-US: Exif Pilot
 CVE-2015-1361 (platform/image-decoders/ImageFrame.h in Blink, as used in Google ...)
 	TODO: check
 CVE-2015-1360 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote ...)
@@ -835,9 +835,9 @@
 CVE-2015-1181
 	RESERVED
 CVE-2015-1180 (Cross-site scripting (XSS) vulnerability in the Web Reports in ...)
-	TODO: check
+	NOT-FOR-US: EventSentry
 CVE-2015-1179 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Mango Automation
 CVE-2015-1178 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in ...)
 	NOT-FOR-US: X-Cart
 CVE-2015-1177
@@ -1637,7 +1637,7 @@
 CVE-2015-0927
 	RESERVED
 CVE-2015-0926 (Labtech before 100.237 on Linux uses world-writable permissions for ...)
-	TODO: check
+	NOT-FOR-US: Labtech
 CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows remote ...)
 	NOT-FOR-US: iPass Open Mobile
 CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the root ...)
@@ -2020,7 +2020,7 @@
 CVE-2015-0869 (I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a ...)
 	NOT-FOR-US: I-O DATA DEVICE NP-BBRM routers
 CVE-2015-0868 (Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI ...)
-	TODO: check
+	NOT-FOR-US: Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS
 CVE-2015-0867 (Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI ...)
 	NOT-FOR-US: SYNCK GRAPHICA Download Log CGI
 CVE-2015-0866 (Multiple cross-site scripting (XSS) vulnerabilities in Zoho ...)
@@ -2653,7 +2653,7 @@
 CVE-2014-9575 (VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote ...)
 	NOT-FOR-US: VDG Security SENSE
 CVE-2014-9574 (Directory traversal vulnerability in install.php in FluxBB before ...)
-	TODO: check
+	NOT-FOR-US: FluxBB
 CVE-2014-9573 (SQL injection vulnerability in manage_user_page.php in MantisBT before ...)
 	- mantis <removed>
 	[wheezy] - mantis <no-dsa> (Minor issue)
@@ -2689,13 +2689,13 @@
 CVE-2014-9563
 	RESERVED
 CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 ...)
-	TODO: check
+	NOT-FOR-US: M2 OptimalSite
 CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php ...)
 	NOT-FOR-US: SoftBB
 CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in SoftBB ...)
 	NOT-FOR-US: SoftBB
 CVE-2014-9559 (Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, ...)
-	TODO: check
+	NOT-FOR-US: SnipSnap
 CVE-2014-9558
 	RESERVED
 CVE-2014-9557
@@ -2931,9 +2931,9 @@
 CVE-2014-9492
 	REJECTED
 CVE-2014-9491 (The devzvol_readdir function in illumos does not check the return ...)
-	TODO: check
+	NOT-FOR-US: illumos
 CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby gem ...)
-	TODO: check
+	NOT-FOR-US: raven ruby gem
 CVE-2014-9488
 	RESERVED
 CVE-2014-9484
@@ -4037,7 +4037,7 @@
 CVE-2014-9332
 	RESERVED
 CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: ZOHO ManageEngine Desktop Central
 CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows ...)
 	- tiff 4.0.3-12 (bug #773987)
 	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
@@ -4338,13 +4338,13 @@
 CVE-2014-9201
 	RESERVED
 CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote ...)
-	TODO: check
+	NOT-FOR-US: Clorius Controls Java web client
 CVE-2014-9198 (The FTP server on the Schneider Electric ETG3000 FactoryCast HMI ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2014-9197 (The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2014-9196
 	RESERVED
 CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require authentication, ...)

More information about the Secure-testing-commits mailing list