[Secure-testing-commits] r36730 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Sep 17 18:43:02 UTC 2015 

Author: carnil
Date: 2015-09-17 18:43:02 +0000 (Thu, 17 Sep 2015)
New Revision: 36730

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-17 18:31:07 UTC (rev 36729)
+++ data/CVE/list	2015-09-17 18:43:02 UTC (rev 36730)
@@ -28,19 +28,19 @@
 CVE-2015-6950
 	RESERVED
 CVE-2015-6949 (Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote ...)
-	TODO: check
+	NOT-FOR-US: ASUS TM-AC1900 router
 CVE-2015-6948 (Heap-based buffer overflow in the Microsoft Word document conversion ...)
-	TODO: check
+	NOT-FOR-US: Corel WordPerfect
 CVE-2015-6947 (Multiple stack-based buffer overflows in the activate_doit function in ...)
-	TODO: check
+	NOT-FOR-US: Borland AccuRev
 CVE-2015-6946 (Stack-based buffer overflow in the Reprise License Manager service in ...)
-	TODO: check
+	NOT-FOR-US: Borland AccuRev
 CVE-2015-6945 (Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador ...)
 	TODO: check
 CVE-2015-6944 (Cross-site request forgery (CSRF) vulnerability in JSP/MySQL ...)
 	TODO: check
 CVE-2015-6943 (SQL injection vulnerability in the serendipity_checkCommentToken ...)
-	TODO: check
+	NOT-FOR-US: Serendipity
 CVE-2015-6942
 	RESERVED
 CVE-2015-6941
@@ -96,11 +96,11 @@
 CVE-2015-6922
 	RESERVED
 CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab ...)
-	TODO: check
+	NOT-FOR-US: Zendesk Feedback Tab for Drupal
 CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the ...)
 	NOT-FOR-US: sourceAFRICA plugin for WordPress
 CVE-2015-6919 (Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) ...)
-	TODO: check
+	NOT-FOR-US: googleSearch (CSE) component for Joomla!
 CVE-2015-6918
 	RESERVED
 CVE-2015-6917
@@ -108,19 +108,19 @@
 CVE-2015-6916
 	RESERVED
 CVE-2015-6915 (SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 ...)
-	TODO: check
+	NOT-FOR-US: Montala Limited ResourceSpace
 CVE-2015-6914 (Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows ...)
-	TODO: check
+	NOT-FOR-US: SiteFactory CMS
 CVE-2015-6913 (Cross-site scripting (XSS) vulnerability in the "Create download task ...)
-	TODO: check
+	NOT-FOR-US: Synology Download Station
 CVE-2015-6912 (Synology Video Station before 1.5-0763 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Synology Video Station
 CVE-2015-6911 (SQL injection vulnerability in Synology Video Station before 1.5-0763 ...)
-	TODO: check
+	NOT-FOR-US: Synology Video Station
 CVE-2015-6910 (SQL injection vulnerability in Synology Video Station before 1.5-0757 ...)
-	TODO: check
+	NOT-FOR-US: Synology Video Station
 CVE-2015-6909 (Cross-site scripting (XSS) vulnerability in the "Create download task ...)
-	TODO: check
+	NOT-FOR-US: Synology Download Station
 CVE-2015-6907
 	RESERVED
 CVE-2015-6906
@@ -311,7 +311,7 @@
 CVE-2015-6828
 	RESERVED
 CVE-2015-6827 (Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger ...)
-	TODO: check
+	NOT-FOR-US: Auto-Exchanger
 CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...)
 	- ffmpeg 7:2.7.2-1
 	- libav <removed>
@@ -344,13 +344,13 @@
 CVE-2015-6813
 	RESERVED
 CVE-2015-6812 (Invision Power Services IPS Community Suite (aka Invision Power Board, ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Services IPS Community Suite
 CVE-2015-6811 (SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP ...)
-	TODO: check
+	NOT-FOR-US: Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS
 CVE-2015-6810 (Cross-site scripting (XSS) vulnerability in Invision Power Services ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Services IPS Community Suite
 CVE-2015-6809 (Multiple cross-site scripting (XSS) vulnerabilities in BEdita before ...)
-	TODO: check
+	NOT-FOR-US: BEdita
 CVE-2015-6808 (Cross-site scripting (XSS) vulnerability in the Spotlight module ...)
 	TODO: check
 CVE-2015-6807 (Cross-site scripting (XSS) vulnerability in the Mass Contact module ...)
@@ -729,9 +729,9 @@
 CVE-2015-6682
 	RESERVED
 CVE-2015-6681 (Adobe Shockwave Player before 12.2.0.162 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2015-6680 (Adobe Shockwave Player before 12.2.0.162 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2015-6679
 	RESERVED
 CVE-2015-6678
@@ -741,7 +741,7 @@
 CVE-2015-6676
 	RESERVED
 CVE-2015-6675 (Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP ...)
-	TODO: check
+	NOT-FOR-US: Siemens RUGGEDCOM ROS
 CVE-2015-6672
 	RESERVED
 CVE-2015-6671
@@ -760,11 +760,11 @@
 CVE-2015-6667
 	RESERVED
 CVE-2015-6664 (XML external entity (XXE) vulnerability in the application import ...)
-	TODO: check
+	NOT-FOR-US: SAP Mobile Platform
 CVE-2015-6663 (Cross-site scripting (XSS) vulnerability in the Client form in the ...)
-	TODO: check
+	NOT-FOR-US: SAP Afaria
 CVE-2015-6662 (XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 ...)
-	TODO: check
+	NOT-FOR-US: SAP NetWeaver Portal
 CVE-2015-6657
 	RESERVED
 CVE-2015-6656
@@ -783,7 +783,7 @@
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c7577a7583747c9b71f26dced7f696b739da745 (v3.19-rc1)
 	NOTE: Will be most likely rejected, but wait for MITREs final call, http://www.openwall.com/lists/oss-security/2015/09/14/4
 CVE-2015-6655 (Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: Pligg CMS
 CVE-2015-6654 (The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, ...)
 	- xen <unfixed>
 	[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a later DSA)
@@ -1001,7 +1001,7 @@
 CVE-2015-6546
 	RESERVED
 CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...)
-	TODO: check
+	NOT-FOR-US: Cerb
 CVE-2015-6544
 	RESERVED
 CVE-2015-6543
@@ -1235,11 +1235,11 @@
 CVE-2015-6467
 	RESERVED
 CVE-2015-6466 (Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature ...)
-	TODO: check
+	NOT-FOR-US: Moxa switches
 CVE-2015-6465 (The GoAhead web server on Moxa EDS-405A and EDS-408A switches with ...)
-	TODO: check
+	NOT-FOR-US: Moxa switches
 CVE-2015-6464 (The administrative web interface on Moxa EDS-405A and EDS-408A ...)
-	TODO: check
+	NOT-FOR-US: Moxa switches
 CVE-2015-6463
 	RESERVED
 CVE-2015-6462
@@ -2161,9 +2161,9 @@
 CVE-2015-5999
 	RESERVED
 CVE-2015-5998 (Impero Education Pro before 5105 relies on the ...)
-	TODO: check
+	NOT-FOR-US: Impero Education Pro
 CVE-2015-5997 (Impero Education Pro before 5105 uses a hardcoded CBC key and ...)
-	TODO: check
+	NOT-FOR-US: Impero Education Pro
 CVE-2015-5996
 	RESERVED
 CVE-2015-5995

More information about the Secure-testing-commits mailing list