[Secure-testing-commits] r44189 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Sat Aug 27 21:11:35 UTC 2016


Author: mgilbert
Date: 2016-08-27 21:11:35 +0000 (Sat, 27 Aug 2016)
New Revision: 44189

Modified:
   data/CVE/list
Log:
nfus

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-27 21:10:12 UTC (rev 44188)
+++ data/CVE/list	2016-08-27 21:11:35 UTC (rev 44189)
@@ -21,7 +21,7 @@
 	NOTE: fault outcomes.
 	NOTE: Debian does not include INPUTRC by default in /etc/sudoers
 CVE-2016-7089 (WatchGuard RapidStream appliances allow local users to gain privileges ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2016-7088
 	RESERVED
 CVE-2016-7087
@@ -379,7 +379,7 @@
 CVE-2016-6910
 	RESERVED
 CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2016-6908
 	RESERVED
 CVE-2016-6907
@@ -2017,7 +2017,7 @@
 CVE-2016-6370
 	RESERVED
 CVE-2016-6369 (Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6368
 	RESERVED
 CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA ...)
@@ -2736,7 +2736,7 @@
 	RESERVED
 	- lepton 1.2.1-1 (bug #831814)
 CVE-2016-6231 (Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2016-6230
 	RESERVED
 CVE-2016-6229
@@ -4430,7 +4430,7 @@
 CVE-2016-5682
 	RESERVED
 CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2016-5680
 	RESERVED
 CVE-2016-5679
@@ -4446,7 +4446,7 @@
 CVE-2016-5674
 	RESERVED
 CVE-2016-5673 (UltraVNC Repeater before 1300 does not restrict destination IP ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x ...)
 	- crosswalk <itp> (bug #775876)
 CVE-2016-5671 (Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron ...)
@@ -4886,29 +4886,29 @@
 CVE-2016-5477 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
 	- glassfish <not-affected> (Full application server not packaged)
 CVE-2016-5476 (Unspecified vulnerability in the Oracle Retail Integration Bus ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5475 (Unspecified vulnerability in the Oracle Retail Service Backbone ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5474 (Unspecified vulnerability in the Oracle Retail Service Backbone ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5473 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5472 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5471 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2016-5470 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5469 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5468 (Unspecified vulnerability in the Siebel UI Framework component in ...)
 	NOT-FOR-US: Oracle Siebel CRM
 CVE-2016-5467 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5466 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
 	NOT-FOR-US: Oracle Siebel CRM
 CVE-2016-5465 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5464 (Unspecified vulnerability in the Siebel UI Framework component in ...)
 	NOT-FOR-US: Oracle Siebel CRM
 CVE-2016-5463 (Unspecified vulnerability in the Siebel UI Framework component in ...)
@@ -4922,33 +4922,33 @@
 CVE-2016-5459 (Unspecified vulnerability in the Siebel Core - Common Components ...)
 	NOT-FOR-US: Oracle Siebel CRM
 CVE-2016-5458 (Unspecified vulnerability in the Oracle Communications EAGLE ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5457 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5456 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
 	NOT-FOR-US: Oracle Siebel CRM
 CVE-2016-5455 (Unspecified vulnerability in the Oracle Communications Messaging ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5454 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5453 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5452 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5451 (Unspecified vulnerability in the Siebel UI Framework component in ...)
 	NOT-FOR-US: Oracle Siebel CRM
 CVE-2016-5450 (Unspecified vulnerability in the Siebel UI Framework component in ...)
 	NOT-FOR-US: Oracle Siebel CRM
 CVE-2016-5449 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5448 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5447 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5446 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5445 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-5444 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
 	- mariadb-10.0 10.0.25-1
 	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
@@ -4990,7 +4990,7 @@
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
 CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-6211 [SA-CORE-2016-002 -- User module -- Saving user accounts can sometimes grant the user all roles]
 	RESERVED
 	{DSA-3604-1 DLA-550-1}
@@ -5009,7 +5009,7 @@
 	[jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
 	NOTE: https://bugs.python.org/issue26171
 CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2016-5434
 	RESERVED
 	NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library)
@@ -5250,13 +5250,13 @@
 CVE-2016-5369
 	RESERVED
 CVE-2016-5368 (Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5367 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5366 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5365 (Stack-based buffer overflow in Huawei Honor WS851 routers with ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5364
 	RESERVED
 	{DLA-512-1}
@@ -5487,19 +5487,19 @@
 CVE-2016-5309
 	RESERVED
 CVE-2016-5308 (The Client Intrusion Detection System (CIDS) driver before 15.0.6 in ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint Protection ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-5306 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-5305 (Multiple cross-site scripting (XSS) vulnerabilities in management ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-5304 (Open redirect vulnerability in a report-routing component in Symantec ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-5303
 	RESERVED
 CVE-2016-5302 (Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2015-8935 (The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...)
 	- php5 5.6.6+dfsg-1
 	[wheezy] - php5 5.4.38-0+deb7u1
@@ -5832,9 +5832,9 @@
 	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
 CVE-2016-5249 (Lenovo Solution Center (LSC) before 3.3.003 allows local users to ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2016-5248 (The StopProxy command in LSC.Services.SystemService in Lenovo Solution ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2016-5247
 	RESERVED
 CVE-2016-5246
@@ -6091,19 +6091,19 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
 CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5233 (Huawei Mate 8 smartphones with software NXT-AL10 before ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5232 (Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5231 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5230 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-5229 (Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2016-5228 (Stack-based buffer overflow in the PlayMacro function in ...)
-	TODO: check
+	NOT-FOR-US: Rumba
 CVE-2016-5227
 	RESERVED
 CVE-2016-5226
@@ -6492,7 +6492,7 @@
 CVE-2016-5110
 	RESERVED
 CVE-2016-5109 (Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2015-8887
 	RESERVED
 CVE-2015-8886
@@ -6556,7 +6556,7 @@
 	NOTE: also confirmed this crashes v4.0.2 in wheezy
 	NOTE: Upstream will remove gif2tiff from 4.0.7 release
 CVE-2016-5101 (Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2016-5100
 	RESERVED
 CVE-2016-5099 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before ...)
@@ -6575,7 +6575,7 @@
 	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
 CVE-2016-5092 (Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in ...)
 	{DSA-3598-1}
 	- vlc 2.2.3-2 (bug #825728)
@@ -6589,7 +6589,7 @@
 CVE-2016-5088
 	RESERVED
 CVE-2016-5087 (Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak ...)
-	TODO: check
+	NOT-FOR-US: Alertus
 CVE-2016-5086
 	RESERVED
 CVE-2016-5085
@@ -6601,7 +6601,7 @@
 CVE-2016-5082
 	RESERVED
 CVE-2016-5081 (ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, ...)
-	TODO: check
+	NOT-FOR-US: ZModo
 CVE-2016-5080 (Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in ...)
 	NOT-FOR-US: Objective Systems Inc. ASN1C compiler
 	NOTE: https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
@@ -6680,13 +6680,13 @@
 CVE-2016-5024
 	RESERVED
 CVE-2016-5023 (Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 ...)
-	TODO: check
+	NOT-FOR-US: BIG-IP
 CVE-2016-5022
 	RESERVED
 CVE-2016-5021 (The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
-	TODO: check
+	NOT-FOR-US: BIG-IP
 CVE-2016-5020 (F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: BIG-IP
 CVE-2016-5019
 	RESERVED
 CVE-2016-5018
@@ -7419,19 +7419,19 @@
 CVE-2016-4838
 	RESERVED
 CVE-2016-4837 (SQL injection vulnerability in the Seed Coupon plugin before 1.6 for ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2016-4836
 	RESERVED
 CVE-2016-4835
 	RESERVED
 CVE-2016-4834 (modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does ...)
-	TODO: check
+	NOT-FOR-US: Vtiger
 CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin ...)
-	TODO: check
+	NOT-FOR-US: Nofollow Links plugin for WordPress
 CVE-2016-4832
 	RESERVED
 CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 ...)
-	TODO: check
+	NOT-FOR-US: LINE
 CVE-2016-4830
 	RESERVED
 CVE-2016-4829
@@ -7445,33 +7445,33 @@
 CVE-2016-4825 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows ...)
 	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
 CVE-2016-4824 (The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV ...)
-	TODO: check
+	NOT-FOR-US: Corega
 CVE-2016-4823 (Corega CG-WLBARAGM devices allow remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Corega
 CVE-2016-4822 (Corega CG-WLBARGL devices allow remote authenticated users to execute ...)
-	TODO: check
+	NOT-FOR-US: Corega
 CVE-2016-4821 (I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: I-O DATA
 CVE-2016-4820 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ...)
-	TODO: check
+	NOT-FOR-US: I-O DATA
 CVE-2016-4819 (The printfDx function in Takumi Yamada DX Library for Borland C++ ...)
-	TODO: check
+	NOT-FOR-US: Borland
 CVE-2016-4818
 	RESERVED
 CVE-2016-4817 (lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 ...)
-	TODO: check
+	NOT-FOR-US: H2O
 CVE-2016-4816 (BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and ...)
-	TODO: check
+	NOT-FOR-US: BUFFALO
 CVE-2016-4815 (Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with ...)
-	TODO: check
+	NOT-FOR-US: BUFFALO
 CVE-2016-4814 (Directory traversal vulnerability in kml2jsonp.php in Geospatial ...)
-	TODO: check
+	NOT-FOR-US: Old_GSI_Maps
 CVE-2016-4813 (NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat ...)
-	TODO: check
+	NOT-FOR-US: NetCommons
 CVE-2016-4812 (Cross-site scripting (XSS) vulnerability in the Markdown on Save ...)
 	NOT-FOR-US: Markdown on Save Improved plugin for WordPress
 CVE-2016-4811 (The NTT Broadband Platform Japan Connected-free Wi-Fi application ...)
-	TODO: check
+	NOT-FOR-US: NTT
 CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR ...)
 	NOT-FOR-US: Citrix
 CVE-2016-4913 (The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux ...)
@@ -7500,7 +7500,7 @@
 CVE-2016-4806
 	RESERVED
 CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...)
-	TODO: check
+	NOT-FOR-US: dotCMS
 CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl ...)
 	TODO: check
 CVE-2016-4801
@@ -7829,29 +7829,29 @@
 CVE-2016-4657 (WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ...)
 	TODO: check
 CVE-2016-4656 (The kernel in Apple iOS before 9.3.5 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4655 (The kernel in Apple iOS before 9.3.5 allows attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4654 (IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4653 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4652 (CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4651 (Cross-site scripting (XSS) vulnerability in the WebKit JavaScript ...)
 	TODO: check
 CVE-2016-4650
 	RESERVED
 CVE-2016-4649 (Audio in Apple OS X before 10.11.6 allows local users to cause a ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4648 (Audio in Apple OS X before 10.11.6 allows local users to obtain ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4647 (Audio in Apple OS X before 10.11.6 allows local users to gain ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4646 (Audio in Apple OS X before 10.11.6 mishandles a size value, which ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4645 (CFNetwork in Apple OS X before 10.11.6 uses weak permissions for ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4644
 	RESERVED
 CVE-2016-4643
@@ -7859,39 +7859,39 @@
 CVE-2016-4642
 	RESERVED
 CVE-2016-4641 (Login Window in Apple OS X before 10.11.6 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4640 (Login Window in Apple OS X before 10.11.6 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4639 (Login Window in Apple OS X before 10.11.6 does not properly initialize ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4638 (Login Window in Apple OS X before 10.11.6 allows attackers to gain ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4637 (CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4636
 	RESERVED
 CVE-2016-4635 (FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4634 (The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4633 (Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4632 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4631 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4630 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4629 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4628 (IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4627 (IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4626 (IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4625 (Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4624 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
 	TODO: check
 CVE-2016-4623 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
@@ -7899,7 +7899,7 @@
 CVE-2016-4622 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
 	TODO: check
 CVE-2016-4621 (libc++abi in Apple OS X before 10.11.6 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4620
 	RESERVED
 CVE-2016-4619 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
@@ -7931,31 +7931,31 @@
 CVE-2016-4606
 	RESERVED
 CVE-2016-4605 (Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4604 (Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4603 (Web Media in Apple iOS before 9.3.3 allows attackers to bypass the ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4602 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4601 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4600 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4599 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4598 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4597 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4596 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4595 (Safari Login AutoFill in Apple OS X before 10.11.6 allows physically ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4594 (The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4593 (The Siri Contacts component in Apple iOS before 9.3.3 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4592 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
 	TODO: check
 CVE-2016-4591 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
@@ -7977,7 +7977,7 @@
 CVE-2016-4583 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
 	TODO: check
 CVE-2016-4582 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
 	{DSA-3607-1 DLA-516-1}
 	- linux 4.5.5-1
@@ -8048,7 +8048,7 @@
 	- imagemagick <unfixed> (bug #832885)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
 CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere allows ...)
-	TODO: check
+	NOT-FOR-US: Flexera
 CVE-2016-4559
 	RESERVED
 CVE-2016-4552
@@ -8167,7 +8167,7 @@
 CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan ...)
 	NOT-FOR-US: McAfee VirusScan Console
 CVE-2016-4533 (Heap-based buffer overflow in WECON LeviStudio allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: LeviStudio
 CVE-2016-4532 (Directory traversal vulnerability in the WAP interface in Trihedral ...)
 	TODO: check
 CVE-2016-4531 (Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not ...)




More information about the Secure-testing-commits mailing list