[Secure-testing-commits] r40315 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Mar 10 22:38:51 UTC 2016 

Author: jmm
Date: 2016-03-10 22:38:47 +0000 (Thu, 10 Mar 2016)
New Revision: 40315

Modified:
   data/CVE/list
Log:
NFUs
drop some obsolete TODOs
remove kryo nonissue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-10 22:13:20 UTC (rev 40314)
+++ data/CVE/list	2016-03-10 22:38:47 UTC (rev 40315)
@@ -353,12 +353,6 @@
 	RESERVED
 CVE-2016-2784
 	RESERVED
-CVE-2016-XXXX [Type registration should be required]
-	- libkryo-java <unfixed>
-	NOTE: https://github.com/EsotericSoftware/kryo/issues/398
-	NOTE: https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-1-kryo
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/01/16
-	TODO: check
 CVE-2015-8818
 	RESERVED
 	- qemu 1:2.4+dfsg-1a
@@ -1129,7 +1123,6 @@
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-12.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1
 	NOTE: Fixed versions: 2.0.2
-	TODO: check
 CVE-2016-2532 (The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c ...)
 	- wireshark 2.0.2+ga16e22e-1
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
@@ -1931,9 +1924,9 @@
 CVE-2016-2284
 	RESERVED
 CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
-	TODO: check
+	NOT-FOR-US: Moxa ioLogik E2200 devices
 CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
-	TODO: check
+	NOT-FOR-US: Moxa ioLogik E2200 devices
 CVE-2016-2281
 	RESERVED
 CVE-2016-2280
@@ -2469,7 +2462,6 @@
 	[wheezy] - ruby-actionpack-2.3 <end-of-life>
 	NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x
 	NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
-	TODO: check
 CVE-2016-2097
 	RESERVED
 	{DSA-3509-1}
@@ -3049,7 +3041,6 @@
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
-	TODO: check WebRTC
 CVE-2016-1972
 	RESERVED
 	- iceweasel <not-affected> (Windows-specific)
@@ -3869,7 +3860,6 @@
 	- roundcube 1.1.4+dfsg.1-1
 	NOTE: https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/
 	NOTE: https://github.com/roundcube/roundcubemail/commit/10e5192a2b1bc90ec137f5e69d0aa072c1210d6d
-	TODO: check older versions
 CVE-2015-8769 (SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows ...)
 	- joomla <itp> (bug #571794)
 CVE-2016-1711
@@ -4301,23 +4291,23 @@
 	NOT-FOR-US: Click package manager
 	NOTE: http://www.ubuntu.com/usn/usn-2771-1/
 CVE-2015-8766 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Symphony CMS
 CVE-2015-8765 (Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, ...)
 	NOT-FOR-US: McAfee
 CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...)
 	NOT-FOR-US: Values module for Drupal
 CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink function in ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2015-8758 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2015-8757 (Cross-site scripting (XSS) vulnerability in the Extension Manager in ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2015-8756 (Cross-site scripting (XSS) vulnerability in the search result view in ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2015-8755 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2015-8754 (The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote ...)
 	NOT-FOR-US: Mollom module for Drupal
 CVE-2015-8753 (SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization ...)
@@ -5130,7 +5120,6 @@
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83bad0215dae54e77d34f8b187900125f672366e
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11817
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-53.html
-	TODO: check
 CVE-2015-8734 (The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP ...)
 	- wireshark 2.0.1+g59ea380-1
 	[jessie] - wireshark <not-affected> (Only affects 2.x)
@@ -5290,7 +5279,6 @@
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d34267d0503a67235bf259fd2f2f2d2bb8b18cf5
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11610
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-33.html
-	TODO: check if actually fixed earlier
 CVE-2015-8713 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
 	{DSA-3505-1}
 	- wireshark 2.0.1+g59ea380-1
@@ -5813,19 +5801,16 @@
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
-	TODO: check
 CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ...)
 	- ffmpeg 7:2.8.4-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
-	TODO: check
 CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c in ...)
 	- ffmpeg 7:2.8.3-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
-	TODO: check
 CVE-2015-8658 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2015-8657 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
@@ -6175,11 +6160,11 @@
 CVE-2016-1010
 	RESERVED
 CVE-2016-1009 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2016-1008 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2016-1007 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2016-1006
 	RESERVED
 CVE-2016-1005
@@ -6285,7 +6270,7 @@
 CVE-2016-0955 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ...)
 	NOT-FOR-US: Adobe
 CVE-2016-0954 (Adobe Digital Editions before 4.5.1 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2016-0953 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...)
 	NOT-FOR-US: Adobe
 CVE-2016-0952 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...)
@@ -6482,7 +6467,6 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/16/1
 	NOTE: Possibly introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518 (v1.6.0-rc0)
-	TODO: check affected versions, see note
 CVE-2016-0930
 	RESERVED
 CVE-2016-0929

More information about the Secure-testing-commits mailing list