[Secure-testing-commits] r41881 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu May 19 10:57:29 UTC 2016 

Author: jmm
Date: 2016-05-19 10:57:29 +0000 (Thu, 19 May 2016)
New Revision: 41881

Modified:
   data/CVE/list
Log:
NFUs
openslp confirmed n/a


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-19 10:35:20 UTC (rev 41880)
+++ data/CVE/list	2016-05-19 10:57:29 UTC (rev 41881)
@@ -205,9 +205,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
 CVE-2016-4912
 	- openslp-dfsg <not-affected> (Vulnerable code not present)
-	NOTE: Issue seems present only in OpenSLP 2.x where the return from malloc
-	NOTE: isn't checked.
-	TODO: double-check
+	NOTE: Issue present only in OpenSLP 2.x where the return from malloc isn't checked.
 CVE-2016-4911 [Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass]
 	RESERVED
 	- keystone 2:9.0.0-2 (bug #824683)
@@ -286,7 +284,7 @@
 CVE-2014-9774
 	RESERVED
 CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2016-4785
 	RESERVED
 CVE-2016-4784
@@ -947,13 +945,13 @@
 CVE-2016-4500
 	RESERVED
 CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x ...)
-	TODO: check
+	NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4498 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an ...)
-	TODO: check
+	NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4497 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
-	TODO: check
+	NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4496 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
-	TODO: check
+	NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4495
 	RESERVED
 CVE-2016-4494
@@ -2018,7 +2016,7 @@
 CVE-2016-4059 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before ...)
 	NOT-FOR-US: Foxit
 CVE-2016-4074 (The jv_dump_term function in jq 1.5 allows remote attackers to cause a ...)
-	- jq <unfixed> (bug #822456)
+	- jq <unfixed> (low; bug #822456)
 	[jessie] - jq <no-dsa> (Minor issue)
 	NOTE: https://github.com/stedolan/jq/issues/1136
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/24/3
@@ -2237,7 +2235,7 @@
 	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/20/5
 CVE-2015-8863 (Off-by-one error in the tokenadd function in jv_parse.c in jq allows ...)
-	- jq <unfixed> (bug #802231)
+	- jq <unfixed> (low; bug #802231)
 	[jessie] - jq <no-dsa> (Minor issue)
 	NOTE: https://github.com/stedolan/jq/issues/995
 	NOTE: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd

More information about the Secure-testing-commits mailing list