[Secure-testing-commits] r50361 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Apr 5 04:44:31 UTC 2017 

Author: carnil
Date: 2017-04-05 04:44:31 +0000 (Wed, 05 Apr 2017)
New Revision: 50361

Modified:
   data/CVE/list
Log:
Process some NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-05 04:35:08 UTC (rev 50360)
+++ data/CVE/list	2017-04-05 04:44:31 UTC (rev 50361)
@@ -83,9 +83,9 @@
 CVE-2017-7399
 	RESERVED
 CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2017-7397 (BackBox Linux 4.6 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOT-FOR-US: BackBox OS specific CVE assignment
 CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an ...)
 	- tigervnc <unfixed> (bug #859259)
 	NOTE: https://github.com/TigerVNC/tigervnc/pull/436
@@ -293,11 +293,11 @@
 	- mantis <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
 CVE-2017-7307 (Riverbed RiOS before 9.0.1 does not properly restrict shell access in ...)
-	TODO: check
+	NOT-FOR-US: Riverbed RiOS
 CVE-2017-7306 (** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password ...)
-	TODO: check
+	NOT-FOR-US: Riverbed RiOS
 CVE-2017-7305 (** DISPUTED ** Riverbed RiOS through 9.6.0 does not require a ...)
-	TODO: check
+	NOT-FOR-US: Riverbed RiOS
 CVE-2017-7304 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
 	- binutils 2.27.51.20161212-1
 	[jessie] - binutils <no-dsa> (Minor issue)
@@ -5066,7 +5066,7 @@
 CVE-2017-5671 (Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 ...)
 	NOT-FOR-US: Honeywell
 CVE-2017-5670 (Riverbed RiOS through 9.6.0 deletes the secure vault with the rm ...)
-	TODO: check
+	NOT-FOR-US: Riverbed RiOS
 CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...)
 	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
@@ -38558,7 +38558,7 @@
 CVE-2016-3741 (The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2016-3740 (Heap-based buffer overflow in the CreateFXPDFConvertor function in ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2016-3739 (The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...)
 	- curl 7.50.1-1 (unimportant)
 	NOTE: only relevant when built with mbedTLS/PolarSSL

More information about the Secure-testing-commits mailing list