[Secure-testing-commits] r50403 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Apr 6 09:21:59 UTC 2017 

Author: jmm
Date: 2017-04-06 09:21:59 +0000 (Thu, 06 Apr 2017)
New Revision: 50403

Modified:
   data/CVE/list
Log:
NFUs
one more issue in nextcloud


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-06 09:20:31 UTC (rev 50402)
+++ data/CVE/list	2017-04-06 09:21:59 UTC (rev 50403)
@@ -229,13 +229,13 @@
 CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.hh ...)
 	- lepton <unfixed>
 CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...)
-	TODO: check
+	NOT-FOR-US: HelpDEZk
 CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of ...)
-	TODO: check
+	NOT-FOR-US: HelpDEZk
 CVE-2017-7445
 	RESERVED
 CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-7443
 	RESERVED
 CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...)
@@ -1710,7 +1710,7 @@
 CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...)
 	NOT-FOR-US: Firmware on some Broadcom SoCs
 CVE-2017-6956 (On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer ...)
-	TODO: check
+	NOT-FOR-US: Firmware on some Broadcom SoCs
 CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone ...)
 	NOT-FOR-US: wordpress Anyone plugin
 CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress ...)
@@ -14493,7 +14493,7 @@
 CVE-2017-2382 (An issue was discovered in certain Apple products. macOS Server before ...)
 	NOT-FOR-US: Apple
 CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check, might affect sudo
+	NOT-FOR-US: Apple, that's likely just a broken sudo config
 CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)

More information about the Secure-testing-commits mailing list