[Secure-testing-commits] r50634 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Apr 13 21:31:16 UTC 2017 

Author: jmm
Date: 2017-04-13 21:31:16 +0000 (Thu, 13 Apr 2017)
New Revision: 50634

Modified:
   data/CVE/list
Log:
new rtmpdump issues
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-13 21:23:31 UTC (rev 50633)
+++ data/CVE/list	2017-04-13 21:31:16 UTC (rev 50634)
@@ -52761,11 +52761,14 @@
 CVE-2015-8273
 	RESERVED
 CVE-2015-8272 (RTMPDump 2.4 allows remote attackers to trigger a denial of service ...)
-	TODO: check
+	- rtmpdump <unfixed>
+	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0068/
 CVE-2015-8271 (The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote ...)
-	TODO: check
+	- rtmpdump <unfixed>
+	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0067/
 CVE-2015-8270 (The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote ...)
-	TODO: check
+	- rtmpdump <unfixed>
+	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0066/
 CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote attackers ...)
 	NOT-FOR-US: Fisher-Price
 CVE-2015-8268 (The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 ...)
@@ -52872,7 +52875,7 @@
 CVE-2015-8224
 	RESERVED
 CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package before ...)
 	- lxd <itp> (bug #768073)
 CVE-2015-8221 (Integer overflow in Google Picasa before 3.9.140 Build 259 allows ...)
@@ -68009,7 +68012,7 @@
 CVE-2015-2948 (Cross-site scripting (XSS) vulnerability in the image processor in ...)
 	NOT-FOR-US: Zenphoto
 CVE-2015-2947 (KanColleViewer versions 3.8.1 and earlier operates as an open proxy ...)
-	TODO: check
+	NOT-FOR-US: KanColleViewer
 CVE-2015-2946 (Stack-based buffer overflow in the Open CAD Format Council SXF common ...)
 	NOT-FOR-US: Open CAD Format Council SXF common library
 CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does ...)
@@ -82232,9 +82235,9 @@
 CVE-2014-7922 (The GoogleAuthUtil.getToken method in the Google Play services SDK ...)
 	NOT-FOR-US: Google Play
 CVE-2014-7921 (mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: Android MediaServer
 CVE-2014-7920 (mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: Android MediaServer
 CVE-2014-7919
 	RESERVED
 CVE-2014-7918
@@ -91859,7 +91862,7 @@
 CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS ...)
 	NOT-FOR-US: Yokogawa
 CVE-2014-3887 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk ...)
-	TODO: check
+	NOT-FOR-US: I-O DATA DEVICE
 CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when ...)
 	NOT-FOR-US: Webmin
 CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...)
@@ -95353,7 +95356,7 @@
 CVE-2014-2711 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos ...)
 	NOT-FOR-US: Juniper Junos
 CVE-2014-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver ...)
-	TODO: check
+	NOT-FOR-US: Oliver (formerly Webshar)
 CVE-2014-2705
 	RESERVED
 CVE-2014-2704

More information about the Secure-testing-commits mailing list