[Secure-testing-commits] r50741 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Apr 18 03:38:11 UTC 2017 

Author: carnil
Date: 2017-04-18 03:38:11 +0000 (Tue, 18 Apr 2017)
New Revision: 50741

Modified:
   data/CVE/list
Log:
Mark some NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-18 03:22:13 UTC (rev 50740)
+++ data/CVE/list	2017-04-18 03:38:11 UTC (rev 50741)
@@ -4,7 +4,7 @@
 	NOTE: Fixed by: https://github.com/sandstorm-io/capnproto/commit/52bc956459a5e83d7c31be95763ff6399e064ae4
 	TODO: according to the advisory so far only Apple's compiler has been shown to apply the problematic optimization, so possibly "unimportant" for us, but fixed in 0.5.3.1 upstream
 CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the ...)
-	TODO: check
+	NOT-FOR-US: SourceBans++
 CVE-2017-7890
 	RESERVED
 CVE-2017-7888
@@ -36683,25 +36683,25 @@
 CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
 	NOT-FOR-US: IVYWE
 CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4873 (The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4872 (The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4870 (Cross-site scripting (XSS) vulnerability in "Schedule" function in ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4869 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4868 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4867 (The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4866 (Cross-site scripting (XSS) vulnerability in the "Project" function in ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the "Customapp" function ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2016-4864
 	RESERVED
 CVE-2016-4863
@@ -52987,7 +52987,7 @@
 CVE-2015-8257
 	RESERVED
 CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis network ...)
-	TODO: check
+	NOT-FOR-US: Axis network cameras
 CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
 	NOT-FOR-US: AXIS Communications
 CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)

More information about the Secure-testing-commits mailing list