[Secure-testing-commits] r51087 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Apr 26 21:32:53 UTC 2017 

Author: jmm
Date: 2017-04-26 21:32:53 +0000 (Wed, 26 Apr 2017)
New Revision: 51087

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-26 21:10:14 UTC (rev 51086)
+++ data/CVE/list	2017-04-26 21:32:53 UTC (rev 51087)
@@ -3,7 +3,7 @@
 CVE-2017-8285
 	RESERVED
 CVE-2017-8284 (** DISPUTED ** The disas_insn function in target/i386/translate.c in ...)
-	TODO: check
+	NOTE: qemu issue without security implication per upstream
 CVE-2017-8282
 	RESERVED
 CVE-2017-8281
@@ -1480,7 +1480,7 @@
 CVE-2017-7721
 	RESERVED
 CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to ...)
-	TODO: check
+	NOT-FOR-US: PrivateTunnel
 CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
 	NOT-FOR-US: Spider Event Calendar
 CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local ...)
@@ -1732,6 +1732,7 @@
 	- linux <unfixed>
 	[jessie] - linux <no-dsa> (Will be fixed in point release)
 	NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6)
+	NOTE: https://grsecurity.net/the_infoleak_that_mostly_wasnt.php
 CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain ...)
 	NOT-FOR-US: Synology Photo Station
 CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated ...)
@@ -6205,11 +6206,11 @@
 CVE-2017-6055 (XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 ...)
 	NOT-FOR-US: eParakstitajs and eParaksts Java lib
 CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai ...)
-	TODO: check
+	NOT-FOR-US: Hyundai
 CVE-2017-6053
 	RESERVED
 CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...)
-	TODO: check
+	NOT-FOR-US: Hyundai
 CVE-2017-6051
 	RESERVED
 CVE-2017-6050
@@ -19308,7 +19309,7 @@
 CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a ...)
 	NOT-FOR-US: IBM
 CVE-2017-1170 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1169
 	RESERVED
 CVE-2017-1168
@@ -23962,7 +23963,7 @@
 CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in ...)
 	NOT-FOR-US: IBM
 CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to conduct ...)
 	NOT-FOR-US: IBM
 CVE-2016-8960 (IBM Cognos Business Intelligence 10.2 could allow a user with lower ...)
@@ -24038,7 +24039,7 @@
 CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
 	NOT-FOR-US: IBM
 CVE-2016-8924 (IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a ...)
 	NOT-FOR-US: IBM
 CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...)

More information about the Secure-testing-commits mailing list