[Secure-testing-commits] r51123 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Apr 27 21:14:49 UTC 2017 

Author: jmm
Date: 2017-04-27 21:14:48 +0000 (Thu, 27 Apr 2017)
New Revision: 51123

Modified:
   data/CVE/list
Log:
kedpm CVEfied, NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-27 21:10:51 UTC (rev 51122)
+++ data/CVE/list	2017-04-27 21:14:48 UTC (rev 51123)
@@ -1,7 +1,7 @@
 CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API exposed by ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2017-8306
 	RESERVED
 CVE-2017-8304
@@ -9,17 +9,19 @@
 CVE-2017-8303
 	RESERVED
 CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to ...)
-	TODO: check
+	NOT-FOR-US: Mura CMS 
 CVE-2017-8300
 	RESERVED
 CVE-2017-8299
 	RESERVED
 CVE-2017-8298 (cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a ...)
-	TODO: check
+	NOT-FOR-US: cnvs.io Canvas
 CVE-2017-8297 (A path traversal vulnerability exists in simple-file-manager before ...)
-	TODO: check
+	NOT-FOR-US: simple-file-manager
 CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is ...)
-	TODO: check
+	- kedpm <unfixed> (bug #860817)
+	NOTE: patch gives workaround, will be removed from stretch/sid
+	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
 CVE-2017-8295
 	RESERVED
 CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote ...)
@@ -34,10 +36,6 @@
 	TODO: check
 CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to ...)
 	TODO: check
-CVE-2017-XXXX [kedpm: information disclosure in command history file]
-	- kedpm <unfixed> (bug #860817)
-	NOTE: patch gives workaround, will be removed from stretch/sid
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
 CVE-2017-8305 [Buffer overflow in own strlcpy implementation]
 	RESERVED
 	- udfclient <unfixed> (bug #861347)

More information about the Secure-testing-commits mailing list