[Secure-testing-commits] r54145 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Aug 1 03:37:38 UTC 2017 

Author: carnil
Date: 2017-08-01 03:37:38 +0000 (Tue, 01 Aug 2017)
New Revision: 54145

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-01 03:22:01 UTC (rev 54144)
+++ data/CVE/list	2017-08-01 03:37:38 UTC (rev 54145)
@@ -1,11 +1,11 @@
 CVE-2017-11760 (uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: ProjeQtOr
 CVE-2017-11759
 	RESERVED
 CVE-2017-11758
 	RESERVED
 CVE-2017-11757 (Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 ...)
-	TODO: check
+	NOT-FOR-US: Actian Pervasive PSQL server
 CVE-2017-XXXX [executes javascript code downloaded from insecure URL]
 	- smplayer <unfixed> (bug #870233)
 CVE-2017-XXXX [bad free in RelinquishMagickMemory]
@@ -40,7 +40,7 @@
 CVE-2017-XXXX [Lack of validation of png file]
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870105)
 CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Earcms
 CVE-2017-11755 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/634
@@ -85,9 +85,9 @@
 CVE-2017-11745
 	RESERVED
 CVE-2017-11744 (In MODX Revolution 2.5.7, the "key" and "name" parameters in the System ...)
-	TODO: check
+	NOT-FOR-US: MODX Revolution
 CVE-2017-11743 (MEDHOST Connex contains a hard-coded Mirth Connect admin credential ...)
-	TODO: check
+	NOT-FOR-US: MEDHOST Connex
 CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in ...)
 	- expat <not-affected> (Windows specfic issue)
 CVE-2017-11741
@@ -1281,7 +1281,7 @@
 CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
 	TODO: check
 CVE-2017-11330 (The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in ...)
-	TODO: check
+	NOT-FOR-US: DivFix++
 CVE-2017-11329 (GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php ...)
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone

More information about the Secure-testing-commits mailing list