[Secure-testing-commits] r54205 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Aug 2 16:47:32 UTC 2017


Author: jmm
Date: 2017-08-02 16:47:32 +0000 (Wed, 02 Aug 2017)
New Revision: 54205

Modified:
   data/CVE/list
Log:
NFUs
new libquicktime issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-02 13:47:52 UTC (rev 54204)
+++ data/CVE/list	2017-08-02 16:47:32 UTC (rev 54205)
@@ -6,9 +6,9 @@
 	NOTE: https://github.com/varnishcache/varnish-cache/issues/2379
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/09731b24b2225e3c0d66d3ec1b4fedef6fa22b6e
 CVE-2017-12200 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-12199 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-12198
 	RESERVED
 CVE-2017-12197
@@ -116,12 +116,14 @@
 CVE-2017-12146
 	RESERVED
 CVE-2017-12145 (In libquicktime 1.2.4, an allocation failure was found in the function ...)
-	TODO: check
+	- libquicktime <unfixed> (unimportant)
+	NOTE: Negligable security impact
 CVE-2017-12144 (In ytnef 1.9.2, an allocation failure was found in the function ...)
 	- libytnef <unfixed>
 	NOTE: https://github.com/Yeraze/ytnef/issues/51
 CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the function ...)
-	TODO: check
+	- libquicktime <unfixed> (unimportant)
+	NOTE: Negligable security impact
 CVE-2017-12142 (In ytnef 1.9.2, an invalid memory read vulnerability was found in the ...)
 	- libytnef <unfixed>
 	NOTE: https://github.com/Yeraze/ytnef/issues/49
@@ -134,9 +136,9 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6bf56fbe1fc551f198c3491ed58d56bb5efea23c
 CVE-2017-12139 (XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing ...)
-	TODO: check
+	NOT-FOR-US: XOOPS
 CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: XOOPS
 CVE-2017-12137
 	RESERVED
 CVE-2017-12136




More information about the Secure-testing-commits mailing list