[Secure-testing-commits] r54481 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Aug 9 13:35:48 UTC 2017


Author: jmm
Date: 2017-08-09 13:35:48 +0000 (Wed, 09 Aug 2017)
New Revision: 54481

Modified:
   data/CVE/list
Log:
NFUs
miniupnpc no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-09 12:55:49 UTC (rev 54480)
+++ data/CVE/list	2017-08-09 13:35:48 UTC (rev 54481)
@@ -2156,7 +2156,7 @@
 CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in ...)
 	- expat <not-affected> (Windows specfic issue)
 CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
 CVE-2017-11740
 	RESERVED
 CVE-2017-11739
@@ -3830,15 +3830,15 @@
 CVE-2017-11156
 	RESERVED
 CVE-2017-11155 (An information exposure vulnerability in index.php in Synology Photo ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-11154 (Unrestricted file upload vulnerability in PixlrEditorHandler.php in ...)
 	TODO: check
 CVE-2017-11153 (Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-11152 (Directory traversal vulnerability in PixlrEditorHandler.php in ...)
 	TODO: check
 CVE-2017-11151 (A vulnerability in synotheme_upload.php in Synology Photo Station ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-11150
 	RESERVED
 CVE-2017-11149
@@ -4051,6 +4051,7 @@
 	NOT-FOR-US: ATutor
 CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message validation flaw ...)
 	- fedmsg <removed> (bug #868508)
+	[jessie] - fedmsg <no-dsa> (Minor issue)
 	NOTE: https://github.com/fedora-infra/fedmsg/commit/5c21cf88a
 CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...)
 	{DSA-3914-1}
@@ -6697,35 +6698,35 @@
 CVE-2017-10259
 	RESERVED
 CVE-2017-10258 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10257 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10256 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10255 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10254 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10253 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10252 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10251 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10250 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10249 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10248 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10247 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10246 (Vulnerability in the Oracle Application Object Library component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10245 (Vulnerability in the Oracle General Ledger component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10244 (Vulnerability in the Oracle Application Object Library component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10243 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
 	- openjdk-8 8u141-b15-1
 	- openjdk-7 <removed>
@@ -6764,55 +6765,55 @@
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 	[wheezy] - virtualbox <end-of-life> (DSA 3454)
 CVE-2017-10234 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10233 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
 	- virtualbox 5.1.24-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 	[wheezy] - virtualbox <end-of-life> (DSA 3454)
 CVE-2017-10232 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10231 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10230 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10229 (Vulnerability in the Oracle Hospitality Cruise Materials Management ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10228 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10227
 	RESERVED
 CVE-2017-10226 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10225 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10224 (Vulnerability in the Oracle Hospitality Inventory Management component ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10223 (Vulnerability in the Oracle Hospitality Materials Control component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10222 (Vulnerability in the Oracle Hospitality Materials Control component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10221 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10220 (Vulnerability in the Hospitality Property Interfaces component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10219 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10218 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10217 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10216 (Vulnerability in the Hospitality Property Interfaces component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10215 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2017-10214 (Vulnerability in the Oracle Retail Xstore Point of Service component ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10213 (Vulnerability in the Hospitality Suite8 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10212 (Vulnerability in the Hospitality Suite8 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10211 (Vulnerability in the Hospitality Suite8 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10210 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
 	- virtualbox 5.1.24-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
@@ -6822,13 +6823,13 @@
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 	[wheezy] - virtualbox <end-of-life> (DSA 3454)
 CVE-2017-10208 (Vulnerability in the Oracle Hospitality e7 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10207 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10206 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10205 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10204 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
 	- virtualbox 5.1.24-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
@@ -6836,13 +6837,13 @@
 CVE-2017-10203
 	RESERVED
 CVE-2017-10202 (Vulnerability in the OJVM component of Oracle Database Server. ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10201 (Vulnerability in the Oracle Hospitality e7 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10200 (Vulnerability in the Oracle Hospitality e7 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10199 (Vulnerability in the Oracle iLearning component of Oracle iLearning ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10198 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -6852,9 +6853,9 @@
 CVE-2017-10197
 	RESERVED
 CVE-2017-10196 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10195 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10194
 	RESERVED
 CVE-2017-10193 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
@@ -6864,59 +6865,59 @@
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10192 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10191 (Vulnerability in the Oracle Web Analytics component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10190
 	RESERVED
 CVE-2017-10189 (Vulnerability in the Hospitality Suite8 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10188 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10187 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
 	- virtualbox 5.1.24-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 	[wheezy] - virtualbox <end-of-life> (DSA 3454)
 CVE-2017-10186 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10185 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10184 (Vulnerability in the Oracle Field Service component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10183 (Vulnerability in the Oracle Retail Xstore Point of Service component ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10182 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10181 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10180 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10179 (Vulnerability in the Application Management Pack for Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10178 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10177 (Vulnerability in the Oracle Application Object Library component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10176 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
 	- openjdk-7 <removed>
 CVE-2017-10175 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10174 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10173 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10172 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10171 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10170 (Vulnerability in the Oracle Field Service component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10169 (Vulnerability in the Oracle Hospitality 9700 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10168 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10167
 	RESERVED
 CVE-2017-10166
@@ -6932,15 +6933,15 @@
 CVE-2017-10161
 	RESERVED
 CVE-2017-10160 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
-	TODO: check
+	NOT-FOR-US: Primavera
 CVE-2017-10159
 	RESERVED
 CVE-2017-10158
 	RESERVED
 CVE-2017-10157 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10156 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10155
 	RESERVED
 CVE-2017-10154
@@ -6953,25 +6954,25 @@
 CVE-2017-10151
 	RESERVED
 CVE-2017-10150 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
-	TODO: check
+	NOT-FOR-US: Primavera
 CVE-2017-10149 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
-	TODO: check
+	NOT-FOR-US: Primavera
 CVE-2017-10148 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10147 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10146 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10145 (Vulnerability in the Java Advanced Management Console component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10144 (Vulnerability in the Oracle Applications Manager component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10143 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10142 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10141 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10140
 	RESERVED
 CVE-2017-10139
@@ -6979,9 +6980,9 @@
 CVE-2017-10138
 	RESERVED
 CVE-2017-10137 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10136 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10135 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -6990,40 +6991,40 @@
 	[wheezy] - openjdk-6 <end-of-life>
 	NOTE: OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/079cd6c5de27
 CVE-2017-10134 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10133 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10132 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10131 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10130 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10129 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
 	- virtualbox 5.1.24-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 	[wheezy] - virtualbox <end-of-life> (DSA 3454)
 CVE-2017-10128 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10127
 	RESERVED
 CVE-2017-10126 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10125 (Vulnerability in the Java SE component of Oracle Java SE ...)
 	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2017-10124
 	RESERVED
 CVE-2017-10123 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10122 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10121 (Vulnerability in the Java Advanced Management Console component of ...)
 	NOT-FOR-US: Java Advanced Management Console
 CVE-2017-10120 (Vulnerability in the RDBMS Security component of Oracle Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10119 (Vulnerability in the Oracle Service Bus component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10118 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -7045,9 +7046,9 @@
 CVE-2017-10114 (Vulnerability in the Java SE component of Oracle Java SE ...)
 	- openjfx <unfixed> (bug #870860)
 CVE-2017-10113 (Vulnerability in the Oracle Common Applications component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10112 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10111 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -7076,7 +7077,7 @@
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10106 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10105 (Vulnerability in the Java SE component of Oracle Java SE ...)
 	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -7084,7 +7085,7 @@
 CVE-2017-10104 (Vulnerability in the Java Advanced Management Console component of ...)
 	NOT-FOR-US: Java Advanced Management Console
 CVE-2017-10103 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10102 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -7098,13 +7099,13 @@
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10100 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10099
 	RESERVED
 CVE-2017-10098 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10097 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10096 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -7112,15 +7113,15 @@
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10095 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10094 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10093 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10092 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10091 (Vulnerability in the Enterprise Manager Base Platform component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10090 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -7132,7 +7133,7 @@
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10088 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10087 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -7142,13 +7143,13 @@
 CVE-2017-10086 (Vulnerability in the Java SE component of Oracle Java SE ...)
 	- openjfx <unfixed> (bug #870860)
 CVE-2017-10085 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10084 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10083 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10082 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10081 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -7156,18 +7157,18 @@
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10080 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10079 (Vulnerability in the Oracle Hospitality Suites Management component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10078 (Vulnerability in the Java SE component of Oracle Java SE ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
 CVE-2017-10077
 	RESERVED
 CVE-2017-10076 (Vulnerability in the Oracle Hospitality Simphony First Edition Venue ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10075 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10074 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
@@ -7175,15 +7176,15 @@
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10073 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10072 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10071 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10070 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10069 (Vulnerability in the Oracle Payment Interface component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10068
 	RESERVED
 CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE ...)
@@ -7197,23 +7198,23 @@
 CVE-2017-10065
 	RESERVED
 CVE-2017-10064 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10063 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10062 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10061 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10060
 	RESERVED
 CVE-2017-10059 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10058 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10057 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10056 (Vulnerability in the Oracle Hospitality 9700 component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10055
 	RESERVED
 CVE-2017-10054
@@ -7225,111 +7226,111 @@
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10052 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10051
 	RESERVED
 CVE-2017-10050
 	RESERVED
 CVE-2017-10049 (Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10048 (Vulnerability in the Oracle Enterprise Repository component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10047 (Vulnerability in the MICROS BellaVita component of Oracle Hospitality ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10046 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10045 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10044 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10043 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10042 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10041 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10040 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10039 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10038 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10037
 	RESERVED
 CVE-2017-10036 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10035 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10034
 	RESERVED
 CVE-2017-10033
 	RESERVED
 CVE-2017-10032 (Vulnerability in the Oracle Transportation Management component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10031 (Vulnerability in the Oracle Communications Convergence component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10030 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10029 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10028 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10027 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10026
 	RESERVED
 CVE-2017-10025 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10024 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10023 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10022 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10021 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10020 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10019 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10018 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10017 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10016 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10015 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10014
 	RESERVED
 CVE-2017-10013 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10012 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10011 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10010 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10009 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10008 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10007 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10006 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10005 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10004 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10003 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10002 (Vulnerability in the Oracle Hospitality Inventory Management component ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10001 (Vulnerability in the Oracle Hospitality Simphony First Edition ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10000 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service ...)
 	- jasper <removed>
 	[jessie] - jasper <no-dsa> (Minor issue)
@@ -10578,6 +10579,7 @@
 CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through ...)
 	{DLA-949-1}
 	- miniupnpc 1.9.20140610-3 (bug #862273)
+	[jessie] - miniupnpc <no-dsa> (Minor issue)
 	NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
 	NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
 CVE-2017-8797 (The NFSv4 server in the Linux kernel before 4.11.3 does not properly ...)
@@ -26285,7 +26287,7 @@
 	- mysql-5.7 <unfixed> (bug #868798)
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
 CVE-2017-3632 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-3631 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
 	NOT-FOR-US: Solaris
 CVE-2017-3630 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
@@ -26448,7 +26450,7 @@
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 	[wheezy] - virtualbox <end-of-life> (DSA 3454)
 CVE-2017-3562 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-3561 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
 	- virtualbox 5.1.20-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)




More information about the Secure-testing-commits mailing list