[Secure-testing-commits] r55012 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Aug 23 21:17:58 UTC 2017
Author: jmm
Date: 2017-08-23 21:17:58 +0000 (Wed, 23 Aug 2017)
New Revision: 55012
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-23 21:17:39 UTC (rev 55011)
+++ data/CVE/list 2017-08-23 21:17:58 UTC (rev 55012)
@@ -1013,9 +1013,9 @@
- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/600
CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-13136
RESERVED
CVE-2017-13135
@@ -1413,9 +1413,9 @@
NOTE: http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn
NOTE: This is similar class of issue as for CVE-2017-1000117/git
CVE-2017-12971 (Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows ...)
- TODO: check
+ NOT-FOR-US: Apache2Triad
CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...)
- TODO: check
+ NOT-FOR-US: Apache2Triad
CVE-2017-12969
RESERVED
CVE-2017-12968
@@ -1431,19 +1431,19 @@
[stretch] - asn1c <no-dsa> (Minor issue)
[jessie] - asn1c <no-dsa> (Minor issue)
CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote ...)
- TODO: check
+ NOT-FOR-US: Apache2Triad
CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...)
- - libsass <unfixed> (bug #873034)
+ - libsass <unfixed> (low; bug #873034)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397
CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in ...)
- - libsass <unfixed> (bug #873034)
+ - libsass <unfixed> (low; bug #873034)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335
NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed
NOTE: with the upstream patch for CVE-2017-11555.
CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested ...)
- - libsass <unfixed> (bug #873034)
+ - libsass <unfixed> (low; bug #873034)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331
CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in ...)
@@ -2295,7 +2295,7 @@
CVE-2017-12845
RESERVED
CVE-2017-12844 (Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to write to ...)
- cyrus-imapd <not-affected> (Vulnerable code introduced later)
- cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
@@ -6017,7 +6017,7 @@
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik UI
CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...)
NOT-FOR-US: PEGA Platform
CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform ...)
@@ -6169,7 +6169,7 @@
CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...)
NOT-FOR-US: Cobian
CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik UI
CVE-2017-11316
RESERVED
CVE-2017-11315
@@ -6562,7 +6562,7 @@
CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in ...)
NOT-FOR-US: Installer in Synology Assistant
CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in ...)
- TODO: check
+ NOT-FOR-US: Installer in Synology Photo Station Uploader
CVE-2017-11158
RESERVED
CVE-2017-11157
More information about the Secure-testing-commits
mailing list