[Secure-testing-commits] r58197 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Dec 1 21:41:40 UTC 2017 

Author: jmm
Date: 2017-12-01 21:41:40 +0000 (Fri, 01 Dec 2017)
New Revision: 58197

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-01 21:36:43 UTC (rev 58196)
+++ data/CVE/list	2017-12-01 21:41:40 UTC (rev 58197)
@@ -2256,11 +2256,11 @@
 CVE-2017-16954
 	RESERVED
 CVE-2017-16953 (connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service ...)
 	TODO: check
 CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2017-16950
 	RESERVED
 CVE-2017-16949
@@ -2429,11 +2429,11 @@
 	NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669
 	NOTE: https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815
 CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) ...)
-	TODO: check
+	NOT-FOR-US: Arq
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain ...)
 	NOT-FOR-US: Laravel framework
 CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability ...)
-	TODO: check
+	- piwigo <removed>
 CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename ...)
 	- bftpd <itp> (bug #640469)
 	NOTE: http://bftpd.sourceforge.net/news.html#032390
@@ -6102,7 +6102,7 @@
 CVE-2017-15708
 	RESERVED
 CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated ...)
-	TODO: check
+	- libstruts1.2-java <not-affected> (Specific to 2.x)
 CVE-2017-15706
 	RESERVED
 CVE-2017-15705
@@ -6978,7 +6978,7 @@
 CVE-2017-15358
 	RESERVED
 CVE-2017-15357 (The setpermissions function in the auto-updater in Arq before 5.9.7 ...)
-	TODO: check
+	NOT-FOR-US: Arq
 CVE-2017-15356
 	RESERVED
 CVE-2017-15355
@@ -8298,7 +8298,7 @@
 	- linux <not-affected> (Vulnerable code introduced in v4.13-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
 CVE-2017-14953 (HikVision Wi-Fi IP cameras, when used in a wired configuration, allow ...)
-	TODO: check
+	NOT-FOR-US: HikVision
 CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for ...)
 	- icu 57.1-7 (bug #878840)
 	[stretch] - icu <postponed> (Should be fixed along in future update)
@@ -9375,7 +9375,7 @@
 CVE-2017-14592
 	RESERVED
 CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-14590
 	RESERVED
 CVE-2017-14589
@@ -9385,9 +9385,9 @@
 CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and ...)
 	NOT-FOR-US: Atlassian
 CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead to ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-14584
 	RESERVED
 CVE-2017-14583
@@ -9690,9 +9690,9 @@
 CVE-2017-14488
 	RESERVED
 CVE-2017-14487 (The OhMiBod Remote app for Android and iOS allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: OhMiBod Remote app
 CVE-2017-14486 (The Vibease Wireless Remote Vibrator app for Android and the Vibease ...)
-	TODO: check
+	NOT-FOR-US: Vibease Wireless Remote Vibrator app
 CVE-2017-14485
 	RESERVED
 CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great ...)
@@ -10487,11 +10487,11 @@
 CVE-2017-14199
 	RESERVED
 CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before ...)
-	TODO: check
+	NOT-FOR-US: Squiz Matrix
 CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before ...)
-	TODO: check
+	NOT-FOR-US: Squiz Matrix
 CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and ...)
-	TODO: check
+	NOT-FOR-US: Squiz Matrix
 CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 ...)
 	NOT-FOR-US: dayrui FineCms
 CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui FineCms ...)
@@ -12124,9 +12124,9 @@
 CVE-2017-13665
 	RESERVED
 CVE-2017-13664 (Password file exposure in firmware in iSmartAlarm CubeOne version ...)
-	TODO: check
+	NOT-FOR-US: iSmartAlarm CubeOne
 CVE-2017-13663 (Encryption key exposure in firmware in iSmartAlarm CubeOne version ...)
-	TODO: check
+	NOT-FOR-US: iSmartAlarm CubeOne
 CVE-2017-13662
 	RESERVED
 CVE-2017-13661

More information about the Secure-testing-commits mailing list