[Secure-testing-commits] r58407 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Dec 9 22:34:39 UTC 2017 

Author: jmm
Date: 2017-12-09 22:34:39 +0000 (Sat, 09 Dec 2017)
New Revision: 58407

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
stable triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-09 21:10:14 UTC (rev 58406)
+++ data/CVE/list	2017-12-09 22:34:39 UTC (rev 58407)
@@ -3848,6 +3848,8 @@
 	RESERVED
 CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
 	- xrdp <unfixed> (bug #882463)
+	[stretch] - xrdp <no-dsa> (Minor issue)
+	[jessie] - xrdp <no-dsa> (Minor issue)
 	NOTE: Proposed pull request: https://github.com/neutrinolabs/xrdp/pull/958
 	NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
 CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially crafted ...)
@@ -4615,6 +4617,8 @@
 CVE-2017-16816 [A user can cause the condor_schedd to crash by submitting a job designed for that purpose]
 	RESERVED
 	- condor 8.6.8~dfsg.1-1
+	[stretch] - condor <no-dsa> (Minor issue)
+	[jessie] - condor <no-dsa> (Minor issue)
 	NOTE: http://research.cs.wisc.edu/htcondor//security/vulnerabilities/HTCONDOR-2017-0001.html
 CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration & ...)
 	NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress
@@ -7639,6 +7643,8 @@
 	NOT-FOR-US: IrfanView
 CVE-2017-15736 (Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ...)
 	- spip <unfixed> (bug #879954)
+	[stretch] - spip <no-dsa> (Minor issue)
+	[jessie] - spip <no-dsa> (Minor issue)
 	[wheezy] - spip <not-affected> (vulnerable code not present)
 	NOTE: https://core.spip.net/projects/spip/repository/revisions/23701
 CVE-2017-15735 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) ...)
@@ -10031,7 +10037,7 @@
 CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the ...)
 	NOT-FOR-US: Intelbras WRN 150 devices
 CVE-2017-14941 (Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ...)
-	- jasperreports <unfixed> (bug #880467)
+	- jasperreports <undetermined> (bug #880467)
 	NOTE: https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941
 CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) ...)
 	- binutils <unfixed>

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-12-09 21:10:14 UTC (rev 58406)
+++ data/dsa-needed.txt	2017-12-09 22:34:39 UTC (rev 58407)
@@ -56,6 +56,9 @@
 --
 qemu/oldstable
 --
+redmine/stable
+  oldstable also affected, but might be worth EOLing
+--
 ruby2.1/oldstable
 --
 rsync (carnil)
@@ -66,6 +69,12 @@
 --
 sqlite3/oldstable
 --
+sssd/stable
+--
+tomcat7/oldstable
+--
+tomcat8
+--
 tiff
   wait until more issues are around
 --

More information about the Secure-testing-commits mailing list