[Secure-testing-commits] r58764 - data/CVE

Raphael Geissert geissert at moszumanska.debian.org
Thu Dec 21 08:38:14 UTC 2017 

Author: geissert
Date: 2017-12-21 08:38:13 +0000 (Thu, 21 Dec 2017)
New Revision: 58764

Modified:
   data/CVE/list
Log:
more NFUs, one itp


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-21 08:07:55 UTC (rev 58763)
+++ data/CVE/list	2017-12-21 08:38:13 UTC (rev 58764)
@@ -5036,17 +5036,17 @@
 CVE-2017-17570 (FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php ...)
 	NOT-FOR-US: FS Expedia Clone
 CVE-2017-17569 (Scubez Posty Readymade Classifieds has XSS via the ...)
-	TODO: check
+	NOT-FOR-US: Scubez Posty Readymade Classifieds
 CVE-2017-17568 (Scubez Posty Readymade Classifieds has Incorrect Access Control for ...)
-	TODO: check
+	NOT-FOR-US: Scubez Posty Readymade Classifieds
 CVE-2017-17567 (Scubez Posty Readymade Classifieds has SQL Injection via the ...)
-	TODO: check
+	NOT-FOR-US: Scubez Posty Readymade Classifieds
 CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is ...)
 	TODO: check
 CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to execute ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.172 ...)
-	TODO: check
+	NOT-FOR-US: Western Digital MyCloud
 CVE-2017-17559
 	RESERVED
 CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
@@ -5136,9 +5136,9 @@
 CVE-2017-17539
 	RESERVED
 CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: MikroTik
 CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: MikroTik
 CVE-2018-1350
 	RESERVED
 CVE-2018-1349
@@ -5160,7 +5160,7 @@
 CVE-2018-1341
 	RESERVED
 CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and ...)
-	TODO: check
+	NOT-FOR-US: Phabricator
 CVE-2017-17535 (lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...)
 	- gjots2 <unfixed> (unimportant)
 	NOTE: https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188
@@ -7512,7 +7512,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
 	NOTE: Crash in CLI tool not treated as a security issue
 CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected ...)
-	TODO: check
+	NOT-FOR-US: SyncBreeze
 CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...)
 	- vim <unfixed>
 	[stretch] - vim <no-dsa> (Minor issue)
@@ -9181,7 +9181,7 @@
 CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial ...)
 	NOT-FOR-US: Winamp
 CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before ...)
-	TODO: check
+	- urbackup-server <itp> (bug #697325)
 CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress Anonymous Post ...)
 	NOT-FOR-US: AccessKeys AccessPress Anonymous Post Pro plugin for WordPress
 CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)

More information about the Secure-testing-commits mailing list