[Secure-testing-commits] r58910 - data/CVE

Mon Dec 25 09:59:37 UTC 2017

Author: carnil
Date: 2017-12-25 09:59:37 +0000 (Mon, 25 Dec 2017)
New Revision: 58910

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-12-25 09:34:04 UTC (rev 58909)
+++ data/CVE/list	2017-12-25 09:59:37 UTC (rev 58910)
@@ -32,7 +32,7 @@
 CVE-2017-17889
 	RESERVED
 CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...)
-	TODO: check
+	NOT-FOR-US: Anti-Web
 CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
 	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
@@ -79,27 +79,27 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e41f18ecccbdd1c38e1382057718e91e8f8d6d80
 CVE-2017-17878 (An issue was discovered in Valve Steam Link build 643. Root passwords ...)
-	TODO: check
+	NOT-FOR-US: Valve Steam Link
 CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When the SSH ...)
-	TODO: check
+	NOT-FOR-US:  Valve Steam Link
 CVE-2017-17876
 	RESERVED
 CVE-2017-17875
 	RESERVED
 CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file ...)
-	TODO: check
+	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
 CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the ...)
-	TODO: check
+	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
 CVE-2017-17872 (The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: JEXTN Video Gallery extension for Joomla!
 CVE-2017-17871 (The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL ...)
-	TODO: check
+	NOT-FOR-US: "JEXTN Question And Answer" extension for Joomla!
 CVE-2017-17870 (The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the ...)
-	TODO: check
+	NOT-FOR-US: JBuildozer extension for Joomla!
 CVE-2017-17869 (The mgl-instagram-gallery plugin for WordPress has XSS via the ...)
-	TODO: check
+	NOT-FOR-US: mgl-instagram-gallery plugin for WordPress
 CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public Render ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2017-17867
 	RESERVED
 CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...)
@@ -131,7 +131,7 @@
 CVE-2017-17860
 	RESERVED
 CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Samsung Internet Browser
 CVE-2017-17858
 	RESERVED
 CVE-2017-17851
@@ -141,7 +141,7 @@
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480
 CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 ...)
-	TODO: check
+	NOT-FOR-US: GetGo Download Manager
 CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in the Linux ...)
 	- linux 4.14.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introdued later)
@@ -14594,7 +14594,7 @@
 CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...)


