[Secure-testing-commits] r48764 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Feb 7 22:10:55 UTC 2017 

Author: jmm
Date: 2017-02-07 22:10:55 +0000 (Tue, 07 Feb 2017)
New Revision: 48764

Modified:
   data/CVE/list
Log:
new zoneminder issues
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-07 21:52:57 UTC (rev 48763)
+++ data/CVE/list	2017-02-07 22:10:55 UTC (rev 48764)
@@ -83,13 +83,13 @@
 CVE-2017-5883
 	RESERVED
 CVE-2017-5882 (Cross-site scripting (XSS) vulnerability in index.asp in SANADATA ...)
-	TODO: check
+	NOT-FOR-US: SanaCMS
 CVE-2017-5881
 	RESERVED
 CVE-2017-5880 (Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2017-5879 (An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL ...)
-	TODO: check
+	NOT-FOR-US: Exponent CMS
 CVE-2017-5878
 	RESERVED
 CVE-2016-10207 [tigervnc: vnc server can crash when TLS handshake terminates early]
@@ -636,7 +636,7 @@
 CVE-2017-5678
 	RESERVED
 CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection ...)
-	TODO: check
+	NOT-FOR-US: PEAR HTML_AJAX
 	NOTE: http://karmainsecurity.com/KIS-2017-01
 CVE-2017-5676
 	RESERVED
@@ -1800,9 +1800,9 @@
 CVE-2017-5369
 	RESERVED
 CVE-2017-5368 (ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, ...)
-	TODO: check
+	- zoneminder <unfixed>
 CVE-2017-5367 (Multiple reflected XSS vulnerabilities exist within form and link input ...)
-	TODO: check
+	- zoneminder <unfixed>
 CVE-2017-5366
 	RESERVED
 CVE-2017-5365
@@ -2559,9 +2559,9 @@
 CVE-2017-5138
 	RESERVED
 CVE-2017-5137 (An issue was discovered on SendQuick Entera and Avera devices before ...)
-	TODO: check
+	NOT-FOR-US: SendQuick Entera and Avera devices
 CVE-2017-5136 (An issue was discovered on SendQuick Entera and Avera devices before ...)
-	TODO: check
+	NOT-FOR-US: SendQuick Entera and Avera devices
 CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02-22. ...)
 	- lxc 1:2.0.0-1
 	[jessie] - lxc <no-dsa> (Minor issue)
@@ -3022,7 +3022,7 @@
 	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/03/2
 CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices before ...)
-	TODO: check
+	NOT-FOR-US: SendQuick Entera and Avera devices
 CVE-2016-10097 (XML External Entity (XXE) Vulnerability in ...)
 	NOT-FOR-US: OpenAM
 CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 ...)
@@ -19966,7 +19966,6 @@
 	NOTE: Vulnerable code introduced in 49d925ce50383a286278143c05511d30ec41a36e
 	NOTE: Though this commit fixed an OOB read access issue which might need
 	NOTE: potentially a new separate CVE id if it does not have one yet.
-	TODO: double-check notes and analysis
 CVE-2016-7994 (Memory leak in the virtio_gpu_resource_create_2d function in ...)
 	- qemu 1:2.8+dfsg-1 (bug #840228)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)

More information about the Secure-testing-commits mailing list