[Secure-testing-commits] r48837 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Feb 10 18:23:06 UTC 2017 

Author: jmm
Date: 2017-02-10 18:23:06 +0000 (Fri, 10 Feb 2017)
New Revision: 48837

Modified:
   data/CVE/list
Log:
postfixadmin fixed
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-10 17:13:40 UTC (rev 48836)
+++ data/CVE/list	2017-02-10 18:23:06 UTC (rev 48837)
@@ -1,5 +1,5 @@
 CVE-2017-5954 (An issue was discovered in the serialize-to-js package 0.5.0 for ...)
-	TODO: check
+	NOT-FOR-US: serialize-to-js Node package
 CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for tree ...)
 	 - vim <unfixed>
 CVE-2017-5952
@@ -17,13 +17,13 @@
 CVE-2017-5946
 	RESERVED
 CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...)
-	TODO: check
+	NOT-FOR-US: Moodle plugin
 CVE-2017-5944
 	RESERVED
 CVE-2017-5943
 	RESERVED
 CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-10222
 	RESERVED
 CVE-2016-10221
@@ -37,13 +37,13 @@
 CVE-2016-10217
 	RESERVED
 CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...)
-	TODO: check
+	NOT-FOR-US: IT ITems DataBase
 CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder before ...)
-	TODO: check
+	NOT-FOR-US: Fastspot BigTree bigtree-form-builder
 CVE-2017-XXXX [diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive] 
 	- diffoscope <unfixed> (bug #854723)
 CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for ...)
-	TODO: check
+	NOT-FOR-US: node-serialize
 CVE-2017-5939
 	RESERVED
 CVE-2017-5936
@@ -85,7 +85,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/8
 CVE-2017-5930
 	RESERVED
-	- postfixadmin <unfixed> (bug #854742)
+	- postfixadmin 3.0.2-1 (bug #854742)
 	[jessie] - postfixadmin <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/6
 CVE-2017-5929
@@ -911,7 +911,7 @@
 CVE-2017-5635
 	RESERVED
 CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows ...)
-	TODO: check
+	NOT-FOR-US: Norwegian
 CVE-2017-5633
 	RESERVED
 CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router with ...)
@@ -13829,7 +13829,7 @@
 CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a remote ...)
 	NOT-FOR-US: Android Telephony
 CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could ...)
-	TODO: check, potentially libvpx
+	NOT-FOR-US: Android Mediaserver
 CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in libstagefright ...)
 	NOT-FOR-US: libstagefright
 CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in ...)
@@ -23750,9 +23750,9 @@
 CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2016-6712 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
-	TODO: check, possibly libvpx
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6711 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
-	TODO: check, possibly libvpx
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6710 (An information disclosure vulnerability in the download manager in ...)
 	NOT-FOR-US: Android
 CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and BoringSSL in ...)
@@ -27044,27 +27044,27 @@
 CVE-2016-5747
 	RESERVED
 CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store ...)
-	TODO: check
+	NOT-FOR-US: libstorage
 CVE-2016-5745 (F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2015-8945 (openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores ...)
 	NOT-FOR-US: OpenShift
 CVE-2015-8944 (The ioresources_init function in kernel/resource.c in the Linux kernel ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch, /proc/iomem is root-restricted already)
 CVE-2015-8943 (drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch)
 CVE-2015-8942 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch)
 CVE-2015-8941 (drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch)
 CVE-2015-8940 (Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch)
 CVE-2015-8939 (drivers/video/msm/mdp4_util.c in the Qualcomm components in Android ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch)
 CVE-2015-8938 (The MSM camera driver in the Qualcomm components in Android before ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch)
 CVE-2015-8937 (drivers/char/diag/diagchar_core.c in the Qualcomm components in ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch)
 CVE-2014-9906 (Use-after-free vulnerability in DBD::mysql before 4.029 allows ...)
 	{DSA-3635-1 DLA-576-1}
 	- libdbd-mysql-perl 4.033-1
@@ -27091,9 +27091,9 @@
 	- linux <not-affected>
 	NOTE: vulnerable code between 3.14-rc1 and 3.14-rc4
 CVE-2014-9902 (Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2014-9901 (The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2014-9900 (The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...)
 	TODO: check
 CVE-2014-9899 (drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android ...)
@@ -30442,15 +30442,15 @@
 	[wheezy] - netty <not-affected> (Vulnerable code not present)
 	NOTE: Versions affected: Netty 4.0.0.Final - 4.0.36.Final and 4.1.0.Final
 CVE-2016-4969 (Cross-site scripting (XSS) vulnerability in Fortinet FortiWan ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2016-4968 (The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2016-4967 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2016-4966 (The diagnosis_control.php page in Fortinet FortiWan (formerly ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2016-4965 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2016-XXXX [AST-2016-005]
 	- asterisk 1:13.8.2~dfsg-1
 	[jessie] - asterisk <not-affected> (Only affects 13.x)
@@ -30656,11 +30656,11 @@
 	[wheezy] - xen <no-dsa> (Too intrusive to backport, libvirt doesn't have libxl driver enabled)
 	NOTE: http://xenbits.xen.org/xsa/advisory-175.html
 CVE-2016-4961 (For the NVIDIA Quadro, NVS, and GeForce products, improper ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows drivers
 CVE-2016-4960 (For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows drivers
 CVE-2016-4959 (For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows drivers
 CVE-2016-4958
 	RESERVED
 CVE-2016-4957 (ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial ...)

More information about the Secure-testing-commits mailing list