[Secure-testing-commits] r48880 - data/CVE

Mon Feb 13 18:40:43 UTC 2017

Author: jmm
Date: 2017-02-13 18:40:43 +0000 (Mon, 13 Feb 2017)
New Revision: 48880

Modified:
   data/CVE/list
Log:
two puppet issues n/a
NFus


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-02-13 16:14:30 UTC (rev 48879)
+++ data/CVE/list	2017-02-13 18:40:43 UTC (rev 48880)
@@ -17317,18 +17317,18 @@
 CVE-2016-8714
 	RESERVED
 CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability exists ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2016-8712
 	RESERVED
 CVE-2016-8711 (A potential remote code execution vulnerability exists in the PDF ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in the ...)
 	- ffmpeg <undetermined>
 	NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg
 	NOTE: http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0223/
 CVE-2016-8709 (A remote out of bound write / memory corruption vulnerability exists ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2016-8708
 	REJECTED
 CVE-2016-8707 (An exploitable out of bounds write exists in the handling of ...)
@@ -17797,7 +17797,6 @@
 	RESERVED
 	- linux <unfixed>
 	NOTE: Fix https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66
-	TODO: check
 CVE-2016-8635 [small-subgroups attack flaw]
 	RESERVED
 	- nss 2:3.25-1
@@ -26966,7 +26965,7 @@
 CVE-2016-5845 (SAP SAPCAR does not check the return value of file operations when ...)
 	NOT-FOR-US: SAP SAPCAR
 CVE-2016-5843 (Multiple SQL injection vulnerabilities in the FAQ package 2.x before ...)
-	TODO: check
+	NOT-FOR-US: OTRS addon
 CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, ...)
 	NOT-FOR-US: Trend Micro Deep Discovery Inspector
 CVE-2016-5831
@@ -27267,12 +27266,10 @@
 	- libical <unfixed>
 	[wheezy] - libical <no-dsa> (Low prio according to upstream)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
-	TODO: check
 CVE-2016-5826 (The parser_get_next_char function in libical 0.47 and 1.0 allows ...)
 	- libical <unfixed>
 	[wheezy] - libical <no-dsa> (Low prio according to upstream)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
-	TODO: check
 CVE-2016-5825 (The icalparser_parse_string function in libical 0.47 and 1.0 allows ...)
 	- libical <unfixed>
 	[wheezy] - libical <no-dsa> (Low prio according to upstream)
@@ -27478,7 +27475,7 @@
 CVE-2016-5716
 	RESERVED
 CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...)
-	TODO: check
+	- puppet <not-affected> (Limited to Puppet Enterprise)
 CVE-2016-5714
 	RESERVED
 CVE-2016-5713
@@ -52397,7 +52394,7 @@
 CVE-2015-6502
 	RESERVED
 CVE-2015-6501 (Open redirect vulnerability in the Console in Puppet Enterprise before ...)
-	TODO: check
+	- puppet <not-affected> (Limited to Puppet Enterprise)
 CVE-2015-6500 (Directory traversal vulnerability in ownCloud Server before 8.0.6 and ...)
 	{DSA-3373-1}
 	- owncloud 7.0.10~dfsg-2 (bug #800126)


