[Secure-testing-commits] r49316 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Feb 28 21:46:09 UTC 2017 

Author: jmm
Date: 2017-02-28 21:46:09 +0000 (Tue, 28 Feb 2017)
New Revision: 49316

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-28 21:17:45 UTC (rev 49315)
+++ data/CVE/list	2017-02-28 21:46:09 UTC (rev 49316)
@@ -137,7 +137,7 @@
 	[jessie] - vim <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: Fixed by: https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
 CVE-2017-6344 (XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Grails PDF plugin
 CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware ...)
 	NOT-FOR-US: Dahua devices
 CVE-2017-6342 (An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR ...)
@@ -1226,7 +1226,7 @@
 CVE-2017-5929
 	RESERVED
 CVE-2017-5928 (The W3C High Resolution Time API, as implemented in various web ...)
-	TODO: check
+	NOT-FOR-US: Design limitation of W3C High Resolution Time API
 CVE-2017-5927 (Page table walks conducted by the MMU during virtual to physical ...)
 	NOT-FOR-US: Hardware issue in some Intel CPUs
 CVE-2017-5926 (Page table walks conducted by the MMU during virtual to physical ...)
@@ -1782,7 +1782,7 @@
 CVE-2017-5683
 	RESERVED
 CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, ...)
-	TODO: check
+	NOT-FOR-US: Intel PSET
 CVE-2017-5680
 	RESERVED
 CVE-2016-10197
@@ -10332,7 +10332,6 @@
 	- qemu-kvm <removed>
 	NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef
 	NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commit;h=9f64916da20eea67121d544698676295bbb105a7
-	TODO: check futher details and affected versions
 CVE-2017-2632
 	RESERVED
 	NOT-FOR-US: Red Hat CloudForms Management Engine
@@ -10519,7 +10518,6 @@
 CVE-2017-2590
 	RESERVED
 	- freeipa <undetermined>
-	TODO: check
 CVE-2017-2589
 	RESERVED
 CVE-2017-2588
@@ -17092,11 +17090,11 @@
 	NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7
 	NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1
 CVE-2016-9261 (Cross-site scripting (XSS) vulnerability in Tenable Log Correlation ...)
-	TODO: check
+	NOT-FOR-US: Tenable Log Correlation Engine
 CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 ...)
 	NOT-FOR-US: Nessus
 CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2017-0305
 	RESERVED
 CVE-2017-0304
@@ -18535,7 +18533,7 @@
 CVE-2016-8716
 	RESERVED
 CVE-2016-8715 (An exploitable heap corruption vulnerability exists in the loadTrailer ...)
-	TODO: check
+	NOT-FOR-US: Iceni Argus
 CVE-2016-8714
 	RESERVED
 CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability exists ...)

More information about the Secure-testing-commits mailing list