[Secure-testing-commits] r48040 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2017-01-14 15:22:40 +0000 (Sat, 14 Jan 2017)
New Revision: 48040

Modified:
   data/CVE/list
Log:
two potential tripleo-heat-templates issues
mark one older bittorrent issue as NFU, there's no evidence that
this affects a free BT implementation


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-14 15:10:47 UTC (rev 48039)
+++ data/CVE/list	2017-01-14 15:22:40 UTC (rev 48040)
@@ -52595,8 +52595,7 @@
 	NOTE: https://github.com/bestpractical/rt/commit/67d517ba3421ba462e349c73207a627d137ef8ac (4.2.x)
 	NOTE: https://github.com/bestpractical/rt/commit/4ec786bb4743f67a35a634c1bf43b13d3d3b39a9 (4.0.x)
 CVE-2015-5474 (BitTorrent and uTorrent allow remote attackers to inject command line ...)
-	- bittorrent <undetermined>
-	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-15-358/
+	NOT-FOR-US: uTorrent
 CVE-2015-5473
 	RESERVED
 CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in the IBS ...)
@@ -53050,8 +53049,7 @@
 	NOTE: https://www.samba.org/samba/security/CVE-2015-5330.html
 	NOTE: Samba update needs as well fixed ldb
 CVE-2015-5329 (The TripleO Heat templates (tripleo-heat-templates), as used in Red ...)
-	- tripleo-heat-templates <undetermined>
-	TODO: check
+	- tripleo-heat-templates <unfixed>
 CVE-2015-5328
 	RESERVED
 CVE-2015-5327 [User triggerable out-of-bounds read]
@@ -53176,8 +53174,7 @@
 CVE-2015-5304 (Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does ...)
 	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
 CVE-2015-5303 (The TripleO Heat templates (tripleo-heat-templates), when deployed via ...)
-	- tripleo-heat-templates <undetermined>
-	TODO: check
+	- tripleo-heat-templates <unfixed>
 CVE-2015-5302 (libreport 2.0.7 before 2.6.3 only saves changes to the first file when ...)
 	NOT-FOR-US: abrt/libreport
 CVE-2015-5301 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)