[Secure-testing-commits] r48387 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jan 25 21:39:45 UTC 2017 

Author: jmm
Date: 2017-01-25 21:39:45 +0000 (Wed, 25 Jan 2017)
New Revision: 48387

Modified:
   data/CVE/list
Log:
minor tweaks to firefox entries, no ESR for Android
NFUs
accountsservice no-dsa for stretch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-25 21:31:58 UTC (rev 48386)
+++ data/CVE/list	2017-01-25 21:39:45 UTC (rev 48387)
@@ -98,9 +98,9 @@
 	NOTE: https://lkml.org/lkml/2017/1/17/761
 	NOTE: Introduced by: https://github.com/torvalds/linux/commit/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1)
 CVE-2017-5575 (SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS ...)
-	TODO: check
+	NOT-FOR-US: GenixCMS
 CVE-2017-5574 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 ...)
-	TODO: check
+	NOT-FOR-US: GenixCMS
 CVE-2017-5573
 	RESERVED
 CVE-2017-5572
@@ -138,7 +138,7 @@
 CVE-2017-5557
 	RESERVED
 CVE-2017-5556 (The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2017-5555
 	RESERVED
 CVE-2017-5554 (An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before ...)
@@ -212,7 +212,7 @@
 	NOTE: PHP Bug: http://bugs.php.net/73737
 	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
 CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to ...)
-	TODO: check
+	NOT-FOR-US: Akamai NetSession
 CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world writable ...)
 	- systemd 229-1
 	[jessie] - systemd <not-affected> (Vulnerability introduced in v228)
@@ -582,12 +582,10 @@
 CVE-2017-5395
 	RESERVED
 	- firefox <not-affected> (Firefox on Android)
-	- firefox-esr <not-affected> (Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5395
 CVE-2017-5394
 	RESERVED
 	- firefox <not-affected> (Firefox on Android)
-	- firefox-esr <not-affected> (Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5394
 CVE-2017-5393
 	RESERVED
@@ -597,7 +595,6 @@
 CVE-2017-5392
 	RESERVED
 	- firefox <not-affected> (Firefox on Android)
-	- firefox-esr <not-affected> (Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5392
 CVE-2017-5391
 	RESERVED
@@ -613,7 +610,7 @@
 CVE-2017-5389
 	RESERVED
 	- firefox 51.0-1
-	- firefox-esr <not-affected> (does not affect firefox esr)
+	- firefox-esr <not-affected> (Does not affect Firefox ESR)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5389
 CVE-2017-5388
 	RESERVED
@@ -736,7 +733,7 @@
 	- linux 4.8.15-1
 	NOTE: Fixed by: https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9)
 CVE-2016-10143 (A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to ...)
-	TODO: check
+	- tikiwiki <removed>
 CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification, related to ...)
 	NOTE: Generic IPv6 issue
 CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai Adups ...)
@@ -1766,13 +1763,13 @@
 CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections ...)
 	- piwigo <removed>
 CVE-2016-10104 (Information Disclosure can occur in sshProfiles.jsd in Hitek Software's ...)
-	TODO: check
+	NOT-FOR-US: Hitek
 CVE-2016-10103 (Information Disclosure can occur in encryptionProfiles.jsd in Hitek ...)
-	TODO: check
+	NOT-FOR-US: Hitek
 CVE-2016-10102 (hitek.jar in Hitek Software's Automize uses weak encryption when ...)
-	TODO: check
+	NOT-FOR-US: Hitek
 CVE-2016-10101 (Information Disclosure can occur in Hitek Software's Automize 10.x and ...)
-	TODO: check
+	NOT-FOR-US: Hitek
 CVE-2016-10100 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate ...)
 	- borgbackup 1.0.9-1
 	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
@@ -6323,7 +6320,7 @@
 CVE-2016-9871
 	RESERVED
 CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. ...)
 	NOT-FOR-US: EMC ScaleIO
 CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A ...)
@@ -81634,6 +81631,7 @@
 CVE-2012-6655 [passes (encrypted) passwords as commandline arguments]
 	RESERVED
 	- accountsservice <unfixed> (low; bug #757912)
+	[stretch] - accountsservice <no-dsa> (Minor issue)
 	[jessie] - accountsservice <no-dsa> (Minor issue)
 	[wheezy] - accountsservice <no-dsa> (Minor issue)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=55000

More information about the Secure-testing-commits mailing list