[Secure-testing-commits] r53163 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Jul 4 10:15:42 UTC 2017 

Author: jmm
Date: 2017-07-04 10:15:42 +0000 (Tue, 04 Jul 2017)
New Revision: 53163

Modified:
   data/CVE/list
Log:
NFUs
rpm unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-04 09:10:17 UTC (rev 53162)
+++ data/CVE/list	2017-07-04 10:15:42 UTC (rev 53163)
@@ -9019,12 +9019,14 @@
 	NOTE: https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
 CVE-2017-7501 [Following symlinks to files when installing packages allows privilege escalation]
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1452133
+	NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway)
 CVE-2017-7500 [Following symlinks to directories when installing packages allows privilege escalation]
 	RESERVED
-	- rpm <unfixed>
+	- rpm <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450369
+	NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway)
 CVE-2017-7499
 	REJECTED
 CVE-2017-7498
@@ -11375,27 +11377,27 @@
 CVE-2017-6726
 	RESERVED
 CVE-2017-6725 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6724 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6723
 	RESERVED
 CVE-2017-6722 (A vulnerability in the Extensible Messaging and Presence Protocol ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6721 (A vulnerability in the ingress processing of fragmented TCP packets by ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6720
 	RESERVED
 CVE-2017-6719 (A vulnerability in the CLI of Cisco IOS XR Software could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6718 (A vulnerability in the CLI of Cisco IOS XR Software could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6717 (A vulnerability in the web framework of Cisco Firepower Management ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6716 (A vulnerability in the web framework code of Cisco Firepower Management ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6715 (A vulnerability in the web framework of Cisco Firepower Management ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6714
 	RESERVED
 CVE-2017-6713
@@ -11413,23 +11415,23 @@
 CVE-2017-6707
 	RESERVED
 CVE-2017-6706 (A vulnerability in the logging subsystem of the Cisco Prime ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6705 (A vulnerability in the filesystem of the Cisco Prime Collaboration ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6704 (A vulnerability in the web application in the Cisco Prime Collaboration ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6703 (A vulnerability in the web application in the Cisco Prime Collaboration ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6702 (A vulnerability in the web framework of Cisco SocialMiner could allow ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6701 (A vulnerability in the web application interface of the Cisco Identity ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6700 (A vulnerability in the web-based management interface of Cisco Prime ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6699 (A vulnerability in the web-based management interface of Cisco Prime ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6698 (A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6697 (A vulnerability in the web interface of Cisco Elastic Services ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6696 (A vulnerability in the file system of Cisco Elastic Services ...)
@@ -11615,7 +11617,7 @@
 CVE-2017-6606 (A vulnerability in a startup script of Cisco IOS XE Software could ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6605 (A vulnerability in the web-based management interface of Cisco Identity ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-6604 (A vulnerability in the web interface of Cisco Integrated Management ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6603 (A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with ...)
@@ -19711,7 +19713,7 @@
 CVE-2017-3866 (A vulnerability in the web framework code of Cisco Prime Service ...)
 	NOT-FOR-US: Cisco
 CVE-2017-3865 (A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2, ...)
 	NOT-FOR-US: Cisco
 CVE-2017-3863 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)

More information about the Secure-testing-commits mailing list