[Secure-testing-commits] r53304 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Jul 8 21:33:20 UTC 2017


Author: jmm
Date: 2017-07-08 21:33:20 +0000 (Sat, 08 Jul 2017)
New Revision: 53304

Modified:
   data/CVE/list
Log:
swftools non-issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-08 21:30:30 UTC (rev 53303)
+++ data/CVE/list	2017-07-08 21:33:20 UTC (rev 53304)
@@ -253,13 +253,13 @@
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/538
 CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2017-10993
 	RESERVED
 CVE-2017-10992
 	RESERVED
 CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-10990
 	RESERVED
 CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through ...)
@@ -300,7 +300,8 @@
 CVE-2017-10977
 	RESERVED
 CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to ...)
-	TODO: check
+	- swftools <unfixed> (unimportant)
+	NOTE: ttftool not shipped in Debian package
 CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might ...)
 	NOT-FOR-US: Lutim
 CVE-2017-10974 (Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP ...)




More information about the Secure-testing-commits mailing list