[Secure-testing-commits] r53509 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Jul 15 13:04:24 UTC 2017 

Author: jmm
Date: 2017-07-15 13:04:24 +0000 (Sat, 15 Jul 2017)
New Revision: 53509

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-15 12:48:31 UTC (rev 53508)
+++ data/CVE/list	2017-07-15 13:04:24 UTC (rev 53509)
@@ -490,11 +490,12 @@
 CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow ...)
 	NOT-FOR-US: Bitly oauth2_proxy
 CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to an ...)
-	TODO: check
+	NOT-FOR-US: TestTrack
 CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2017-1000066 (The entry details view function in KeePass version 1.32 inadvertently ...)
 	TODO: check
+	NOTE: Unclear what the specific vulnerability is
 CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in ...)
 	NOT-FOR-US: OpenMediaVault
 CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion ...)
@@ -523,33 +524,33 @@
 CVE-2017-1000055
 	REJECTED
 CVE-2017-1000054 (Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2017-1000053 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: Elixir Plug
 CVE-2017-1000052 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: Elixir Plug
 CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in XWiki labs ...)
-	TODO: check
+	NOT-FOR-US: XWiki labs
 CVE-2017-1000049 (Roundcube Webmail 1.1.5 is vulnerable to Persistent Xss ...)
 	- roundcube <undetermined>
 	NOTE: https://github.com/roundcube/roundcubemail/issues/4949
 	TODO: check if different from CVE-2015-2181
 CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, v6.2.3, ...)
-	TODO: check
+	NOT-FOR-US: ljharb
 CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in ...)
 	TODO: check
 CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2017-1000045 (Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are ...)
-	TODO: check
+	NOT-FOR-US: Mapbox.js
 CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are ...)
-	TODO: check
+	NOT-FOR-US: Mapbox.js
 CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in the CSV ...)
 	TODO: check
 CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD ...)
 	TODO: check
 CVE-2017-1000036 (All versions of Candy Chat are vulnerable to an XSS attack by message ...)
@@ -559,7 +560,7 @@
 CVE-2017-1000034 (Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java ...)
 	TODO: check
 CVE-2017-1000033 (Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow ...)
 	TODO: check
 CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...)
@@ -579,13 +580,13 @@
 CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...)
 	TODO: check
 CVE-2017-1000023 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to an XSS ...)
-	TODO: check
+	NOT-FOR-US: LogicalDoc
 CVE-2017-1000022 (LogicalDoc CommunityEdition 7.5.3 and prior contain an Incorrect ...)
-	TODO: check
+	NOT-FOR-US: LogicalDoc
 CVE-2017-1000021 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to XXE when ...)
-	TODO: check
+	NOT-FOR-US: LogicalDoc
 CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded ...)
-	TODO: check
+	NOT-FOR-US: ECos
 CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...)
 	TODO: check
 CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...)
@@ -615,11 +616,11 @@
 CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the ...)
 	TODO: check
 CVE-2017-1000004 (ATutor versions 2.2.1 and earlier are vulnerable to a SQL injection ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message validation flaw ...)
 	TODO: check
 CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...)

More information about the Secure-testing-commits mailing list