[Secure-testing-commits] r53611 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2017-07-18 09:22:20 +0000 (Tue, 18 Jul 2017)
New Revision: 53611

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
two struts issues n/a
NFU


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-18 09:16:47 UTC (rev 53610)
+++ data/CVE/list	2017-07-18 09:22:20 UTC (rev 53611)
@@ -2777,7 +2777,8 @@
 	NOTE: 2.4.x: https://github.com/apache/httpd/commit/549ba6a39aa0df78a610025f74f3a06503a70f67
 	NOTE: trunk: https://github.com/apache/httpd/commit/c5d3719133b9e5dab0d540c5aa03b2fdabc30395
 CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it is ...)
-	TODO: check
+	- libstruts1.2-java <not-affected> (Vulnerable code not present)
+	NOTE: Issue is specific to Struts 2.x.
 CVE-2017-9786
 	RESERVED
 CVE-2017-9785
@@ -9055,7 +9056,7 @@
 CVE-2017-8035
 	RESERVED
 CVE-2017-8034 (The Cloud Controller and Router in Cloud Foundry (CAPI-release capi ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2017-8033
 	RESERVED
 CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release all ...)
@@ -10286,7 +10287,8 @@
 CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2017-7672 (If an application allows enter an URL in a form field and built-in ...)
-	TODO: check
+	- libstruts1.2-java <not-affected> (Vulnerable code not present)
+	NOTE: Issue is specific to Struts 2.x.
 CVE-2017-7671
 	RESERVED
 CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic Control ...)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-07-18 09:16:47 UTC (rev 53610)
+++ data/dsa-needed.txt	2017-07-18 09:22:20 UTC (rev 53611)
@@ -25,7 +25,7 @@
 --
 icedove
 --
-imagemagick
+imagemagick (jmm)
 --
 ipsec-tools
 --