[Secure-testing-commits] r52275 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Jun 4 10:27:57 UTC 2017
Author: jmm
Date: 2017-06-04 10:27:57 +0000 (Sun, 04 Jun 2017)
New Revision: 52275
Modified:
data/CVE/list
Log:
NFUs
libxslt non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-04 10:19:58 UTC (rev 52274)
+++ data/CVE/list 2017-06-04 10:27:57 UTC (rev 52275)
@@ -17,9 +17,9 @@
CVE-2017-9418
RESERVED
CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Broadcom hardware issue
CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2017-9415
RESERVED
CVE-2017-9414
@@ -27,7 +27,7 @@
CVE-2017-9413
RESERVED
CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the ...)
- TODO: check
+ NOT-FOR-US: Jamroom
CVE-2017-1000368
RESERVED
CVE-2017-9412
@@ -5588,11 +5588,12 @@
CVE-2016-7443
RESERVED
CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...)
- - libxslt <unfixed> (low; bug #859796)
- [jessie] - libxslt <no-dsa> (Minor issue)
- [wheezy] - libxslt <no-dsa> (Minor issue)
+ - libxslt <unfixed> (unimportant; bug #859796)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=934119
+ NOTE: There's no indication that math.random() in intended to ensure cryptographic
+ NOTE: randomness requirements. Proper seeding needs to happen in the application
+ NOTE: using libxslt.
CVE-2017-7444 (In Veritas System Recovery before 16 SP1, there is a DLL hijacking ...)
NOT-FOR-US: Veritas System Recovery
CVE-2017-7442
More information about the Secure-testing-commits
mailing list