[Secure-testing-commits] r49343 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Mar 1 18:26:11 UTC 2017
Author: jmm
Date: 2017-03-01 18:26:11 +0000 (Wed, 01 Mar 2017)
New Revision: 49343
Modified:
data/CVE/list
Log:
NFUs
drop some links to trac.imagemagick.org (which vanished) and which are not archive at the wayback machine either
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-01 18:18:08 UTC (rev 49342)
+++ data/CVE/list 2017-03-01 18:26:11 UTC (rev 49343)
@@ -34993,7 +34993,7 @@
CVE-2016-3919
REJECTED
CVE-2016-3918 (email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3917 (The fingerprint login feature in Android 6.0.1 before 2016-10-01 and ...)
NOT-FOR-US: Android
CVE-2016-3916 (camera/src/camera_metadata.c in the Camera service in Android 4.x ...)
@@ -35003,7 +35003,7 @@
CVE-2016-3914 (Race condition in providers/telephony/MmsProvider.java in Telephony in ...)
NOT-FOR-US: Android Telephony
CVE-2016-3913 (media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3912 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
TODO: check
CVE-2016-3911 (core/java/android/os/Process.java in Zygote in Android 4.x before ...)
@@ -56376,7 +56376,7 @@
CVE-2015-5401
RESERVED
CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows ...)
- TODO: check
+ NOT-FOR-US: PHPVibe
CVE-2015-5398
RESERVED
CVE-2015-5397 (Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 ...)
@@ -56420,7 +56420,6 @@
RESERVED
CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs for ...)
NOT-FOR-US: Open-Xchange
- TODO: check
CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and ...)
NOT-FOR-US: Siemens
CVE-2015-5373
@@ -56572,11 +56571,11 @@
CVE-2015-5350
RESERVED
CVE-2015-5349 (The CSV export in Apache LDAP Studio and Apache Directory Studio ...)
- TODO: check
+ NOT-FOR-US: Apache LDAP Studio and Apache Directory Studio
CVE-2015-5348 (Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x ...)
NOT-FOR-US: Apache Camel
CVE-2015-5347 (Cross-site scripting (XSS) vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Apache Wicket
CVE-2015-5346 (Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...)
{DSA-3609-1 DSA-3552-1 DSA-3530-1}
- tomcat9 <itp> (bug #802312)
@@ -56993,7 +56992,7 @@
CVE-2015-5256 (Apache Cordova-Android before 4.1.0, when an application relies on a ...)
NOT-FOR-US: Apache Cordova
CVE-2015-5255 (Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2015-5254 (Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that ...)
{DSA-3524-1}
- activemq 5.13.2+dfsg-1 (bug #809733)
@@ -57669,7 +57668,7 @@
CVE-2015-5051 (IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before ...)
NOT-FOR-US: IBM
CVE-2015-5050 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-5049 (SQL injection vulnerability in the API in IBM OpenPages GRC Platform ...)
NOT-FOR-US: IBM
CVE-2015-5048
@@ -57685,7 +57684,7 @@
CVE-2015-5043 (diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, ...)
NOT-FOR-US: IBM Security Guardium
CVE-2015-5042 (IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-5041 (The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 ...)
NOT-FOR-US: IBM JDK
CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
@@ -57743,7 +57742,7 @@
CVE-2015-5014 (IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 ...)
NOT-FOR-US: IBM
CVE-2015-5013 (The IBM Security Access Manager appliance includes configuration files ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-5012 (The SSH implementation on IBM Security Access Manager for Web ...)
NOT-FOR-US: IBM
CVE-2015-5011 (IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 ...)
@@ -57787,7 +57786,7 @@
CVE-2015-4992 (IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote ...)
NOT-FOR-US: IBM
CVE-2015-4991 (IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-4990 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 ...)
NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4989 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 ...)
@@ -57847,7 +57846,7 @@
CVE-2015-4962 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative ...)
NOT-FOR-US: IBM
CVE-2015-4961 (IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-4960 (IBM InfoSphere Master Data Management - Collaborative Edition 9.1, ...)
NOT-FOR-US: IBM InfoSphere Master Data Management
CVE-2015-4959 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated ...)
@@ -57877,7 +57876,7 @@
CVE-2015-4947 (Stack-based buffer overflow in the Administration Server in IBM HTTP ...)
NOT-FOR-US: IBM WebSphere
CVE-2015-4946 (Rational LifeCycle Project Administration in Jazz Team Server in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-4945 (Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 ...)
NOT-FOR-US: IBM
CVE-2015-4944 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
@@ -58848,7 +58847,7 @@
CVE-2015-4627
RESERVED
CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, ...)
- TODO: check
+ NOT-FOR-US: B.A.S C2Box
CVE-2015-4624
RESERVED
CVE-2015-4623
@@ -64141,7 +64140,7 @@
CVE-2015-2795
RESERVED
CVE-2015-2794 (The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2015-2792 (The WPML plugin before 3.1.9 for WordPress does not properly handle ...)
NOT-FOR-US: WPML plugin for WordPress
CVE-2015-2791 (The "menu sync" function in the WPML plugin before 3.1.9 for WordPress ...)
@@ -65811,8 +65810,6 @@
[squeeze] - imagemagick <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
- NOTE: http://trac.imagemagick.org/changeset/17854
- TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x ...)
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6
@@ -65877,7 +65874,7 @@
CVE-2015-2287
RESERVED
CVE-2015-2286 (lms/templates/footer-edx-new.html in Open edX edx-platform before ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2015-2285 (The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart ...)
- upstart <not-affected> (Vulnerable cron.daily script not present)
CVE-2014-9701 [XSS issue in MantisBT permalink_page.php]
@@ -66792,9 +66789,9 @@
CVE-2015-1978 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Security ...)
NOT-FOR-US: IBM
CVE-2015-1977 (Directory traversal vulnerability in the Web Administration tool in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1976 (IBM Security Directory Server could allow an authenticated user to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-1975
RESERVED
CVE-2015-1974 (The web administration tool in IBM Tivoli Security Directory Server ...)
@@ -75877,8 +75874,6 @@
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick <no-dsa> (Minor issue)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456
- NOTE: Patch here: http://trac.imagemagick.org/changeset/16872
- TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
CVE-2014-8714 (The dissect_write_structured_field function in ...)
{DSA-3076-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-2 (bug #769410)
@@ -76254,8 +76249,6 @@
- imagemagick 8:6.8.9.9-1 (bug #767240)
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick <no-dsa> (Minor issue)
- NOTE: Upstream commit: http://trac.imagemagick.org/changeset/16773 (imagemagick)
- TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
NOTE: https://int21.de/cve/CVE-2014-8355-pcx-oob-heap-overflow.html
- graphicsmagick 1.3.20-3+deb8u1 (bug #778238)
[wheezy] - graphicsmagick <no-dsa> (Minor issue)
@@ -76267,8 +76260,6 @@
- imagemagick 8:6.8.9.9-1 (bug #767240)
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick <no-dsa> (Minor issue)
- NOTE: Upstream patch: http://trac.imagemagick.org/changeset/16795
- TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
CVE-2014-8354 [out-of-bounds memory access in resize code]
RESERVED
{DLA-242-1}
@@ -93148,8 +93139,6 @@
- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
[squeeze] - imagemagick <not-affected> (CVE only for versions with r1448 applied)
NOTE: for the issue in newer imagemagick versions using "L%06ld" string.
- NOTE: http://trac.imagemagick.org/changeset/1448
- TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
CVE-2014-2029 [remote code execution / information leak]
RESERVED
- percona-toolkit 2.2.7-1~dfsg1 (bug #740846)
@@ -93179,8 +93168,6 @@
[squeeze] - imagemagick <not-affected> (DecodePSDPixels function is not present)
NOTE: squeeze: DecodePSDPixels not present but there was a rewrite from DecodeImage?
NOTE: http://secunia.com/advisories/56844/
- NOTE: http://trac.imagemagick.org/changeset/14801
- TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
CVE-2014-1950 (Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen ...)
{DSA-3006-1}
- xen 4.4.0-1
More information about the Secure-testing-commits
mailing list