[Secure-testing-commits] r49980 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Mar 23 22:07:08 UTC 2017 

Author: jmm
Date: 2017-03-23 22:07:08 +0000 (Thu, 23 Mar 2017)
New Revision: 49980

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-23 21:59:26 UTC (rev 49979)
+++ data/CVE/list	2017-03-23 22:07:08 UTC (rev 49980)
@@ -1,7 +1,7 @@
 CVE-2017-7243
 	RESERVED
 CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules ...)
-	TODO: check
+	NOT-FOR-US: SLiMS
 CVE-2017-7241
 	RESERVED
 CVE-2017-7240
@@ -148,7 +148,7 @@
 CVE-2017-7201
 	RESERVED
 CVE-2017-7199 (Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2017-7200 (An SSRF issue was discovered in OpenStack Glance before Newton. The ...)
 	- glance 2:13.0.0-1
 	[jessie] - glance <no-dsa> (Minor issue, too intrusive to backport)
@@ -688,7 +688,7 @@
 CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in the Linux ...)
 	- linux 4.0.2-1
 CVE-2017-6950 (SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...)
 	- chicken <unfixed> (bug #858057)
 	[jessie] - chicken <no-dsa> (Minor issue)
@@ -768,7 +768,7 @@
 CVE-2017-6912
 	RESERVED
 CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...)
-	TODO: check
+	NOT-FOR-US: USB Pratirodh
 CVE-2017-6910
 	RESERVED
 CVE-2017-6909 (An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists ...)
@@ -798,7 +798,7 @@
 CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 ...)
 	NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router
 CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External Entity ...)
-	TODO: check
+	NOT-FOR-US: USB Pratirodh
 CVE-2017-6894
 	RESERVED
 CVE-2017-6893
@@ -1637,7 +1637,7 @@
 CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...)
 	NOT-FOR-US: SanaCMS
 CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2017-6516 (A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo ...)
 	NOT-FOR-US: MagniComp
 CVE-2017-6515
@@ -2258,11 +2258,11 @@
 CVE-2017-6362
 	RESERVED
 CVE-2017-6361 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2017-6360 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2017-6359 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2017-6358
 	RESERVED
 CVE-2017-6357
@@ -2736,7 +2736,7 @@
 CVE-2017-6192
 	RESERVED
 CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: APNGDis
 CVE-2017-6190
 	RESERVED
 CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before ...)
@@ -5848,7 +5848,7 @@
 CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 ...)
 	NOT-FOR-US: Rapid7
 CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the ...)
 	{DLA-795-1}
 	- tiff 4.0.7-5 (bug #851297)
@@ -25063,7 +25063,7 @@
 CVE-2016-7469
 	RESERVED
 CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2016-7467
 	RESERVED
 CVE-2016-7465
@@ -46539,7 +46539,7 @@
 	NOTE: http://gultsch.de/gajim_roster_push_and_message_interception.html
 	NOTE: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/
 CVE-2015-8687 (Multiple cross-site scripting (XSS) vulnerabilities in the Management ...)
-	TODO: check
+	NOT-FOR-US: Alcatel
 CVE-2015-8686
 	RESERVED
 CVE-2015-8685 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
@@ -57583,7 +57583,7 @@
 CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...)
 	NOT-FOR-US: Fortinet
 CVE-2015-5729 (The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2015-5728
 	RESERVED
 CVE-2015-5727 (The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before ...)
@@ -62284,7 +62284,7 @@
 CVE-2015-4168
 	RESERVED
 CVE-2015-4166 (Cloudera Key Trustee Server before 5.4.3 does not store keys ...)
-	TODO: check
+	NOT-FOR-US: Cloudera
 CVE-2015-4165 [unspecified arbitrary files modification vulnerability]
 	RESERVED
 	- elasticsearch 1.6.0+dfsg-1 (bug #788471)
@@ -62574,7 +62574,7 @@
 CVE-2015-4079
 	RESERVED
 CVE-2015-4078 (Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include ...)
-	TODO: check
+	NOT-FOR-US: Cloudera
 CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...)
 	NOT-FOR-US: Fortinet
 CVE-2015-4076
@@ -68247,7 +68247,7 @@
 CVE-2015-2264 (Multiple untrusted search path vulnerabilities in (1) ...)
 	NOT-FOR-US: Telerik Analytics Monitor Library
 CVE-2015-2263 (Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x ...)
-	TODO: check
+	NOT-FOR-US: Cloudera
 CVE-2015-2262
 	RESERVED
 CVE-2015-2261
@@ -81654,7 +81654,7 @@
 CVE-2014-7280 (Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 ...)
 	NOT-FOR-US: Nessus Web UI
 CVE-2014-7279 (The Konke Smart Plug K does not require authentication for TELNET ...)
-	TODO: check
+	NOT-FOR-US: Konke Smart Plug K
 CVE-2014-7284 (The net_get_random_once implementation in net/core/utils.c in the ...)
 	- linux 3.16.2-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13)
@@ -100682,7 +100682,7 @@
 	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1603781 (7.x)
 	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1659537 (6.x)
 CVE-2014-0229 (Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in ...)
-	TODO: check
+	NOT-FOR-US: Hadoop as packaged by Cloudera
 CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization ...)
 	NOT-FOR-US: Apache Hive
 CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in ...)
@@ -102834,7 +102834,7 @@
 CVE-2013-6447 (Multiple XML External Entity (XXE) vulnerabilities in the (1) ...)
 	NOT-FOR-US: JBoss Seam
 CVE-2013-6446 (The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before ...)
-	TODO: check
+	NOT-FOR-US: Cloudera
 CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
 	NOT-FOR-US: Cumin
 CVE-2013-6444 (PyWBEM 0.7 and earlier does not verify that the server hostname ...)

More information about the Secure-testing-commits mailing list