[Secure-testing-commits] r50087 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Mar 27 10:04:29 UTC 2017 

Author: jmm
Date: 2017-03-27 10:04:29 +0000 (Mon, 27 Mar 2017)
New Revision: 50087

Modified:
   data/CVE/list
Log:
NFUs
binutils no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-27 09:10:12 UTC (rev 50086)
+++ data/CVE/list	2017-03-27 10:04:29 UTC (rev 50087)
@@ -1,5 +1,5 @@
 CVE-2017-7269 (Buffer overflow in the ScStoragePathFromUrl function in the WebDAV ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2017-7268
 	RESERVED
 CVE-2017-7267
@@ -178,22 +178,27 @@
 	RESERVED
 CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based ...)
 	- binutils 2.27.51.20161212-1
+	[jessie] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20906
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=406bd128dba2a59d0736839fc87a59bce319076c
 CVE-2017-7226 (The pe_ILF_object_p function in the Binary File Descriptor (BFD) ...)
 	- binutils 2.27.51.20161212-1
+	[jessie] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20905
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa6631b4eecfcca00c13b9594e6336dffd40982f
 CVE-2017-7225 (The find_nearest_line function in addr2line in GNU Binutils 2.28 does ...)
 	- binutils 2.27.51.20161201-1
+	[jessie] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20891
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=50455f1ab2935f7321215dfa681745c9b1cb5b19
 CVE-2017-7224 (The find_nearest_line function in objdump in GNU Binutils 2.28 is ...)
 	- binutils 2.27.51.20161201-1
+	[jessie] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20892
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e82ab856bb4689330c29fb9f1c57a8555b26380e
 CVE-2017-7223 (GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer ...)
 	- binutils 2.27.51.20161212-1
+	[jessie] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20898
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69ace2200106348a1b00d509a6a234337c104c17
 CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 ...)
@@ -766,6 +771,7 @@
 	RESERVED
 CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer ...)
 	- binutils <unfixed> (bug #858256)
+	[jessie] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21156
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43a444f9c5bfd44b4304eafd78338e21d54bea14
@@ -781,10 +787,12 @@
 	NOTE: https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f
 CVE-2017-6966 (readelf in GNU Binutils 2.28 has a use-after-free (specifically ...)
 	- binutils <unfixed> (bug #858263)
+	[jessie] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21139
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9
 CVE-2017-6965 (readelf in GNU Binutils 2.28 writes to illegal addresses while ...)
 	- binutils <unfixed> (bug #858264)
+	[jessie] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21137
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493
 CVE-2017-6964
@@ -3150,13 +3158,13 @@
 CVE-2017-6070 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2017-6069 (Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2017-6068 (Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2017-6067 (Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom ...)
-	TODO: check
+	NOT-FOR-US: Symphony CMS
 CVE-2017-6066 (Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2017-6065 (SQL injection vulnerability in ...)
 	NOT-FOR-US: GenixCMS
 CVE-2017-6064
@@ -3268,7 +3276,7 @@
 	- wireshark 2.2.5+g440fd4d-2 (bug #855408)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
 CVE-2017-6013 (Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2017-6012
 	RESERVED
 CVE-2017-6011 (An issue was discovered in icoutils 0.31.1. An out-of-bounds read ...)
@@ -3293,7 +3301,7 @@
 CVE-2017-6007
 	RESERVED
 CVE-2017-6006 (Symphony 2.6.11 has XSS in publish/articles/new/ via the Body field. ...)
-	TODO: check
+	NOT-FOR-US: Symphony CMS
 CVE-2017-6005
 	RESERVED
 CVE-2017-6004 (The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE ...)
@@ -3303,9 +3311,9 @@
 	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2035
 CVE-2017-6003 (dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language ...)
-	TODO: check
+	NOT-FOR-US: dotCMS
 CVE-2017-6002 (Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2014-9919
 	RESERVED
 CVE-2014-9918

More information about the Secure-testing-commits mailing list