[Secure-testing-commits] r50123 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Mar 28 10:39:47 UTC 2017 

Author: jmm
Date: 2017-03-28 10:39:47 +0000 (Tue, 28 Mar 2017)
New Revision: 50123

Modified:
   data/CVE/list
Log:
new golang-gopkg-square-go-jose.v1 issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-28 10:08:55 UTC (rev 50122)
+++ data/CVE/list	2017-03-28 10:39:47 UTC (rev 50123)
@@ -1006,7 +1006,7 @@
 CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...)
 	NOT-FOR-US: MantisBT Source Integration Plugin
 CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...)
-	TODO: check
+	NOT-FOR-US: Firmware on some Broadcom SoCs
 CVE-2017-6956
 	RESERVED
 CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone ...)
@@ -6150,11 +6150,11 @@
 CVE-2017-5240
 	RESERVED
 CVE-2017-5239 (Due to a lack of standard encryption when transmitting sensitive ...)
-	TODO: check
+	NOT-FOR-US: Eview GPS trackers
 CVE-2017-5238 (Due to a lack of bounds checking, several input configuration fields ...)
-	TODO: check
+	NOT-FOR-US: Eview GPS trackers
 CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who knows the ...)
-	TODO: check
+	NOT-FOR-US: Eview GPS trackers
 CVE-2017-5236
 	RESERVED
 CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 ...)
@@ -16117,7 +16117,7 @@
 CVE-2017-1154
 	RESERVED
 CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1152
 	RESERVED
 CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...)
@@ -16137,9 +16137,9 @@
 CVE-2017-1144
 	RESERVED
 CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1141
 	RESERVED
 CVE-2017-1140
@@ -16183,7 +16183,7 @@
 CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1119
 	RESERVED
 CVE-2017-1118
@@ -16663,7 +16663,7 @@
 	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
 	NOTE: https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
 CVE-2017-0881 (An error in the implementation of an autosubscribe feature in the ...)
-	TODO: check
+	NOT-FOR-US: Zulip
 CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the ...)
 	- linux 4.6.1-1
 	[jessie] - linux 3.16.39-1
@@ -16704,7 +16704,7 @@
 CVE-2016-9738
 	RESERVED
 CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-9736
 	RESERVED
 CVE-2016-9735
@@ -18899,47 +18899,47 @@
 CVE-2016-9474
 	RESERVED
 CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and ...)
-	TODO: check
+	NOT-FOR-US: Brave Browser
 CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any ...)
 	- gitlab 8.13.6+dfsg2-2 (bug #847157)
 	NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/
 	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064
 CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9466 (Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9465 (Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9462 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9461 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9460 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9459 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2016-9458
 	RESERVED
 CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and ...)
 	{DSA-3758-1 DLA-805-1}
 	[experimental] - bind9 1:9.10.4-P5-1
@@ -20158,25 +20158,25 @@
 	- bind9 1:9.10.3.dfsg.P4-11 (bug #851065)
 	NOTE: https://kb.isc.org/article/AA-01439/0
 CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure Through ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction of ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit ...)
-	TODO: check
+	- golang-gopkg-square-go-jose.v1 1.0.5-1
 CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures exploitation. ...)
-	TODO: check
+	- golang-gopkg-square-go-jose.v1 1.0.5-1
 CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for the ...)
-	TODO: check
+	- golang-gopkg-square-go-jose.v1 1.0.5-1
 CVE-2016-9140 [RCE]
 	RESERVED
 	- zabbix 1:3.0.6+dfsg-1 (bug #842702; unimportant)

More information about the Secure-testing-commits mailing list