[Secure-testing-commits] r51518 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed May 10 21:27:24 UTC 2017 

Author: jmm
Date: 2017-05-10 21:27:24 +0000 (Wed, 10 May 2017)
New Revision: 51518

Modified:
   data/CVE/list
Log:
new issues in lepton, dolibarr and libxml2
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-10 21:23:33 UTC (rev 51517)
+++ data/CVE/list	2017-05-10 21:27:24 UTC (rev 51518)
@@ -5,7 +5,7 @@
 CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...)
 	TODO: check
 CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a ...)
-	TODO: check
+	- lepton <unfixed>
 CVE-2017-8889
 	RESERVED
 CVE-2017-8888
@@ -27,24 +27,24 @@
 CVE-2017-8880
 	RESERVED
 CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the ...)
-	TODO: check
+	- dolibarr <unfixed>
 CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
 CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to ...)
 	TODO: check
 CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows remote ...)
-	TODO: check
+	NOT-FOR-US: Wordpress addon
 CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2017-8873
 	RESERVED
 CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 ...)
-	TODO: check
+	- libxml2 <unfixed>
 CVE-2017-8871
 	RESERVED
 CVE-2017-8870
@@ -52,7 +52,7 @@
 CVE-2017-8869
 	RESERVED
 CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via ...)
-	TODO: check
+	NOT-FOR-US: flatCore
 CVE-2017-8867
 	RESERVED
 CVE-2017-8866

More information about the Secure-testing-commits mailing list