[Secure-testing-commits] r51766 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri May 19 21:26:32 UTC 2017 

Author: jmm
Date: 2017-05-19 21:26:32 +0000 (Fri, 19 May 2017)
New Revision: 51766

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-19 21:23:25 UTC (rev 51765)
+++ data/CVE/list	2017-05-19 21:26:32 UTC (rev 51766)
@@ -11,15 +11,15 @@
 CVE-2017-9095
 	RESERVED
 CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ...)
-	TODO: check
+	NOT-FOR-US: ImageWorsener
 CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in ...)
-	TODO: check
+	NOT-FOR-US: ImageWorsener
 CVE-2017-9092
 	RESERVED
 CVE-2017-9091 (/admin/loginc.php in Allen Disk 1.6 doesn't check if ...)
-	TODO: check
+	NOT-FOR-US: Allen Disk
 CVE-2017-9090 (reg.php in Allen Disk 1.6 doesn't check if ...)
-	TODO: check
+	NOT-FOR-US: Allen Disk
 CVE-2017-9089
 	RESERVED
 CVE-2017-9088
@@ -39,7 +39,7 @@
 CVE-2017-9081
 	RESERVED
 CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the name ...)
-	TODO: check
+	NOT-FOR-US: PlaySMS
 CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files ...)
 	{DSA-3859-1}
 	- dropbear <unfixed> (bug #862970)
@@ -61,7 +61,7 @@
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1
 CVE-2017-9073 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. ...)
 	NOT-FOR-US: CalendarXP
 CVE-2017-9071 (In MODX Revolution before 2.5.7, an attacker might be able to trigger ...)
@@ -2799,7 +2799,7 @@
 CVE-2017-7969
 	RESERVED
 CVE-2017-7968 (An Incorrect Default Permissions issue was discovered in Schneider ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...)
 	NOT-FOR-US: Schneider
 CVE-2017-7966
@@ -2899,11 +2899,11 @@
 CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...)
 	NOT-FOR-US: DMitry
 CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix Contact GmbH ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2017-7936
 	RESERVED
 CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2017-7934
 	RESERVED
 CVE-2017-7933
@@ -2959,7 +2959,7 @@
 CVE-2017-7908
 	RESERVED
 CVE-2017-7907 (An Improper XML Parser Configuration issue was discovered in Schneider ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2017-7906
 	RESERVED
 CVE-2017-7905
@@ -4185,7 +4185,7 @@
 CVE-2017-7505
 	RESERVED
 CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the ...)
-	TODO: check
+	NOT-FOR-US: Red Hat JBoss
 CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of ...)
 	NOT-FOR-US: Red Hat JBoss EAP implementation of javax.xml.transform.TransformerFactory
 CVE-2017-7502

More information about the Secure-testing-commits mailing list