[Secure-testing-commits] r51767 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat May 20 08:04:50 UTC 2017 

Author: carnil
Date: 2017-05-20 08:04:50 +0000 (Sat, 20 May 2017)
New Revision: 51767

Modified:
   data/CVE/list
Log:
Cleanup some spaces

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-19 21:26:32 UTC (rev 51766)
+++ data/CVE/list	2017-05-20 08:04:50 UTC (rev 51767)
@@ -2578,7 +2578,7 @@
 	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
 	NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef
 CVE-2017-8060 (Acceptance of invalid/self-signed TLS certificates in "Panda Mobile ...)
-	NOT-FOR-US: Panda 
+	NOT-FOR-US: Panda
 CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF ...)
 	NOT-FOR-US: Foxit
 CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat ...)
@@ -3972,7 +3972,7 @@
 	- imagemagick 8:6.9.7.4+dfsg-4 (bug #859769)
 	[jessie] - imagemagick <no-dsa> (Can be postponed until more severe issue are around)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506
-	NOTE:  Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f
+	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f
 CVE-2017-7606 (coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of ...)
 	{DLA-902-1}
 	- imagemagick 8:6.9.7.4+dfsg-4 (bug #859771)
@@ -4429,7 +4429,7 @@
 CVE-2017-7434
 	RESERVED
 CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe ...)
-	NOT-FOR-US:  Micro Focus Vibe
+	NOT-FOR-US: Micro Focus Vibe
 CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
 	NOT-FOR-US: Novell Novell iManager and NetIQ iManager
 CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
@@ -38226,7 +38226,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=655
 	NOTE: Possible duplicate with PixarLogDecode() issue
-	NOTE:  http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
 	NOTE: Upstream marked this duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2554
 CVE-2016-5314 [PixarLogDecode() out-of-bound writes]
 	RESERVED
@@ -52335,7 +52335,7 @@
 	NOTE: Two conditions must be met to exploit this vulnerability
 	NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine
 	NOTE: condition two can be fixed by the following patch:
-	NOTE:  https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
+	NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
 	NOTE: but as this completely deactivates multipart requests, this should not be generally applied
 CVE-2016-1181 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles ...)
 	- libstruts1.2-java <removed>
@@ -52344,7 +52344,7 @@
 	NOTE: Two conditions must be met to exploit this vulnerability
 	NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine
 	NOTE: condition two can be fixed by the following patch:
-	NOTE:  https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
+	NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
 	NOTE: but as this completely deactivates multipart requests, this should not be generally applied
 CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...)
 	NOT-FOR-US: Cyber-Will Social-button Premium plugin
@@ -63510,7 +63510,7 @@
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7882080388be5088e72c425b02223c02e6cb4295 (v2.4.0-rc3)
 	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=98b19252cf1bd97c54bc4613f3537c5ec0aae263 (v0.13.0-rc0)
 	NOTE: Patch for wheezy needs change since uses iov_from_buf:
-	NOTE:  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dcf6f5e15ecee4f593eeacbe0591c1addc004d92
+	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dcf6f5e15ecee4f593eeacbe0591c1addc004d92
 	NOTE: iov_* function changed in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2278a69e7020d86a8c73a28474e7709d3e7d5081 (v1.2.0-rc0)
 CVE-2015-5737 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) ...)
 	NOT-FOR-US: Fortinet
@@ -76762,7 +76762,7 @@
 	NOTE: Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
 	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
 	NOTE: This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 (2.15),
-	NOTE:   the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
+	NOTE: the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
 CVE-2015-1472 (The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka ...)
 	{DSA-3169-1 DLA-165-1}
 	- glibc 2.19-15 (bug #777197)
@@ -76771,7 +76771,7 @@
 	NOTE: Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
 	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
 	NOTE: This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 (2.15),
-	NOTE:   the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
+	NOTE: the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
 CVE-2015-XXXX [Infinite loop in patch]
 	- patch 2.7.4-1 (low; bug #776271)
 	[squeeze] - patch <no-dsa> (Minor issue)
@@ -174970,7 +174970,7 @@
 	- xen-unstable <removed> (unimportant)
 	NOTE: This is an enhancement, not a security issue.
 	NOTE: A user must have access to a guest hard drive image in order to boot it,
-	NOTE:  so he can simply mount the drive and remove the password option.
+	NOTE: so he can simply mount the drive and remove the password option.
 CVE-2009-5041 [buffer overflow in overkill]
 	RESERVED
 	- overkill 0.16-14.1 (bug #549310; low)

More information about the Secure-testing-commits mailing list