[Secure-testing-commits] r51966 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu May 25 21:35:09 UTC 2017 

Author: jmm
Date: 2017-05-25 21:35:09 +0000 (Thu, 25 May 2017)
New Revision: 51966

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-25 21:26:28 UTC (rev 51965)
+++ data/CVE/list	2017-05-25 21:35:09 UTC (rev 51966)
@@ -523,17 +523,17 @@
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
 CVE-2017-9037 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-9036 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-9035 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-9034 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-9033 (Cross-site request forgery (CSRF) vulnerability in Trend Micro ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-9032 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based buffer ...)
 	- libytnef 1.9.2-2 (bug #862556)
 	NOTE: https://github.com/Yeraze/ytnef/issues/45
@@ -4802,7 +4802,7 @@
 CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop ...)
 	NOT-FOR-US: Kerio
 CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2017-7438
 	RESERVED
 CVE-2017-7437
@@ -5636,7 +5636,7 @@
 CVE-2017-7237 (The Spiceworks TFTP Server, as distributed with Spiceworks Inventory ...)
 	NOT-FOR-US: Spiceworks
 CVE-2017-7236 (SQL injection vulnerability in NetApp OnCommand Unified Manager Core ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2016-10265
 	RESERVED
 CVE-2016-10264
@@ -35385,7 +35385,7 @@
 CVE-2016-6257 (The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon ...)
 	NOT-FOR-US: Lenovo
 CVE-2016-6256 (SAP Business One for Android 1.2.3 allows remote attackers to conduct ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2016-6254 (Heap-based buffer overflow in the parse_packet function in network.c ...)
 	{DSA-3636-1 DLA-575-1}
 	- collectd 5.5.2-1 (bug #832507)
@@ -45712,7 +45712,7 @@
 CVE-2016-3085 (Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x ...)
 	NOT-FOR-US: Apache CloudStack
 CVE-2016-3084 (The UAA reset password flow in Cloud Foundry release v236 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2016-3083
 	RESERVED
 	NOT-FOR-US: Apache Hive
@@ -53973,9 +53973,9 @@
 	- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
 	NOTE: https://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
 CVE-2016-0781 (The UAA OAuth approval pages in Cloud Foundry v208 to v231, ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2016-0780 (It was discovered that cf-release v231 and lower, Pivotal Cloud ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2016-0779 (The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x ...)
 	NOT-FOR-US: Apache TomEE
 CVE-2016-0778 (The (1) roaming_read and (2) roaming_write functions in ...)
@@ -54067,7 +54067,7 @@
 	NOTE: Fixed by: http://svn.apache.org/r1758502 (7.0.x)
 	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758506 (6.0.x)
 CVE-2016-0761 (Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2016-0760 (Multiple incomplete blacklist vulnerabilities in Apache Sentry before ...)
 	NOT-FOR-US: Apache Hive
 CVE-2016-0759
@@ -71598,11 +71598,11 @@
 	NOTE: https://pivotal.io/security/cve-2015-3192
 	NOTE: https://jira.spring.io/browse/SPR-13136
 CVE-2015-3191 (With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2015-3190 (With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2015-3189 (With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2015-3188 (The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote ...)
 	NOT-FOR-US: Apache Storm
 CVE-2015-3187 (The svn_repos_trace_node_locations function in Apache Subversion ...)
@@ -75770,7 +75770,7 @@
 	RESERVED
 	NOT-FOR-US: Apache Cordova
 CVE-2015-1834 (A path traversal vulnerability was identified in the Cloud Foundry ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit before ...)
 	{DSA-3298-1}
 	- jackrabbit 2.10.1-1 (bug #787316)

More information about the Secure-testing-commits mailing list