[Secure-testing-commits] r57438 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Nov 8 09:14:34 UTC 2017 

Author: jmm
Date: 2017-11-08 09:14:34 +0000 (Wed, 08 Nov 2017)
New Revision: 57438

Modified:
   data/CVE/list
Log:
NFUs
golang no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-08 09:10:21 UTC (rev 57437)
+++ data/CVE/list	2017-11-08 09:14:34 UTC (rev 57438)
@@ -99,13 +99,13 @@
 CVE-2017-16619
 	RESERVED
 CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading functionality ...)
-	TODO: check
+	NOT-FOR-US: OwlMixin
 CVE-2017-16617
 	RESERVED
 CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing functionality ...)
-	TODO: check
+	NOT-FOR-US: pyanyapi
 CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...)
-	TODO: check
+	NOT-FOR-US: MLAlchemy
 CVE-2017-16614
 	RESERVED
 CVE-2017-16613
@@ -213,7 +213,7 @@
 CVE-2017-16562
 	RESERVED
 CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 is ...)
-	TODO: check
+	NOT-FOR-US: Ingenious School Management System
 CVE-2017-16560
 	RESERVED
 CVE-2017-16559
@@ -4287,6 +4287,7 @@
 	- golang-1.7 <unfixed>
 	[stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
 	- golang <removed>
+	[jessie] - golang <ignored> (Minor issue, would require builds of all go packages in stable)
 	[wheezy] - golang <not-affected> (Vulnerable code introduced later in version 1.1)
 	NOTE: https://github.com/golang/go/issues/22134
 	NOTE: https://golang.org/cl/68023
@@ -4299,6 +4300,7 @@
 	[stretch] - golang-1.8 <ignored> (Minor issue)
 	- golang-1.7 <unfixed>
 	[stretch] - golang-1.7 <ignored> (Minor issue)
+	[jessie] - golang <no-dsa> (Minor issue)
 	- golang <removed>
 	NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/
 	NOTE: https://github.com/golang/go/issues/22125
@@ -76735,7 +76737,7 @@
 CVE-2016-0873
 	RESERVED
 CVE-2016-0872 (A Plaintext Storage of a Password issue was discovered in Kabona AB ...)
-	TODO: check
+	NOT-FOR-US: Kabona AB WebDatorCentral
 CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
 	NOT-FOR-US: Eaton Lighting EG2 Web Control
 CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows remote ...)

More information about the Secure-testing-commits mailing list