[Secure-testing-commits] r57515 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Nov 9 21:18:13 UTC 2017 

Author: carnil
Date: 2017-11-09 21:18:13 +0000 (Thu, 09 Nov 2017)
New Revision: 57515

Modified:
   data/CVE/list
Log:
Process some NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-09 21:11:15 UTC (rev 57514)
+++ data/CVE/list	2017-11-09 21:18:13 UTC (rev 57515)
@@ -3,7 +3,7 @@
 CVE-2017-16755
 	RESERVED
 CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2017-16753
 	RESERVED
 CVE-2017-16752
@@ -283,9 +283,9 @@
 CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the ...)
 	NOT-FOR-US: TinyWebGallery
 CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2017-16632
 	RESERVED
 CVE-2017-16631
@@ -415,9 +415,9 @@
 CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...)
 	NOT-FOR-US: Zurmo
 CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...)
-	TODO: check
+	NOT-FOR-US: Logitech Media Server
 CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...)
-	TODO: check
+	NOT-FOR-US: Logitech Media Server
 CVE-2017-16566
 	RESERVED
 CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...)
@@ -2943,7 +2943,7 @@
 CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to ...)
 	NOT-FOR-US: Mura CMS
 CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux ...)
-	TODO: check
+	NOT-FOR-US: SuSEfirewall2 in SUSE
 CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ...)
 	- wordpress <unfixed> (bug #880868)
 	NOTE: https://core.trac.wordpress.org/ticket/21022
@@ -10224,7 +10224,7 @@
 CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...)
 	NOT-FOR-US: Apache2Triad
 CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: Avaya IP Office Contact Center
 CVE-2017-12968
 	RESERVED
 CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) ...)
@@ -14983,7 +14983,7 @@
 	NOTE: Fixed by: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
 	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
 CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) versions ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService ...)
 	NOT-FOR-US: SAP
 CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via ...)
@@ -15474,7 +15474,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/517
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08
 CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office before ...)
-	TODO: check
+	NOT-FOR-US: Avaya IP Office
 CVE-2017-11308
 	RESERVED
 CVE-2017-11307
@@ -19799,7 +19799,7 @@
 CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the ...)
 	NOT-FOR-US: Zenbership
 CVE-2017-9758 (Savitech driver packages for Windows silently install a self-signed ...)
-	TODO: check
+	NOT-FOR-US: Savitech driver packages for Windows
 CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via ...)
 	NOT-FOR-US: IPFire
 CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack ...)
@@ -34662,7 +34662,7 @@
 	{DSA-3775-1 DLA-809-1}
 	- tcpdump 4.9.0-1
 CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...)
 	- salt 2016.11.2+ds-1
 	[jessie] - salt <not-affected> (Vulnerable code not present)

More information about the Secure-testing-commits mailing list