[Secure-testing-commits] r57609 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Nov 14 05:48:29 UTC 2017 

Author: carnil
Date: 2017-11-14 05:48:29 +0000 (Tue, 14 Nov 2017)
New Revision: 57609

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-14 05:48:12 UTC (rev 57608)
+++ data/CVE/list	2017-11-14 05:48:29 UTC (rev 57609)
@@ -4,7 +4,7 @@
 	NOTE: https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
 	TODO: check, ffmpeg?
 CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...)
 	- redmine <unfixed>
 	[wheezy] - redmine <end-of-life> (Not supported wheezy LTS)
@@ -12,7 +12,7 @@
 	NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0
 	NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
 CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2017-16800
 	RESERVED
 CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, ...)
@@ -34,7 +34,7 @@
 	- swftools <unfixed>
 	NOTE: https://github.com/matthiaskramm/swftools/issues/47
 CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in ...)
-	TODO: check
+	NOT-FOR-US: geminabox
 CVE-2017-16791
 	RESERVED
 CVE-2017-16790
@@ -6647,7 +6647,7 @@
 CVE-2017-14389
 	RESERVED
 CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry Foundation GrootFS
 CVE-2017-14387
 	RESERVED
 CVE-2017-14386
@@ -7773,7 +7773,7 @@
 CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...)
 	NOT-FOR-US: Korenix
 CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in ...)
-	TODO: check
+	NOT-FOR-US: AutomationDirect
 CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...)
 	NOT-FOR-US: Progea Movicon
 CVE-2017-14018
@@ -8192,7 +8192,7 @@
 CVE-2017-13812 (An issue was discovered in certain Apple products. macOS before ...)
 	TODO: check, potentially libarchive
 CVE-2017-13811 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13810 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
 CVE-2017-13809 (An issue was discovered in certain Apple products. macOS before ...)
@@ -8262,7 +8262,7 @@
 CVE-2017-13787
 	RESERVED
 CVE-2017-13786 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13785 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
 	- webkit2gtk 2.18.1-1 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
@@ -8276,7 +8276,7 @@
 	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
 	NOTE: Not covered by security support
 CVE-2017-13782 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13781
 	RESERVED
 CVE-2017-13780 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory ...)
@@ -15970,7 +15970,7 @@
 	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/472
 CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices ...)
-	TODO: check
+	NOT-FOR-US: iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices
 CVE-2017-11168
 	RESERVED
 CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...)
@@ -16974,7 +16974,7 @@
 CVE-2017-10886
 	RESERVED
 CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...)
-	TODO: check
+	NOT-FOR-US: HYPER SBI
 CVE-2017-10884
 	RESERVED
 CVE-2017-10883
@@ -16994,7 +16994,7 @@
 CVE-2017-10876
 	RESERVED
 CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an ...)
-	TODO: check
+	NOT-FOR-US: I-O DATA DEVICE LAN DISK Connect
 CVE-2017-10874
 	RESERVED
 CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
@@ -17002,7 +17002,7 @@
 CVE-2017-10872
 	RESERVED
 CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version ...)
-	TODO: check
+	NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software
 CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...)
 	NOT-FOR-US: Rakuraku Hagaki
 CVE-2017-10869
@@ -21345,7 +21345,7 @@
 CVE-2017-9315
 	RESERVED
 CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, ...)
-	TODO: check
+	NOT-FOR-US: Dahua NVR
 CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before ...)
 	- webmin <removed>
 CVE-2017-9312
@@ -28590,7 +28590,7 @@
 CVE-2017-7133 (An issue was discovered in certain Apple products. iOS before 11 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-7132 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7131 (An issue was discovered in certain Apple products. iOS before 11 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-7130 (An issue was discovered in certain Apple products. iOS before 11 is ...)
@@ -28632,7 +28632,7 @@
 CVE-2017-7114 (An issue was discovered in certain Apple products. iOS before 11 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-7113 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7112 (An issue was discovered in certain Apple products. iOS before 11 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-7111 (An issue was discovered in certain Apple products. iOS before 11 is ...)
@@ -45921,13 +45921,13 @@
 CVE-2017-0908
 	REJECTED
 CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, ...)
-	TODO: check
+	NOT-FOR-US: Recurly Client .NET Library
 CVE-2017-0906 (The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, ...)
-	TODO: check
+	NOT-FOR-US: Recurly Client Python Library
 CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, ...)
-	TODO: check
+	NOT-FOR-US: Recurly Client Ruby Library
 CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: private_address_check ruby gem
 CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...)
 	{DSA-4031-1}
 	- ruby2.3 <unfixed> (bug #879231)

More information about the Secure-testing-commits mailing list