[Secure-testing-commits] r57841 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Nov 19 21:45:54 UTC 2017
Author: jmm
Date: 2017-11-19 21:45:54 +0000 (Sun, 19 Nov 2017)
New Revision: 57841
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-19 21:10:15 UTC (rev 57840)
+++ data/CVE/list 2017-11-19 21:45:54 UTC (rev 57841)
@@ -70,16 +70,16 @@
CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...)
NOT-FOR-US: Snap7 Server
CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...)
- TODO: check
+ NOT-FOR-US: Opencast
CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...)
- TODO: check
+ NOT-FOR-US: Opencast
CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...)
- simple-xml <unfixed>
NOTE: https://github.com/ngallagher/simplexml/issues/18
CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through ...)
- TODO: check
+ NOT-FOR-US: Phoenix Framework
CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
- exiv2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
@@ -95,7 +95,7 @@
CVE-2017-16878
RESERVED
CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...)
- TODO: check
+ NOT-FOR-US: ZEIT Next.js
CVE-2017-16876
RESERVED
CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
@@ -127,13 +127,13 @@
- root-system <removed>
NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e
CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...)
- TODO: check
+ NOT-FOR-US: Cygnux sysPass
CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...)
- TODO: check
+ NOT-FOR-US: Jool
CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
TODO: check
CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes ...)
- TODO: check
+ NOT-FOR-US: QuickerBB
CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...)
TODO: check
CVE-2017-1000161
More information about the Secure-testing-commits
mailing list