[Secure-testing-commits] r57841 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sun Nov 19 21:45:54 UTC 2017 

Author: jmm
Date: 2017-11-19 21:45:54 +0000 (Sun, 19 Nov 2017)
New Revision: 57841

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-19 21:10:15 UTC (rev 57840)
+++ data/CVE/list	2017-11-19 21:45:54 UTC (rev 57841)
@@ -70,16 +70,16 @@
 CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...)
 	NOT-FOR-US: Snap7 Server
 CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...)
 	- simple-xml <unfixed>
 	NOTE: https://github.com/ngallagher/simplexml/issues/18
 CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Framework
 CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
 	- exiv2 <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
@@ -95,7 +95,7 @@
 CVE-2017-16878
 	RESERVED
 CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...)
-	TODO: check
+	NOT-FOR-US: ZEIT Next.js
 CVE-2017-16876
 	RESERVED
 CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
@@ -127,13 +127,13 @@
 	- root-system <removed>
 	NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e
 CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...)
-	TODO: check
+	NOT-FOR-US: Cygnux sysPass
 CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...)
-	TODO: check
+	NOT-FOR-US: Jool
 CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
 	TODO: check
 CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes ...)
-	TODO: check
+	NOT-FOR-US: QuickerBB
 CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...)
 	TODO: check
 CVE-2017-1000161

More information about the Secure-testing-commits mailing list