[Secure-testing-commits] r57915 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Nov 21 22:33:44 UTC 2017 

Author: jmm
Date: 2017-11-21 22:33:44 +0000 (Tue, 21 Nov 2017)
New Revision: 57915

Modified:
   data/CVE/list
Log:
new ffmpeg issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-21 22:29:23 UTC (rev 57914)
+++ data/CVE/list	2017-11-21 22:33:44 UTC (rev 57915)
@@ -3,13 +3,13 @@
 CVE-2017-16924
 	RESERVED
 CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Tenda
 CVE-2017-16922
 	RESERVED
 CVE-2017-16921
 	RESERVED
 CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY ...)
-	TODO: check
+	NOT-FOR-US: dayrui FineCms
 CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) ...)
 	NOT-FOR-US: MapOS
 CVE-2017-16918
@@ -213,11 +213,11 @@
 CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...)
 	NOT-FOR-US: Jool
 CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
-	TODO: check
+	NOT-FOR-US: jqueryFileTree
 CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes ...)
 	NOT-FOR-US: QuickerBB
 CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...)
-	TODO: check
+	NOT-FOR-US: sodiumoxide
 CVE-2017-1000161
 	REJECTED
 CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
@@ -281,7 +281,7 @@
 CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...)
 	NOT-FOR-US: nodejs ejs
 CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using ...)
 	NOT-FOR-US: Relevanssi
 CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated ...)
@@ -578,7 +578,9 @@
 CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...)
 	NOT-FOR-US: LanSweeper
 CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	[stretch] - ffmpeg <postponed> (Can be fixed with next 3.2.x release)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
 CVE-2017-16839
 	RESERVED
 CVE-2017-16838

More information about the Secure-testing-commits mailing list