[Secure-testing-commits] r56448 - data/CVE

Raphael Geissert geissert at moszumanska.debian.org
Fri Oct 6 09:20:42 UTC 2017 

Author: geissert
Date: 2017-10-06 09:20:42 +0000 (Fri, 06 Oct 2017)
New Revision: 56448

Modified:
   data/CVE/list
Log:
redis, upx and lame issues, NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-06 09:10:13 UTC (rev 56447)
+++ data/CVE/list	2017-10-06 09:20:42 UTC (rev 56448)
@@ -1,5 +1,5 @@
 CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2017-15062
 	RESERVED
 CVE-2017-15061
@@ -13,6 +13,7 @@
 CVE-2017-15057
 	RESERVED
 CVE-2017-15056 (p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote ...)
+	- upx-ucl <unfixed>
 	TODO: check
 CVE-2017-15055
 	RESERVED
@@ -31,10 +32,13 @@
 CVE-2017-15048
 	RESERVED
 CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...)
+	- redis <unfixed>
 	TODO: check
 CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow, a different ...)
+	- lame <unfixed>
 	TODO: check
 CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read, a different ...)
+	- lame <unfixed>
 	TODO: check
 CVE-2017-15044
 	RESERVED
@@ -3017,19 +3021,19 @@
 CVE-2017-13999
 	RESERVED
 CVE-2017-13998 (An Insufficiently Protected Credentials issue was discovered in LOYTEC ...)
-	TODO: check
+	NOT-FOR-US: LOYTEC LVIS-3ME
 CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...)
 	NOT-FOR-US: Schneider
 CVE-2017-13996 (A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME ...)
-	TODO: check
+	NOT-FOR-US: LOYTEC LVIS-3ME
 CVE-2017-13995 (An Improper Authentication issue was discovered in iniNet Solutions ...)
 	NOT-FOR-US: iniNet Solutions iniNet Webserver
 CVE-2017-13994 (A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions ...)
-	TODO: check
+	NOT-FOR-US: LOYTEC LVIS-3ME
 CVE-2017-13993 (An Uncontrolled Search Path or Element issue was discovered in i-SENS ...)
 	NOT-FOR-US: i-SENS SmartLog Diabetes Management Software
 CVE-2017-13992 (An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME ...)
-	TODO: check
+	NOT-FOR-US: LOYTEC LVIS-3ME
 CVE-2017-13991 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...)
 	NOT-FOR-US: ArcSight
 CVE-2017-13990 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...)
@@ -6729,11 +6733,11 @@
 CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...)
 	NOT-FOR-US: SiteSentinel
 CVE-2017-12732 (A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY ...)
-	TODO: check
+	NOT-FOR-US: GE CIMPLICITY
 CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Systems ...)
 	NOT-FOR-US: SiteSentinel
 CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2017-12729
 	RESERVED
 CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...)

More information about the Secure-testing-commits mailing list