[Secure-testing-commits] r56580 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Oct 10 19:53:21 UTC 2017
Author: carnil
Date: 2017-10-10 19:53:21 +0000 (Tue, 10 Oct 2017)
New Revision: 56580
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-10 19:20:59 UTC (rev 56579)
+++ data/CVE/list 2017-10-10 19:53:21 UTC (rev 56580)
@@ -1,5 +1,5 @@
CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated ...)
- shaarli <itp> (bug #864559)
CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...)
@@ -4176,7 +4176,7 @@
CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version ...)
NOT-FOR-US: Replibit
CVE-2017-13706 (XML external entity (XXE) vulnerability in the import package ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...)
- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
[stretch] - flightgear <no-dsa> (Minor issue)
@@ -6705,9 +6705,9 @@
- opencv <unfixed> (bug #875342)
NOTE: https://github.com/opencv/opencv/issues/9370
CVE-2017-12861 (The Epson "EasyMP" software (tested on version 2.86) is designed to ...)
- TODO: check
+ NOT-FOR-US: Epson "EasyMP"
CVE-2017-12860 (The Epson "EasyMP" software (tested on version 2.86) is designed to ...)
- TODO: check
+ NOT-FOR-US: Epson "EasyMP"
CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...)
NOT-FOR-US: NetApp
CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in ...)
@@ -76923,7 +76923,7 @@
CVE-2015-7779
REJECTED
CVE-2015-7778 (Gurunavi App for iOS before 6.0.0 does not verify SSL certificates ...)
- TODO: check
+ NOT-FOR-US: Gurunavi App for iOS
CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest ...)
NOT-FOR-US: JosephErnest Void
CVE-2015-7776 (Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict ...)
@@ -80445,7 +80445,7 @@
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
NOTE: https://bugs.php.net/bug.php?id=70140
CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2015-6519 (SQL injection vulnerability in Arab Portal 3 allows remote attackers ...)
NOT-FOR-US: Arab Portal 3
CVE-2015-6518 (Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin ...)
@@ -82680,7 +82680,7 @@
CVE-2015-5640 (baserCMS before 3.0.8 allows remote authenticated users to modify ...)
NOT-FOR-US: baserCMS
CVE-2015-5639 (niconico App for iOS before 6.38 does not verify SSL certificates ...)
- TODO: check
+ NOT-FOR-US: niconico App for iOS
CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...)
NOT-FOR-US: H2O
CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows ...)
@@ -90456,7 +90456,7 @@
CVE-2015-2989 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...)
NOT-FOR-US: LEMON-S
CVE-2015-2988 (Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL ...)
- TODO: check
+ NOT-FOR-US: Rakuten card App for iOS
CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, ...)
NOT-FOR-US: Type74 ED
CVE-2015-2986 (Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji ...)
More information about the Secure-testing-commits
mailing list