[Secure-testing-commits] r56862 - data/CVE

Raphael Geissert geissert at moszumanska.debian.org
Thu Oct 19 10:26:53 UTC 2017 

Author: geissert
Date: 2017-10-19 10:26:53 +0000 (Thu, 19 Oct 2017)
New Revision: 56862

Modified:
   data/CVE/list
Log:
web2py, openjpeg2, puppet, mistune, NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-19 09:42:09 UTC (rev 56861)
+++ data/CVE/list	2017-10-19 10:26:53 UTC (rev 56862)
@@ -49,13 +49,14 @@
 CVE-2017-15613
 	RESERVED
 CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...)
+	- mistune <unfixed>
 	TODO: check
 CVE-2017-15611 (In Octopus before 3.17.7, an authenticated user who was explicitly ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the special ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive cleartext ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2017-15608
 	RESERVED
 CVE-2017-15607
@@ -6610,7 +6611,7 @@
 	NOTE: item is not applicable in practice. Furthermore, the PeerKey handshake
 	NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed.
 CVE-2017-13083 (Akeo Consulting Rufus prior to version 2.17.1187 does not adequately ...)
-	TODO: check
+	NOT-FOR-US: Akeo Consulting Rufus
 CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r ...)
 	{DSA-3999-1}
 	- wpa 2:2.4-1.1
@@ -57292,6 +57293,7 @@
 CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...)
 	- puppet <not-affected> (Limited to Puppet Enterprise)
 CVE-2016-5714 (Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet ...)
+	- puppet <unfixed>
 	TODO: check
 CVE-2016-5713
 	RESERVED
@@ -80666,6 +80668,7 @@
 	NOTE: http://www.spinics.net/lists/linux-nfs/msg53045.html
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/17/1
 CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows ...)
+	- web2py <unfixed>
 	TODO: check
 CVE-2015-6960
 	RESERVED
@@ -97676,6 +97679,7 @@
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-1239 (Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG ...)
+	- openjpeg2 <unfixed>
 	TODO: check
 CVE-2015-1238 (Skia, as used in Google Chrome before 42.0.2311.90, allows remote ...)
 	{DSA-3238-1}

More information about the Secure-testing-commits mailing list