[Secure-testing-commits] r57147 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Oct 30 21:22:29 UTC 2017 

Author: carnil
Date: 2017-10-30 21:22:29 +0000 (Mon, 30 Oct 2017)
New Revision: 57147

Modified:
   data/CVE/list
Log:
Process NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-30 21:10:16 UTC (rev 57146)
+++ data/CVE/list	2017-10-30 21:22:29 UTC (rev 57147)
@@ -3,7 +3,7 @@
 CVE-2017-16231
 	RESERVED
 CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the ...)
-	TODO: check
+	NOT-FOR-US: Typecho
 CVE-2017-16229
 	RESERVED
 CVE-2017-16228 (Dulwich before 0.18.5, when an SSH subprocess is used, allows remote ...)
@@ -10774,7 +10774,7 @@
 CVE-2017-12461
 	RESERVED
 CVE-2017-12460 (Unspecified vulnerability in Barco ClickShare CSM-1 firmware before ...)
-	TODO: check
+	NOT-FOR-US: Barco ClickShare CSM-1 firmware
 CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the ...)
 	- binutils 2.29-8
 	[stretch] - binutils <ignored> (Minor issue)
@@ -17701,7 +17701,7 @@
 CVE-2017-10152 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10151 (Vulnerability in the Oracle Identity Manager component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2017-10150 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
 	NOT-FOR-US: Primavera
 CVE-2017-10149 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
@@ -19233,7 +19233,7 @@
 CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in ...)
 	NOT-FOR-US: flatCore CMS
 CVE-2017-9450 (The Amazon Web Services (AWS) CloudFormation bootstrap tools package ...)
-	TODO: check
+	NOT-FOR-US: Amazon Web Services (AWS) CloudFormation bootstrap tools package
 CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS through ...)
@@ -19482,7 +19482,7 @@
 CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting their ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2017-9377 (A command injection was identified on Barco ClickShare Base Unit ...)
-	TODO: check
+	NOT-FOR-US: Barco ClickShare Base Unit device
 CVE-2017-9376
 	RESERVED
 CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller ...)
@@ -25820,7 +25820,7 @@
 CVE-2017-7412 (NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which ...)
 	NOT-FOR-US: NixOS specific Docker issue
 CVE-2017-7411 (An issue was discovered in Enalean Tuleap 9.6 and prior versions. The ...)
-	TODO: check
+	NOT-FOR-US: Enalean Tuleap
 CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and ...)
 	NOT-FOR-US: WebsiteBaker
 CVE-2017-7409 (Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect ...)
@@ -118729,7 +118729,7 @@
 CVE-2014-3527 (When using the CAS Proxy ticket authentication from Spring Security ...)
 	- libspring-security-java <itp> (bug #582181)
 CVE-2014-3526 (Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before ...)
-	TODO: check
+	NOT-FOR-US: Apache Wicket
 CVE-2014-3525 (Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ...)
 	- trafficserver 5.0.1-1 (low)
 	[wheezy] - trafficserver <no-dsa> (Minor issue)
@@ -128823,7 +128823,7 @@
 	- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.2)
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-022
 CVE-2014-0115 (Directory traversal vulnerability in the log viewer in Apache Storm ...)
-	TODO: check
+	NOT-FOR-US: Apache Storm
 CVE-2014-0114 (Apache Commons BeanUtils, as distributed in ...)
 	{DSA-2940-1 DLA-57-1}
 	- libstruts1.2-java 1.2.9-9 (bug #745897)
@@ -150425,7 +150425,7 @@
 CVE-2012-5637
 	REJECTED
 CVE-2012-5636 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
-	TODO: check
+	NOT-FOR-US: Apache Wicket
 CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...)
 	- glusterfs <unfixed> (unimportant; bug #704944)
 	NOTE: Neutralised by kernel hardening

More information about the Secure-testing-commits mailing list