[Secure-testing-commits] r57147 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 30 21:22:29 UTC 2017
Author: carnil
Date: 2017-10-30 21:22:29 +0000 (Mon, 30 Oct 2017)
New Revision: 57147
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-30 21:10:16 UTC (rev 57146)
+++ data/CVE/list 2017-10-30 21:22:29 UTC (rev 57147)
@@ -3,7 +3,7 @@
CVE-2017-16231
RESERVED
CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the ...)
- TODO: check
+ NOT-FOR-US: Typecho
CVE-2017-16229
RESERVED
CVE-2017-16228 (Dulwich before 0.18.5, when an SSH subprocess is used, allows remote ...)
@@ -10774,7 +10774,7 @@
CVE-2017-12461
RESERVED
CVE-2017-12460 (Unspecified vulnerability in Barco ClickShare CSM-1 firmware before ...)
- TODO: check
+ NOT-FOR-US: Barco ClickShare CSM-1 firmware
CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the ...)
- binutils 2.29-8
[stretch] - binutils <ignored> (Minor issue)
@@ -17701,7 +17701,7 @@
CVE-2017-10152 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-10151 (Vulnerability in the Oracle Identity Manager component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-10150 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
NOT-FOR-US: Primavera
CVE-2017-10149 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
@@ -19233,7 +19233,7 @@
CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in ...)
NOT-FOR-US: flatCore CMS
CVE-2017-9450 (The Amazon Web Services (AWS) CloudFormation bootstrap tools package ...)
- TODO: check
+ NOT-FOR-US: Amazon Web Services (AWS) CloudFormation bootstrap tools package
CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...)
NOT-FOR-US: BigTree CMS
CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS through ...)
@@ -19482,7 +19482,7 @@
CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting their ...)
NOT-FOR-US: BigTree CMS
CVE-2017-9377 (A command injection was identified on Barco ClickShare Base Unit ...)
- TODO: check
+ NOT-FOR-US: Barco ClickShare Base Unit device
CVE-2017-9376
RESERVED
CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller ...)
@@ -25820,7 +25820,7 @@
CVE-2017-7412 (NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which ...)
NOT-FOR-US: NixOS specific Docker issue
CVE-2017-7411 (An issue was discovered in Enalean Tuleap 9.6 and prior versions. The ...)
- TODO: check
+ NOT-FOR-US: Enalean Tuleap
CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and ...)
NOT-FOR-US: WebsiteBaker
CVE-2017-7409 (Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect ...)
@@ -118729,7 +118729,7 @@
CVE-2014-3527 (When using the CAS Proxy ticket authentication from Spring Security ...)
- libspring-security-java <itp> (bug #582181)
CVE-2014-3526 (Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before ...)
- TODO: check
+ NOT-FOR-US: Apache Wicket
CVE-2014-3525 (Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ...)
- trafficserver 5.0.1-1 (low)
[wheezy] - trafficserver <no-dsa> (Minor issue)
@@ -128823,7 +128823,7 @@
- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.2)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-022
CVE-2014-0115 (Directory traversal vulnerability in the log viewer in Apache Storm ...)
- TODO: check
+ NOT-FOR-US: Apache Storm
CVE-2014-0114 (Apache Commons BeanUtils, as distributed in ...)
{DSA-2940-1 DLA-57-1}
- libstruts1.2-java 1.2.9-9 (bug #745897)
@@ -150425,7 +150425,7 @@
CVE-2012-5637
REJECTED
CVE-2012-5636 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
- TODO: check
+ NOT-FOR-US: Apache Wicket
CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...)
- glusterfs <unfixed> (unimportant; bug #704944)
NOTE: Neutralised by kernel hardening
More information about the Secure-testing-commits
mailing list