[Secure-testing-commits] r55380 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Sep 1 21:59:24 UTC 2017
Author: jmm
Date: 2017-09-01 21:59:24 +0000 (Fri, 01 Sep 2017)
New Revision: 55380
Modified:
data/CVE/list
Log:
new pngcrush issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-01 21:54:40 UTC (rev 55379)
+++ data/CVE/list 2017-09-01 21:59:24 UTC (rev 55380)
@@ -15,7 +15,7 @@
NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...)
- TODO: check
+ NOT-FOR-US: HiveManager
CVE-2017-14104
RESERVED
CVE-2017-14106 (The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel ...)
@@ -168,11 +168,11 @@
CVE-2017-14052
RESERVED
CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of ...)
- TODO: check
+ - libkohana2-php <undetermined>
CVE-2016-10509 (SQL injection vulnerability in the updateAmazonOrderTracking function ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2016-10508 (Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() ...)
- TODO: check
+ NOT-FOR-US: phpThumb
CVE-2017-14063 (Async Http Client (aka async-http-client) before 2.0.35 can be tricked ...)
- async-http-client <undetermined>
NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1455
@@ -17374,7 +17374,7 @@
[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416
CVE-2017-7855 (In the webmail component in IceWarp Server 11.3.1.5, there was an XSS ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote ...)
- radare2 <not-affected> (Vulnerable code introduced later)
CVE-2017-7853 (In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can ...)
@@ -73480,7 +73480,7 @@
NOTE: https://github.com/ntp-project/ntp/commit/d7cd5e186034340402f1393e0813c7d2b14ea6ca
NOTE: https://github.com/ntp-project/ntp/commit/79604d925e4477247eee202155215e7865293809
CVE-2015-7700 (Double-free vulnerability in the sPLT chunk structure and png.c in ...)
- TODO: check
+ - pngcrush <unfixed>
CVE-2015-7697 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...)
{DSA-3386-1 DLA-330-1}
- unzip 6.0-19 (bug #802160)
@@ -78081,7 +78081,7 @@
NOTE: _gnutls_x509_dn_to_string() introduced in 3.1.10 via:
NOTE: https://gitlab.com/gnutls/gnutls/commit/6be35136333b5d6289f23209cf896e741462909a
CVE-2015-5958 (phpFileManager 0.9.8 allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOT-FOR-US: phpFileManager
CVE-2015-5956 (The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before ...)
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life> (See DSA 3314)
@@ -96281,7 +96281,7 @@
CVE-2014-9313
RESERVED
CVE-2014-9312 (Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. ...)
- TODO: check
+ NOT-FOR-US: Photo Gallery
CVE-2014-9311 (Cross-site scripting (XSS) vulnerability in admin.php in the ...)
NOT-FOR-US: Shareaholic plugin for WordPress
CVE-2014-9310 (Cross-site scripting (XSS) vulnerability in the WordPress Backup to ...)
@@ -99951,7 +99951,7 @@
CVE-2014-8754 (Open redirect vulnerability in track-click.php in the Ad-Manager ...)
NOT-FOR-US: WordPress plugin ad-manager-for-wp
CVE-2014-8753 (Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net ...)
- TODO: check
+ NOT-FOR-US: Cit-e-Net
CVE-2014-8752 (Multiple cross-site scripting (XSS) vulnerabilities in view.php in ...)
NOT-FOR-US: JCE-Tech PHP Video Script
CVE-2014-8751 (Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress ...)
More information about the Secure-testing-commits
mailing list