[Secure-testing-commits] r55586 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Sep 8 22:15:04 UTC 2017 

Author: jmm
Date: 2017-09-08 22:15:03 +0000 (Fri, 08 Sep 2017)
New Revision: 55586

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-08 21:10:15 UTC (rev 55585)
+++ data/CVE/list	2017-09-08 22:15:03 UTC (rev 55586)
@@ -5860,7 +5860,7 @@
 CVE-2017-12072
 	RESERVED
 CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-12070
 	RESERVED
 CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET ...)
@@ -7110,7 +7110,7 @@
 CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)
 	NOT-FOR-US: ZyXEL
 CVE-2017-11611 (Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The ...)
-	TODO: check
+	NOT-FOR-US: Wolf CMS
 CVE-2017-11610 (The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, ...)
 	{DSA-3942-1 DLA-1047-1}
 	- supervisor 3.3.1-1.1 (bug #870187)
@@ -8422,9 +8422,9 @@
 	NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE
 	NOTE: but produced this patch anyway: https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4
 CVE-2017-11162 (Directory traversal vulnerability in synphotoio in Synology Photo ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-11161 (Multiple SQL injection vulnerabilities in Synology Photo Station ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in ...)
 	NOT-FOR-US: Installer in Synology Assistant
 CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in ...)
@@ -14481,7 +14481,7 @@
 CVE-2017-9096
 	RESERVED
 CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local files ...)
-	TODO: check
+	NOT-FOR-US: Diving Log
 CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ...)
 	NOT-FOR-US: ImageWorsener
 CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in ...)
@@ -34433,7 +34433,7 @@
 CVE-2017-2551
 	RESERVED
 CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a ...)
-	TODO: check
+	NOT-FOR-US: Easy Joomla Backup
 CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	- webkit2gtk 2.16.3-2 (unimportant)
 	NOTE: Not covered by security support
@@ -82662,7 +82662,7 @@
 	- bind9 1:9.9.5.dfsg-10 (bug #791715)
 	NOTE: https://kb.isc.org/article/AA-01267
 CVE-2015-4619 (Cross-site request forgery (CSRF) vulnerability in Spina before commit ...)
-	TODO: check
+	NOT-FOR-US: Spina CMS
 CVE-2015-4618
 	RESERVED
 CVE-2015-4617
@@ -164526,7 +164526,7 @@
 CVE-2011-3178
 	RESERVED
 CVE-2011-3177 (The YaST2 network created files with world readable permissions which ...)
-	TODO: check
+	NOT-FOR-US: YaST
 CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...)
 	NOT-FOR-US: Novell ZENworks Configuration Management
 CVE-2011-3175 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...)

More information about the Secure-testing-commits mailing list