[Secure-testing-commits] r56266 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Sep 29 21:56:45 UTC 2017 

Author: jmm
Date: 2017-09-29 21:56:45 +0000 (Fri, 29 Sep 2017)
New Revision: 56266

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-29 21:23:48 UTC (rev 56265)
+++ data/CVE/list	2017-09-29 21:56:45 UTC (rev 56266)
@@ -9,11 +9,11 @@
 CVE-2017-14945 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...)
 	TODO: check
 CVE-2017-14944 (Inedo ProGet before 4.7.14 does not properly address dangerous package ...)
-	TODO: check
+	NOT-FOR-US: Inedo ProGet
 CVE-2017-14943
 	RESERVED
 CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the ...)
-	TODO: check
+	NOT-FOR-US: Intelbras WRN 150 devices
 CVE-2017-14941
 	RESERVED
 CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) ...)
@@ -39,7 +39,7 @@
 CVE-2017-14936
 	RESERVED
 CVE-2016-10512 (MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for ...)
-	TODO: check
+	NOT-FOR-US: MultiTech FaxFinder
 CVE-2017-14935 (Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly ...)
 	NOT-FOR-US: Pulse Secure
 CVE-2017-14934 (process_debug_info in dwarf.c in the Binary File Descriptor (BFD) ...)
@@ -367,9 +367,9 @@
 CVE-2017-14797
 	RESERVED
 CVE-2017-14796 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote ...)
-	TODO: check
+	NOT-FOR-US: libbpg
 CVE-2017-14795 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote ...)
-	TODO: check
+	NOT-FOR-US: libbpg
 CVE-2017-14794
 	RESERVED
 CVE-2017-14793
@@ -506,7 +506,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bbc582d5439a7f9338c6bdc8c34b1ae221ae5214
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/67a633df9386704f45d1ad24f7f5af8a5d11f4a3
 CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL ...)
-	TODO: check
+	NOT-FOR-US: FileRun
 CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...)
 	- botan1.10 <unfixed>
 	NOTE: https://github.com/randombit/botan/issues/1222
@@ -607,7 +607,7 @@
 CVE-2017-14703 (SQL injection vulnerability in Cash Back Comparison Script 1.0 allows ...)
 	NOT-FOR-US: Cash Back Comparison Script
 CVE-2017-14702 (ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: ERS Data System
 CVE-2017-14701
 	RESERVED
 CVE-2017-14700
@@ -816,7 +816,7 @@
 CVE-2017-14621 (Portus 2.2.0 has XSS via the Team field, related to typeahead. ...)
 	NOT-FOR-US: Portus
 CVE-2017-14620 (SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP ...)
-	TODO: check
+	NOT-FOR-US: SmarterStats
 CVE-2017-14619 (Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 ...)
 	NOT-FOR-US: phpMyFAQ
 CVE-2017-14618 (Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ ...)
@@ -919,7 +919,7 @@
 CVE-2017-14583
 	RESERVED
 CVE-2017-14582 (The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2017-XXXX [pcb code injection by malicious layout file]
 	- pcb-rnd 1.2.5-2 (bug #876540)
 	[stretch] - pcb-rnd <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list