Author: jmm Date: 2017-02-13 18:40:43 +0000 (Mon, 13 Feb 2017) New Revision: 48880
Modified: data/CVE/list Log: two puppet issues n/a NFus Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-13 16:14:30 UTC (rev 48879) +++ data/CVE/list 2017-02-13 18:40:43 UTC (rev 48880) @@ -17317,18 +17317,18 @@ CVE-2016-8714 RESERVED CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability exists ...) - TODO: check + NOT-FOR-US: Nitro Pro CVE-2016-8712 RESERVED CVE-2016-8711 (A potential remote code execution vulnerability exists in the PDF ...) - TODO: check + NOT-FOR-US: Nitro Pro CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in the ...) - ffmpeg <undetermined> NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg NOTE: http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0223/ CVE-2016-8709 (A remote out of bound write / memory corruption vulnerability exists ...) - TODO: check + NOT-FOR-US: Nitro Pro CVE-2016-8708 REJECTED CVE-2016-8707 (An exploitable out of bounds write exists in the handling of ...) @@ -17797,7 +17797,6 @@ RESERVED - linux <unfixed> NOTE: Fix https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66 - TODO: check CVE-2016-8635 [small-subgroups attack flaw] RESERVED - nss 2:3.25-1 @@ -26966,7 +26965,7 @@ CVE-2016-5845 (SAP SAPCAR does not check the return value of file operations when ...) NOT-FOR-US: SAP SAPCAR CVE-2016-5843 (Multiple SQL injection vulnerabilities in the FAQ package 2.x before ...) - TODO: check + NOT-FOR-US: OTRS addon CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, ...) NOT-FOR-US: Trend Micro Deep Discovery Inspector CVE-2016-5831 @@ -27267,12 +27266,10 @@ - libical <unfixed> [wheezy] - libical <no-dsa> (Low prio according to upstream) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043 - TODO: check CVE-2016-5826 (The parser_get_next_char function in libical 0.47 and 1.0 allows ...) - libical <unfixed> [wheezy] - libical <no-dsa> (Low prio according to upstream) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041 - TODO: check CVE-2016-5825 (The icalparser_parse_string function in libical 0.47 and 1.0 allows ...) - libical <unfixed> [wheezy] - libical <no-dsa> (Low prio according to upstream) @@ -27478,7 +27475,7 @@ CVE-2016-5716 RESERVED CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...) - TODO: check + - puppet <not-affected> (Limited to Puppet Enterprise) CVE-2016-5714 RESERVED CVE-2016-5713 @@ -52397,7 +52394,7 @@ CVE-2015-6502 RESERVED CVE-2015-6501 (Open redirect vulnerability in the Console in Puppet Enterprise before ...) - TODO: check + - puppet <not-affected> (Limited to Puppet Enterprise) CVE-2015-6500 (Directory traversal vulnerability in ownCloud Server before 8.0.6 and ...) {DSA-3373-1} - owncloud 7.0.10~dfsg-2 (bug #800126) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits