Author: jmm
Date: 2017-02-13 18:40:43 +0000 (Mon, 13 Feb 2017)
New Revision: 48880
Modified:
data/CVE/list
Log:
two puppet issues n/a
NFus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-13 16:14:30 UTC (rev 48879)
+++ data/CVE/list 2017-02-13 18:40:43 UTC (rev 48880)
@@ -17317,18 +17317,18 @@
CVE-2016-8714
RESERVED
CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability
exists ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro
CVE-2016-8712
RESERVED
CVE-2016-8711 (A potential remote code execution vulnerability exists in the
PDF ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro
CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in
the ...)
- ffmpeg <undetermined>
NOTE: The libbpg library is not packaged in Debian but seem embedded in
ffmpeg
NOTE:
http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0223/
CVE-2016-8709 (A remote out of bound write / memory corruption vulnerability
exists ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro
CVE-2016-8708
REJECTED
CVE-2016-8707 (An exploitable out of bounds write exists in the handling of
...)
@@ -17797,7 +17797,6 @@
RESERVED
- linux <unfixed>
NOTE: Fix
https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66
- TODO: check
CVE-2016-8635 [small-subgroups attack flaw]
RESERVED
- nss 2:3.25-1
@@ -26966,7 +26965,7 @@
CVE-2016-5845 (SAP SAPCAR does not check the return value of file operations
when ...)
NOT-FOR-US: SAP SAPCAR
CVE-2016-5843 (Multiple SQL injection vulnerabilities in the FAQ package 2.x
before ...)
- TODO: check
+ NOT-FOR-US: OTRS addon
CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI)
3.7, ...)
NOT-FOR-US: Trend Micro Deep Discovery Inspector
CVE-2016-5831
@@ -27267,12 +27266,10 @@
- libical <unfixed>
[wheezy] - libical <no-dsa> (Low prio according to upstream)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
- TODO: check
CVE-2016-5826 (The parser_get_next_char function in libical 0.47 and 1.0
allows ...)
- libical <unfixed>
[wheezy] - libical <no-dsa> (Low prio according to upstream)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
- TODO: check
CVE-2016-5825 (The icalparser_parse_string function in libical 0.47 and 1.0
allows ...)
- libical <unfixed>
[wheezy] - libical <no-dsa> (Low prio according to upstream)
@@ -27478,7 +27475,7 @@
CVE-2016-5716
RESERVED
CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise
2015.x ...)
- TODO: check
+ - puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5714
RESERVED
CVE-2016-5713
@@ -52397,7 +52394,7 @@
CVE-2015-6502
RESERVED
CVE-2015-6501 (Open redirect vulnerability in the Console in Puppet Enterprise
before ...)
- TODO: check
+ - puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2015-6500 (Directory traversal vulnerability in ownCloud Server before
8.0.6 and ...)
{DSA-3373-1}
- owncloud 7.0.10~dfsg-2 (bug #800126)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
