Author: jmm
Date: 2017-03-28 10:39:47 +0000 (Tue, 28 Mar 2017)
New Revision: 50123
Modified:
data/CVE/list
Log:
new golang-gopkg-square-go-jose.v1 issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-28 10:08:55 UTC (rev 50122)
+++ data/CVE/list 2017-03-28 10:39:47 UTC (rev 50123)
@@ -1006,7 +1006,7 @@
CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin
(before ...)
NOT-FOR-US: MantisBT Source Integration Plugin
CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi
HardMAC ...)
- TODO: check
+ NOT-FOR-US: Firmware on some Broadcom SoCs
CVE-2017-6956
RESERVED
CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite
Anyone ...)
@@ -6150,11 +6150,11 @@
CVE-2017-5240
RESERVED
CVE-2017-5239 (Due to a lack of standard encryption when transmitting
sensitive ...)
- TODO: check
+ NOT-FOR-US: Eview GPS trackers
CVE-2017-5238 (Due to a lack of bounds checking, several input configuration
fields ...)
- TODO: check
+ NOT-FOR-US: Eview GPS trackers
CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who
knows the ...)
- TODO: check
+ NOT-FOR-US: Eview GPS trackers
CVE-2017-5236
RESERVED
CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version
4.13.0-2017022101 ...)
@@ -16117,7 +16117,7 @@
CVE-2017-1154
RESERVED
CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1152
RESERVED
CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using
OpenID ...)
@@ -16137,9 +16137,9 @@
CVE-2017-1144
RESERVED
CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1141
RESERVED
CVE-2017-1140
@@ -16183,7 +16183,7 @@
CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1119
RESERVED
CVE-2017-1118
@@ -16663,7 +16663,7 @@
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
NOTE:
https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
CVE-2017-0881 (An error in the implementation of an autosubscribe feature in
the ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c
in the ...)
- linux 4.6.1-1
[jessie] - linux 3.16.39-1
@@ -16704,7 +16704,7 @@
CVE-2016-9738
RESERVED
CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site
scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9736
RESERVED
CVE-2016-9735
@@ -18899,47 +18899,47 @@
CVE-2016-9474
RESERVED
CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android
1.9.56 and ...)
- TODO: check
+ NOT-FOR-US: Brave Browser
CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected
XSS. The ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special
Element ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected
File ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any
...)
- gitlab 8.13.6+dfsg2-2 (bug #847157)
NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064
CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server
before ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server
before ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9466 (Nextcloud Server before 10.0.1 & ownCloud Server before
9.0.6 and ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9465 (Nextcloud Server before 10.0.1 & ownCloud Server before
9.0.6 and 9.1.2 ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an
improper ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server
before ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9462 (Nextcloud Server before 9.0.52 & ownCloud Server before
9.0.4 are not ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9461 (Nextcloud Server before 9.0.52 & ownCloud Server before
9.0.4 are not ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9460 (Nextcloud Server before 9.0.52 & ownCloud Server before
9.0.4 are ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9459 (Nextcloud Server before 9.0.52 & ownCloud Server before
9.0.4 are ...)
- TODO: check
+ - nextcloud <itp> (bug #835086)
CVE-2016-9458
RESERVED
CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A
vector for ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5,
and ...)
{DSA-3758-1 DLA-805-1}
[experimental] - bind9 1:9.10.4-P5-1
@@ -20158,25 +20158,25 @@
- bind9 1:9.10.3.dfsg.P4-11 (bug #851065)
NOTE: https://kb.isc.org/article/AA-01439/0
CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A
vector for ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure
Through ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The
...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS.
Usernames are ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by
...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction
of ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow
on 32-bit ...)
- TODO: check
+ - golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures
exploitation. ...)
- TODO: check
+ - golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for
the ...)
- TODO: check
+ - golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9140 [RCE]
RESERVED
- zabbix 1:3.0.6+dfsg-1 (bug #842702; unimportant)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
