Author: jmm Date: 2017-03-28 10:39:47 +0000 (Tue, 28 Mar 2017) New Revision: 50123
Modified: data/CVE/list Log: new golang-gopkg-square-go-jose.v1 issue NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-28 10:08:55 UTC (rev 50122) +++ data/CVE/list 2017-03-28 10:39:47 UTC (rev 50123) @@ -1006,7 +1006,7 @@ CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...) NOT-FOR-US: MantisBT Source Integration Plugin CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...) - TODO: check + NOT-FOR-US: Firmware on some Broadcom SoCs CVE-2017-6956 RESERVED CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone ...) @@ -6150,11 +6150,11 @@ CVE-2017-5240 RESERVED CVE-2017-5239 (Due to a lack of standard encryption when transmitting sensitive ...) - TODO: check + NOT-FOR-US: Eview GPS trackers CVE-2017-5238 (Due to a lack of bounds checking, several input configuration fields ...) - TODO: check + NOT-FOR-US: Eview GPS trackers CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who knows the ...) - TODO: check + NOT-FOR-US: Eview GPS trackers CVE-2017-5236 RESERVED CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 ...) @@ -16117,7 +16117,7 @@ CVE-2017-1154 RESERVED CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1152 RESERVED CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...) @@ -16137,9 +16137,9 @@ CVE-2017-1144 RESERVED CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1141 RESERVED CVE-2017-1140 @@ -16183,7 +16183,7 @@ CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1119 RESERVED CVE-2017-1118 @@ -16663,7 +16663,7 @@ NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661 NOTE: https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ CVE-2017-0881 (An error in the implementation of an autosubscribe feature in the ...) - TODO: check + NOT-FOR-US: Zulip CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the ...) - linux 4.6.1-1 [jessie] - linux 3.16.39-1 @@ -16704,7 +16704,7 @@ CVE-2016-9738 RESERVED CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-9736 RESERVED CVE-2016-9735 @@ -18899,47 +18899,47 @@ CVE-2016-9474 RESERVED CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and ...) - TODO: check + NOT-FOR-US: Brave Browser CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any ...) - gitlab 8.13.6+dfsg2-2 (bug #847157) NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/ NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064 CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9466 (Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9465 (Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9462 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9461 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9460 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9459 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are ...) - TODO: check + - nextcloud <itp> (bug #835086) CVE-2016-9458 RESERVED CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and ...) {DSA-3758-1 DLA-805-1} [experimental] - bind9 1:9.10.4-P5-1 @@ -20158,25 +20158,25 @@ - bind9 1:9.10.3.dfsg.P4-11 (bug #851065) NOTE: https://kb.isc.org/article/AA-01439/0 CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure Through ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction of ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit ...) - TODO: check + - golang-gopkg-square-go-jose.v1 1.0.5-1 CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures exploitation. ...) - TODO: check + - golang-gopkg-square-go-jose.v1 1.0.5-1 CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for the ...) - TODO: check + - golang-gopkg-square-go-jose.v1 1.0.5-1 CVE-2016-9140 [RCE] RESERVED - zabbix 1:3.0.6+dfsg-1 (bug #842702; unimportant) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits