[Secure-testing-commits] r57515 - data/CVE

Thu, 09 Nov 2017 13:18:56 -0800 

Author: carnil
Date: 2017-11-09 21:18:13 +0000 (Thu, 09 Nov 2017)
New Revision: 57515

Modified:
   data/CVE/list
Log:
Process some NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-09 21:11:15 UTC (rev 57514)
+++ data/CVE/list       2017-11-09 21:18:13 UTC (rev 57515)
@@ -3,7 +3,7 @@
 CVE-2017-16755
        RESERVED
 CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to 
_profiler ...)
-       TODO: check
+       NOT-FOR-US: Bolt CMS
 CVE-2017-16753
        RESERVED
 CVE-2017-16752
@@ -283,9 +283,9 @@
 CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the 
...)
        NOT-FOR-US: TinyWebGallery
 CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass 
a ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed 
read-only ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2017-16632
        RESERVED
 CVE-2017-16631
@@ -415,9 +415,9 @@
 CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 
via an ...)
        NOT-FOR-US: Zurmo
 CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media 
Server ...)
-       TODO: check
+       NOT-FOR-US: Logitech Media Server
 CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media 
Server ...)
-       TODO: check
+       NOT-FOR-US: Logitech Media Server
 CVE-2017-16566
        RESERVED
 CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage 
...)
@@ -2943,7 +2943,7 @@
 CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers 
to ...)
        NOT-FOR-US: Mura CMS
 CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux 
...)
-       TODO: check
+       NOT-FOR-US: SuSEfirewall2 in SUSE
 CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing 
...)
        - wordpress <unfixed> (bug #880868)
        NOTE: https://core.trac.wordpress.org/ticket/21022
@@ -10224,7 +10224,7 @@
 CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in 
Apache2Triad 1.5.4 ...)
        NOT-FOR-US: Apache2Triad
 CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX 
control in ...)
-       TODO: check
+       NOT-FOR-US: Avaya IP Office Contact Center
 CVE-2017-12968
        RESERVED
 CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor 
(BFD) ...)
@@ -14983,7 +14983,7 @@
        NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
        NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
 CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) 
versions ...)
-       TODO: check
+       NOT-FOR-US: NetApp
 CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the 
DataArchivingService ...)
        NOT-FOR-US: SAP
 CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary 
files via ...)
@@ -15474,7 +15474,7 @@
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/517
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08
 CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office 
before ...)
-       TODO: check
+       NOT-FOR-US: Avaya IP Office
 CVE-2017-11308
        RESERVED
 CVE-2017-11307
@@ -19799,7 +19799,7 @@
 CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via 
the ...)
        NOT-FOR-US: Zenbership
 CVE-2017-9758 (Savitech driver packages for Windows silently install a 
self-signed ...)
-       TODO: check
+       NOT-FOR-US: Savitech driver packages for Windows
 CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in 
ids.cgi via ...)
        NOT-FOR-US: IPFire
 CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below 
the stack ...)
@@ -34662,7 +34662,7 @@
        {DSA-3775-1 DLA-809-1}
        - tcpdump 4.9.0-1
 CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 
allow ...)
-       TODO: check
+       NOT-FOR-US: NetApp
 CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 
2016.3.5, ...)
        - salt 2016.11.2+ds-1
        [jessie] - salt <not-affected> (Vulnerable code not present)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to