Author: jmm Date: 2017-11-19 21:45:54 +0000 (Sun, 19 Nov 2017) New Revision: 57841
Modified: data/CVE/list Log: NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-19 21:10:15 UTC (rev 57840) +++ data/CVE/list 2017-11-19 21:45:54 UTC (rev 57841) @@ -70,16 +70,16 @@ CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...) NOT-FOR-US: Snap7 Server CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...) - TODO: check + NOT-FOR-US: Opencast CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...) - TODO: check + NOT-FOR-US: Opencast CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...) - simple-xml <unfixed> NOTE: https://github.com/ngallagher/simplexml/issues/18 CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through ...) - TODO: check + NOT-FOR-US: Phoenix Framework CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...) - exiv2 <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 @@ -95,7 +95,7 @@ CVE-2017-16878 RESERVED CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...) - TODO: check + NOT-FOR-US: ZEIT Next.js CVE-2017-16876 RESERVED CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...) @@ -127,13 +127,13 @@ - root-system <removed> NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...) - TODO: check + NOT-FOR-US: Cygnux sysPass CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...) - TODO: check + NOT-FOR-US: Jool CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...) TODO: check CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes ...) - TODO: check + NOT-FOR-US: QuickerBB CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...) TODO: check CVE-2017-1000161 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits