Author: jmm Date: 2017-11-21 22:33:44 +0000 (Tue, 21 Nov 2017) New Revision: 57915
Modified: data/CVE/list Log: new ffmpeg issue NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-21 22:29:23 UTC (rev 57914) +++ data/CVE/list 2017-11-21 22:33:44 UTC (rev 57915) @@ -3,13 +3,13 @@ CVE-2017-16924 RESERVED CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda ...) - TODO: check + NOT-FOR-US: Shenzhen Tenda CVE-2017-16922 RESERVED CVE-2017-16921 RESERVED CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY ...) - TODO: check + NOT-FOR-US: dayrui FineCms CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) ...) NOT-FOR-US: MapOS CVE-2017-16918 @@ -213,11 +213,11 @@ CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...) NOT-FOR-US: Jool CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...) - TODO: check + NOT-FOR-US: jqueryFileTree CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes ...) NOT-FOR-US: QuickerBB CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...) - TODO: check + NOT-FOR-US: sodiumoxide CVE-2017-1000161 REJECTED CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...) @@ -281,7 +281,7 @@ CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...) NOT-FOR-US: nodejs ejs CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using ...) NOT-FOR-US: Relevanssi CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated ...) @@ -578,7 +578,9 @@ CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...) NOT-FOR-US: LanSweeper CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote ...) - TODO: check + - ffmpeg <unfixed> + [stretch] - ffmpeg <postponed> (Can be fixed with next 3.2.x release) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 CVE-2017-16839 RESERVED CVE-2017-16838 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits