[Secure-testing-commits] r58197 - data/CVE

Moritz Muehlenhoff Fri, 01 Dec 2017 13:42:06 -0800

Author: jmm
Date: 2017-12-01 21:41:40 +0000 (Fri, 01 Dec 2017)
New Revision: 58197


Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-01 21:36:43 UTC (rev 58196)
+++ data/CVE/list       2017-12-01 21:41:40 UTC (rev 58197)
@@ -2256,11 +2256,11 @@
 CVE-2017-16954
        RESERVED
 CVE-2017-16953 (connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP 
Basic ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of 
service ...)
        TODO: check
 CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a 
denial ...)
-       TODO: check
+       NOT-FOR-US: Winamp
 CVE-2017-16950
        RESERVED
 CVE-2017-16949
@@ -2429,11 +2429,11 @@
        NOTE: 
https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669
        NOTE: 
https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815
 CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, 
(4) ...)
-       TODO: check
+       NOT-FOR-US: Arq
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can 
obtain ...)
        NOT-FOR-US: Laravel framework
 CVE-2017-16893 (The application Piwigo is affected by an SQL injection 
vulnerability ...)
-       TODO: check
+       - piwigo <removed>
 CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename 
...)
        - bftpd <itp> (bug #640469)
        NOTE: http://bftpd.sourceforge.net/news.html#032390
@@ -6102,7 +6102,7 @@
 CVE-2017-15708
        RESERVED
 CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an 
outdated ...)
-       TODO: check
+       - libstruts1.2-java <not-affected> (Specific to 2.x)
 CVE-2017-15706
        RESERVED
 CVE-2017-15705
@@ -6978,7 +6978,7 @@
 CVE-2017-15358
        RESERVED
 CVE-2017-15357 (The setpermissions function in the auto-updater in Arq before 
5.9.7 ...)
-       TODO: check
+       NOT-FOR-US: Arq
 CVE-2017-15356
        RESERVED
 CVE-2017-15355
@@ -8298,7 +8298,7 @@
        - linux <not-affected> (Vulnerable code introduced in v4.13-rc1)
        NOTE: Fixed by: 
https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
 CVE-2017-14953 (HikVision Wi-Fi IP cameras, when used in a wired 
configuration, allow ...)
-       TODO: check
+       NOT-FOR-US: HikVision
 CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components 
for ...)
        - icu 57.1-7 (bug #878840)
        [stretch] - icu <postponed> (Should be fixed along in future update)
@@ -9375,7 +9375,7 @@
 CVE-2017-14592
        RESERVED
 CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and 
version ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2017-14590
        RESERVED
 CVE-2017-14589
@@ -9385,9 +9385,9 @@
 CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye 
and ...)
        NOT-FOR-US: Atlassian
 CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to 
client-side remote ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead 
to ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2017-14584
        RESERVED
 CVE-2017-14583
@@ -9690,9 +9690,9 @@
 CVE-2017-14488
        RESERVED
 CVE-2017-14487 (The OhMiBod Remote app for Android and iOS allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: OhMiBod Remote app
 CVE-2017-14486 (The Vibease Wireless Remote Vibrator app for Android and the 
Vibease ...)
-       TODO: check
+       NOT-FOR-US: Vibease Wireless Remote Vibrator app
 CVE-2017-14485
        RESERVED
 CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for 
Great ...)
@@ -10487,11 +10487,11 @@
 CVE-2017-14199
        RESERVED
 CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 
5.4.x before ...)
-       TODO: check
+       NOT-FOR-US: Squiz Matrix
 CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 
5.4.x before ...)
-       TODO: check
+       NOT-FOR-US: Squiz Matrix
 CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 
5.3.6.1 and ...)
-       TODO: check
+       NOT-FOR-US: Squiz Matrix
 CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui 
FineCms 5.0.11 ...)
        NOT-FOR-US: dayrui FineCms
 CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui 
FineCms ...)
@@ -12124,9 +12124,9 @@
 CVE-2017-13665
        RESERVED
 CVE-2017-13664 (Password file exposure in firmware in iSmartAlarm CubeOne 
version ...)
-       TODO: check
+       NOT-FOR-US: iSmartAlarm CubeOne
 CVE-2017-13663 (Encryption key exposure in firmware in iSmartAlarm CubeOne 
version ...)
-       TODO: check
+       NOT-FOR-US: iSmartAlarm CubeOne
 CVE-2017-13662
        RESERVED
 CVE-2017-13661


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58197 - data/CVE

Reply via email to