Author: jmm
Date: 2017-12-07 21:43:17 +0000 (Thu, 07 Dec 2017)
New Revision: 58347
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-07 21:37:01 UTC (rev 58346)
+++ data/CVE/list 2017-12-07 21:43:17 UTC (rev 58347)
@@ -149,7 +149,7 @@
CVE-2017-17452
RESERVED
CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in
the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does
not ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2017/12/5/982
@@ -396,9 +396,9 @@
CVE-2017-17437
RESERVED
CVE-2017-17436 (An issue was discovered in the software on Vaultek Gun Safe
VT20i ...)
- TODO: check
+ NOT-FOR-US: Vaultek Gun Safe
CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe
VT20i ...)
- TODO: check
+ NOT-FOR-US: Vaultek Gun Safe
CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before
2017-12-03, ...)
- rsync <unfixed> (bug #883665)
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1
@@ -409,7 +409,7 @@
CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q,
status, ...)
NOT-FOR-US: GeniXCMS
CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before
2.3.12-80-GA allows ...)
- TODO: check
+ NOT-FOR-US: Sangoma NetBorder / Vega Session Controller
CVE-2017-17429
RESERVED
CVE-2017-17428
@@ -595,7 +595,7 @@
CVE-2017-17385
RESERVED
CVE-2017-17384 (ISPConfig 3.x before 3.1.9 allows remote authenticated users
to obtain ...)
- TODO: check
+ NOT-FOR-US: ISPConfig
CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated
administrators to ...)
- jenkins <removed>
CVE-2017-17382
@@ -2151,7 +2151,7 @@
CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator
to ...)
NOT-FOR-US: ZKTeco ZKTime Web Software
CVE-2017-17055 (Artica Web Proxy before 3.06.112911 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Artica Web Proxy
CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function
...)
- aubio <unfixed> (bug #883355)
[stretch] - aubio <no-dsa> (Minor issue)
@@ -3956,7 +3956,7 @@
RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before
2.13 ...)
- TODO: check
+ NOT-FOR-US: MistServer
CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in
libming <= ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/77
@@ -4396,7 +4396,7 @@
CVE-2017-16858
RESERVED
CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin
via ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version
6.5.2 allows ...)
NOT-FOR-US: Atlassian Confluence
CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session
vulnerability." ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
