Author: pere Date: 2016-12-22 06:43:58 +0000 (Thu, 22 Dec 2016) New Revision: 47323
Modified: data/CVE/list Log: Mark serendipity as removed in relevant CVEs. Add wolfssl as unfixed in relevant CVEs. Did not have time to check if wolfssl really is unfixed. Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-22 06:28:23 UTC (rev 47322) +++ data/CVE/list 2016-12-22 06:43:58 UTC (rev 47323) @@ -6944,7 +6944,7 @@ CVE-2016-9753 RESERVED CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results front ...) - piwigo <removed> [squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts) @@ -15611,14 +15611,17 @@ RESERVED CVE-2016-7440 (The C software implementation of AES Encryption and Decryption in ...) {DSA-3711-1 DSA-3706-1 DLA-708-1} + - wolfssl <unfixed> - mariadb-10.0 10.0.28-1 - mysql-5.7 5.7.16-1 (bug #841163) - mysql-5.6 5.6.34-1 (bug #841049) - mysql-5.5 <removed> (bug #841050) NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28 CVE-2016-7439 (The C software implementation of RSA in wolfSSL (formerly CyaSSL) ...) + - wolfssl <unfixed> TODO: check CVE-2016-7438 (The C software implementation of ECC in wolfSSL (formerly CyaSSL) ...) + - wolfssl <unfixed> TODO: check CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the ...) NOT-FOR-US: SAP Netweaver @@ -38140,7 +38143,7 @@ - isc-dhcp 4.3.3-7 (bug #810875) NOTE: https://kb.isc.org/article/AA-01334 CVE-2015-8603 (Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-8602 (The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does ...) NOT-FOR-US: Token Insert Entity module for Drupal CVE-2015-8601 (The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not ...) @@ -43135,6 +43138,7 @@ CVE-2015-7745 RESERVED CVE-2015-7744 (wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...) + - wolfssl <unfixed> - mysql-5.6 5.6.27-1 - mysql-5.5 5.5.46-0+deb8u1 [jessie] - mysql-5.5 5.5.46-0+deb8u1 @@ -45328,9 +45332,9 @@ CVE-2015-6970 RESERVED CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-6967 (Unrestricted file upload vulnerability in the My Image plugin in ...) NOT-FOR-US: Nibbleblog CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) @@ -45386,7 +45390,7 @@ CVE-2015-6944 (Cross-site request forgery (CSRF) vulnerability in JSP/MySQL ...) NOT-FOR-US: JSP/MySQL Administrador Web 1 CVE-2015-6943 (SQL injection vulnerability in the serendipity_checkCommentToken ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-6942 RESERVED CVE-2015-6941 [win_useradd module and salt-cloud display passwords in debug log] @@ -59005,7 +59009,7 @@ [wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0) NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc CVE-2015-2289 (Cross-site scripting (XSS) vulnerability in ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-2287 RESERVED CVE-2015-2286 (lms/templates/footer-edx-new.html in Open edX edx-platform before ...) @@ -65311,7 +65315,7 @@ CVE-2014-9433 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Contenido CMS CVE-2014-9432 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2014-XXXX [denial of service with specific packets] - libhtp <removed> (bug #774897) [wheezy] - libhtp <no-dsa> (Minor issue) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits