Author: pere
Date: 2016-12-22 06:43:58 +0000 (Thu, 22 Dec 2016)
New Revision: 47323
Modified:
data/CVE/list
Log:
Mark serendipity as removed in relevant CVEs. Add wolfssl as unfixed in
relevant CVEs. Did not have time to check if wolfssl really is unfixed.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-22 06:28:23 UTC (rev 47322)
+++ data/CVE/list 2016-12-22 06:43:58 UTC (rev 47323)
@@ -6944,7 +6944,7 @@
CVE-2016-9753
RESERVED
CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF
protection by ...)
- NOT-FOR-US: Serendipity
+ - serendipity <removed>
CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results
front ...)
- piwigo <removed>
[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
@@ -15611,14 +15611,17 @@
RESERVED
CVE-2016-7440 (The C software implementation of AES Encryption and Decryption
in ...)
{DSA-3711-1 DSA-3706-1 DLA-708-1}
+ - wolfssl <unfixed>
- mariadb-10.0 10.0.28-1
- mysql-5.7 5.7.16-1 (bug #841163)
- mysql-5.6 5.6.34-1 (bug #841049)
- mysql-5.5 <removed> (bug #841050)
NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
CVE-2016-7439 (The C software implementation of RSA in wolfSSL (formerly
CyaSSL) ...)
+ - wolfssl <unfixed>
TODO: check
CVE-2016-7438 (The C software implementation of ECC in wolfSSL (formerly
CyaSSL) ...)
+ - wolfssl <unfixed>
TODO: check
CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events
in the ...)
NOT-FOR-US: SAP Netweaver
@@ -38140,7 +38143,7 @@
- isc-dhcp 4.3.3-7 (bug #810875)
NOTE: https://kb.isc.org/article/AA-01334
CVE-2015-8603 (Cross-site scripting (XSS) vulnerability in Serendipity before
2.0.3 ...)
- NOT-FOR-US: Serendipity
+ - serendipity <removed>
CVE-2015-8602 (The Token Insert Entity module 7.x-1.x before 7.x-1.1 for
Drupal does ...)
NOT-FOR-US: Token Insert Entity module for Drupal
CVE-2015-8601 (The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not
...)
@@ -43135,6 +43138,7 @@
CVE-2015-7745
RESERVED
CVE-2015-7744 (wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle
faults ...)
+ - wolfssl <unfixed>
- mysql-5.6 5.6.27-1
- mysql-5.5 5.5.46-0+deb8u1
[jessie] - mysql-5.5 5.5.46-0+deb8u1
@@ -45328,9 +45332,9 @@
CVE-2015-6970
RESERVED
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in
the 2k11 ...)
- NOT-FOR-US: Serendipity
+ - serendipity <removed>
CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the ...)
- NOT-FOR-US: Serendipity
+ - serendipity <removed>
CVE-2015-6967 (Unrestricted file upload vulnerability in the My Image plugin
in ...)
NOT-FOR-US: Nibbleblog
CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
@@ -45386,7 +45390,7 @@
CVE-2015-6944 (Cross-site request forgery (CSRF) vulnerability in JSP/MySQL
...)
NOT-FOR-US: JSP/MySQL Administrador Web 1
CVE-2015-6943 (SQL injection vulnerability in the
serendipity_checkCommentToken ...)
- NOT-FOR-US: Serendipity
+ - serendipity <removed>
CVE-2015-6942
RESERVED
CVE-2015-6941 [win_useradd module and salt-cloud display passwords in debug
log]
@@ -59005,7 +59009,7 @@
[wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0)
NOTE:
https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
CVE-2015-2289 (Cross-site scripting (XSS) vulnerability in ...)
- NOT-FOR-US: Serendipity
+ - serendipity <removed>
CVE-2015-2287
RESERVED
CVE-2015-2286 (lms/templates/footer-edx-new.html in Open edX edx-platform
before ...)
@@ -65311,7 +65315,7 @@
CVE-2014-9433 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Contenido CMS
CVE-2014-9432 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOT-FOR-US: Serendipity
+ - serendipity <removed>
CVE-2014-XXXX [denial of service with specific packets]
- libhtp <removed> (bug #774897)
[wheezy] - libhtp <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
