Author: jmm Date: 2017-08-23 21:17:58 +0000 (Wed, 23 Aug 2017) New Revision: 55012
Modified: data/CVE/list Log: NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-23 21:17:39 UTC (rev 55011) +++ data/CVE/list 2017-08-23 21:17:58 UTC (rev 55012) @@ -1013,9 +1013,9 @@ - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116) NOTE: https://github.com/ImageMagick/ImageMagick/issues/600 CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...) - TODO: check + NOT-FOR-US: Wordpress theme CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2017-13136 RESERVED CVE-2017-13135 @@ -1413,9 +1413,9 @@ NOTE: http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn NOTE: This is similar class of issue as for CVE-2017-1000117/git CVE-2017-12971 (Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows ...) - TODO: check + NOT-FOR-US: Apache2Triad CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...) - TODO: check + NOT-FOR-US: Apache2Triad CVE-2017-12969 RESERVED CVE-2017-12968 @@ -1431,19 +1431,19 @@ [stretch] - asn1c <no-dsa> (Minor issue) [jessie] - asn1c <no-dsa> (Minor issue) CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote ...) - TODO: check + NOT-FOR-US: Apache2Triad CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...) - - libsass <unfixed> (bug #873034) + - libsass <unfixed> (low; bug #873034) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397 CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in ...) - - libsass <unfixed> (bug #873034) + - libsass <unfixed> (low; bug #873034) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335 NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed NOTE: with the upstream patch for CVE-2017-11555. CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested ...) - - libsass <unfixed> (bug #873034) + - libsass <unfixed> (low; bug #873034) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331 CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in ...) @@ -2295,7 +2295,7 @@ CVE-2017-12845 RESERVED CVE-2017-12844 (Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp ...) - TODO: check + NOT-FOR-US: IceWarp CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to write to ...) - cyrus-imapd <not-affected> (Vulnerable code introduced later) - cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later) @@ -6017,7 +6017,7 @@ NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...) - TODO: check + NOT-FOR-US: Progress Telerik UI CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...) NOT-FOR-US: PEGA Platform CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform ...) @@ -6169,7 +6169,7 @@ CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...) NOT-FOR-US: Cobian CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...) - TODO: check + NOT-FOR-US: Progress Telerik UI CVE-2017-11316 RESERVED CVE-2017-11315 @@ -6562,7 +6562,7 @@ CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in ...) NOT-FOR-US: Installer in Synology Assistant CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in ...) - TODO: check + NOT-FOR-US: Installer in Synology Photo Station Uploader CVE-2017-11158 RESERVED CVE-2017-11157 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits