[Secure-testing-commits] r55012 - data/CVE

Wed, 23 Aug 2017 14:18:28 -0700 

Author: jmm
Date: 2017-08-23 21:17:58 +0000 (Wed, 23 Aug 2017)
New Revision: 55012

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-23 21:17:39 UTC (rev 55011)
+++ data/CVE/list       2017-08-23 21:17:58 UTC (rev 55012)
@@ -1013,9 +1013,9 @@
        - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/600
 CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the 
Bridge theme ...)
-       TODO: check
+       NOT-FOR-US: Wordpress theme
 CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL 
injection in the ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2017-13136
        RESERVED
 CVE-2017-13135
@@ -1413,9 +1413,9 @@
        NOTE: 
http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn
        NOTE: This is similar class of issue as for CVE-2017-1000117/git
 CVE-2017-12971 (Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 
allows ...)
-       TODO: check
+       NOT-FOR-US: Apache2Triad
 CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in 
Apache2Triad 1.5.4 ...)
-       TODO: check
+       NOT-FOR-US: Apache2Triad
 CVE-2017-12969
        RESERVED
 CVE-2017-12968
@@ -1431,19 +1431,19 @@
        [stretch] - asn1c <no-dsa> (Minor issue)
        [jessie] - asn1c <no-dsa> (Minor issue)
 CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Apache2Triad
 CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is 
triggered ...)
-       - libsass <unfixed> (bug #873034)
+       - libsass <unfixed> (low; bug #873034)
        [stretch] - libsass <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397
 CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() 
in ...)
-       - libsass <unfixed> (bug #873034)
+       - libsass <unfixed> (low; bug #873034)
        [stretch] - libsass <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335
        NOTE: Similar issue to CVE-2017-11555 but for the issue which remains 
unfixed
        NOTE: with the upstream patch for CVE-2017-11555.
 CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply 
nested ...)
-       - libsass <unfixed> (bug #873034)
+       - libsass <unfixed> (low; bug #873034)
        [stretch] - libsass <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331
 CVE-2017-12961 (There is an assertion abort in the function parse_attributes() 
in ...)
@@ -2295,7 +2295,7 @@
 CVE-2017-12845
        RESERVED
 CVE-2017-12844 (Cross-site scripting (XSS) vulnerability in the admin panel in 
IceWarp ...)
-       TODO: check
+       NOT-FOR-US: IceWarp
 CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to 
write to ...)
        - cyrus-imapd <not-affected> (Vulnerable code introduced later)
        - cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
@@ -6017,7 +6017,7 @@
        NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
        NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
 CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does 
not ...)
-       TODO: check
+       NOT-FOR-US: Progress Telerik UI
 CVE-2017-11356 (The application distribution export functionality in PEGA 
Platform 7.2 ...)
        NOT-FOR-US: PEGA Platform
 CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA 
Platform ...)
@@ -6169,7 +6169,7 @@
 CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to 
add and ...)
        NOT-FOR-US: Cobian
 CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before 
R1 2017 ...)
-       TODO: check
+       NOT-FOR-US: Progress Telerik UI
 CVE-2017-11316
        RESERVED
 CVE-2017-11315
@@ -6562,7 +6562,7 @@
 CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in 
...)
        NOT-FOR-US: Installer in Synology Assistant
 CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in 
...)
-       TODO: check
+       NOT-FOR-US: Installer in Synology Photo Station Uploader
 CVE-2017-11158
        RESERVED
 CVE-2017-11157


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to