Author: jmm
Date: 2017-09-30 22:31:17 +0000 (Sat, 30 Sep 2017)
New Revision: 56299
Modified:
data/CVE/list
Log:
rhn-client-tools unimportant
avahi unimportant
kodi, jython ignored
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-30 21:58:35 UTC (rev 56298)
+++ data/CVE/list 2017-09-30 22:31:17 UTC (rev 56299)
@@ -24357,12 +24357,7 @@
CVE-2017-6520 (The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30
...)
NOT-FOR-US: Multicast DNS (mDNS) responder used in BOSE Soundtouch 30
CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 inadvertently responds to
IPv6 ...)
- - avahi <unfixed>
- [stretch] - avahi <no-dsa> (Minor issue)
- [jessie] - avahi <no-dsa> (Minor issue)
- [wheezy] - avahi <no-dsa> (Minor issue)
- NOTE: Task can be performed by blocking at the perimeter UDP port 5353
both for
- NOTE: incoming and outgoing connections.
+ - avahi <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1426712
CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in
/sanadata/seo/index.asp in ...)
NOT-FOR-US: SanaCMS
@@ -26145,10 +26140,10 @@
NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on
for Kodi ...)
- kodi <unfixed> (bug #855225)
- [stretch] - kodi <no-dsa> (Minor issue)
- [jessie] - kodi <no-dsa> (Minor issue)
+ [stretch] - kodi <ignored> (Minor issue)
+ [jessie] - kodi <ignored> (Minor issue)
- xbmc <removed> (bug #861274)
- [jessie] - xbmc <no-dsa> (Minor issue)
+ [jessie] - xbmc <ignored> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Feb/27
NOTE: http://trac.kodi.tv/ticket/17314
NOTE: https://lists.debian.org/debian-lts/2017/04/msg00025.html
@@ -93405,10 +93400,9 @@
NOT-FOR-US: OpenDaylight
CVE-2015-1777 [rhnreg_ks fails to properly validate SSL/TLS certificates]
RESERVED
- - rhn-client-tools <unfixed> (bug #779817)
- [stretch] - rhn-client-tools <no-dsa> (Minor issue)
- [jessie] - rhn-client-tools <no-dsa> (Minor issue)
- [wheezy] - rhn-client-tools <no-dsa> (Minor issue)
+ - rhn-client-tools <unfixed> (unimportant; bug #779817)
+ NOTE: No security impact, this tool performs a registration at Red Hat
Network,
+ NOTE: which would fail, but no practical security impact
CVE-2015-1776 (Apache Hadoop 2.6.x encrypts intermediate data generated by a
...)
- hadoop <itp> (bug #793644)
CVE-2015-1775 (Server-side request forgery (SSRF) vulnerability in the proxy
endpoint ...)
@@ -138229,8 +138223,8 @@
CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of
the class ...)
[experimental] - jython 2.7.0+repack-1
- jython 2.7.1+repack-1 (low; bug #777079)
- [stretch] - jython <no-dsa> (Minor issue)
- [jessie] - jython <no-dsa> (Minor issue)
+ [stretch] - jython <ignored> (Minor issue)
+ [jessie] - jython <ignored> (Minor issue)
[wheezy] - jython <no-dsa> (Minor issue)
[squeeze] - jython <no-dsa> (Minor issue)
NOTE: http://bugs.jython.org/issue2044
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
