[Secure-testing-commits] r57915 - data/CVE

Moritz Muehlenhoff Tue, 21 Nov 2017 14:34:17 -0800

Author: jmm
Date: 2017-11-21 22:33:44 +0000 (Tue, 21 Nov 2017)
New Revision: 57915


Modified:
   data/CVE/list
Log:
new ffmpeg issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-21 22:29:23 UTC (rev 57914)
+++ data/CVE/list       2017-11-21 22:33:44 UTC (rev 57915)
@@ -3,13 +3,13 @@
 CVE-2017-16924
        RESERVED
 CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen 
Tenda ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Tenda
 CVE-2017-16922
        RESERVED
 CVE-2017-16921
        RESERVED
 CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default 
SYS_KEY ...)
-       TODO: check
+       NOT-FOR-US: dayrui FineCms
 CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting 
(XSS) ...)
        NOT-FOR-US: MapOS
 CVE-2017-16918
@@ -213,11 +213,11 @@
 CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet 
resulting ...)
        NOT-FOR-US: Jool
 CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
-       TODO: check
+       NOT-FOR-US: jqueryFileTree
 CVE-2017-1000169 (QuickerBB version &lt;= 0.7.2 is vulnerable to arbitrary 
file writes ...)
        NOT-FOR-US: QuickerBB
 CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to 
degenerate ...)
-       TODO: check
+       NOT-FOR-US: sodiumoxide
 CVE-2017-1000161
        REJECTED
 CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and 
pjlib-util) in ...)
@@ -281,7 +281,7 @@
 CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote 
code ...)
        NOT-FOR-US: nodejs ejs
 CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the 
REST API ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when 
using ...)
        NOT-FOR-US: Relevanssi
 CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow 
unauthenticated ...)
@@ -578,7 +578,9 @@
 CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to 
...)
        NOT-FOR-US: LanSweeper
 CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote 
...)
-       TODO: check
+       - ffmpeg <unfixed>
+       [stretch] - ffmpeg <postponed> (Can be fixed with next 3.2.x release)
+       NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
 CVE-2017-16839
        RESERVED
 CVE-2017-16838


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57915 - data/CVE

Reply via email to