Author: jmm Date: 2017-12-01 21:41:40 +0000 (Fri, 01 Dec 2017) New Revision: 58197
Modified: data/CVE/list Log: NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-01 21:36:43 UTC (rev 58196) +++ data/CVE/list 2017-12-01 21:41:40 UTC (rev 58197) @@ -2256,11 +2256,11 @@ CVE-2017-16954 RESERVED CVE-2017-16953 (connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic ...) - TODO: check + NOT-FOR-US: ZTE CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service ...) TODO: check CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Winamp CVE-2017-16950 RESERVED CVE-2017-16949 @@ -2429,11 +2429,11 @@ NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669 NOTE: https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815 CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) ...) - TODO: check + NOT-FOR-US: Arq CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain ...) NOT-FOR-US: Laravel framework CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability ...) - TODO: check + - piwigo <removed> CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename ...) - bftpd <itp> (bug #640469) NOTE: http://bftpd.sourceforge.net/news.html#032390 @@ -6102,7 +6102,7 @@ CVE-2017-15708 RESERVED CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated ...) - TODO: check + - libstruts1.2-java <not-affected> (Specific to 2.x) CVE-2017-15706 RESERVED CVE-2017-15705 @@ -6978,7 +6978,7 @@ CVE-2017-15358 RESERVED CVE-2017-15357 (The setpermissions function in the auto-updater in Arq before 5.9.7 ...) - TODO: check + NOT-FOR-US: Arq CVE-2017-15356 RESERVED CVE-2017-15355 @@ -8298,7 +8298,7 @@ - linux <not-affected> (Vulnerable code introduced in v4.13-rc1) NOTE: Fixed by: https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9 CVE-2017-14953 (HikVision Wi-Fi IP cameras, when used in a wired configuration, allow ...) - TODO: check + NOT-FOR-US: HikVision CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for ...) - icu 57.1-7 (bug #878840) [stretch] - icu <postponed> (Should be fixed along in future update) @@ -9375,7 +9375,7 @@ CVE-2017-14592 RESERVED CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2017-14590 RESERVED CVE-2017-14589 @@ -9385,9 +9385,9 @@ CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and ...) NOT-FOR-US: Atlassian CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead to ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2017-14584 RESERVED CVE-2017-14583 @@ -9690,9 +9690,9 @@ CVE-2017-14488 RESERVED CVE-2017-14487 (The OhMiBod Remote app for Android and iOS allows remote attackers to ...) - TODO: check + NOT-FOR-US: OhMiBod Remote app CVE-2017-14486 (The Vibease Wireless Remote Vibrator app for Android and the Vibease ...) - TODO: check + NOT-FOR-US: Vibease Wireless Remote Vibrator app CVE-2017-14485 RESERVED CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great ...) @@ -10487,11 +10487,11 @@ CVE-2017-14199 RESERVED CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before ...) - TODO: check + NOT-FOR-US: Squiz Matrix CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before ...) - TODO: check + NOT-FOR-US: Squiz Matrix CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and ...) - TODO: check + NOT-FOR-US: Squiz Matrix CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 ...) NOT-FOR-US: dayrui FineCms CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui FineCms ...) @@ -12124,9 +12124,9 @@ CVE-2017-13665 RESERVED CVE-2017-13664 (Password file exposure in firmware in iSmartAlarm CubeOne version ...) - TODO: check + NOT-FOR-US: iSmartAlarm CubeOne CVE-2017-13663 (Encryption key exposure in firmware in iSmartAlarm CubeOne version ...) - TODO: check + NOT-FOR-US: iSmartAlarm CubeOne CVE-2017-13662 RESERVED CVE-2017-13661 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits