[Secure-testing-commits] r41881 - data/CVE

Thu, 19 May 2016 03:58:21 -0700 

Author: jmm
Date: 2016-05-19 10:57:29 +0000 (Thu, 19 May 2016)
New Revision: 41881

Modified:
   data/CVE/list
Log:
NFUs
openslp confirmed n/a


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-05-19 10:35:20 UTC (rev 41880)
+++ data/CVE/list       2016-05-19 10:57:29 UTC (rev 41881)
@@ -205,9 +205,7 @@
        NOTE: Fixed by: 
https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
 CVE-2016-4912
        - openslp-dfsg <not-affected> (Vulnerable code not present)
-       NOTE: Issue seems present only in OpenSLP 2.x where the return from 
malloc
-       NOTE: isn't checked.
-       TODO: double-check
+       NOTE: Issue present only in OpenSLP 2.x where the return from malloc 
isn't checked.
 CVE-2016-4911 [Incorrect Audit IDs in Keystone Fernet Tokens can result in 
revocation bypass]
        RESERVED
        - keystone 2:9.0.0-2 (bug #824683)
@@ -286,7 +284,7 @@
 CVE-2014-9774
        RESERVED
 CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java 
...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2016-4785
        RESERVED
 CVE-2016-4784
@@ -947,13 +945,13 @@
 CVE-2016-4500
        RESERVED
 CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 
7.x ...)
-       TODO: check
+       NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4498 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an 
...)
-       TODO: check
+       NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4497 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local 
users to ...)
-       TODO: check
+       NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4496 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local 
users to ...)
-       TODO: check
+       NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4495
        RESERVED
 CVE-2016-4494
@@ -2018,7 +2016,7 @@
 CVE-2016-4059 (Use-after-free vulnerability in Foxit Reader and PhantomPDF 
before ...)
        NOT-FOR-US: Foxit
 CVE-2016-4074 (The jv_dump_term function in jq 1.5 allows remote attackers to 
cause a ...)
-       - jq <unfixed> (bug #822456)
+       - jq <unfixed> (low; bug #822456)
        [jessie] - jq <no-dsa> (Minor issue)
        NOTE: https://github.com/stedolan/jq/issues/1136
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/24/3
@@ -2237,7 +2235,7 @@
        NOTE: 
http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/20/5
 CVE-2015-8863 (Off-by-one error in the tokenadd function in jv_parse.c in jq 
allows ...)
-       - jq <unfixed> (bug #802231)
+       - jq <unfixed> (low; bug #802231)
        [jessie] - jq <no-dsa> (Minor issue)
        NOTE: https://github.com/stedolan/jq/issues/995
        NOTE: 
https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to