Author: jmm
Date: 2017-02-10 18:23:06 +0000 (Fri, 10 Feb 2017)
New Revision: 48837
Modified:
data/CVE/list
Log:
postfixadmin fixed
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-10 17:13:40 UTC (rev 48836)
+++ data/CVE/list 2017-02-10 18:23:06 UTC (rev 48837)
@@ -1,5 +1,5 @@
CVE-2017-5954 (An issue was discovered in the serialize-to-js package 0.5.0
for ...)
- TODO: check
+ NOT-FOR-US: serialize-to-js Node package
CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for
tree ...)
- vim <unfixed>
CVE-2017-5952
@@ -17,13 +17,13 @@
CVE-2017-5946
RESERVED
CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through
3.0.20 for ...)
- TODO: check
+ NOT-FOR-US: Moodle plugin
CVE-2017-5944
RESERVED
CVE-2017-5943
RESERVED
CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for
WordPress. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10222
RESERVED
CVE-2016-10221
@@ -37,13 +37,13 @@
CVE-2016-10217
RESERVED
CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through
1.23. The ...)
- TODO: check
+ NOT-FOR-US: IT ITems DataBase
CVE-2016-10215 (An issue was discovered in Fastspot BigTree
bigtree-form-builder before ...)
- TODO: check
+ NOT-FOR-US: Fastspot BigTree bigtree-form-builder
CVE-2017-XXXX [diffoscope writes to arbitrary locations on disk based on the
contents of an untrusted archive]
- diffoscope <unfixed> (bug #854723)
CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for
...)
- TODO: check
+ NOT-FOR-US: node-serialize
CVE-2017-5939
RESERVED
CVE-2017-5936
@@ -85,7 +85,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/8
CVE-2017-5930
RESERVED
- - postfixadmin <unfixed> (bug #854742)
+ - postfixadmin 3.0.2-1 (bug #854742)
[jessie] - postfixadmin <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/6
CVE-2017-5929
@@ -911,7 +911,7 @@
CVE-2017-5635
RESERVED
CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk
allows ...)
- TODO: check
+ NOT-FOR-US: Norwegian
CVE-2017-5633
RESERVED
CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router
with ...)
@@ -13829,7 +13829,7 @@
CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a
remote ...)
NOT-FOR-US: Android Telephony
CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver
could ...)
- TODO: check, potentially libvpx
+ NOT-FOR-US: Android Mediaserver
CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in
libstagefright ...)
NOT-FOR-US: libstagefright
CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in
...)
@@ -23750,9 +23750,9 @@
CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in
Android 6.x ...)
NOT-FOR-US: Android Mediaserver
CVE-2016-6712 (A remote denial of service vulnerability in libvpx in
Mediaserver in ...)
- TODO: check, possibly libvpx
+ NOT-FOR-US: Android Mediaserver
CVE-2016-6711 (A remote denial of service vulnerability in libvpx in
Mediaserver in ...)
- TODO: check, possibly libvpx
+ NOT-FOR-US: Android Mediaserver
CVE-2016-6710 (An information disclosure vulnerability in the download manager
in ...)
NOT-FOR-US: Android
CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and
BoringSSL in ...)
@@ -27044,27 +27044,27 @@
CVE-2016-5747
RESERVED
CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store
...)
- TODO: check
+ NOT-FOR-US: libstorage
CVE-2016-5745 (F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x
before ...)
NOT-FOR-US: F5 BIG-IP
CVE-2015-8945 (openshift-node in OpenShift Origin 1.1.6 and earlier improperly
stores ...)
NOT-FOR-US: OpenShift
CVE-2015-8944 (The ioresources_init function in kernel/resource.c in the Linux
kernel ...)
- TODO: check
+ - linux <not-affected> (Android-specific patch, /proc/iomem is
root-restricted already)
CVE-2015-8943 (drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm
components in ...)
- TODO: check
+ - linux <not-affected> (Android-specific patch)
CVE-2015-8942 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the
...)
- TODO: check
+ - linux <not-affected> (Android-specific patch)
CVE-2015-8941 (drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in
the ...)
- TODO: check
+ - linux <not-affected> (Android-specific patch)
CVE-2015-8940 (Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the
Qualcomm ...)
- TODO: check
+ - linux <not-affected> (Android-specific patch)
CVE-2015-8939 (drivers/video/msm/mdp4_util.c in the Qualcomm components in
Android ...)
- TODO: check
+ - linux <not-affected> (Android-specific patch)
CVE-2015-8938 (The MSM camera driver in the Qualcomm components in Android
before ...)
- TODO: check
+ - linux <not-affected> (Android-specific patch)
CVE-2015-8937 (drivers/char/diag/diagchar_core.c in the Qualcomm components in
...)
- TODO: check
+ - linux <not-affected> (Android-specific patch)
CVE-2014-9906 (Use-after-free vulnerability in DBD::mysql before 4.029 allows
...)
{DSA-3635-1 DLA-576-1}
- libdbd-mysql-perl 4.033-1
@@ -27091,9 +27091,9 @@
- linux <not-affected>
NOTE: vulnerable code between 3.14-rc1 and 3.14-rc4
CVE-2014-9902 (Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in
the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9901 (The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus
7 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9900 (The ethtool_get_wol function in net/core/ethtool.c in the Linux
kernel ...)
TODO: check
CVE-2014-9899 (drivers/usb/host/ehci-msm2.c in the Qualcomm components in
Android ...)
@@ -30442,15 +30442,15 @@
[wheezy] - netty <not-affected> (Vulnerable code not present)
NOTE: Versions affected: Netty 4.0.0.Final - 4.0.36.Final and
4.1.0.Final
CVE-2016-4969 (Cross-site scripting (XSS) vulnerability in Fortinet FortiWan
...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-4968 (The linkreport/tmp/admin_global page in Fortinet FortiWan
(formerly ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-4967 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-4966 (The diagnosis_control.php page in Fortinet FortiWan (formerly
...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-4965 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-XXXX [AST-2016-005]
- asterisk 1:13.8.2~dfsg-1
[jessie] - asterisk <not-affected> (Only affects 13.x)
@@ -30656,11 +30656,11 @@
[wheezy] - xen <no-dsa> (Too intrusive to backport, libvirt doesn't
have libxl driver enabled)
NOTE: http://xenbits.xen.org/xsa/advisory-175.html
CVE-2016-4961 (For the NVIDIA Quadro, NVS, and GeForce products, improper ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4960 (For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA
...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4959 (For the NVIDIA Quadro, NVS, and GeForce products, there is a
Remote ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4958
RESERVED
CVE-2016-4957 (ntpd in NTP before 4.2.8p8 allows remote attackers to cause a
denial ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
