[Secure-testing-commits] r51518 - data/CVE

Wed, 10 May 2017 14:28:07 -0700 

Author: jmm
Date: 2017-05-10 21:27:24 +0000 (Wed, 10 May 2017)
New Revision: 51518

Modified:
   data/CVE/list
Log:
new issues in lepton, dolibarr and libxml2
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-10 21:23:33 UTC (rev 51517)
+++ data/CVE/list       2017-05-10 21:27:24 UTC (rev 51518)
@@ -5,7 +5,7 @@
 CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 
10.0.3 ...)
        TODO: check
 CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) 
via a ...)
-       TODO: check
+       - lepton <unfixed>
 CVE-2017-8889
        RESERVED
 CVE-2017-8888
@@ -27,24 +27,24 @@
 CVE-2017-8880
        RESERVED
 CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without 
supplying the ...)
-       TODO: check
+       - dolibarr <unfixed>
 CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 
3.0.0.4.380.7378 ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 
3.0.0.4.380.7378 ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2017-8890 (The inet_csk_clone_lock function in 
net/ipv4/inet_connection_sock.c in ...)
        - linux <unfixed>
        NOTE: Fixed by: 
https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
 CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] 
parameter to ...)
        TODO: check
 CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Wordpress addon
 CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Mautic ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2017-8873
        RESERVED
 CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 
2.9.4 ...)
-       TODO: check
+       - libxml2 <unfixed>
 CVE-2017-8871
        RESERVED
 CVE-2017-8870
@@ -52,7 +52,7 @@
 CVE-2017-8869
        RESERVED
 CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file 
deletion via ...)
-       TODO: check
+       NOT-FOR-US: flatCore
 CVE-2017-8867
        RESERVED
 CVE-2017-8866


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to