Author: jmm
Date: 2017-05-10 21:31:44 +0000 (Wed, 10 May 2017)
New Revision: 51519
Modified:
data/CVE/list
Log:
new issues in tiff and swftools
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-10 21:27:24 UTC (rev 51518)
+++ data/CVE/list 2017-05-10 21:31:44 UTC (rev 51519)
@@ -3,7 +3,7 @@
CVE-2017-8893
RESERVED
CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box
10.0.3 ...)
- TODO: check
+ NOT-FOR-US: OpenText Tempo Box
CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash)
via a ...)
- lepton <unfixed>
CVE-2017-8889
@@ -36,7 +36,7 @@
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group]
parameter to ...)
- TODO: check
+ NOT-FOR-US: Symphony CMS
CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows
remote ...)
NOT-FOR-US: Wordpress addon
CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Mautic ...)
@@ -78,7 +78,7 @@
CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance
3.0 and ...)
NOT-FOR-US: Veritas NetBackup
CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in
tif_dirwrite.c in ...)
- TODO: check
+ - tiff <unfixed>
CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer]
- gtk-vnc 0.4.3-1
NOTE: Fixed by:
https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737
(release-0.4.3)
@@ -90,7 +90,7 @@
CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in
...)
NOT-FOR-US: Fiyo CMS
CVE-2017-8852 (SAP SAPCAR 721.510 has a Heap Based Buffer Overflow
Vulnerability. It ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-8851
RESERVED
CVE-2017-8850
@@ -3120,7 +3120,7 @@
CVE-2017-7699
RESERVED
CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and
earlier ...)
- TODO: check
+ - swftools <unfixed>
CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the
...)
- libsamplerate <unfixed> (bug #860159)
[jessie] - libsamplerate <no-dsa> (Minor issue)
@@ -8456,9 +8456,9 @@
CVE-2017-5893
RESERVED
CVE-2017-5892 (ASUS RT-AC* and RT-N* devices with firmware before
3.0.0.4.380.7378 ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2017-5891 (ASUS RT-AC* and RT-N* devices with firmware before
3.0.0.4.380.7378 ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2017-5898 (Integer overflow in the emulated_apdu_from_guest function in
...)
{DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (bug #854729)
@@ -12061,9 +12061,9 @@
CVE-2017-4897
RESERVED
CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may
allow a ...)
- TODO: check
+ NOT-FOR-US: Airwatch Inbox for Android
CVE-2017-4895 (Airwatch Agent for Android contains a vulnerability that may
allow a ...)
- TODO: check
+ NOT-FOR-US: Airwatch Inbox for Android
CVE-2017-4894
RESERVED
CVE-2017-4893
@@ -14147,7 +14147,7 @@
NOTE: https://www.schedmd.com/news.php?id=178
NOTE:
https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee
CVE-2017-3894 (A stored cross site scripting vulnerability in the Management
Console ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2017-3893
RESERVED
CVE-2017-3892
@@ -21149,7 +21149,7 @@
CVE-2017-1138
RESERVED
CVE-2017-1137 (IBM WebSphere Application Server 8.0 and 8.5.5 could provide
weaker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1136
RESERVED
CVE-2017-1135
@@ -21217,7 +21217,7 @@
CVE-2017-1104
RESERVED
CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service,
caused by ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1102
RESERVED
CVE-2017-1101
@@ -24946,7 +24946,7 @@
CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker
may be ...)
NOT-FOR-US: F5
CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through
12.1.2, ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual
Server ...)
NOT-FOR-US: F5
CVE-2016-9248
@@ -35437,11 +35437,11 @@
CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli
...)
NOT-FOR-US: Tivoli
CVE-2016-6037 (IBM Rational Team Concert (RTC) is vulnerable to HTML
injection. A ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2016-6035 (IBM Rational Quality Manager is vulnerable to cross-site
scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware)
could ...)
NOT-FOR-US: IBM
CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1
(VMware) is ...)
@@ -35733,9 +35733,9 @@
CVE-2016-5890 (IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06
before ...)
NOT-FOR-US: IBM
CVE-2016-5889 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5888 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5887
RESERVED
CVE-2016-5886
@@ -44998,7 +44998,7 @@
CVE-2016-3033 (IBM AppScan Source 8.7 through 9.0.3.3 allows remote
authenticated ...)
NOT-FOR-US: IBM
CVE-2016-3032 (IBM Cognos Analytics 11.0 is vulnerable to cross-site
scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-3031 (IBM Cognos Analytics 11.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2016-3030
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
