diff options
author | Petter Reinholdtsen <pere@debian.org> | 2016-12-22 06:43:58 +0000 |
---|---|---|
committer | Petter Reinholdtsen <pere@debian.org> | 2016-12-22 06:43:58 +0000 |
commit | 14dc14bc795784a41b68f9d7408e30bd4f3cead1 (patch) | |
tree | cb5a1f898aa02fe8069ba253272dd3ce4e9f0d8a | |
parent | ca0df2951a17483eb72d3b5e47bad0fe066e43dc (diff) |
Mark serendipity as removed in relevant CVEs. Add wolfssl as unfixed in relevant CVEs. Did not have time to check if wolfssl really is unfixed.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47323 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/list | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/data/CVE/list b/data/CVE/list index 405557e683..75570e5cb4 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -6944,7 +6944,7 @@ CVE-2016-9754 CVE-2016-9753 RESERVED CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results front ...) - piwigo <removed> [squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts) @@ -15611,14 +15611,17 @@ CVE-2016-7441 RESERVED CVE-2016-7440 (The C software implementation of AES Encryption and Decryption in ...) {DSA-3711-1 DSA-3706-1 DLA-708-1} + - wolfssl <unfixed> - mariadb-10.0 10.0.28-1 - mysql-5.7 5.7.16-1 (bug #841163) - mysql-5.6 5.6.34-1 (bug #841049) - mysql-5.5 <removed> (bug #841050) NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28 CVE-2016-7439 (The C software implementation of RSA in wolfSSL (formerly CyaSSL) ...) + - wolfssl <unfixed> TODO: check CVE-2016-7438 (The C software implementation of ECC in wolfSSL (formerly CyaSSL) ...) + - wolfssl <unfixed> TODO: check CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the ...) NOT-FOR-US: SAP Netweaver @@ -38140,7 +38143,7 @@ CVE-2015-8605 (ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3 - isc-dhcp 4.3.3-7 (bug #810875) NOTE: https://kb.isc.org/article/AA-01334 CVE-2015-8603 (Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-8602 (The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does ...) NOT-FOR-US: Token Insert Entity module for Drupal CVE-2015-8601 (The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not ...) @@ -43135,6 +43138,7 @@ CVE-2015-7746 CVE-2015-7745 RESERVED CVE-2015-7744 (wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...) + - wolfssl <unfixed> - mysql-5.6 5.6.27-1 - mysql-5.5 5.5.46-0+deb8u1 [jessie] - mysql-5.5 5.5.46-0+deb8u1 @@ -45328,9 +45332,9 @@ CVE-2015-6971 CVE-2015-6970 RESERVED CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-6967 (Unrestricted file upload vulnerability in the My Image plugin in ...) NOT-FOR-US: Nibbleblog CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) @@ -45386,7 +45390,7 @@ CVE-2015-6945 (Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrad CVE-2015-6944 (Cross-site request forgery (CSRF) vulnerability in JSP/MySQL ...) NOT-FOR-US: JSP/MySQL Administrador Web 1 CVE-2015-6943 (SQL injection vulnerability in the serendipity_checkCommentToken ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-6942 RESERVED CVE-2015-6941 [win_useradd module and salt-cloud display passwords in debug log] @@ -59005,7 +59009,7 @@ CVE-2015-2296 (The resolve_redirects function in sessions.py in requests 2.1.0 . [wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0) NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc CVE-2015-2289 (Cross-site scripting (XSS) vulnerability in ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2015-2287 RESERVED CVE-2015-2286 (lms/templates/footer-edx-new.html in Open edX edx-platform before ...) @@ -65311,7 +65315,7 @@ CVE-2014-9446 (Multiple cross-site scripting (XSS) vulnerabilities in the Staff CVE-2014-9433 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Contenido CMS CVE-2014-9432 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - NOT-FOR-US: Serendipity + - serendipity <removed> CVE-2014-XXXX [denial of service with specific packets] - libhtp <removed> (bug #774897) [wheezy] - libhtp <no-dsa> (Minor issue) |