[Secure-testing-commits] r50357 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Apr 4 21:10:17 UTC 2017 

Author: sectracker
Date: 2017-04-04 21:10:17 +0000 (Tue, 04 Apr 2017)
New Revision: 50357

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-04 19:52:14 UTC (rev 50356)
+++ data/CVE/list	2017-04-04 21:10:17 UTC (rev 50357)
@@ -1,7 +1,17 @@
-CVE-2017-7414
+CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the ...)
+	TODO: check
+CVE-2017-7417
 	RESERVED
-CVE-2017-7413
+CVE-2017-7416
 	RESERVED
+CVE-2017-7415
+	RESERVED
+CVE-2016-10318 (A missing authorization check in the fscrypt_process_policy function in ...)
+	TODO: check
+CVE-2017-7414 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition ...)
+	TODO: check
+CVE-2017-7413 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition ...)
+	TODO: check
 CVE-2017-7412 (NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which ...)
 	NOT-FOR-US: NixOS specific Docker issue
 CVE-2017-7411
@@ -13,6 +23,7 @@
 CVE-2017-7408
 	RESERVED
 CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...)
+	{DLA-883-1}
 	- curl <unfixed> (unimportant; bug #859500)
 	NOTE: https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13
 	NOTE: Negligable security impact
@@ -27,6 +38,7 @@
 CVE-2017-7402 (Pixie 1.0.4 allows remote authenticated users to upload and execute ...)
 	NOT-FOR-US: Pixie CMS
 CVE-2017-7401 (Incorrect interaction of the parse_packet() and ...)
+	{DLA-884-1}
 	- collectd <unfixed> (bug #859494)
 	[jessie] - collectd <no-dsa> (Minor issue)
 	NOTE: https://github.com/collectd/collectd/issues/2174
@@ -65,8 +77,8 @@
 	REJECTED
 CVE-2017-7399
 	RESERVED
-CVE-2017-7398
-	RESERVED
+CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request ...)
+	TODO: check
 CVE-2017-7397 (BackBox Linux 4.6 allows remote attackers to cause a denial of service ...)
 	TODO: check
 CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an ...)
@@ -275,12 +287,12 @@
 CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT ...)
 	- mantis <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
-CVE-2017-7307
-	RESERVED
-CVE-2017-7306
-	RESERVED
-CVE-2017-7305
-	RESERVED
+CVE-2017-7307 (Riverbed RiOS before 9.0.1 does not properly restrict shell access in ...)
+	TODO: check
+CVE-2017-7306 (** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password ...)
+	TODO: check
+CVE-2017-7305 (** DISPUTED ** Riverbed RiOS through 9.6.0 does not require a ...)
+	TODO: check
 CVE-2017-7304 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
 	- binutils 2.27.51.20161212-1
 	[jessie] - binutils <no-dsa> (Minor issue)
@@ -723,13 +735,11 @@
 	RESERVED
 CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
 	NOT-FOR-US: cloudflare-scrape
-CVE-2017-7234 [Open redirect vulnerability in django.views.static.serve()]
-	RESERVED
+CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...)
 	- python-django 1:1.10.7-1 (bug #859516)
 	NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
 	NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753
-CVE-2017-7233 [Open redirect and possible XSS attack via user-supplied numeric redirect URLs]
-	RESERVED
+CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 ...)
 	- python-django 1:1.10.7-1 (bug #859515)
 	NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
 	NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a
@@ -741,8 +751,7 @@
 	NOT-FOR-US: Disk Sorter Enterprise
 CVE-2017-7229
 	RESERVED
-CVE-2017-7228 [x86: broken check in memory_exchange() permits PV guest breakout]
-	RESERVED
+CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes available ...)
 	- xen <unfixed> (bug #859560)
 	NOTE: https://xenbits.xen.org/xsa/advisory-212.html
 CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based ...)
@@ -4822,8 +4831,8 @@
 	NOT-FOR-US: BIOS in Intel NUC systems
 CVE-2017-5684 (The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core ...)
 	NOT-FOR-US: BIOS in Intel NUC systems
-CVE-2017-5683
-	RESERVED
+CVE-2017-5683 (Privilege escalation in IntelHAXM.sys driver in the Intel Hardware ...)
+	TODO: check
 CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, ...)
 	NOT-FOR-US: Intel PSET
 CVE-2017-5680
@@ -5051,8 +5060,8 @@
 	RESERVED
 CVE-2017-5671 (Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 ...)
 	NOT-FOR-US: Honeywell
-CVE-2017-5670
-	RESERVED
+CVE-2017-5670 (Riverbed RiOS through 9.6.0 deletes the secure vault with the rm ...)
+	TODO: check
 CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...)
 	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
@@ -5096,8 +5105,7 @@
 	RESERVED
 CVE-2017-5650
 	RESERVED
-CVE-2017-5649
-	RESERVED
+CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by ...)
 	NOT-FOR-US: Apache Geode
 CVE-2017-5648
 	RESERVED
@@ -12076,8 +12084,8 @@
 	RESERVED
 CVE-2017-3205
 	RESERVED
-CVE-2017-3204
-	RESERVED
+CVE-2017-3204 (The Go SSH library (x/crypto/ssh) by default does not verify host ...)
+	TODO: check
 CVE-2017-3203
 	RESERVED
 CVE-2017-3202
@@ -18614,9 +18622,8 @@
 	RESERVED
 CVE-2017-0361
 	RESERVED
-CVE-2017-0360 [Sanitize path in file_open against suffix]
-	RESERVED
-	{DLA-882-1}
+CVE-2017-0360 (file_open in Tryton 3.x and 4.x through 4.2.2 allows remote ...)
+	{DSA-3826-1 DLA-882-1}
 	- tryton-server 4.2.1-2
 	NOTE: Fixed by: http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8 (4.2.x)
 CVE-2017-0359 [diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive]
@@ -31311,8 +31318,8 @@
 	RESERVED
 CVE-2016-5871
 	RESERVED
-CVE-2016-5870
-	RESERVED
+CVE-2016-5870 (The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c ...)
+	TODO: check
 CVE-2016-5869
 	RESERVED
 CVE-2016-5868
@@ -38545,8 +38552,8 @@
 	NOT-FOR-US: Android Mediaserver
 CVE-2016-3741 (The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does ...)
 	NOT-FOR-US: Android Mediaserver
-CVE-2016-3740
-	RESERVED
+CVE-2016-3740 (Heap-based buffer overflow in the CreateFXPDFConvertor function in ...)
+	TODO: check
 CVE-2016-3739 (The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...)
 	- curl 7.50.1-1 (unimportant)
 	NOTE: only relevant when built with mbedTLS/PolarSSL
@@ -70876,11 +70883,9 @@
 	RESERVED
 CVE-2015-1613 (RhodeCode before 2.2.7 allows remote authenticated users to obtain API ...)
 	NOT-FOR-US: RhodeCode
-CVE-2015-1612
-	RESERVED
+CVE-2015-1612 (OpenFlow plugin for OpenDaylight before Helium SR3 allows remote ...)
 	NOT-FOR-US: OpenDaylight
-CVE-2015-1611
-	RESERVED
+CVE-2015-1611 (OpenFlow plugin for OpenDaylight before Helium SR3 allows remote ...)
 	NOT-FOR-US: OpenDaylight
 CVE-2015-1610 (hosttracker in OpenDaylight l2switch allows remote attackers to change ...)
 	NOT-FOR-US: OpenDaylight

More information about the Secure-testing-commits mailing list