[Secure-testing-commits] r50554 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Apr 10 21:10:13 UTC 2017
Author: sectracker
Date: 2017-04-10 21:10:13 +0000 (Mon, 10 Apr 2017)
New Revision: 50554
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-10 21:05:38 UTC (rev 50553)
+++ data/CVE/list 2017-04-10 21:10:13 UTC (rev 50554)
@@ -1,3 +1,63 @@
+CVE-2017-7645
+ RESERVED
+CVE-2017-7644
+ RESERVED
+CVE-2017-7643
+ RESERVED
+CVE-2017-7642
+ RESERVED
+CVE-2017-7641
+ RESERVED
+CVE-2017-7640
+ RESERVED
+CVE-2017-7639
+ RESERVED
+CVE-2017-7638
+ RESERVED
+CVE-2017-7637
+ RESERVED
+CVE-2017-7636
+ RESERVED
+CVE-2017-7635
+ RESERVED
+CVE-2017-7634
+ RESERVED
+CVE-2017-7633
+ RESERVED
+CVE-2017-7632
+ RESERVED
+CVE-2017-7631
+ RESERVED
+CVE-2017-7630
+ RESERVED
+CVE-2017-7629
+ RESERVED
+CVE-2017-7628
+ RESERVED
+CVE-2017-7627
+ RESERVED
+CVE-2017-7626
+ RESERVED
+CVE-2017-7625 (In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the ...)
+ TODO: check
+CVE-2017-7624 (The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ...)
+ TODO: check
+CVE-2017-7623 (The iwmiffr_convert_row32 function in imagew-miff.c in ...)
+ TODO: check
+CVE-2017-7622 (dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 ...)
+ TODO: check
+CVE-2017-7621
+ RESERVED
+CVE-2017-7620
+ RESERVED
+CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to ...)
+ TODO: check
+CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat syscalls ...)
+ TODO: check
+CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain ...)
+ TODO: check
+CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated ...)
+ TODO: check
CVE-2017-7615
RESERVED
CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
@@ -101,12 +161,12 @@
- tiff <unfixed> (bug #859998)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658
-CVE-2017-7617 [AST-2017-001: Buffer overflow in CDR's set user]
+CVE-2017-7617 (Remote code execution can occur in Asterisk Open Source 13.x before ...)
- asterisk 1:13.14.1~dfsg-1 (bug #859910)
[jessie] - asterisk <not-affected> (Vulnerable code not present)
[wheezy] - asterisk <not-affected> (Vulnerable code not present)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-001.html
-CVE-2017-7619 [Infinite loop due to rounding error]
+CVE-2017-7619 (In ImageMagick 7.0.4-9, an infinite loop can occur because of a ...)
- imagemagick <unfixed> (bug #859769)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506
NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f
@@ -195,6 +255,7 @@
CVE-2016-1000306
REJECTED
CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow ...)
+ {DLA-890-1}
- ming <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/1
NOTE: https://github.com/libming/libming/issues/68
@@ -642,8 +703,7 @@
CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...)
- libpodofo <unfixed> (bug #859330)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
-CVE-2017-7377 [9pfs: host memory leakage via v9fs_create]
- RESERVED
+CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...)
- qemu <unfixed> (bug #859854)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -719,12 +779,12 @@
CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
-CVE-2017-7345
- RESERVED
-CVE-2016-10311
- RESERVED
-CVE-2016-10310
- RESERVED
+CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manager for ...)
+ TODO: check
+CVE-2016-10311 (Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows ...)
+ TODO: check
+CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in ...)
+ TODO: check
CVE-2017-7344
RESERVED
CVE-2017-7343
@@ -775,8 +835,8 @@
NOT-FOR-US: MODX Revolution
CVE-2017-7320 (setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier ...)
NOT-FOR-US: MODX Revolution
-CVE-2017-7319
- RESERVED
+CVE-2017-7319 (A vulnerability in the Linux kernel package 3.16.0-28 on Ubuntu 14.04 ...)
+ TODO: check
CVE-2017-7318 (Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command ...)
NOT-FOR-US: Siklu EtherHaul
CVE-2017-7317
@@ -844,8 +904,8 @@
NOT-FOR-US: Trango
CVE-2016-10305 (Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= ...)
NOT-FOR-US: Trango
-CVE-2016-10304
- RESERVED
+CVE-2016-10304 (The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows ...)
+ TODO: check
CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ...)
- linux 4.9.18-1
NOTE: Fixed by: https://git.kernel.org/linus/2b6867c2ce76c596676bec7d2d525af525fdc6e2
@@ -880,8 +940,8 @@
RESERVED
CVE-2017-7287
RESERVED
-CVE-2017-7286
- RESERVED
+CVE-2017-7286 (The Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS mishandles a ...)
+ TODO: check
CVE-2016-10303
RESERVED
CVE-2016-10302
@@ -1212,8 +1272,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-7240 (An issue was discovered on Miele Professional PG 8528 PST10 devices. ...)
NOT-FOR-US: Miele Professional PG 8528 PST10 devices
-CVE-2017-7239
- RESERVED
+CVE-2017-7239 (Ninka before 1.3.2 might allow remote attackers to obtain sensitive ...)
- ninka <itp> (bug #631415)
CVE-2017-7238
RESERVED
@@ -1410,8 +1469,8 @@
[wheezy] - linux <not-affected> (Introduced in 3.17)
NOTE: Fixed by: https://git.kernel.org/linus/bf33f87dd04c371ea33feb821b60d63d754e3124 (4.11-rc5)
NOTE: Introduced by: https://git.kernel.org/linus/65c26a0f39695ba01d9693754f27ca76cc8a3ab5 (3.17-rc1)
-CVE-2017-7185
- RESERVED
+CVE-2017-7185 (Use-after-free vulnerability in the ...)
+ TODO: check
CVE-2017-7183 (The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers ...)
NOT-FOR-US: ExtraPuTTY
CVE-2017-7182
@@ -4075,8 +4134,8 @@
RESERVED
CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...)
NOT-FOR-US: APNGDis
-CVE-2017-6190
- RESERVED
+CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link ...)
+ TODO: check
CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before ...)
NOT-FOR-US: Amazon Kindle
CVE-2017-6187 (Buffer overflow in the built-in web server in DiskSavvy Enterprise ...)
@@ -4544,8 +4603,8 @@
NOT-FOR-US: PhreeBooksERP
CVE-2017-5989
RESERVED
-CVE-2017-5988
- RESERVED
+CVE-2017-5988 (NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is ...)
+ TODO: check
CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
- qemu 1:2.8+dfsg-3 (bug #855159)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -4568,8 +4627,8 @@
NOTE: stable-1.0: https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec
CVE-2017-5984
RESERVED
-CVE-2017-5983
- RESERVED
+CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before ...)
+ TODO: check
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
- kodi <unfixed> (bug #855225)
- xbmc <undetermined>
@@ -5727,8 +5786,8 @@
- zammad <itp> (bug #841355)
CVE-2017-5609 (SQL injection vulnerability in include/functions_entries.inc.php in ...)
- serendipity <removed>
-CVE-2017-5607
- RESERVED
+CVE-2017-5607 (Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x ...)
+ TODO: check
CVE-2017-5606 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
NOT-FOR-US: Xabber
CVE-2017-5605 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
@@ -14011,6 +14070,7 @@
RESERVED
CVE-2017-2669 [auth: Do not double-expand key in passdb dict when authenticating]
RESERVED
+ {DSA-3828-1}
- dovecot <unfixed> (bug #860049)
[wheezy] - dovecot <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735
@@ -18606,6 +18666,7 @@
CVE-2017-0554 (An elevation of privilege vulnerability in the Telephony component ...)
NOT-FOR-US: Android
CVE-2017-0553 (An elevation of privilege vulnerability in libnl could enable a local ...)
+ {DLA-892-1 DLA-891-1}
- libnl3 3.2.27-2 (bug #859948)
- libnl <removed>
NOTE: Fixed by: http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
@@ -28392,10 +28453,10 @@
NOTE: https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html
CVE-2016-6880
RESERVED
-CVE-2016-6879
- RESERVED
-CVE-2016-6878
- RESERVED
+CVE-2016-6879 (The X509_Certificate::allowed_usage function in botan 1.11.x before ...)
+ TODO: check
+CVE-2016-6878 (The Curve25519 code in botan before 1.11.31, on systems without a ...)
+ TODO: check
CVE-2016-6877
RESERVED
CVE-2016-6876 (The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link ...)
@@ -29279,8 +29340,8 @@
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
-CVE-2016-6605
- RESERVED
+CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
+ TODO: check
CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android ...)
NOT-FOR-US: Samsung
CVE-2016-7513 [off-by-one error leading to segfault]
@@ -35599,8 +35660,7 @@
- dwarfutils 20160507-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5041
- RESERVED
+CVE-2016-5041 (dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to ...)
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
@@ -36102,7 +36162,7 @@
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/705
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
-CVE-2016-10321 [does not check if host is denied before verifying passwords]
+CVE-2016-10321 (web2py before 2.14.6 does not properly check if a host is denied before ...)
- web2py <unfixed> (bug #860038)
[jessie] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
NOTE: https://github.com/web2py/web2py/issues/1585#issuecomment-284317919
@@ -51847,8 +51907,7 @@
{DSA-3423-1 DLA-374-1}
- cacti 0.8.8f+ds1-3 (bug #807599)
NOTE: http://bugs.cacti.net/view.php?id=2646
-CVE-2015-8378 [canceling export operation creates cleartext copy of all of the user's KeePassX password database entries]
- RESERVED
+CVE-2015-8378 (In KeePassX before 0.4.4, a cleartext copy of password data is created ...)
- keepassx 0.4.3+dfsg-1 (bug #791858)
[jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
[wheezy] - keepassx <no-dsa> (Minor issue)
@@ -53586,18 +53645,15 @@
- botan1.10 1.10.13-1 (bug #817932)
NOTE: Fixed in 1.11.22 and 1.10.13. Affected all previous versions.
NOTE: http://botan.randombit.net/security.html
-CVE-2015-7826 [Acceptance of invalid certificate names]
- RESERVED
+CVE-2015-7826 (botan 1.11.x before 1.11.22 improperly handles wildcard matching ...)
- botan1.10 <not-affected> (Introduced in 1.11.0)
NOTE: Introduced in 1.11.0, fixed in 1.11.22
NOTE: http://botan.randombit.net/security.html
-CVE-2015-7825 [Infinite loop during certificate path validation]
- RESERVED
+CVE-2015-7825 (botan before 1.11.22 improperly validates certificate paths, which ...)
- botan1.10 <not-affected> (Introduced in 1.11.6)
NOTE: Introduced in 1.11.6, fixed in 1.11.22
NOTE: http://botan.randombit.net/security.html
-CVE-2015-7824 [Padding oracle attack on TLS]
- RESERVED
+CVE-2015-7824 (botan 1.11.x before 1.11.22 makes it easier for remote attackers to ...)
- botan1.10 <not-affected> (Introduced in 1.11.0)
NOTE: Introduced in 1.11.0, fixed in 1.11.22
NOTE: http://botan.randombit.net/security.html
@@ -56998,6 +57054,7 @@
CVE-2015-6645 (SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...)
NOT-FOR-US: Android
CVE-2015-6644 (Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...)
+ {DLA-893-1}
- bouncycastle 1.54-1
NOTE: https://source.android.com/security/bulletin/2016-01-01.html#information_disclosure_vulnerability_in_bouncy_castle
NOTE: https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f
@@ -67629,7 +67686,7 @@
CVE-2015-2890 (The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile ...)
NOT-FOR-US: BIOS implementations on Dell hardware with model-dependent firmware
CVE-2015-2889 (Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote ...)
- NOT-FOR-US: Summer Baby Zoom Wifi Monitor and Internet Viewing System
+ NOT-FOR-US: Summer Baby Zoom Wifi Monitor and Internet Viewing System
CVE-2015-2888 (Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote ...)
NOT-FOR-US: Summer Baby Zoom Wifi Monitor and Internet Viewing System
CVE-2015-2887 (iBaby M3S has a password of admin for the backdoor admin account. ...)
More information about the Secure-testing-commits
mailing list