[Secure-testing-commits] r50704 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun Apr 16 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-04-16 21:10:13 +0000 (Sun, 16 Apr 2017)
New Revision: 50704

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-16 20:36:32 UTC (rev 50703)
+++ data/CVE/list	2017-04-16 21:10:13 UTC (rev 50704)
@@ -101,6 +101,7 @@
 CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote ...)
 	- radare2 <not-affected> (Vulnerable code introduced later)
 CVE-2017-7853 (In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a ...)
+	{DLA-898-1}
 	- libosip2 4.1.0-2.1 (bug #860287)
 	NOTE: https://savannah.gnu.org/support/index.php?109265
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
@@ -109,14 +110,17 @@
 CVE-2017-7851
 	RESERVED
 CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
+	{DLA-898-1}
 	- libosip2 4.1.0-2.1 (bug #860287)
 	NOTE: https://savannah.gnu.org/support/index.php?109132
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=b9dd097b5b24f5ee54b0a8739e59641cd51b6ead
 CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
+	{DLA-898-1}
 	- libosip2 4.1.0-2.1 (bug #860287)
 	NOTE: https://savannah.gnu.org/support/index.php?109131
 	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1d9fb1d3a71cc85ef95352e549b140c706cf8696
 CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
+	{DLA-898-1}
 	- libosip2 4.1.0-2.1 (bug #860287)
 	NOTE: https://savannah.gnu.org/support/index.php?109133
 	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f
@@ -652,8 +656,8 @@
 	NOT-FOR-US: Synology Photo Station
 CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated ...)
 	NOT-FOR-US: Synology Photo Station
-CVE-2017-7615
-	RESERVED
+CVE-2017-7615 (MantisBT through 2.3.0 allows arbitrary password reset and ...)
+	TODO: check
 CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
 	- binutils <unfixed> (low; bug #859989)
 	[jessie] - binutils <no-dsa> (Minor issue)
@@ -3652,11 +3656,13 @@
 	- qemu-kvm <removed>
 	NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
 CVE-2017-6504 (WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options ...)
+	{DLA-897-1}
 	- qbittorrent 3.3.7-3 (low; bug #856978)
 	[jessie] - qbittorrent <no-dsa> (Minor issue)
 	NOTE: https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d
 	NOTE: Fixed upstream in 3.3.11
 CVE-2017-6503 (WebUI in qBittorrent before 3.3.11 did not escape many values, which ...)
+	{DLA-897-1}
 	- qbittorrent 3.3.7-3 (low; bug #856977)
 	[jessie] - qbittorrent <no-dsa> (Minor issue)
 	NOTE: https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16

More information about the Secure-testing-commits mailing list