[Secure-testing-commits] r50736 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Apr 17 21:10:44 UTC 2017


Author: sectracker
Date: 2017-04-17 21:10:25 +0000 (Mon, 17 Apr 2017)
New Revision: 50736

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-17 20:42:01 UTC (rev 50735)
+++ data/CVE/list	2017-04-17 21:10:25 UTC (rev 50736)
@@ -1,3 +1,7 @@
+CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the ...)
+	TODO: check
+CVE-2017-7890
+	RESERVED
 CVE-2017-7888
 	RESERVED
 CVE-2017-7887
@@ -30,6 +34,7 @@
 CVE-2017-7876
 	RESERVED
 CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends to ...)
+	{DLA-899-1}
 	- feh 2.18-2 (low; bug #860367)
 	[jessie] - feh <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
@@ -102,6 +107,7 @@
 CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused by a ...)
 	- libreoffice <not-affected> (Didn't affect the 5.2 backport)
 CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a ...)
+	{DLA-900-1}
 	[experimental] - freetype 2.7.1-0.1
 	- freetype <unfixed> (bug #860303)
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
@@ -3877,6 +3883,7 @@
 CVE-2017-6449
 	RESERVED
 CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...)
+	{DLA-901-1}
 	[experimental] - radare2 1.3.0+dfsg-1
 	- radare2 1.1.0+dfsg-4 (bug #859447)
 	[jessie] - radare2 <no-dsa> (Minor issue)
@@ -6315,8 +6322,8 @@
 	RESERVED
 CVE-2017-5660
 	RESERVED
-CVE-2017-5659
-	RESERVED
+CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when there is ...)
+	TODO: check
 CVE-2017-5658
 	RESERVED
 CVE-2017-5657
@@ -6331,15 +6338,13 @@
 	RESERVED
 CVE-2017-5652
 	RESERVED
-CVE-2017-5651
-	RESERVED
+CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.11-2 (bug #860071)
 	[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/21
 	NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x)
-CVE-2017-5650
-	RESERVED
+CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.11-2 (bug #860070)
 	[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
@@ -6347,8 +6352,7 @@
 	NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x)
 CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by ...)
 	NOT-FOR-US: Apache Geode
-CVE-2017-5648
-	RESERVED
+CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.11-2 (bug #860069)
 	- tomcat7 7.0.72-3
@@ -6358,8 +6362,7 @@
 	NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x)
 	NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
-CVE-2017-5647
-	RESERVED
+CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.11-2 (bug #860068)
 	- tomcat7 7.0.72-3
@@ -28118,8 +28121,7 @@
 	- linux-2.6 2.6.37-1
 CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to ...)
 	NOT-FOR-US: Liferay Portal
-CVE-2016-7551 [AST-2016-007]
-	RESERVED
+CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 ...)
 	{DSA-3700-1 DLA-781-1}
 	- asterisk 1:13.11.2~dfsg-1 (bug #838832)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
@@ -29556,10 +29558,10 @@
 CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
 	NOT-FOR-US: Rowhammer hardware vulnerability on Android devices
 	NOTE: https://www.vusec.net/projects/drammer/
-CVE-2016-6727
-	RESERVED
-CVE-2016-6726
-	RESERVED
+CVE-2016-6727 (The Qualcomm GPS subsystem in Android on Android One devices allows ...)
+	TODO: check
+CVE-2016-6726 (Unspecified vulnerability in Qualcomm components in Android on Nexus 6 ...)
+	TODO: check
 CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto driver in ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service in ...)
@@ -34192,8 +34194,8 @@
 	NOT-FOR-US: JBoss BPMS
 CVE-2016-5397
 	RESERVED
-CVE-2016-5396
-	RESERVED
+CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...)
+	TODO: check
 CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user ...)
 	NOT-FOR-US: Apache Ranger
 CVE-2016-5394
@@ -36672,26 +36674,26 @@
 	RESERVED
 CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
 	NOT-FOR-US: IVYWE
-CVE-2016-4874
-	RESERVED
-CVE-2016-4873
-	RESERVED
-CVE-2016-4872
-	RESERVED
-CVE-2016-4871
-	RESERVED
-CVE-2016-4870
-	RESERVED
-CVE-2016-4869
-	RESERVED
-CVE-2016-4868
-	RESERVED
-CVE-2016-4867
-	RESERVED
-CVE-2016-4866
-	RESERVED
-CVE-2016-4865
-	RESERVED
+CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...)
+	TODO: check
+CVE-2016-4873 (The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not ...)
+	TODO: check
+CVE-2016-4872 (The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 ...)
+	TODO: check
+CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2016-4870 (Cross-site scripting (XSS) vulnerability in "Schedule" function in ...)
+	TODO: check
+CVE-2016-4869 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2016-4868 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject ...)
+	TODO: check
+CVE-2016-4867 (The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote ...)
+	TODO: check
+CVE-2016-4866 (Cross-site scripting (XSS) vulnerability in the "Project" function in ...)
+	TODO: check
+CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the "Customapp" function ...)
+	TODO: check
 CVE-2016-4864
 	RESERVED
 CVE-2016-4863
@@ -52976,8 +52978,8 @@
 	NOT-FOR-US: AXIS Communications
 CVE-2015-8257
 	RESERVED
-CVE-2015-8256
-	RESERVED
+CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis network ...)
+	TODO: check
 CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
 	NOT-FOR-US: AXIS Communications
 CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)




More information about the Secure-testing-commits mailing list