[Secure-testing-commits] r50736 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Apr 17 21:10:44 UTC 2017
Author: sectracker
Date: 2017-04-17 21:10:25 +0000 (Mon, 17 Apr 2017)
New Revision: 50736
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-17 20:42:01 UTC (rev 50735)
+++ data/CVE/list 2017-04-17 21:10:25 UTC (rev 50736)
@@ -1,3 +1,7 @@
+CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the ...)
+ TODO: check
+CVE-2017-7890
+ RESERVED
CVE-2017-7888
RESERVED
CVE-2017-7887
@@ -30,6 +34,7 @@
CVE-2017-7876
RESERVED
CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends to ...)
+ {DLA-899-1}
- feh 2.18-2 (low; bug #860367)
[jessie] - feh <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
@@ -102,6 +107,7 @@
CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused by a ...)
- libreoffice <not-affected> (Didn't affect the 5.2 backport)
CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a ...)
+ {DLA-900-1}
[experimental] - freetype 2.7.1-0.1
- freetype <unfixed> (bug #860303)
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
@@ -3877,6 +3883,7 @@
CVE-2017-6449
RESERVED
CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...)
+ {DLA-901-1}
[experimental] - radare2 1.3.0+dfsg-1
- radare2 1.1.0+dfsg-4 (bug #859447)
[jessie] - radare2 <no-dsa> (Minor issue)
@@ -6315,8 +6322,8 @@
RESERVED
CVE-2017-5660
RESERVED
-CVE-2017-5659
- RESERVED
+CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when there is ...)
+ TODO: check
CVE-2017-5658
RESERVED
CVE-2017-5657
@@ -6331,15 +6338,13 @@
RESERVED
CVE-2017-5652
RESERVED
-CVE-2017-5651
- RESERVED
+CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.11-2 (bug #860071)
[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/21
NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x)
-CVE-2017-5650
- RESERVED
+CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.11-2 (bug #860070)
[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
@@ -6347,8 +6352,7 @@
NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x)
CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by ...)
NOT-FOR-US: Apache Geode
-CVE-2017-5648
- RESERVED
+CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.11-2 (bug #860069)
- tomcat7 7.0.72-3
@@ -6358,8 +6362,7 @@
NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x)
NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
-CVE-2017-5647
- RESERVED
+CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.11-2 (bug #860068)
- tomcat7 7.0.72-3
@@ -28118,8 +28121,7 @@
- linux-2.6 2.6.37-1
CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to ...)
NOT-FOR-US: Liferay Portal
-CVE-2016-7551 [AST-2016-007]
- RESERVED
+CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 ...)
{DSA-3700-1 DLA-781-1}
- asterisk 1:13.11.2~dfsg-1 (bug #838832)
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
@@ -29556,10 +29558,10 @@
CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
NOT-FOR-US: Rowhammer hardware vulnerability on Android devices
NOTE: https://www.vusec.net/projects/drammer/
-CVE-2016-6727
- RESERVED
-CVE-2016-6726
- RESERVED
+CVE-2016-6727 (The Qualcomm GPS subsystem in Android on Android One devices allows ...)
+ TODO: check
+CVE-2016-6726 (Unspecified vulnerability in Qualcomm components in Android on Nexus 6 ...)
+ TODO: check
CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto driver in ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service in ...)
@@ -34192,8 +34194,8 @@
NOT-FOR-US: JBoss BPMS
CVE-2016-5397
RESERVED
-CVE-2016-5396
- RESERVED
+CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...)
+ TODO: check
CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user ...)
NOT-FOR-US: Apache Ranger
CVE-2016-5394
@@ -36672,26 +36674,26 @@
RESERVED
CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
NOT-FOR-US: IVYWE
-CVE-2016-4874
- RESERVED
-CVE-2016-4873
- RESERVED
-CVE-2016-4872
- RESERVED
-CVE-2016-4871
- RESERVED
-CVE-2016-4870
- RESERVED
-CVE-2016-4869
- RESERVED
-CVE-2016-4868
- RESERVED
-CVE-2016-4867
- RESERVED
-CVE-2016-4866
- RESERVED
-CVE-2016-4865
- RESERVED
+CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...)
+ TODO: check
+CVE-2016-4873 (The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not ...)
+ TODO: check
+CVE-2016-4872 (The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 ...)
+ TODO: check
+CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2016-4870 (Cross-site scripting (XSS) vulnerability in "Schedule" function in ...)
+ TODO: check
+CVE-2016-4869 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2016-4868 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject ...)
+ TODO: check
+CVE-2016-4867 (The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote ...)
+ TODO: check
+CVE-2016-4866 (Cross-site scripting (XSS) vulnerability in the "Project" function in ...)
+ TODO: check
+CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the "Customapp" function ...)
+ TODO: check
CVE-2016-4864
RESERVED
CVE-2016-4863
@@ -52976,8 +52978,8 @@
NOT-FOR-US: AXIS Communications
CVE-2015-8257
RESERVED
-CVE-2015-8256
- RESERVED
+CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis network ...)
+ TODO: check
CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
NOT-FOR-US: AXIS Communications
CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
More information about the Secure-testing-commits
mailing list