[Secure-testing-commits] r51086 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Apr 26 21:10:14 UTC 2017
Author: sectracker
Date: 2017-04-26 21:10:14 +0000 (Wed, 26 Apr 2017)
New Revision: 51086
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-26 20:54:29 UTC (rev 51085)
+++ data/CVE/list 2017-04-26 21:10:14 UTC (rev 51086)
@@ -1,3 +1,9 @@
+CVE-2017-8286
+ RESERVED
+CVE-2017-8285
+ RESERVED
+CVE-2017-8284 (** DISPUTED ** The disas_insn function in target/i386/translate.c in ...)
+ TODO: check
CVE-2017-8282
RESERVED
CVE-2017-8281
@@ -365,6 +371,7 @@
NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4)
CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a ...)
+ {DLA-918-1}
- freetype <unfixed> (bug #861220)
NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
@@ -450,6 +457,7 @@
CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve ...)
NOT-FOR-US: TP-Link
CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a filename via ...)
+ {DLA-919-1}
- weechat 1.7-3 (bug #861121)
NOTE: https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
CVE-2017-8072 (The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c ...)
@@ -1471,8 +1479,8 @@
NOT-FOR-US: SolarWinds
CVE-2017-7721
RESERVED
-CVE-2017-7720
- RESERVED
+CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to ...)
+ TODO: check
CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
NOT-FOR-US: Spider Event Calendar
CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local ...)
@@ -3046,12 +3054,12 @@
CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
NOT-FOR-US: cloudflare-scrape
CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...)
- {DLA-885-1}
+ {DSA-3835-1 DLA-885-1}
- python-django 1:1.10.7-1 (bug #859516)
NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753
CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 ...)
- {DLA-885-1}
+ {DSA-3835-1 DLA-885-1}
- python-django 1:1.10.7-1 (bug #859515)
NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a
@@ -4042,7 +4050,7 @@
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b
CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in ...)
- {DSA-3827-1}
+ {DSA-3827-1 DLA-920-1}
- jasper <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/11
NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
@@ -6196,12 +6204,12 @@
RESERVED
CVE-2017-6055 (XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 ...)
NOT-FOR-US: eParakstitajs and eParaksts Java lib
-CVE-2017-6054
- RESERVED
+CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai ...)
+ TODO: check
CVE-2017-6053
RESERVED
-CVE-2017-6052
- RESERVED
+CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...)
+ TODO: check
CVE-2017-6051
RESERVED
CVE-2017-6050
@@ -14775,11 +14783,9 @@
RESERVED
CVE-2017-3163
RESERVED
-CVE-2017-3162
- RESERVED
+CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse the ...)
- hadoop <itp> (bug #793644)
-CVE-2017-3161
- RESERVED
+CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a ...)
- hadoop <itp> (bug #793644)
CVE-2017-3160
RESERVED
@@ -19301,8 +19307,8 @@
RESERVED
CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a ...)
NOT-FOR-US: IBM
-CVE-2017-1170
- RESERVED
+CVE-2017-1170 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
+ TODO: check
CVE-2017-1169
RESERVED
CVE-2017-1168
@@ -21597,7 +21603,7 @@
NOT-FOR-US: OpenShift
CVE-2016-9591 [Use-after-free on heap in jas_matrix_destroy]
RESERVED
- {DSA-3827-1}
+ {DSA-3827-1 DLA-920-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/105
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
@@ -23847,11 +23853,12 @@
CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer from a ...)
- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x ...)
- {DLA-706-1}
+ {DSA-3835-1 DLA-706-1}
- python-django 1:1.10.3-1 (bug #842856)
NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
NOTE: https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
CVE-2016-9013 (Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before ...)
+ {DSA-3835-1}
- python-django 1:1.10.3-1 (bug #842856)
[wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
@@ -23954,8 +23961,8 @@
RESERVED
CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in ...)
NOT-FOR-US: IBM
-CVE-2016-8962
- RESERVED
+CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have ...)
+ TODO: check
CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to conduct ...)
NOT-FOR-US: IBM
CVE-2016-8960 (IBM Cognos Business Intelligence 10.2 could allow a user with lower ...)
@@ -24030,8 +24037,8 @@
NOT-FOR-US: IBM
CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
NOT-FOR-US: IBM
-CVE-2016-8924
- RESERVED
+CVE-2016-8924 (IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote ...)
+ TODO: check
CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a ...)
NOT-FOR-US: IBM
CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...)
More information about the Secure-testing-commits
mailing list