[Secure-testing-commits] r51121 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Apr 27 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-04-27 21:10:12 +0000 (Thu, 27 Apr 2017)
New Revision: 51121

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-27 21:03:47 UTC (rev 51120)
+++ data/CVE/list	2017-04-27 21:10:12 UTC (rev 51121)
@@ -1,3 +1,39 @@
+CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware ...)
+	TODO: check
+CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API exposed by ...)
+	TODO: check
+CVE-2017-8306
+	RESERVED
+CVE-2017-8304
+	RESERVED
+CVE-2017-8303
+	RESERVED
+CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to ...)
+	TODO: check
+CVE-2017-8300
+	RESERVED
+CVE-2017-8299
+	RESERVED
+CVE-2017-8298 (cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a ...)
+	TODO: check
+CVE-2017-8297 (A path traversal vulnerability exists in simple-file-manager before ...)
+	TODO: check
+CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is ...)
+	TODO: check
+CVE-2017-8295
+	RESERVED
+CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote ...)
+	TODO: check
+CVE-2017-8293
+	RESERVED
+CVE-2017-8292
+	RESERVED
+CVE-2017-8290
+	RESERVED
+CVE-2017-8289 (Stack-based buffer overflow in the ipv6_addr_from_str function in ...)
+	TODO: check
+CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to ...)
+	TODO: check
 CVE-2017-XXXX [kedpm: information disclosure in command history file]
 	- kedpm <unfixed> (bug #860817)
 	NOTE: patch gives workaround, will be removed from stretch/sid
@@ -3,14 +39,15 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
 CVE-2017-8305 [Buffer overflow in own strlcpy implementation]
+	RESERVED
 	- udfclient <unfixed> (bug #861347)
-CVE-2017-8301 [Missing TLS Certificate Validation]
+CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if ...)
 	- libressl <itp> (bug #754513)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/27/11
-CVE-2017-8291 [shell injection]
+CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and ...)
 	- ghostscript <unfixed> (bug #861295)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of 697799)
-        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private)
 	NOTE: Full report viewable at: https://bugzilla.suse.com/show_bug.cgi?id=1036453
-CVE-2017-8287 [out-of-bounds write via t1_builder_close_contour function]
+CVE-2017-8287 (FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a ...)
 	- freetype <unfixed> (bug #861308)
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
@@ -480,7 +517,7 @@
 CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve ...)
 	NOT-FOR-US: TP-Link
 CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a filename via ...)
-	{DLA-919-1}
+	{DSA-3836-1 DLA-919-1}
 	- weechat 1.7-3 (bug #861121)
 	NOTE: https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
 CVE-2017-8072 (The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c ...)
@@ -1116,7 +1153,7 @@
 CVE-2016-1000258
 	REJECTED
 CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a ...)
-	{DLA-910-1}
+	{DSA-3837-1 DLA-910-1}
 	- libreoffice 1:5.2.5-1
 	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
 CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an ...)
@@ -1600,7 +1637,7 @@
 	NOT-FOR-US: Symphony CMS
 CVE-2017-7693
 	RESERVED
-CVE-2017-7692 (SquirrelMail 1.4.22 allows post-authentication remote code execution ...)
+CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) ...)
 	- squirrelmail <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
 	NOTE: https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
@@ -2330,8 +2367,8 @@
 	RESERVED
 CVE-2017-7416
 	RESERVED
-CVE-2017-7415
-	RESERVED
+CVE-2017-7415 (Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass ...)
+	TODO: check
 CVE-2016-10318 (A missing authorization check in the fscrypt_process_policy function in ...)
 	- linux 4.7.4-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -6262,12 +6299,12 @@
 	RESERVED
 CVE-2017-6038
 	RESERVED
-CVE-2017-6037
-	RESERVED
+CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies ...)
+	TODO: check
 CVE-2017-6036
 	RESERVED
-CVE-2017-6035
-	RESERVED
+CVE-2017-6035 (A Stack-Based Buffer Overflow issue was discovered in Wecon ...)
+	TODO: check
 CVE-2017-6034
 	RESERVED
 CVE-2017-6033 (A DLL Hijacking issue was discovered in Schneider Electric Interactive ...)
@@ -9404,8 +9441,8 @@
 	RESERVED
 CVE-2017-5187
 	RESERVED
-CVE-2017-5186
-	RESERVED
+CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before ...)
+	TODO: check
 CVE-2017-5185 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before ...)
 	NOT-FOR-US: NetIQ Sentinel
 CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before ...)
@@ -9588,8 +9625,8 @@
 	- firejail 0.9.44.2-3 (bug #850160)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/04/1
 	NOTE: https://github.com/netblue30/firejail/issues/1020
-CVE-2017-5135
-	RESERVED
+CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, ...)
+	TODO: check
 CVE-2017-5134
 	RESERVED
 CVE-2017-5133
@@ -12426,6 +12463,7 @@
 CVE-2016-10031 (** DISPUTED ** WampServer 3.0.6 installs two services called ...)
 	NOT-FOR-US: WampServer
 CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, ...)
+	{DLA-921-1}
 	- slurm-llnl 16.05.8-1 (bug #850491)
 	[jessie] - slurm-llnl <no-dsa> (Minor issue)
 	NOTE: https://www.schedmd.com/news.php?id=178
@@ -15041,8 +15079,8 @@
 	RESERVED
 CVE-2017-3067
 	RESERVED
-CVE-2017-3066
-	RESERVED
+CVE-2017-3066 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and ...)
+	TODO: check
 CVE-2017-3065 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
 	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2017-3064 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
@@ -15157,8 +15195,8 @@
 	NOT-FOR-US: Adobe
 CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
 	NOT-FOR-US: Adobe
-CVE-2017-3008
-	RESERVED
+CVE-2017-3008 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and ...)
+	TODO: check
 CVE-2017-3007 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the ...)
 	NOT-FOR-US: Adobe Thor
 CVE-2017-3006 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related ...)
@@ -48684,7 +48722,7 @@
 	NOTE: Fix spread across multiple commits: https://github.com/tatsuhiro-t/nghttp2/compare/v1.7.0...v1.7.1
 	NOTE: Commits between 1.7.0 and 1.7.1 seem almost limited to this issue, cf.
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1308461#c3
-CVE-2016-1543 (The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) ...)
+CVE-2016-1543 (The RPC API in the RSCD agent in BMC BladeLogic Server Automation ...)
 	NOT-FOR-US: BMC
 CVE-2016-1542 (The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) ...)
 	NOT-FOR-US: BMC

More information about the Secure-testing-commits mailing list