[Secure-testing-commits] r54827 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Aug 17 21:10:14 UTC 2017 

Author: sectracker
Date: 2017-08-17 21:10:14 +0000 (Thu, 17 Aug 2017)
New Revision: 54827

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-17 20:58:29 UTC (rev 54826)
+++ data/CVE/list	2017-08-17 21:10:14 UTC (rev 54827)
@@ -1,16 +1,75 @@
+CVE-2017-12918
+	RESERVED
+CVE-2017-12917
+	RESERVED
+CVE-2017-12916
+	RESERVED
+CVE-2017-12915
+	RESERVED
+CVE-2017-12914
+	RESERVED
+CVE-2017-12913
+	RESERVED
+CVE-2017-12912
+	RESERVED
+CVE-2017-12911
+	RESERVED
+CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows ...)
+	TODO: check
+CVE-2017-12909 (SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows ...)
+	TODO: check
+CVE-2017-12908 (SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows ...)
+	TODO: check
+CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url ...)
+	TODO: check
+CVE-2017-12906
+	RESERVED
+CVE-2017-12905
+	RESERVED
+CVE-2017-12904
+	RESERVED
+CVE-2017-12903
+	RESERVED
+CVE-2017-12902
+	RESERVED
+CVE-2017-12901
+	RESERVED
+CVE-2017-12900
+	RESERVED
+CVE-2017-12899
+	RESERVED
+CVE-2017-12898
+	RESERVED
+CVE-2017-12897
+	RESERVED
+CVE-2017-12896
+	RESERVED
+CVE-2017-12895
+	RESERVED
+CVE-2017-12894
+	RESERVED
+CVE-2017-12893
+	RESERVED
 CVE-2017-12925
+	RESERVED
 	NOT-FOR-US: libfpx
 CVE-2017-12924
+	RESERVED
 	NOT-FOR-US: libfpx
 CVE-2017-12923
+	RESERVED
 	NOT-FOR-US: libfpx
 CVE-2017-12922
+	RESERVED
 	NOT-FOR-US: libfpx
 CVE-2017-12921
+	RESERVED
 	NOT-FOR-US: libfpx
 CVE-2017-12920
+	RESERVED
 	NOT-FOR-US: libfpx
 CVE-2017-12919
+	RESERVED
 	NOT-FOR-US: libfpx
 CVE-2017-XXXX [XSS in spikekill.php via method parameter]
 	- cacti <unfixed> (bug #872478)
@@ -1646,24 +1705,19 @@
 	RESERVED
 CVE-2017-12446
 	RESERVED
-CVE-2017-12445
-	RESERVED
+CVE-2017-12445 (The JB2BitmapCoder::code_row_by_refinement function in ...)
 	- minidjvu <unfixed> (unimportant; bug #871495)
 	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12444
-	RESERVED
+CVE-2017-12444 (The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in ...)
 	- minidjvu <unfixed> (unimportant; bug #871495)
 	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12443
-	RESERVED
+CVE-2017-12443 (The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 ...)
 	- minidjvu <unfixed> (unimportant; bug #871495)
 	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12442
-	RESERVED
+CVE-2017-12442 (The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ...)
 	- minidjvu <unfixed> (unimportant; bug #871495)
 	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12441
-	RESERVED
+CVE-2017-12441 (The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ...)
 	- minidjvu <unfixed> (unimportant; bug #871495)
 	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
 CVE-2017-12440
@@ -3445,32 +3499,28 @@
 	- ffmpeg 7:3.3.3-1
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ffcc82219cef0928bed2d558b19ef6ea35634130
 	NOTE: Fixed in 3.2.7
-CVE-2017-11664
-	RESERVED
+CVE-2017-11664 (The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI ...)
 	- wildmidi <unfixed> (low; bug #871616)
 	[stretch] - wildmidi <no-dsa> (Minor issue)
 	[jessie] - wildmidi <not-affected> (vulnerable code not present)
 	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
-CVE-2017-11663
-	RESERVED
+CVE-2017-11663 (The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI ...)
 	- wildmidi <unfixed> (low; bug #871616)
 	[stretch] - wildmidi <no-dsa> (Minor issue)
 	[jessie] - wildmidi <not-affected> (vulnerable code not present)
 	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
-CVE-2017-11662
-	RESERVED
+CVE-2017-11662 (The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause ...)
 	- wildmidi <unfixed> (low; bug #871616)
 	[stretch] - wildmidi <no-dsa> (Minor issue)
 	[jessie] - wildmidi <not-affected> (vulnerable code not present)
 	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
-CVE-2017-11661
-	RESERVED
+CVE-2017-11661 (The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI ...)
 	- wildmidi <unfixed> (low; bug #871616)
 	[stretch] - wildmidi <no-dsa> (Minor issue)
 	[jessie] - wildmidi <not-affected> (vulnerable code not present)
@@ -4831,7 +4881,7 @@
 CVE-2017-11177
 	RESERVED
 CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...)
-	{DSA-3927-1}
+	{DSA-3945-1 DSA-3927-1}
 	- linux 4.11.11-1
 	NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
 CVE-2017-11175
@@ -8594,7 +8644,7 @@
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-217.html
 CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...)
-	{DSA-3927-1 DSA-3920-1}
+	{DSA-3945-1 DSA-3927-1 DSA-3920-1}
 	- linux 4.11.11-1
 	- qemu 1:2.8+dfsg-7 (bug #869706)
 	NOTE: https://xenbits.xen.org/xsa/advisory-216.html
@@ -8650,7 +8700,7 @@
 	[stretch] - linux 4.9.30-2+deb9u1
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
 CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and ...)
-	{DSA-3927-1}
+	{DSA-3945-1 DSA-3927-1}
 	- linux 4.11.11-1
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
 	NOTE: Fixed by: https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c
@@ -9155,7 +9205,7 @@
 CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an ...)
 	NOT-FOR-US: NetBSD
 CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...)
-	{DSA-3927-1}
+	{DSA-3945-1 DSA-3927-1}
 	- linux 4.11.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
@@ -13505,6 +13555,7 @@
 CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds ...)
+	{DSA-3945-1}
 	- linux 4.9.30-1 (low)
 	NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
 	NOTE: https://alephsecurity.com/vulns/aleph-2017023
@@ -14200,6 +14251,7 @@
 CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default ...)
 	- apcupsd <not-affected> (Only APC UPS Daemon on Windows)
 CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...)
+	{DSA-3945-1}
 	- linux 4.9.25-1
 	NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7)
 CVE-2017-7883
@@ -15384,11 +15436,9 @@
 	RESERVED
 CVE-2017-7557
 	RESERVED
-CVE-2017-7556
-	RESERVED
+CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to CSRF ...)
 	NOT-FOR-US: hawtio
-CVE-2017-7555 [crash/memory corruption when handling certain escaped strings]
-	RESERVED
+CVE-2017-7555 (Augeas versions up to and including 1.8.0 are vulnerable to heap-based ...)
 	- augeas <unfixed> (bug #872400)
 	NOTE: https://github.com/hercules-team/augeas/pull/480
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1478373
@@ -15439,11 +15489,11 @@
 	- neutron <not-affected> (Specific to Red Hat packaging)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792
 CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux ...)
-	{DSA-3927-1}
+	{DSA-3945-1 DSA-3927-1}
 	- linux 4.12.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6
 CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...)
-	{DSA-3927-1}
+	{DSA-3945-1 DSA-3927-1}
 	- linux 4.12.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c
@@ -15471,7 +15521,7 @@
 CVE-2017-7534
 	RESERVED
 CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel ...)
-	{DSA-3927-1}
+	{DSA-3945-1 DSA-3927-1}
 	- linux 4.12.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
@@ -15718,7 +15768,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
 CVE-2017-7482
 	RESERVED
-	{DSA-3927-1}
+	{DSA-3945-1 DSA-3927-1}
 	- linux 4.11.11-1
 	NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
 CVE-2017-7481 [Security issue with lookup return not tainting the jinja2 environment]
@@ -16193,7 +16243,7 @@
 CVE-2017-7347
 	RESERVED
 CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in ...)
-	{DSA-3927-1}
+	{DSA-3945-1 DSA-3927-1}
 	- linux 4.11.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
 	NOTE: Fixed by: https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf
@@ -16504,6 +16554,7 @@
 CVE-2014-9941 (In the Embedded File System in all Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2014-9940 (The regulator_ena_gpio_free function in drivers/regulator/core.c in ...)
+	{DSA-3945-1}
 	- linux 4.0.2-1 (low)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5 ...)
@@ -17913,54 +17964,54 @@
 	RESERVED
 CVE-2017-6791
 	RESERVED
-CVE-2017-6790
-	RESERVED
+CVE-2017-6790 (A vulnerability in the Session Initiation Protocol (SIP) on the Cisco ...)
+	TODO: check
 CVE-2017-6789
 	RESERVED
-CVE-2017-6788
-	RESERVED
+CVE-2017-6788 (The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client ...)
+	TODO: check
 CVE-2017-6787
 	RESERVED
-CVE-2017-6786
-	RESERVED
-CVE-2017-6785
-	RESERVED
-CVE-2017-6784
-	RESERVED
-CVE-2017-6783
-	RESERVED
-CVE-2017-6782
-	RESERVED
-CVE-2017-6781
-	RESERVED
+CVE-2017-6786 (A vulnerability in Cisco Elastic Services Controller could allow an ...)
+	TODO: check
+CVE-2017-6785 (A vulnerability in configuration modification permissions validation ...)
+	TODO: check
+CVE-2017-6784 (A vulnerability in the web interface of the Cisco RV340, RV345, and ...)
+	TODO: check
+CVE-2017-6783 (A vulnerability in SNMP polling for the Cisco Web Security Appliance ...)
+	TODO: check
+CVE-2017-6782 (A vulnerability in the administrative web interface of Cisco Prime ...)
+	TODO: check
+CVE-2017-6781 (A vulnerability in the management of shell user accounts for Cisco ...)
+	TODO: check
 CVE-2017-6780
 	RESERVED
 CVE-2017-6779
 	RESERVED
-CVE-2017-6778
-	RESERVED
-CVE-2017-6777
-	RESERVED
-CVE-2017-6776
-	RESERVED
-CVE-2017-6775
-	RESERVED
-CVE-2017-6774
-	RESERVED
-CVE-2017-6773
-	RESERVED
-CVE-2017-6772
-	RESERVED
-CVE-2017-6771
-	RESERVED
+CVE-2017-6778 (A vulnerability in the Elastic Services Controller (ESC) web interface ...)
+	TODO: check
+CVE-2017-6777 (A vulnerability in the ConfD server of the Cisco Elastic Services ...)
+	TODO: check
+CVE-2017-6776 (A vulnerability in the web framework of Cisco Elastic Services ...)
+	TODO: check
+CVE-2017-6775 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated ...)
+	TODO: check
+CVE-2017-6774 (A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers ...)
+	TODO: check
+CVE-2017-6773 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated ...)
+	TODO: check
+CVE-2017-6772 (A vulnerability in Cisco Elastic Services Controller (ESC) could allow ...)
+	TODO: check
+CVE-2017-6771 (A vulnerability in the AutoVNF automation tool of the Cisco Ultra ...)
+	TODO: check
 CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6769 (A vulnerability in the web-based management interface of the Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2017-6768
-	RESERVED
-CVE-2017-6767
-	RESERVED
+CVE-2017-6768 (A vulnerability in the build procedure for certain executable system ...)
+	TODO: check
+CVE-2017-6767 (A vulnerability in Cisco Application Policy Infrastructure Controller ...)
+	TODO: check
 CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption and ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco Adaptive ...)
@@ -18073,8 +18124,8 @@
 	NOT-FOR-US: Cisco
 CVE-2017-6711 (A vulnerability in the Ultra Automation Service (UAS) of the Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2017-6710
-	RESERVED
+CVE-2017-6710 (A vulnerability in the Cisco Virtual Network Function (VNF) Element ...)
+	TODO: check
 CVE-2017-6709 (A vulnerability in the AutoVNF tool for the Cisco Ultra Services ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6708 (A vulnerability in the symbolic link (symlink) creation functionality ...)
@@ -168842,8 +168893,8 @@
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- webkit <not-affected> (chromium specific)
-CVE-2011-0469
-	RESERVED
+CVE-2011-0469 (Code injection in openSUSE when running some source services used in ...)
+	TODO: check
 CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and ...)
 	NOT-FOR-US: OpenSUSE aaa_base package
 CVE-2011-0467

More information about the Secure-testing-commits mailing list