[Secure-testing-commits] r54896 - data/CVE

Sat Aug 19 21:10:14 UTC 2017

Author: sectracker
Date: 2017-08-19 21:10:14 +0000 (Sat, 19 Aug 2017)
New Revision: 54896

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-08-19 17:57:11 UTC (rev 54895)
+++ data/CVE/list	2017-08-19 21:10:14 UTC (rev 54896)
@@ -1,3 +1,11 @@
+CVE-2017-12968
+	RESERVED
+CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) ...)
+	TODO: check
+CVE-2017-12966
+	RESERVED
+CVE-2017-12965
+	RESERVED
 CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...)
 	- libsass <unfixed>
 	[stretch] - libsass <no-dsa> (Minor issue)
@@ -162,7 +170,7 @@
 	RESERVED
 CVE-2017-12904 [RCE in newbeuter when bookmarking malicious article]
 	RESERVED
-	{DSA-3947-1}
+	{DSA-3947-1 DLA-1061-1}
 	- newsbeuter 2.9-6
 	NOTE: https://github.com/akrennmair/newsbeuter/issues/591
 	NOTE: https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
@@ -3467,7 +3475,7 @@
 	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e
 CVE-2017-11721 (Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers ...)
-	{DSA-3941-1}
+	{DSA-3948-1 DSA-3941-1}
 	- ioquake3 1.36+u20170803+dfsg1-1 (bug #870725)
 	[wheezy] - ioquake3 <end-of-life> (games are not supported in Wheezy)
 	NOTE: https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1
@@ -4714,8 +4722,8 @@
 	NOT-FOR-US: Tilde CMS
 CVE-2017-11324 (An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of ...)
 	NOT-FOR-US: Tilde CMS
-CVE-2017-11323
-	RESERVED
+CVE-2017-11323 (Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows ...)
+	TODO: check
 CVE-2017-11322
 	RESERVED
 CVE-2017-11321
@@ -6625,18 +6633,15 @@
 	[wheezy] - qemu-kvm <not-affected> (qemu-nbd shipped from qemu package)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
 	NOTE: Fixed by (master): http://git.qemu.org/?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
-CVE-2017-10663 [f2fs: sanity check checkpoint segno and blkoff]
-	RESERVED
+CVE-2017-10663 (The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel ...)
 	- linux 4.12.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/15d3042a937c13f5d9244241c7a9c8416ff6e82a (v4.13-rc1)
-CVE-2017-10662 [f2fs: sanity check segment count]
-	RESERVED
+CVE-2017-10662 (The sanity_check_raw_super function in fs/f2fs/super.c in the Linux ...)
 	- linux 4.9.30-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/b9dd46188edc2f0d1f37328637860bb65a771124 (v4.12-rc1)
-CVE-2017-10661 [timerfd: Protect the might cancel mechanism proper]
-	RESERVED
+CVE-2017-10661 (Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 ...)
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/1e38da300e1e395a15048b0af1e5305bd91402f6 (v4.11-rc1)
 CVE-2017-10660
@@ -16316,6 +16321,7 @@
 	NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c
 CVE-2017-7376 [Incorrect limit used for port values]
 	RESERVED
+	{DLA-1060-1}
 	- libxml2 <unfixed> (bug #870865)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
 	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
@@ -34929,6 +34935,7 @@
 CVE-2017-0664 (A elevation of privilege vulnerability in the Android framework. ...)
 	NOT-FOR-US: Android
 CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable an ...)
+	{DLA-1060-1}
 	- libxml2 <unfixed> (bug #870870)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
 	NOTE: https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc


