[Secure-testing-commits] r55133 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun Aug 27 21:10:16 UTC 2017 

Author: sectracker
Date: 2017-08-27 21:10:16 +0000 (Sun, 27 Aug 2017)
New Revision: 55133

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-27 18:32:55 UTC (rev 55132)
+++ data/CVE/list	2017-08-27 21:10:16 UTC (rev 55133)
@@ -1,4 +1,12 @@
-CVE-2017-13709 [Incorrect access control in FlightGear]
+CVE-2017-13710 (The setup_group function in elf.c in the Binary File Descriptor (BFD) ...)
+	TODO: check
+CVE-2017-13708
+	RESERVED
+CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version ...)
+	TODO: check
+CVE-2017-13706
+	RESERVED
+CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...)
 	- flightgear <unfixed> (bug #873439)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
 CVE-2017-13705
@@ -2603,7 +2611,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7
 	NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
 CVE-2017-1000117
-	{DSA-3934-1}
+	{DSA-3934-1 DLA-1068-1}
 	- git 1:2.14.1-1
 	NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
 CVE-2017-1000116 [command injection on clients through malicious ssh URLs]
@@ -3059,8 +3067,8 @@
 CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
 	- openexr <unfixed>
 	NOTE: https://github.com/openexr/openexr/issues/238
-CVE-2017-12595
-	RESERVED
+CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and ...)
+	TODO: check
 CVE-2017-12594
 	RESERVED
 CVE-2017-12593 (ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. ...)
@@ -4983,6 +4991,7 @@
 	[wheezy] - tinyproxy <no-dsa> (Minor issue)
 	NOTE: https://github.com/tinyproxy/tinyproxy/issues/106
 CVE-2017-11746 (Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a ...)
+	{DLA-1069-1}
 	- tenshi <unfixed> (bug #871321)
 	[stretch] - tenshi <no-dsa> (Minor issue)
 	NOTE: https://github.com/inversepath/tenshi/issues/6

More information about the Secure-testing-commits mailing list