[Secure-testing-commits] r55183 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Aug 29 09:10:17 UTC 2017 

Author: sectracker
Date: 2017-08-29 09:10:17 +0000 (Tue, 29 Aug 2017)
New Revision: 55183

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-29 07:44:51 UTC (rev 55182)
+++ data/CVE/list	2017-08-29 09:10:17 UTC (rev 55183)
@@ -1,3 +1,81 @@
+CVE-2017-13753 (There is a reachable assertion abort in the function JPC_NOMINALGAIN() ...)
+	TODO: check
+CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize() ...)
+	TODO: check
+CVE-2017-13751 (There is a reachable assertion abort in the function calcstepsizes() in ...)
+	TODO: check
+CVE-2017-13750 (There is a reachable assertion abort in the function ...)
+	TODO: check
+CVE-2017-13749 (There is a reachable assertion abort in the function jpc_pi_nextrpcl() ...)
+	TODO: check
+CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in the ...)
+	TODO: check
+CVE-2017-13747 (There is a reachable assertion abort in the function jpc_floorlog2() in ...)
+	TODO: check
+CVE-2017-13746 (There is a reachable assertion abort in the function ...)
+	TODO: check
+CVE-2017-13745 (There is a reachable assertion abort in the function ...)
+	TODO: check
+CVE-2017-13744 (There is an illegal address access in the function _lou_getALine() in ...)
+	TODO: check
+CVE-2017-13743 (There is a buffer overflow in Liblouis 3.2.0, triggered in the function ...)
+	TODO: check
+CVE-2017-13742 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...)
+	TODO: check
+CVE-2017-13741 (There is a use-after-free in the function compileBrailleIndicator() in ...)
+	TODO: check
+CVE-2017-13740 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...)
+	TODO: check
+CVE-2017-13739 (There is a heap-based buffer overflow that causes a more than two ...)
+	TODO: check
+CVE-2017-13738 (There is an illegal address access in the _lou_getALine function in ...)
+	TODO: check
+CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...)
+	TODO: check
+CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in ...)
+	TODO: check
+CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw function ...)
+	TODO: check
+CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat function in ...)
+	TODO: check
+CVE-2017-13733 (There is an illegal address access in the fmt_entry function in ...)
+	TODO: check
+CVE-2017-13732 (There is an illegal address access in the function dump_uses() in ...)
+	TODO: check
+CVE-2017-13731 (There is an illegal address access in the function ...)
+	TODO: check
+CVE-2017-13730 (There is an illegal address access in the function ...)
+	TODO: check
+CVE-2017-13729 (There is an illegal address access in the _nc_save_str function in ...)
+	TODO: check
+CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan.c in ...)
+	TODO: check
+CVE-2017-13727 (There is a reachable assertion abort in the function ...)
+	TODO: check
+CVE-2017-13726 (There is a reachable assertion abort in the function ...)
+	TODO: check
+CVE-2017-13725
+	RESERVED
+CVE-2017-13724
+	RESERVED
+CVE-2017-13723
+	RESERVED
+CVE-2017-13722
+	RESERVED
+CVE-2017-13721
+	RESERVED
+CVE-2017-13720
+	RESERVED
+CVE-2017-13719
+	RESERVED
+CVE-2017-13718
+	RESERVED
+CVE-2017-13717
+	RESERVED
+CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as ...)
+	TODO: check
+CVE-2016-10503
+	RESERVED
 CVE-2017-13715 (The __skb_flow_dissect function in net/core/flow_dissector.c in the ...)
 	- linux 4.3.1-1
 	NOTE: Fixed by: https://git.kernel.org/linus/a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0 (4.3-rc1)
@@ -98,8 +176,8 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205
 CVE-2016-1000245
 	RESERVED
-CVE-2017-13685
-	RESERVED
+CVE-2017-13685 (The dump_callback function in SQLite 3.20.0 allows remote attackers to ...)
+	TODO: check
 CVE-2017-13684
 	RESERVED
 CVE-2017-13683
@@ -2644,6 +2722,7 @@
 	- git 1:2.14.1-1
 	NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
 CVE-2017-1000116 [command injection on clients through malicious ssh URLs]
+	{DLA-1072-1}
 	- mercurial 4.3.1-1 (bug #871710)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
 	NOTE: 11 patches need to be applied, the following are for 4.2:
@@ -2661,6 +2740,7 @@
 	NOTE: 3.7 and 4.1 backports also available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7
 	NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1
 CVE-2017-1000115 [path traversal via symlink]
+	{DLA-1072-1}
 	- mercurial 4.3.1-1 (bug #871709)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/47ea28293d30 (test)
@@ -5611,22 +5691,22 @@
 CVE-2017-11578
 	RESERVED
 CVE-2017-11577 (FontForge 20161012 is vulnerable to a buffer over-read in getsid ...)
-	{DLA-1065-1}
+	{DSA-3958-1 DLA-1065-1}
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3088
 	NOTE: https://github.com/fontforge/fontforge/commit/3245d354865def9d712bdffe61fa211ad6aa4081
 CVE-2017-11576 (FontForge 20161012 does not ensure a positive size in a weight vector ...)
-	{DLA-1065-1}
+	{DSA-3958-1 DLA-1065-1}
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3091
 	NOTE: https://github.com/fontforge/fontforge/commit/df349365630344ef3004a3c7934c7e7496692fb1
 CVE-2017-11575 (FontForge 20161012 is vulnerable to a buffer over-read in strnmatch ...)
-	{DLA-1065-1}
+	{DSA-3958-1 DLA-1065-1}
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3096
 	NOTE: https://github.com/fontforge/fontforge/commit/4de0c58a01e5e30610c200e9aea98bc7db12c7ac
 CVE-2017-11574 (FontForge 20161012 is vulnerable to a heap-based buffer overflow in ...)
-	{DLA-1065-1}
+	{DSA-3958-1 DLA-1065-1}
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3090
 	NOTE: https://github.com/fontforge/fontforge/commit/62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3
@@ -5634,11 +5714,11 @@
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3098
 CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
-	{DLA-1065-1}
+	{DSA-3958-1 DLA-1065-1}
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3092
 CVE-2017-11571 (FontForge 20161012 is vulnerable to a stack-based buffer overflow in ...)
-	{DLA-1065-1}
+	{DSA-3958-1 DLA-1065-1}
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3087
 	NOTE: https://github.com/fontforge/fontforge/commit/5a0c6522682b0788fc478dd159dd6168cb5fa38b
@@ -5646,12 +5726,12 @@
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3097
 CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
-	{DLA-1065-1}
+	{DSA-3958-1 DLA-1065-1}
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3093
 	NOTE: https://github.com/fontforge/fontforge/commit/7bfec47910293bf149b8debe44c6f3f788506092
 CVE-2017-11568 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
-	{DLA-1065-1}
+	{DSA-3958-1 DLA-1065-1}
 	- fontforge <unfixed> (bug #869614)
 	NOTE: https://github.com/fontforge/fontforge/issues/3089
 CVE-2017-11567
@@ -9736,7 +9816,7 @@
 CVE-2017-10244 (Vulnerability in the Oracle Application Object Library component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10243 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -9855,7 +9935,7 @@
 CVE-2017-10199 (Vulnerability in the Oracle iLearning component of Oracle iLearning ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10198 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -9869,7 +9949,7 @@
 CVE-2017-10194
 	RESERVED
 CVE-2017-10193 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -9909,7 +9989,7 @@
 CVE-2017-10177 (Vulnerability in the Oracle Application Object Library component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10176 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10011,7 +10091,7 @@
 CVE-2017-10136 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10135 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10054,21 +10134,21 @@
 CVE-2017-10119 (Vulnerability in the Oracle Service Bus component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10118 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
 CVE-2017-10117 (Vulnerability in the Java Advanced Management Console component of ...)
 	NOT-FOR-US: Java Advanced Management Console
 CVE-2017-10116 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10115 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10085,28 +10165,28 @@
 	{DSA-3919-1}
 	- openjdk-8 8u141-b15-1
 CVE-2017-10110 (Vulnerability in the Java SE component of Oracle Java SE ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10109 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10108 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10107 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10123,14 +10203,14 @@
 CVE-2017-10103 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10102 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <unfixed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10101 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10145,7 +10225,7 @@
 CVE-2017-10097 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10096 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10162,12 +10242,12 @@
 CVE-2017-10091 (Vulnerability in the Enterprise Manager Base Platform component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10090 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
 CVE-2017-10089 (Vulnerability in the Java SE component of Oracle Java SE ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10176,7 +10256,7 @@
 CVE-2017-10088 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10087 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10194,7 +10274,7 @@
 CVE-2017-10082 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10081 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10214,7 +10294,7 @@
 CVE-2017-10075 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10074 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10233,7 +10313,7 @@
 CVE-2017-10068
 	RESERVED
 CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -10266,7 +10346,7 @@
 CVE-2017-10054
 	RESERVED
 CVE-2017-10053 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3954-1 DSA-3919-1}
+	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
 	- openjdk-8 8u141-b15-1
 	[experimental] - openjdk-7 7u151-2.6.11-1
 	- openjdk-7 <removed>
@@ -70310,8 +70390,8 @@
 	RESERVED
 CVE-2015-8333 (The Operation and Maintenance Unit (OMU) in Huawei VCN500 with ...)
 	NOT-FOR-US: Huawei
-CVE-2015-8332
-	RESERVED
+CVE-2015-8332 (Huawei Video Content Management (VCM) before V100R001C10SPC001 does ...)
+	TODO: check
 CVE-2015-8331 (The Operation and Maintenance Unit (OMU) in Huawei VCN500 with ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8330 (The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers ...)
@@ -70459,8 +70539,8 @@
 	NOTE: https://bugs.launchpad.net/lightdm/+bug/15168
 	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.14/revision/2166 (1.14.x)
 	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.16/revision/2207 (1.16.x)
-CVE-2015-8300
-	RESERVED
+CVE-2015-8300 (Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: ...)
+	TODO: check
 CVE-2015-8299
 	RESERVED
 CVE-2015-8298

More information about the Secure-testing-commits mailing list