[Secure-testing-commits] r55271 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Aug 30 21:10:17 UTC 2017
Author: sectracker
Date: 2017-08-30 21:10:17 +0000 (Wed, 30 Aug 2017)
New Revision: 55271
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-30 20:57:46 UTC (rev 55270)
+++ data/CVE/list 2017-08-30 21:10:17 UTC (rev 55271)
@@ -1,4 +1,512 @@
-CVE-2017-14032 [authentication bypass]
+CVE-2017-14034
+ RESERVED
+CVE-2017-14033
+ RESERVED
+CVE-2017-14031
+ RESERVED
+CVE-2017-14030
+ RESERVED
+CVE-2017-14029
+ RESERVED
+CVE-2017-14028
+ RESERVED
+CVE-2017-14027
+ RESERVED
+CVE-2017-14026
+ RESERVED
+CVE-2017-14025
+ RESERVED
+CVE-2017-14024
+ RESERVED
+CVE-2017-14023
+ RESERVED
+CVE-2017-14022
+ RESERVED
+CVE-2017-14021
+ RESERVED
+CVE-2017-14020
+ RESERVED
+CVE-2017-14019
+ RESERVED
+CVE-2017-14018
+ RESERVED
+CVE-2017-14017
+ RESERVED
+CVE-2017-14016
+ RESERVED
+CVE-2017-14015
+ RESERVED
+CVE-2017-14014
+ RESERVED
+CVE-2017-14013
+ RESERVED
+CVE-2017-14012
+ RESERVED
+CVE-2017-14011
+ RESERVED
+CVE-2017-14010
+ RESERVED
+CVE-2017-14009
+ RESERVED
+CVE-2017-14008
+ RESERVED
+CVE-2017-14007
+ RESERVED
+CVE-2017-14006
+ RESERVED
+CVE-2017-14005
+ RESERVED
+CVE-2017-14004
+ RESERVED
+CVE-2017-14003
+ RESERVED
+CVE-2017-14002
+ RESERVED
+CVE-2017-14001
+ RESERVED
+CVE-2017-14000
+ RESERVED
+CVE-2017-13999
+ RESERVED
+CVE-2017-13998
+ RESERVED
+CVE-2017-13997
+ RESERVED
+CVE-2017-13996
+ RESERVED
+CVE-2017-13995
+ RESERVED
+CVE-2017-13994
+ RESERVED
+CVE-2017-13993
+ RESERVED
+CVE-2017-13992
+ RESERVED
+CVE-2017-13991
+ RESERVED
+CVE-2017-13990
+ RESERVED
+CVE-2017-13989
+ RESERVED
+CVE-2017-13988
+ RESERVED
+CVE-2017-13987
+ RESERVED
+CVE-2017-13986
+ RESERVED
+CVE-2017-13985
+ RESERVED
+CVE-2017-13984
+ RESERVED
+CVE-2017-13983
+ RESERVED
+CVE-2017-13982
+ RESERVED
+CVE-2017-13981
+ RESERVED
+CVE-2017-13980
+ RESERVED
+CVE-2017-13979
+ RESERVED
+CVE-2017-13978
+ RESERVED
+CVE-2017-13977
+ RESERVED
+CVE-2017-13976
+ RESERVED
+CVE-2017-13975
+ RESERVED
+CVE-2017-13974
+ RESERVED
+CVE-2017-13973
+ RESERVED
+CVE-2017-13972
+ RESERVED
+CVE-2017-13971
+ RESERVED
+CVE-2017-13970
+ RESERVED
+CVE-2017-13969
+ RESERVED
+CVE-2017-13968
+ RESERVED
+CVE-2017-13967
+ RESERVED
+CVE-2017-13966
+ RESERVED
+CVE-2017-13965
+ RESERVED
+CVE-2017-13964
+ RESERVED
+CVE-2017-13963
+ RESERVED
+CVE-2017-13962
+ RESERVED
+CVE-2017-13961
+ RESERVED
+CVE-2017-13960
+ RESERVED
+CVE-2017-13959
+ RESERVED
+CVE-2017-13958
+ RESERVED
+CVE-2017-13957
+ RESERVED
+CVE-2017-13956
+ RESERVED
+CVE-2017-13955
+ RESERVED
+CVE-2017-13954
+ RESERVED
+CVE-2017-13953
+ RESERVED
+CVE-2017-13952
+ RESERVED
+CVE-2017-13951
+ RESERVED
+CVE-2017-13950
+ RESERVED
+CVE-2017-13949
+ RESERVED
+CVE-2017-13948
+ RESERVED
+CVE-2017-13947
+ RESERVED
+CVE-2017-13946
+ RESERVED
+CVE-2017-13945
+ RESERVED
+CVE-2017-13944
+ RESERVED
+CVE-2017-13943
+ RESERVED
+CVE-2017-13942
+ RESERVED
+CVE-2017-13941
+ RESERVED
+CVE-2017-13940
+ RESERVED
+CVE-2017-13939
+ RESERVED
+CVE-2017-13938
+ RESERVED
+CVE-2017-13937
+ RESERVED
+CVE-2017-13936
+ RESERVED
+CVE-2017-13935
+ RESERVED
+CVE-2017-13934
+ RESERVED
+CVE-2017-13933
+ RESERVED
+CVE-2017-13932
+ RESERVED
+CVE-2017-13931
+ RESERVED
+CVE-2017-13930
+ RESERVED
+CVE-2017-13929
+ RESERVED
+CVE-2017-13928
+ RESERVED
+CVE-2017-13927
+ RESERVED
+CVE-2017-13926
+ RESERVED
+CVE-2017-13925
+ RESERVED
+CVE-2017-13924
+ RESERVED
+CVE-2017-13923
+ RESERVED
+CVE-2017-13922
+ RESERVED
+CVE-2017-13921
+ RESERVED
+CVE-2017-13920
+ RESERVED
+CVE-2017-13919
+ RESERVED
+CVE-2017-13918
+ RESERVED
+CVE-2017-13917
+ RESERVED
+CVE-2017-13916
+ RESERVED
+CVE-2017-13915
+ RESERVED
+CVE-2017-13914
+ RESERVED
+CVE-2017-13913
+ RESERVED
+CVE-2017-13912
+ RESERVED
+CVE-2017-13911
+ RESERVED
+CVE-2017-13910
+ RESERVED
+CVE-2017-13909
+ RESERVED
+CVE-2017-13908
+ RESERVED
+CVE-2017-13907
+ RESERVED
+CVE-2017-13906
+ RESERVED
+CVE-2017-13905
+ RESERVED
+CVE-2017-13904
+ RESERVED
+CVE-2017-13903
+ RESERVED
+CVE-2017-13902
+ RESERVED
+CVE-2017-13901
+ RESERVED
+CVE-2017-13900
+ RESERVED
+CVE-2017-13899
+ RESERVED
+CVE-2017-13898
+ RESERVED
+CVE-2017-13897
+ RESERVED
+CVE-2017-13896
+ RESERVED
+CVE-2017-13895
+ RESERVED
+CVE-2017-13894
+ RESERVED
+CVE-2017-13893
+ RESERVED
+CVE-2017-13892
+ RESERVED
+CVE-2017-13891
+ RESERVED
+CVE-2017-13890
+ RESERVED
+CVE-2017-13889
+ RESERVED
+CVE-2017-13888
+ RESERVED
+CVE-2017-13887
+ RESERVED
+CVE-2017-13886
+ RESERVED
+CVE-2017-13885
+ RESERVED
+CVE-2017-13884
+ RESERVED
+CVE-2017-13883
+ RESERVED
+CVE-2017-13882
+ RESERVED
+CVE-2017-13881
+ RESERVED
+CVE-2017-13880
+ RESERVED
+CVE-2017-13879
+ RESERVED
+CVE-2017-13878
+ RESERVED
+CVE-2017-13877
+ RESERVED
+CVE-2017-13876
+ RESERVED
+CVE-2017-13875
+ RESERVED
+CVE-2017-13874
+ RESERVED
+CVE-2017-13873
+ RESERVED
+CVE-2017-13872
+ RESERVED
+CVE-2017-13871
+ RESERVED
+CVE-2017-13870
+ RESERVED
+CVE-2017-13869
+ RESERVED
+CVE-2017-13868
+ RESERVED
+CVE-2017-13867
+ RESERVED
+CVE-2017-13866
+ RESERVED
+CVE-2017-13865
+ RESERVED
+CVE-2017-13864
+ RESERVED
+CVE-2017-13863
+ RESERVED
+CVE-2017-13862
+ RESERVED
+CVE-2017-13861
+ RESERVED
+CVE-2017-13860
+ RESERVED
+CVE-2017-13859
+ RESERVED
+CVE-2017-13858
+ RESERVED
+CVE-2017-13857
+ RESERVED
+CVE-2017-13856
+ RESERVED
+CVE-2017-13855
+ RESERVED
+CVE-2017-13854
+ RESERVED
+CVE-2017-13853
+ RESERVED
+CVE-2017-13852
+ RESERVED
+CVE-2017-13851
+ RESERVED
+CVE-2017-13850
+ RESERVED
+CVE-2017-13849
+ RESERVED
+CVE-2017-13848
+ RESERVED
+CVE-2017-13847
+ RESERVED
+CVE-2017-13846
+ RESERVED
+CVE-2017-13845
+ RESERVED
+CVE-2017-13844
+ RESERVED
+CVE-2017-13843
+ RESERVED
+CVE-2017-13842
+ RESERVED
+CVE-2017-13841
+ RESERVED
+CVE-2017-13840
+ RESERVED
+CVE-2017-13839
+ RESERVED
+CVE-2017-13838
+ RESERVED
+CVE-2017-13837
+ RESERVED
+CVE-2017-13836
+ RESERVED
+CVE-2017-13835
+ RESERVED
+CVE-2017-13834
+ RESERVED
+CVE-2017-13833
+ RESERVED
+CVE-2017-13832
+ RESERVED
+CVE-2017-13831
+ RESERVED
+CVE-2017-13830
+ RESERVED
+CVE-2017-13829
+ RESERVED
+CVE-2017-13828
+ RESERVED
+CVE-2017-13827
+ RESERVED
+CVE-2017-13826
+ RESERVED
+CVE-2017-13825
+ RESERVED
+CVE-2017-13824
+ RESERVED
+CVE-2017-13823
+ RESERVED
+CVE-2017-13822
+ RESERVED
+CVE-2017-13821
+ RESERVED
+CVE-2017-13820
+ RESERVED
+CVE-2017-13819
+ RESERVED
+CVE-2017-13818
+ RESERVED
+CVE-2017-13817
+ RESERVED
+CVE-2017-13816
+ RESERVED
+CVE-2017-13815
+ RESERVED
+CVE-2017-13814
+ RESERVED
+CVE-2017-13813
+ RESERVED
+CVE-2017-13812
+ RESERVED
+CVE-2017-13811
+ RESERVED
+CVE-2017-13810
+ RESERVED
+CVE-2017-13809
+ RESERVED
+CVE-2017-13808
+ RESERVED
+CVE-2017-13807
+ RESERVED
+CVE-2017-13806
+ RESERVED
+CVE-2017-13805
+ RESERVED
+CVE-2017-13804
+ RESERVED
+CVE-2017-13803
+ RESERVED
+CVE-2017-13802
+ RESERVED
+CVE-2017-13801
+ RESERVED
+CVE-2017-13800
+ RESERVED
+CVE-2017-13799
+ RESERVED
+CVE-2017-13798
+ RESERVED
+CVE-2017-13797
+ RESERVED
+CVE-2017-13796
+ RESERVED
+CVE-2017-13795
+ RESERVED
+CVE-2017-13794
+ RESERVED
+CVE-2017-13793
+ RESERVED
+CVE-2017-13792
+ RESERVED
+CVE-2017-13791
+ RESERVED
+CVE-2017-13790
+ RESERVED
+CVE-2017-13789
+ RESERVED
+CVE-2017-13788
+ RESERVED
+CVE-2017-13787
+ RESERVED
+CVE-2017-13786
+ RESERVED
+CVE-2017-13785
+ RESERVED
+CVE-2017-13784
+ RESERVED
+CVE-2017-13783
+ RESERVED
+CVE-2017-13782
+ RESERVED
+CVE-2017-13781
+ RESERVED
+CVE-2017-13780 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory ...)
+ TODO: check
+CVE-2017-14032 (ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional ...)
- mbedtls 2.6.0-1 (bug #873557)
- polarssl <removed>
[jessie] - polarssl <not-affected> (Vulnerable code not present)
@@ -9,16 +517,16 @@
NOTE: https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
CVE-2017-13779
RESERVED
-CVE-2017-13778
- RESERVED
-CVE-2017-13777
- RESERVED
-CVE-2017-13776
- RESERVED
-CVE-2017-13775
- RESERVED
-CVE-2017-13774
- RESERVED
+CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...)
+ TODO: check
+CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
+ TODO: check
+CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
+ TODO: check
+CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() ...)
+ TODO: check
+CVE-2017-13774 (Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to ...)
+ TODO: check
CVE-2017-13773
RESERVED
CVE-2017-13772
@@ -27,31 +535,27 @@
RESERVED
CVE-2017-13770
RESERVED
-CVE-2017-13769
- RESERVED
-CVE-2017-13768
- RESERVED
-CVE-2017-13767 [wnpa-sec-2017-38: MSDP dissector infinite loop]
- RESERVED
+CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...)
+ TODO: check
+CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in ...)
+ TODO: check
+CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html
-CVE-2017-13766 [wnpa-sec-2017-39: Profinet I/O buffer overrun]
- RESERVED
+CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-39.html
-CVE-2017-13765 [wnpa-sec-2017-41: IrCOMM dissector buffer overrun]
- RESERVED
+CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94666d4357096fc45e3bcad3d9414a14f0831bc8
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html
-CVE-2017-13764 [wnpa-sec-2017-40: Modbus dissector crash]
- RESERVED
+CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a NULL ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94
@@ -80,14 +584,14 @@
NOTE: https://github.com/sleuthkit/sleuthkit/issues/913
CVE-2017-13754
RESERVED
-CVE-2016-10507
- RESERVED
-CVE-2016-10506
- RESERVED
-CVE-2016-10505
- RESERVED
-CVE-2016-10504
- RESERVED
+CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in ...)
+ TODO: check
+CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, ...)
+ TODO: check
+CVE-2016-10505 (NULL pointer dereference vulnerabilities in the imagetopnm function in ...)
+ TODO: check
+CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout ...)
+ TODO: check
CVE-2017-13753
REJECTED
CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize() ...)
@@ -1994,6 +2498,7 @@
NOTE: Fixed in 7.1.7, 7.0.21
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74101
CVE-2017-12933 (The finish_nested_data function in ext/standard/var_unserializer.re in ...)
+ {DLA-1076-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
- php5 <removed>
@@ -2644,7 +3149,7 @@
CVE-2017-12866
RESERVED
CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and ...)
- {DSA-3956-1}
+ {DSA-3956-1 DLA-1078-1}
- connman 1.35-1 (bug #872844)
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
@@ -3023,10 +3528,10 @@
RESERVED
CVE-2017-12736
RESERVED
-CVE-2017-12735
- RESERVED
-CVE-2017-12734
- RESERVED
+CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An ...)
+ TODO: check
+CVE-2017-12734 (A vulnerability has been identified in Siemens LOGO! devices before ...)
+ TODO: check
CVE-2017-12733
RESERVED
CVE-2017-12732
@@ -3059,46 +3564,46 @@
RESERVED
CVE-2017-12718
RESERVED
-CVE-2017-12717
- RESERVED
+CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...)
+ TODO: check
CVE-2017-12716
RESERVED
CVE-2017-12715
RESERVED
CVE-2017-12714
RESERVED
-CVE-2017-12713
- RESERVED
+CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource issue was ...)
+ TODO: check
CVE-2017-12712
RESERVED
-CVE-2017-12711
- RESERVED
-CVE-2017-12710
- RESERVED
+CVE-2017-12711 (An Incorrect Privilege Assignment issue was discovered in Advantech ...)
+ TODO: check
+CVE-2017-12710 (A SQL Injection issue was discovered in Advantech WebAccess versions ...)
+ TODO: check
CVE-2017-12709 (A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN ...)
NOT-FOR-US: Westermo devices
-CVE-2017-12708
- RESERVED
+CVE-2017-12708 (An Improper Restriction Of Operations Within The Bounds Of A Memory ...)
+ TODO: check
CVE-2017-12707 (A Stack-based Buffer Overflow issue was discovered in SpiderControl ...)
NOT-FOR-US: SpiderControl SCADA MicroBrowser
-CVE-2017-12706
- RESERVED
+CVE-2017-12706 (A stack-based buffer overflow issue was discovered in Advantech ...)
+ TODO: check
CVE-2017-12705
RESERVED
-CVE-2017-12704
- RESERVED
+CVE-2017-12704 (A heap-based buffer overflow issue was discovered in Advantech ...)
+ TODO: check
CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo ...)
NOT-FOR-US: Westermo
-CVE-2017-12702
- RESERVED
+CVE-2017-12702 (An Externally Controlled Format String issue was discovered in ...)
+ TODO: check
CVE-2017-12701
RESERVED
CVE-2017-12700
RESERVED
CVE-2017-12699
RESERVED
-CVE-2017-12698
- RESERVED
+CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...)
+ TODO: check
CVE-2017-12697
RESERVED
CVE-2017-12696
@@ -4588,8 +5093,8 @@
RESERVED
CVE-2017-12070
RESERVED
-CVE-2017-12069
- RESERVED
+CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET ...)
+ TODO: check
CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...)
@@ -7072,8 +7577,8 @@
NOT-FOR-US: Installer in Synology Photo Station Uploader
CVE-2017-11158
RESERVED
-CVE-2017-11157
- RESERVED
+CVE-2017-11157 (Multiple untrusted search path vulnerabilities in installer in ...)
+ TODO: check
CVE-2017-11156 (Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before ...)
NOT-FOR-US: Synology Download Station
CVE-2017-11155 (An information exposure vulnerability in index.php in Synology Photo ...)
@@ -8266,6 +8771,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141
NOTE: Fixed by: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
CVE-2017-10789 (The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 ...)
+ {DLA-1079-1}
- libdbd-mysql-perl <unfixed> (bug #866821)
[stretch] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
@@ -8275,6 +8781,7 @@
NOTE: https://www.nntp.perl.org/group/perl.dbi.dev/2017/08/msg8037.html
NOTE: No upstream-blessed patch available.
CVE-2017-10788 (The DBD::mysql module through 4.043 for Perl allows remote attackers to ...)
+ {DLA-1079-1}
- libdbd-mysql-perl <unfixed> (bug #866818)
[stretch] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
@@ -8875,8 +9382,8 @@
RESERVED
CVE-2017-9946
RESERVED
-CVE-2017-9945
- RESERVED
+CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All ...)
+ TODO: check
CVE-2017-9944
RESERVED
CVE-2017-9943
@@ -12487,22 +12994,27 @@
[jessie] - soundtouch <no-dsa> (Minor issue)
[wheezy] - soundtouch <no-dsa> (Minor issue)
CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9256 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9255 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9254 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9253 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
@@ -12625,26 +13137,32 @@
NOTE: https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
NOTE: https://github.com/kkos/oniguruma/issues/57
CVE-2017-9223 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9222 (The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9221 (The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9220 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9219 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9218 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ...)
+ {DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
[jessie] - faad2 <no-dsa> (Minor issue)
@@ -29081,7 +29599,7 @@
RESERVED
CVE-2017-3736
RESERVED
-CVE-2017-3735 (While parsing an IPAdressFamily extension in an X.509 certificate, it ...)
+CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...)
- openssl <unfixed>
[stretch] - openssl <postponed> (Can be fixed with the next openssl security release)
[jessie] - openssl <postponed> (Can be fixed with the next openssl security release)
@@ -31153,8 +31671,7 @@
RESERVED
CVE-2017-3164
RESERVED
-CVE-2017-3163 [ReplicationHandler path traversal vulnerability]
- RESERVED
+CVE-2017-3163 (When using the Index Replication feature, Apache Solr nodes can pull ...)
{DLA-1046-1}
- lucene-solr <unfixed> (bug #867712)
[stretch] - lucene-solr <no-dsa> (Minor issue)
@@ -47360,8 +47877,8 @@
NOTE: http://svn.apache.org/r1758791 (2.4.x)
NOTE: http://svn.apache.org/r1758771 (2.6.x)
NOTE: http://svn.apache.org/r1758764 (2.8.x)
-CVE-2016-6800
- RESERVED
+CVE-2016-6800 (The default configuration of the OFBiz framework offers a blog ...)
+ TODO: check
CVE-2016-6799 (Product: Apache Cordova Android 5.2.2 and earlier. The application ...)
NOT-FOR-US: Apache Cordova
CVE-2016-6798 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
@@ -54084,8 +54601,7 @@
CVE-2016-5002
RESERVED
NOT-FOR-US: Apache Archiva
-CVE-2016-5001
- RESERVED
+CVE-2016-5001 (This is an information disclosure vulnerability in Apache Hadoop ...)
- hadoop <itp> (bug #793644)
CVE-2016-5000 (The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...)
- libapache-poi-java <unfixed> (unimportant)
@@ -55801,8 +56317,8 @@
{DSA-3610-1 DLA-535-1}
- xerces-c 3.1.3+debian-2.1 (bug #828990)
NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
-CVE-2016-4462
- RESERVED
+CVE-2016-4462 (By manipulating the URL parameter externalLoginKey, a malicious, ...)
+ TODO: check
CVE-2016-4461
RESERVED
CVE-2016-4460 (Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass ...)
@@ -58838,7 +59354,7 @@
NOT-FOR-US: Zimbra
CVE-2016-3401 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
NOT-FOR-US: Zimbra
-CVE-2016-3400 (NetApp Data ONTAP, when operating in 7-Mode 8.1 and 8.2, allows ...)
+CVE-2016-3400 (NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows ...)
NOT-FOR-US: NetApp Data ONTAP
CVE-2016-3399
RESERVED
More information about the Secure-testing-commits
mailing list