[Secure-testing-commits] r58166 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Dec 1 09:10:17 UTC 2017
Author: sectracker
Date: 2017-12-01 09:10:17 +0000 (Fri, 01 Dec 2017)
New Revision: 58166
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-01 07:38:45 UTC (rev 58165)
+++ data/CVE/list 2017-12-01 09:10:17 UTC (rev 58166)
@@ -1,3 +1,21 @@
+CVE-2017-17088
+ RESERVED
+CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...)
+ TODO: check
+CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "</script>" substring in an ...)
+ TODO: check
+CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety ...)
+ TODO: check
+CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA ...)
+ TODO: check
+CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...)
+ TODO: check
+CVE-2017-17082
+ RESERVED
+CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...)
+ TODO: check
+CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
+ TODO: check
CVE-2018-0740
RESERVED
CVE-2018-0739
@@ -1793,10 +1811,9 @@
RESERVED
CVE-2017-16885
RESERVED
-CVE-2017-1000406
+CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
NOT-FOR-US: OpenDayLight
-CVE-2017-1000405 ["Dirty COW" variant on transparent huge pages]
- RESERVED
+CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use ...)
- linux 4.14.2-1
NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
@@ -5609,6 +5626,7 @@
[jessie] - musl <no-dsa> (Minor issue)
NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...)
+ {DLA-1197-1}
- sox 14.4.2-2 (bug #882144)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
@@ -5689,8 +5707,8 @@
NOT-FOR-US: Octopus Deploy
CVE-2017-15608
RESERVED
-CVE-2017-15607
- RESERVED
+CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based ...)
+ TODO: check
CVE-2017-15606
RESERVED
CVE-2017-15605
@@ -6274,6 +6292,7 @@
CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to ...)
NOT-FOR-US: E-Sic
CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
+ {DLA-1197-1}
- sox 14.4.2-2 (bug #878808)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
@@ -18354,19 +18373,17 @@
RESERVED
CVE-2017-11287
RESERVED
-CVE-2017-11286
- RESERVED
-CVE-2017-11285
- RESERVED
-CVE-2017-11284
- RESERVED
-CVE-2017-11283
- RESERVED
-CVE-2017-11282
- RESERVED
+CVE-2017-11286 (Adobe ColdFusion has an XML external entity (XXE) injection ...)
+ TODO: check
+CVE-2017-11285 (Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This ...)
+ TODO: check
+CVE-2017-11284 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...)
+ TODO: check
+CVE-2017-11283 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...)
+ TODO: check
+CVE-2017-11282 (Adobe Flash Player has an exploitable memory corruption vulnerability ...)
NOT-FOR-US: Adobe
-CVE-2017-11281
- RESERVED
+CVE-2017-11281 (Adobe Flash Player has an exploitable memory corruption vulnerability ...)
NOT-FOR-US: Adobe
CVE-2017-11280 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory ...)
NOT-FOR-US: Adobe
@@ -43632,10 +43649,10 @@
NOT-FOR-US: Adobe
CVE-2017-3106 (Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2017-3105
- RESERVED
-CVE-2017-3104
- RESERVED
+CVE-2017-3105 (Adobe RoboHelp has an Open Redirect vulnerability. This affects ...)
+ TODO: check
+CVE-2017-3104 (Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This ...)
+ TODO: check
CVE-2017-3103 (Adobe Connect versions 9.6.1 and earlier have a stored cross-site ...)
NOT-FOR-US: Adobe Connect
CVE-2017-3102 (Adobe Connect versions 9.6.1 and earlier have a reflected cross-site ...)
More information about the Secure-testing-commits
mailing list