[Secure-testing-commits] r58277 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Dec 5 21:10:17 UTC 2017
Author: sectracker
Date: 2017-12-05 21:10:17 +0000 (Tue, 05 Dec 2017)
New Revision: 58277
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-05 21:08:45 UTC (rev 58276)
+++ data/CVE/list 2017-12-05 21:10:17 UTC (rev 58277)
@@ -1,3 +1,17 @@
+CVE-2017-17430
+ RESERVED
+CVE-2017-17429
+ RESERVED
+CVE-2017-17428
+ RESERVED
+CVE-2017-17427
+ RESERVED
+CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.26 ...)
+ TODO: check
+CVE-2017-1000409
+ RESERVED
+CVE-2017-1000408
+ RESERVED
CVE-2017-XXXX [OPENAFS-SA-2017-001: Rx assertion failure from insufficient input validation]
- openafs 1.6.22-1 (bug #883602)
NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
@@ -1689,8 +1703,8 @@
RESERVED
CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...)
NOT-FOR-US: Splunk Web
-CVE-2017-17066
- RESERVED
+CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the ...)
+ TODO: check
CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...)
NOT-FOR-US: D-Link
CVE-2017-17064
@@ -3335,10 +3349,10 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956
NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050
-CVE-2017-16930
- RESERVED
-CVE-2017-16929
- RESERVED
+CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 10.1 ...)
+ TODO: check
+CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...)
+ TODO: check
CVE-2017-16928
RESERVED
CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
@@ -3446,6 +3460,7 @@
CVE-2017-16885
RESERVED
CVE-2017-1000407 [DoS via write flood to I/O port 0x80]
+ RESERVED
- linux <unfixed>
NOTE: https://www.spinics.net/lists/kvm/msg159809.html
CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
@@ -3623,9 +3638,9 @@
- pjproject 2.7.1~dfsg-1
NOTE: https://trac.pjsip.org/repos/ticket/2056
NOTE: https://trac.pjsip.org/repos/changeset/5682
-CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...)
+CVE-2017-16871 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...)
NOT-FOR-US: UpdraftPlus plugin for WordPress
-CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...)
+CVE-2017-16870 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...)
NOT-FOR-US: UpdraftPlus plugin for WordPress
CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...)
- upx-ucl <unfixed> (bug #882041; unimportant)
@@ -3942,10 +3957,10 @@
RESERVED
CVE-2017-16858
RESERVED
-CVE-2017-16857
- RESERVED
-CVE-2017-16856
- RESERVED
+CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...)
+ TODO: check
+CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...)
+ TODO: check
CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...)
- ipsilon <itp> (bug #826838)
CVE-2017-16854
@@ -5513,7 +5528,7 @@
RESERVED
CVE-2017-16240
RESERVED
-CVE-2017-17051 [Regression introduced with the fix for OSSA-2017-005 (CVE-2017-16239)]
+CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack ...)
- nova <unfixed> (bug #883621)
[stretch] - nova <not-affected> (Fix for CVE-2017-16239 not applied and not affecting 14.x.y)
[jessie] - nova <not-affected> (Vulnerable code not present)
@@ -6873,8 +6888,8 @@
RESERVED
CVE-2017-15814
RESERVED
-CVE-2017-15813
- RESERVED
+CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the ...)
@@ -9458,16 +9473,16 @@
- nodejs <unfixed> (unimportant)
NOTE: Debian doesn't use zlib 1.2.9 yet
NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
-CVE-2017-14918
- RESERVED
-CVE-2017-14917
- RESERVED
-CVE-2017-14916
- RESERVED
+CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-14915
RESERVED
-CVE-2017-14914
- RESERVED
+CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-14913
RESERVED
CVE-2017-14912
@@ -9476,36 +9491,36 @@
RESERVED
CVE-2017-14910
RESERVED
-CVE-2017-14909
- RESERVED
-CVE-2017-14908
- RESERVED
-CVE-2017-14907
- RESERVED
+CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-14906
RESERVED
-CVE-2017-14905
- RESERVED
-CVE-2017-14904
- RESERVED
-CVE-2017-14903
- RESERVED
-CVE-2017-14902
- RESERVED
-CVE-2017-14901
- RESERVED
-CVE-2017-14900
- RESERVED
-CVE-2017-14899
- RESERVED
-CVE-2017-14898
- RESERVED
-CVE-2017-14897
- RESERVED
-CVE-2017-14896
- RESERVED
-CVE-2017-14895
- RESERVED
+CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14899 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-14894
RESERVED
CVE-2017-14893
@@ -20871,22 +20886,22 @@
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11049
- RESERVED
+CVE-2017-11049 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11047
- RESERVED
+CVE-2017-11047 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11045
- RESERVED
-CVE-2017-11044
- RESERVED
-CVE-2017-11043
- RESERVED
-CVE-2017-11042
- RESERVED
+CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-11044 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-11043 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-11042 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11041 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11040 (In all Qualcomm products with Android releases from CAF using the ...)
@@ -20903,14 +20918,14 @@
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11034
RESERVED
-CVE-2017-11033
- RESERVED
+CVE-2017-11033 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11031
- RESERVED
-CVE-2017-11030
- RESERVED
+CVE-2017-11031 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-11030 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -20931,14 +20946,14 @@
RESERVED
CVE-2017-11020
RESERVED
-CVE-2017-11019
- RESERVED
+CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11016
- RESERVED
+CVE-2017-11016 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11015 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11014 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -20955,12 +20970,12 @@
RESERVED
CVE-2017-11008
RESERVED
-CVE-2017-11007
- RESERVED
-CVE-2017-11006
- RESERVED
-CVE-2017-11005
- RESERVED
+CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11004
RESERVED
CVE-2017-11003
@@ -24579,20 +24594,20 @@
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9723
RESERVED
-CVE-2017-9722
- RESERVED
+CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-9721 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Android boot loader (aboot)
CVE-2017-9720 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9719 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9718
- RESERVED
+CVE-2017-9718 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9716
- RESERVED
+CVE-2017-9716 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -24603,12 +24618,12 @@
RESERVED
CVE-2017-9711
RESERVED
-CVE-2017-9710
- RESERVED
-CVE-2017-9709
- RESERVED
-CVE-2017-9708
- RESERVED
+CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
+CVE-2017-9708 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-9707
RESERVED
CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -24617,18 +24632,18 @@
RESERVED
CVE-2017-9704
RESERVED
-CVE-2017-9703
- RESERVED
+CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9701 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9700
- RESERVED
+CVE-2017-9700 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-9699
RESERVED
-CVE-2017-9698
- RESERVED
+CVE-2017-9698 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -27456,8 +27471,7 @@
[wheezy] - libetpan <no-dsa> (Minor issue)
NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
NOTE: https://github.com/dinhviethoa/libetpan/issues/274
-CVE-2017-8824 [use-after-free in DCCP code]
- RESERVED
+CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel ...)
- linux <unfixed>
NOTE: http://lists.openwall.net/netdev/2017/12/04/224
CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...)
@@ -35848,8 +35862,8 @@
RESERVED
CVE-2017-6212
REJECTED
-CVE-2017-6211
- RESERVED
+CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel ...)
{DSA-3804-1 DLA-849-1}
- linux 4.9.13-1
@@ -80477,26 +80491,22 @@
RESERVED
CVE-2015-8699 (Multiple cross-site scripting (XSS) vulnerabilities in CA Release ...)
NOT-FOR-US: CA Release Automation
-CVE-2016-1255 [privilege escalation from postgresql user to root]
- RESERVED
+CVE-2016-1255 (The pg_ctlcluster script in postgresql-common package in Debian wheezy ...)
{DLA-774-1}
- postgresql-common 178
[jessie] - postgresql-common 165+deb8u2
NOTE: Fix: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee
NOTE: Testsuite update: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=30f0e4200cfc358b4536bf5d1f6c48abb779d438
-CVE-2016-1254 [TROVE-2016-12-002]
- RESERVED
+CVE-2016-1254 (Tor before 0.2.8.12 might allow remote attackers to cause a denial of ...)
{DSA-3741-1 DLA-754-1}
- tor 0.2.9.8-2 (bug #848847)
NOTE: https://blog.torproject.org/blog/tor-02812-released
NOTE: https://trac.torproject.org/projects/tor/ticket/21018
-CVE-2016-1253 [shell injection attack using LZMA-compressed files]
- RESERVED
+CVE-2016-1253 (The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie ...)
{DLA-745-1}
- most 5.0.0a-3 (bug #848132)
[jessie] - most 5.0.0a-2.3+deb8u1
-CVE-2016-1252
- RESERVED
+CVE-2016-1252 (The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ...)
{DSA-3733-1}
- apt 1.4~beta2
[wheezy] - apt <not-affected> (Issue introduced in apt >= 0.9.8)
More information about the Secure-testing-commits
mailing list