[Secure-testing-commits] r58277 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Dec 5 21:10:17 UTC 2017


Author: sectracker
Date: 2017-12-05 21:10:17 +0000 (Tue, 05 Dec 2017)
New Revision: 58277

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-05 21:08:45 UTC (rev 58276)
+++ data/CVE/list	2017-12-05 21:10:17 UTC (rev 58277)
@@ -1,3 +1,17 @@
+CVE-2017-17430
+	RESERVED
+CVE-2017-17429
+	RESERVED
+CVE-2017-17428
+	RESERVED
+CVE-2017-17427
+	RESERVED
+CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.26 ...)
+	TODO: check
+CVE-2017-1000409
+	RESERVED
+CVE-2017-1000408
+	RESERVED
 CVE-2017-XXXX [OPENAFS-SA-2017-001: Rx assertion failure from insufficient input validation]
 	- openafs 1.6.22-1 (bug #883602)
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
@@ -1689,8 +1703,8 @@
 	RESERVED
 CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...)
 	NOT-FOR-US: Splunk Web
-CVE-2017-17066
-	RESERVED
+CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the ...)
+	TODO: check
 CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...)
 	NOT-FOR-US: D-Link
 CVE-2017-17064
@@ -3335,10 +3349,10 @@
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956
 	NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
 	NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050
-CVE-2017-16930
-	RESERVED
-CVE-2017-16929
-	RESERVED
+CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 10.1 ...)
+	TODO: check
+CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...)
+	TODO: check
 CVE-2017-16928
 	RESERVED
 CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
@@ -3446,6 +3460,7 @@
 CVE-2017-16885
 	RESERVED
 CVE-2017-1000407 [DoS via write flood to I/O port 0x80]
+	RESERVED
 	- linux <unfixed>
 	NOTE: https://www.spinics.net/lists/kvm/msg159809.html
 CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
@@ -3623,9 +3638,9 @@
 	- pjproject 2.7.1~dfsg-1
 	NOTE: https://trac.pjsip.org/repos/ticket/2056
 	NOTE: https://trac.pjsip.org/repos/changeset/5682
-CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...)
+CVE-2017-16871 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...)
 	NOT-FOR-US: UpdraftPlus plugin for WordPress
-CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...)
+CVE-2017-16870 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...)
 	NOT-FOR-US: UpdraftPlus plugin for WordPress
 CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...)
 	- upx-ucl <unfixed> (bug #882041; unimportant)
@@ -3942,10 +3957,10 @@
 	RESERVED
 CVE-2017-16858
 	RESERVED
-CVE-2017-16857
-	RESERVED
-CVE-2017-16856
-	RESERVED
+CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...)
+	TODO: check
+CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...)
+	TODO: check
 CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...)
 	- ipsilon <itp> (bug #826838)
 CVE-2017-16854
@@ -5513,7 +5528,7 @@
 	RESERVED
 CVE-2017-16240
 	RESERVED
-CVE-2017-17051 [Regression introduced with the fix for OSSA-2017-005 (CVE-2017-16239)]
+CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack ...)
 	- nova <unfixed> (bug #883621)
 	[stretch] - nova <not-affected> (Fix for CVE-2017-16239 not applied and not affecting 14.x.y)
 	[jessie] - nova <not-affected> (Vulnerable code not present)
@@ -6873,8 +6888,8 @@
 	RESERVED
 CVE-2017-15814
 	RESERVED
-CVE-2017-15813
-	RESERVED
+CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the ...)
@@ -9458,16 +9473,16 @@
 	- nodejs <unfixed> (unimportant)
 	NOTE: Debian doesn't use zlib 1.2.9 yet
 	NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
-CVE-2017-14918
-	RESERVED
-CVE-2017-14917
-	RESERVED
-CVE-2017-14916
-	RESERVED
+CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-14915
 	RESERVED
-CVE-2017-14914
-	RESERVED
+CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-14913
 	RESERVED
 CVE-2017-14912
@@ -9476,36 +9491,36 @@
 	RESERVED
 CVE-2017-14910
 	RESERVED
-CVE-2017-14909
-	RESERVED
-CVE-2017-14908
-	RESERVED
-CVE-2017-14907
-	RESERVED
+CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-14906
 	RESERVED
-CVE-2017-14905
-	RESERVED
-CVE-2017-14904
-	RESERVED
-CVE-2017-14903
-	RESERVED
-CVE-2017-14902
-	RESERVED
-CVE-2017-14901
-	RESERVED
-CVE-2017-14900
-	RESERVED
-CVE-2017-14899
-	RESERVED
-CVE-2017-14898
-	RESERVED
-CVE-2017-14897
-	RESERVED
-CVE-2017-14896
-	RESERVED
-CVE-2017-14895
-	RESERVED
+CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14899 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-14894
 	RESERVED
 CVE-2017-14893
@@ -20871,22 +20886,22 @@
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11049
-	RESERVED
+CVE-2017-11049 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11047
-	RESERVED
+CVE-2017-11047 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11045
-	RESERVED
-CVE-2017-11044
-	RESERVED
-CVE-2017-11043
-	RESERVED
-CVE-2017-11042
-	RESERVED
+CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-11044 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-11043 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-11042 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-11041 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-11040 (In all Qualcomm products with Android releases from CAF using the ...)
@@ -20903,14 +20918,14 @@
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11034
 	RESERVED
-CVE-2017-11033
-	RESERVED
+CVE-2017-11033 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11031
-	RESERVED
-CVE-2017-11030
-	RESERVED
+CVE-2017-11031 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-11030 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -20931,14 +20946,14 @@
 	RESERVED
 CVE-2017-11020
 	RESERVED
-CVE-2017-11019
-	RESERVED
+CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11016
-	RESERVED
+CVE-2017-11016 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-11015 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11014 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -20955,12 +20970,12 @@
 	RESERVED
 CVE-2017-11008
 	RESERVED
-CVE-2017-11007
-	RESERVED
-CVE-2017-11006
-	RESERVED
-CVE-2017-11005
-	RESERVED
+CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-11004
 	RESERVED
 CVE-2017-11003
@@ -24579,20 +24594,20 @@
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-9723
 	RESERVED
-CVE-2017-9722
-	RESERVED
+CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-9721 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Android boot loader (aboot)
 CVE-2017-9720 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-9719 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9718
-	RESERVED
+CVE-2017-9718 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9716
-	RESERVED
+CVE-2017-9716 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -24603,12 +24618,12 @@
 	RESERVED
 CVE-2017-9711
 	RESERVED
-CVE-2017-9710
-	RESERVED
-CVE-2017-9709
-	RESERVED
-CVE-2017-9708
-	RESERVED
+CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
+CVE-2017-9708 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-9707
 	RESERVED
 CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -24617,18 +24632,18 @@
 	RESERVED
 CVE-2017-9704
 	RESERVED
-CVE-2017-9703
-	RESERVED
+CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-9701 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9700
-	RESERVED
+CVE-2017-9700 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-9699
 	RESERVED
-CVE-2017-9698
-	RESERVED
+CVE-2017-9698 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -27456,8 +27471,7 @@
 	[wheezy] - libetpan <no-dsa> (Minor issue)
 	NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
 	NOTE: https://github.com/dinhviethoa/libetpan/issues/274
-CVE-2017-8824 [use-after-free in DCCP code]
-	RESERVED
+CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel ...)
 	- linux <unfixed>
 	NOTE: http://lists.openwall.net/netdev/2017/12/04/224
 CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...)
@@ -35848,8 +35862,8 @@
 	RESERVED
 CVE-2017-6212
 	REJECTED
-CVE-2017-6211
-	RESERVED
+CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+	TODO: check
 CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel ...)
 	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
@@ -80477,26 +80491,22 @@
 	RESERVED
 CVE-2015-8699 (Multiple cross-site scripting (XSS) vulnerabilities in CA Release ...)
 	NOT-FOR-US: CA Release Automation
-CVE-2016-1255 [privilege escalation from postgresql user to root]
-	RESERVED
+CVE-2016-1255 (The pg_ctlcluster script in postgresql-common package in Debian wheezy ...)
 	{DLA-774-1}
 	- postgresql-common 178
 	[jessie] - postgresql-common 165+deb8u2
 	NOTE: Fix: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee
 	NOTE: Testsuite update: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=30f0e4200cfc358b4536bf5d1f6c48abb779d438
-CVE-2016-1254 [TROVE-2016-12-002]
-	RESERVED
+CVE-2016-1254 (Tor before 0.2.8.12 might allow remote attackers to cause a denial of ...)
 	{DSA-3741-1 DLA-754-1}
 	- tor 0.2.9.8-2 (bug #848847)
 	NOTE: https://blog.torproject.org/blog/tor-02812-released
 	NOTE: https://trac.torproject.org/projects/tor/ticket/21018
-CVE-2016-1253 [shell injection attack using LZMA-compressed files]
-	RESERVED
+CVE-2016-1253 (The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie ...)
 	{DLA-745-1}
 	- most 5.0.0a-3 (bug #848132)
 	[jessie] - most 5.0.0a-2.3+deb8u1
-CVE-2016-1252
-	RESERVED
+CVE-2016-1252 (The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ...)
 	{DSA-3733-1}
 	- apt 1.4~beta2
 	[wheezy] - apt <not-affected> (Issue introduced in apt >= 0.9.8)




More information about the Secure-testing-commits mailing list