[Secure-testing-commits] r58406 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Dec 9 21:10:15 UTC 2017
Author: sectracker
Date: 2017-12-09 21:10:14 +0000 (Sat, 09 Dec 2017)
New Revision: 58406
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-09 20:23:13 UTC (rev 58405)
+++ data/CVE/list 2017-12-09 21:10:14 UTC (rev 58406)
@@ -2109,16 +2109,19 @@
CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "</script>" substring in an ...)
NOT-FOR-US: Indeo Otter
CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety ...)
+ {DSA-4060-1}
- wireshark 2.4.3-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-49.html
CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA ...)
+ {DSA-4060-1}
- wireshark 2.4.3-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14236
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8502fe94ef9e431860921507e1a351c5e3f5c634
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-47.html
CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...)
+ {DSA-4060-1}
- wireshark 2.4.3-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14249
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3
@@ -3794,6 +3797,7 @@
CVE-2017-16940
RESERVED
CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the ...)
+ {DLA-1200-1}
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
@@ -3955,6 +3959,7 @@
RESERVED
CVE-2017-1000407 [DoS via write flood to I/O port 0x80]
RESERVED
+ {DLA-1200-1}
- linux <unfixed>
NOTE: https://www.spinics.net/lists/kvm/msg159809.html
CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
@@ -5023,6 +5028,7 @@
[jessie] - linux 3.16.51-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...)
+ {DLA-1200-1}
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -5047,6 +5053,7 @@
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c ...)
+ {DLA-1200-1}
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -5333,14 +5340,17 @@
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...)
+ {DLA-1200-1}
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
CVE-2017-16536 (The cx231xx_usb_probe function in ...)
+ {DLA-1200-1}
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
CVE-2017-16535 (The usb_get_bos_descriptor function in drivers/usb/core/config.c in the ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -5352,16 +5362,19 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/2e1c42391ff2556387b3cb6308b24f6f65619feb
CVE-2017-16533 (The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/f043bfc98c193c284e2cd768fefabe18ac2fed9b
CVE-2017-16532 (The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux ...)
+ {DLA-1200-1}
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
CVE-2017-16531 (drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -5373,6 +5386,7 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/786de92b3cb26012d3d0f00ee37adf14527f35c4
CVE-2017-16529 (The snd_usb_create_streams function in sound/usb/card.c in the Linux ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -5384,6 +5398,7 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57
CVE-2017-16527 (sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -5393,6 +5408,7 @@
[stretch] - linux 4.9.65-1
NOTE: Fixed by: https://git.kernel.org/linus/bbf26183b7a6236ba602f4d6a2f7cade35bba043
CVE-2017-16525 (The usb_serial_console_disconnect function in ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -7331,6 +7347,7 @@
CVE-2017-15869
RESERVED
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...)
+ {DLA-1200-1}
- linux 4.0.2-1
NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3)
CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -7829,6 +7846,7 @@
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -8759,6 +8777,7 @@
CVE-2017-15300 (The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b ...)
NOT-FOR-US: EWBF Cuda Zcash Miner
CVE-2017-15299 (The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -8926,6 +8945,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599
NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2
CVE-2017-15265 (Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 ...)
+ {DLA-1200-1}
- linux 4.13.4-2
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -9329,6 +9349,7 @@
CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel before ...)
- linux 4.2.1-1
CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...)
+ {DLA-1200-1}
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -12716,6 +12737,7 @@
CVE-2017-14035 (CrushFTP 8.x before 8.2.0 has a serialization vulnerability. ...)
NOT-FOR-US: CrushFTP
CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in ...)
+ {DLA-1200-1}
- linux 4.12.13-1 (unimportant)
[stretch] - linux 4.9.30-2+deb9u5
[jessie] - linux 3.16.43-2+deb8u5
@@ -14999,7 +15021,7 @@
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
- {DSA-3999-1 DLA-1150-1}
+ {DSA-3999-1 DLA-1200-1 DLA-1150-1}
- wpa 2:2.4-1.1
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
@@ -18052,6 +18074,7 @@
CVE-2017-12191
RESERVED
CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the ...)
+ {DLA-1200-1}
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
@@ -20335,6 +20358,7 @@
NOTE: after 2.1.0 from upstream. Upstream changed the types in llc_gprs_dissect_xid
NOTE: in version 2.1.0.
CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector ...)
+ {DSA-4060-1}
- wireshark 2.4.0-1 (bug #870172)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a102c172b0b2fe231fdb49f4f6694603f5b93b0c
@@ -28107,6 +28131,7 @@
CVE-2017-8832 (Allen Disk 1.6 has XSS in the id parameter to downfile.php. ...)
NOT-FOR-US: Allen Disk
CVE-2017-8831 (The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c ...)
+ {DLA-1200-1}
- linux 4.12.6-1
[stretch] - linux 4.9.47-1
[jessie] - linux 3.16.51-1
@@ -28128,6 +28153,7 @@
NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
NOTE: https://github.com/dinhviethoa/libetpan/issues/274
CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel ...)
+ {DLA-1200-1}
- linux <unfixed>
NOTE: http://lists.openwall.net/netdev/2017/12/04/224
NOTE: Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76
@@ -30962,7 +30988,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831
CVE-2017-7830
RESERVED
- {DSA-4035-1 DLA-1172-1}
+ {DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
- thunderbird 1:52.5.0-1
@@ -30973,7 +30999,7 @@
RESERVED
CVE-2017-7828
RESERVED
- {DSA-4035-1 DLA-1172-1}
+ {DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
- thunderbird 1:52.5.0-1
@@ -30986,7 +31012,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827
CVE-2017-7826
RESERVED
- {DSA-4035-1 DLA-1172-1}
+ {DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
- thunderbird 1:52.5.0-1
@@ -37549,6 +37575,7 @@
[jessie] - zoneminder <no-dsa> (Minor issue)
[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
+ {DLA-1200-1}
- linux 4.9.10-1
[jessie] - linux 3.16.43-1
NOTE: Fixed by: https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (4.10-rc1)
More information about the Secure-testing-commits
mailing list