[Secure-testing-commits] r58860 - data/CVE

Sat Dec 23 09:10:23 UTC 2017

Author: sectracker
Date: 2017-12-23 09:10:23 +0000 (Sat, 23 Dec 2017)
New Revision: 58860

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-12-23 08:31:21 UTC (rev 58859)
+++ data/CVE/list	2017-12-23 09:10:23 UTC (rev 58860)
@@ -1,34 +1,48 @@
-CVE-2017-17857 [bpf: fix missing error return in check_stack_boundary()]
+CVE-2017-17861
+	RESERVED
+CVE-2017-17860
+	RESERVED
+CVE-2017-17859
+	RESERVED
+CVE-2017-17858
+	RESERVED
+CVE-2017-17851
+	RESERVED
+CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...)
+	TODO: check
+CVE-2017-17849
+	RESERVED
+CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in the Linux ...)
 	- linux 4.14.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introdued later)
 	[jessie] - linux <not-affected> (Vulnerable code introdued later)
 	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
 	NOTE: Fixed by: https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469
-CVE-2017-17856 [bpf: force strict alignment checks for stack pointers]
+CVE-2017-17856 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
 	- linux 4.14.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introdued later)
 	[jessie] - linux <not-affected> (Vulnerable code introdued later)
 	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
 	NOTE: Fixed by: https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f
-CVE-2017-17855 [bpf: don't prune branches when a scalar is replaced with a pointer]
+CVE-2017-17855 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
 	- linux 4.14.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introdued later)
 	[jessie] - linux <not-affected> (Vulnerable code introdued later)
 	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
 	NOTE: Fixed by: https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14
-CVE-2017-17854 [bpf: fix integer overflows]
+CVE-2017-17854 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
 	- linux 4.14.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introdued later)
 	[jessie] - linux <not-affected> (Vulnerable code introdued later)
 	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
 	NOTE: Fixed by: https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03
-CVE-2017-17853 [bpf/verifier: fix bounds calculation on BPF_RSH]
+CVE-2017-17853 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
 	- linux 4.14.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introdued later)
 	[jessie] - linux <not-affected> (Vulnerable code introdued later)
 	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
 	NOTE: Fixed by: https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941
-CVE-2017-17852 [bpf: fix 32-bit ALU op verification]
+CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
 	- linux 4.14.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introdued later)
 	[jessie] - linux <not-affected> (Vulnerable code introdued later)
@@ -64,22 +78,28 @@
 	RESERVED
 CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...)
 	TODO: check
-CVE-2017-17843
+CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows remote ...)
+	{DSA-4070-1}
 	- enigmail 2:1.9.9-1
 	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17844
+CVE-2017-17844 (An issue was discovered in Enigmail before 1.9.9. A remote attacker can ...)
+	{DSA-4070-1}
 	- enigmail 2:1.9.9-1
 	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17845
+CVE-2017-17845 (An issue was discovered in Enigmail before 1.9.9. Improper Random ...)
+	{DSA-4070-1}
 	- enigmail 2:1.9.9-1
 	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17846
+CVE-2017-17846 (An issue was discovered in Enigmail before 1.9.9. Regular expressions ...)
+	{DSA-4070-1}
 	- enigmail 2:1.9.9-1
 	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17847
+CVE-2017-17847 (An issue was discovered in Enigmail before 1.9.9. Signature spoofing is ...)
+	{DSA-4070-1}
 	- enigmail 2:1.9.9-1
 	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17848
+CVE-2017-17848 (An issue was discovered in Enigmail before 1.9.9. In a variant of ...)
+	{DSA-4070-1}
 	- enigmail 2:1.9.9-1
 	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
 CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute ...)
@@ -5381,7 +5401,7 @@
 	[jessie] - lilypond <no-dsa> (Minor issue)
 	[wheezy] - lilypond <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/testlilyissues/issues/5243/
-CVE-2017-17522 (Lib/webbrowser.py in Python through 3.6.3 does not validate strings ...)
+CVE-2017-17522 (** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not ...)
 	- jython <unfixed>
 	[wheezy] - jython <not-affected> (Vulnerable code is not provided in the binary package)
 	- python2.6 <removed>
@@ -6004,12 +6024,12 @@
 CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe VT20i ...)
 	NOT-FOR-US: Vaultek Gun Safe
 CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, ...)
-	{DSA-4068-1}
+	{DSA-4068-1 DLA-1218-1}
 	- rsync 3.1.2-2.1 (bug #883665)
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
 CVE-2017-17433 (The recv_files function in receiver.c in the daemon in rsync 3.1.2, and ...)
-	{DSA-4068-1}
+	{DSA-4068-1 DLA-1218-1}
 	- rsync 3.1.2-2.1 (bug #883667)
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
 CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, ...)
@@ -10922,7 +10942,7 @@
 CVE-2017-16549
 	RESERVED
 CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
-	{DSA-4068-1}
+	{DSA-4068-1 DLA-1218-1}
 	- rsync 3.1.2-2.1 (bug #880954)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
 	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
@@ -18494,8 +18514,8 @@
 	NOT-FOR-US: Schneider Electric
 CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC ...)
 	NOT-FOR-US: Siemens
-CVE-2017-14022
-	RESERVED
+CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell ...)
+	TODO: check
 CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...)
 	NOT-FOR-US: Korenix
 CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in ...)


