[Secure-testing-commits] r48832 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Feb 10 09:10:12 UTC 2017 

Author: sectracker
Date: 2017-02-10 09:10:12 +0000 (Fri, 10 Feb 2017)
New Revision: 48832

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-10 08:45:23 UTC (rev 48831)
+++ data/CVE/list	2017-02-10 09:10:12 UTC (rev 48832)
@@ -1,3 +1,45 @@
+CVE-2017-5954 (An issue was discovered in the serialize-to-js package 0.5.0 for ...)
+	TODO: check
+CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for tree ...)
+	TODO: check
+CVE-2017-5952
+	RESERVED
+CVE-2017-5951
+	RESERVED
+CVE-2017-5950
+	RESERVED
+CVE-2017-5949
+	RESERVED
+CVE-2017-5948
+	RESERVED
+CVE-2017-5947
+	RESERVED
+CVE-2017-5946
+	RESERVED
+CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...)
+	TODO: check
+CVE-2017-5944
+	RESERVED
+CVE-2017-5943
+	RESERVED
+CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...)
+	TODO: check
+CVE-2016-10222
+	RESERVED
+CVE-2016-10221
+	RESERVED
+CVE-2016-10220
+	RESERVED
+CVE-2016-10219
+	RESERVED
+CVE-2016-10218
+	RESERVED
+CVE-2016-10217
+	RESERVED
+CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...)
+	TODO: check
+CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder before ...)
+	TODO: check
 CVE-2017-XXXX [diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive] 
 	- diffoscope <unfixed> (bug #854723)
 CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for ...)
@@ -178,7 +220,7 @@
 	RESERVED
 CVE-2017-5938 [viewc Cross-Site Scripting (XSS) vulnerability]
 	RESERVED
-	{DSA-3784-1}
+	{DSA-3784-1 DLA-820-1}
 	- viewvc 1.1.26-1 (bug #854681)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/08/7
 	NOTE: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
@@ -276,8 +318,7 @@
 	RESERVED
 CVE-2017-5859
 	RESERVED
-CVE-2017-5858
-	RESERVED
+CVE-2017-5858 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	NOT-FOR-US: converse.js
 CVE-2017-5851
 	RESERVED
@@ -903,20 +944,15 @@
 	- serendipity <removed>
 CVE-2017-5607
 	RESERVED
-CVE-2017-5606
-	RESERVED
+CVE-2017-5606 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	NOT-FOR-US: Xabber
-CVE-2017-5605
-	RESERVED
+CVE-2017-5605 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	NOT-FOR-US: Movim
-CVE-2017-5604
-	RESERVED
+CVE-2017-5604 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	- mcabber <unfixed> (bug #854738)
-CVE-2017-5603
-	RESERVED
+CVE-2017-5603 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	- jitsi <unfixed> (bug #854737)
-CVE-2017-5602
-	RESERVED
+CVE-2017-5602 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	- jappix <itp> (bug #619347)
 CVE-2017-5601 (An error in the lha_read_file_header_1() function ...)
 	{DLA-810-1}
@@ -1053,21 +1089,16 @@
 	- zoneminder <unfixed> (bug #854733)
 CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this ...)
 	NOT-FOR-US: Pagekit CMS
-CVE-2017-5593
-	RESERVED
+CVE-2017-5593 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	- psi-plus <unfixed> (bug #854736)
-CVE-2017-5592
-	RESERVED
+CVE-2017-5592 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	- profanity <unfixed> (bug #854735)
-CVE-2017-5591
-	RESERVED
+CVE-2017-5591 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	- sleekxmpp <unfixed> (bug #854739)
 	- slixmpp <unfixed> (bug #854740)
-CVE-2017-5590
-	RESERVED
+CVE-2017-5590 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	NOT-FOR-US: ChatSecure / Zom
-CVE-2017-5589
-	RESERVED
+CVE-2017-5589 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	NOT-FOR-US: yaxim / Bruno
 CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and ...)
 	{DSA-3778-1 DLA-808-1}
@@ -14822,7 +14853,7 @@
 	REJECTED
 CVE-2016-9560 [stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)]
 	RESERVED
-	{DLA-739-1}
+	{DSA-3785-1 DLA-739-1}
 	- jasper <removed>
 	NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
@@ -17332,7 +17363,7 @@
 	NOTE: https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
 	NOTE: Not suitable for code injection, hardly denial of service
 CVE-2016-8882 (The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer ...)
-	{DLA-739-1}
+	{DSA-3785-1 DLA-739-1}
 	- jasper <removed> (unimportant)
 	NOTE: https://github.com/mdadams/jasper/issues/30
 	NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
@@ -17469,20 +17500,20 @@
 	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
 CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
 	RESERVED
-	{DLA-739-1}
+	{DSA-3785-1 DLA-739-1}
 	- jasper <removed> (bug #841110)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
 	NOTE: https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
 CVE-2016-8692 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
 	RESERVED
-	{DLA-739-1}
+	{DSA-3785-1 DLA-739-1}
 	- jasper <removed> (unimportant; low; bug #841111)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
 	NOTE: Not suitable for code injection, hardly denial of service
 CVE-2016-8691 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
 	RESERVED
-	{DLA-739-1}
+	{DSA-3785-1 DLA-739-1}
 	- jasper <removed> (unimportant; bug #841111)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
@@ -17608,7 +17639,7 @@
 	NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
 CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec]
 	RESERVED
-	{DLA-739-1}
+	{DSA-3785-1 DLA-739-1}
 	- jasper <removed>
 	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/93
 	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/94
@@ -40760,6 +40791,7 @@
 	NOTE: Fixed in 2.8.5 upstream
 	TODO: Recheck, the issue might be fixed incompletely, cf. #811519
 CVE-2016-1867 (The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers ...)
+	{DSA-3785-1}
 	- jasper <removed> (bug #811023)
 	[jessie] - jasper <no-dsa> (Minor issue)
 	[wheezy] - jasper <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list