[Secure-testing-commits] r49258 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Feb 27 09:10:12 UTC 2017 

Author: sectracker
Date: 2017-02-27 09:10:12 +0000 (Mon, 27 Feb 2017)
New Revision: 49258

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-27 05:54:32 UTC (rev 49257)
+++ data/CVE/list	2017-02-27 09:10:12 UTC (rev 49258)
@@ -1,3 +1,59 @@
+CVE-2017-6354
+	RESERVED
+CVE-2017-6352
+	RESERVED
+CVE-2017-6351
+	RESERVED
+CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...)
+	TODO: check
+CVE-2017-6349 (An integer overflow at a u_read_undo memory allocation site would occur ...)
+	TODO: check
+CVE-2017-6344 (XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows ...)
+	TODO: check
+CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware ...)
+	TODO: check
+CVE-2017-6342 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 ...)
+	TODO: check
+CVE-2017-6341 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 ...)
+	TODO: check
+CVE-2017-6340
+	RESERVED
+CVE-2017-6339
+	RESERVED
+CVE-2017-6338
+	RESERVED
+CVE-2017-6337
+	RESERVED
+CVE-2017-6336
+	RESERVED
+CVE-2017-6335
+	RESERVED
+CVE-2017-6334
+	RESERVED
+CVE-2017-6333
+	RESERVED
+CVE-2017-6332
+	RESERVED
+CVE-2017-6331
+	RESERVED
+CVE-2017-6330
+	RESERVED
+CVE-2017-6329
+	RESERVED
+CVE-2017-6328
+	RESERVED
+CVE-2017-6327
+	RESERVED
+CVE-2017-6326
+	RESERVED
+CVE-2017-6325
+	RESERVED
+CVE-2017-6324
+	RESERVED
+CVE-2017-6323
+	RESERVED
+CVE-2017-6322
+	RESERVED
 CVE-2017-XXXX [scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)]
 	- pax-utils <unfixed> (unimportant; bug #856196)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/25/pax-utils-scanelf-out-of-bounds-read-in-scanelf_file_get_symtabs-scanelf-c-2/
@@ -4,18 +60,23 @@
 	NOTE: https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d
 	NOTE: https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559
 CVE-2017-6353 [sctp: deny peeloff operation on asocs with threads sleeping on it]
+	RESERVED
 	- linux <unfixed>
 	NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2
 CVE-2017-6348 [irda: Fix lockdep annotations in hashbin_delete().]
+	RESERVED
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788
 CVE-2017-6347 [ip: fix IP_CHECKSUM handling]
+	RESERVED
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
 CVE-2017-6346 [packet: fix races in fanout_add()]
+	RESERVED
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b
 CVE-2017-6345 [net/llc: avoid BUG_ON() in skb_orphan()]
+	RESERVED
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
 CVE-2017-6321
@@ -119,8 +180,8 @@
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
-CVE-2017-6297
-	RESERVED
+CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does ...)
+	TODO: check
 CVE-2017-6296
 	RESERVED
 CVE-2017-6295
@@ -325,6 +386,7 @@
 CVE-2017-6198
 	RESERVED
 CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 ...)
+	{DLA-837-1}
 	- radare2 1.1.0+dfsg-2 (bug #856063)
 	[jessie] - radare2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/radare/radare2/issues/6816
@@ -950,8 +1012,8 @@
 	RESERVED
 CVE-2017-5947
 	RESERVED
-CVE-2017-5946
-	RESERVED
+CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...)
+	TODO: check
 CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...)
 	NOT-FOR-US: Moodle plugin
 CVE-2017-5944
@@ -1026,14 +1088,14 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/6
 CVE-2017-5929
 	RESERVED
-CVE-2017-5928
-	RESERVED
-CVE-2017-5927
-	RESERVED
-CVE-2017-5926
-	RESERVED
-CVE-2017-5925
-	RESERVED
+CVE-2017-5928 (The W3C High Resolution Time API, as implemented in various web ...)
+	TODO: check
+CVE-2017-5927 (Page table walks conducted by the MMU during virtual to physical ...)
+	TODO: check
+CVE-2017-5926 (Page table walks conducted by the MMU during virtual to physical ...)
+	TODO: check
+CVE-2017-5925 (Page table walks conducted by the MMU during virtual to physical ...)
+	TODO: check
 CVE-2017-5924
 	RESERVED
 CVE-2017-5923
@@ -10020,10 +10082,10 @@
 	RESERVED
 CVE-2017-2684 (Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an ...)
 	NOT-FOR-US: Siemens
-CVE-2017-2683
-	RESERVED
-CVE-2017-2682
-	RESERVED
+CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NMS < ...)
+	TODO: check
+CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...)
+	TODO: check
 CVE-2017-2681
 	RESERVED
 CVE-2017-2680
@@ -10196,7 +10258,7 @@
 	NOT-FOR-US: hawtio
 CVE-2017-2616 [Sending SIGKILL to other processes with root privileges via su]
 	RESERVED
-	{DSA-3793-1}
+	{DSA-3793-1 DLA-838-1}
 	- shadow 1:4.4-4 (bug #855943)
 	NOTE: https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
 	- util-linux <unfixed> (unimportant)
@@ -18227,6 +18289,7 @@
 	RESERVED
 CVE-2016-8743 [Apache HTTP Request Parsing Whitespace Defects]
 	RESERVED
+	{DSA-3796-1}
 	- apache2 2.4.25-1
 	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
@@ -20645,8 +20708,8 @@
 	RESERVED
 CVE-2017-0038 (gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-0037
-	RESERVED
+CVE-2017-0037 (Microsoft Internet Explorer 11 and Microsoft Edge have a type confusion ...)
+	TODO: check
 CVE-2017-0036
 	RESERVED
 CVE-2017-0035
@@ -40076,6 +40139,7 @@
 	NOTE: http://struts.apache.org/docs/s2-030.html
 CVE-2016-2161 [DoS vulnerability in mod_auth_digest]
 	RESERVED
+	{DSA-3796-1}
 	- apache2 2.4.25-1
 	[wheezy] - apache2 <not-affected> (Vulnerable code introduced in 2.4.x)
 	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
@@ -45304,6 +45368,7 @@
 	NOTE: Swift: >=2.2.1 <= 2.3.0
 CVE-2016-0736 [Padding Oracle in Apache mod_session_crypto]
 	RESERVED
+	{DSA-3796-1}
 	- apache2 2.4.25-1
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E

More information about the Secure-testing-commits mailing list