[Secure-testing-commits] r49313 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Feb 28 21:10:12 UTC 2017
Author: sectracker
Date: 2017-02-28 21:10:11 +0000 (Tue, 28 Feb 2017)
New Revision: 49313
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-28 21:04:54 UTC (rev 49312)
+++ data/CVE/list 2017-02-28 21:10:11 UTC (rev 49313)
@@ -1,3 +1,55 @@
+CVE-2017-6398
+ RESERVED
+CVE-2017-6397
+ RESERVED
+CVE-2017-6396
+ RESERVED
+CVE-2017-6395
+ RESERVED
+CVE-2017-6394
+ RESERVED
+CVE-2017-6393
+ RESERVED
+CVE-2017-6392
+ RESERVED
+CVE-2017-6391
+ RESERVED
+CVE-2017-6390
+ RESERVED
+CVE-2017-6389
+ RESERVED
+CVE-2017-6388
+ RESERVED
+CVE-2017-6387
+ RESERVED
+CVE-2017-6386
+ RESERVED
+CVE-2017-6385
+ RESERVED
+CVE-2017-6384
+ RESERVED
+CVE-2017-6383
+ RESERVED
+CVE-2017-6382
+ RESERVED
+CVE-2017-6381
+ RESERVED
+CVE-2017-6380
+ RESERVED
+CVE-2017-6379
+ RESERVED
+CVE-2017-6378
+ RESERVED
+CVE-2017-6377
+ RESERVED
+CVE-2017-6376
+ RESERVED
+CVE-2017-6375
+ RESERVED
+CVE-2017-6374
+ RESERVED
+CVE-2017-6373
+ RESERVED
CVE-2017-6372
RESERVED
CVE-2017-6371
@@ -169,6 +221,7 @@
CVE-2017-6315
RESERVED
CVE-2017-6335 [out of bounds access when reading CMYKA tiff]
+ RESERVED
- graphicsmagick 1.3.25-8
NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
CVE-2017-6317 [memory leakage issue in add_shader_program]
@@ -958,8 +1011,7 @@
RESERVED
CVE-2017-5983
RESERVED
-CVE-2017-5982 [local file inclusion]
- RESERVED
+CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
- kodi <unfixed> (bug #855225)
- xbmc <undetermined>
NOTE: http://seclists.org/fulldisclosure/2017/Feb/27
@@ -1006,6 +1058,7 @@
NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
CVE-2017-5973 [Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx]
RESERVED
+ {DLA-842-1}
- qemu <unfixed> (bug #855611)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
@@ -1254,6 +1307,7 @@
RESERVED
CVE-2017-5898 [Qemu: usb: integer overflow in emulated_apdu_from_guest]
RESERVED
+ {DLA-842-1}
- qemu <unfixed> (bug #854729)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1275,14 +1329,12 @@
RESERVED
CVE-2017-5887
RESERVED
-CVE-2017-5885
- RESERVED
+CVE-2017-5885 (Multiple integer overflows in the (1) vnc_connection_server_message ...)
{DLA-831-1}
- gtk-vnc 0.6.0-3 (bug #854450)
[jessie] - gtk-vnc <no-dsa> (Minor issue)
NOTE: http://openwall.com/lists/oss-security/2017/02/05/5
-CVE-2017-5884
- RESERVED
+CVE-2017-5884 (gtk-vnc before 0.7.0 does not properly check boundaries of ...)
{DLA-831-1}
- gtk-vnc 0.6.0-3 (bug #854450)
[jessie] - gtk-vnc <no-dsa> (Minor issue)
@@ -1300,8 +1352,7 @@
NOT-FOR-US: Exponent CMS
CVE-2017-5878
RESERVED
-CVE-2016-10207 [tigervnc: vnc server can crash when TLS handshake terminates early]
- RESERVED
+CVE-2016-10207 (The Xvnc server in TigerVNC allows remote attackers to cause a denial ...)
- tigervnc 1.7.0-1
NOTE: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1023012
@@ -1425,11 +1476,13 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5835 [memory allocation error in plist_from_bin]
RESERVED
+ {DLA-840-1}
- libplist <unfixed> (bug #854000)
NOTE: https://github.com/libimobiledevice/libplist/issues/88
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5834 [heap-buffer-overflow in parse_dict_node]
RESERVED
+ {DLA-840-1}
- libplist <unfixed> (bug #854000)
NOTE: https://github.com/libimobiledevice/libplist/issues/89
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
@@ -1727,8 +1780,8 @@
RESERVED
CVE-2017-5683
RESERVED
-CVE-2017-5682
- RESERVED
+CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, ...)
+ TODO: check
CVE-2017-5680
RESERVED
CVE-2016-10197
@@ -2353,8 +2406,7 @@
- virglrenderer <unfixed> (bug #852603)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944
-CVE-2017-5581
- RESERVED
+CVE-2017-5581 (Buffer overflow in the ModifiablePixelBuffer::fillRect function in ...)
- tigervnc 1.7.0+dfsg-3 (bug #852213)
NOTE: https://github.com/TigerVNC/tigervnc/pull/399
NOTE: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
@@ -10338,6 +10390,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990
CVE-2017-2620 [display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo]
RESERVED
+ {DLA-842-1}
- qemu <unfixed> (bug #855791)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -10367,6 +10420,7 @@
NOTE: and not installed by default since 2007.
CVE-2017-2615
RESERVED
+ {DLA-842-1}
- qemu <unfixed> (low; bug #854731)
[jessie] - qemu <no-dsa> (Minor issue)
NOTE: Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106)
@@ -16089,8 +16143,7 @@
- jasper <removed>
NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
-CVE-2016-9558 [negation overflow in dwarf_leb.c]
- RESERVED
+CVE-2016-9558 ((1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf ...)
- dwarfutils 20161124-1 (bug #845408)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
@@ -17037,12 +17090,12 @@
NOTE: Patch: https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7
NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7
NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1
-CVE-2016-9261
- RESERVED
+CVE-2016-9261 (Cross-site scripting (XSS) vulnerability in Tenable Log Correlation ...)
+ TODO: check
CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 ...)
NOT-FOR-US: Nessus
-CVE-2016-9259
- RESERVED
+CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before ...)
+ TODO: check
CVE-2017-0305
RESERVED
CVE-2017-0304
@@ -18391,7 +18444,7 @@
RESERVED
CVE-2016-8743 [Apache HTTP Request Parsing Whitespace Defects]
RESERVED
- {DSA-3796-1}
+ {DSA-3796-1 DLA-841-1}
- apache2 2.4.25-1
NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
@@ -18480,8 +18533,8 @@
RESERVED
CVE-2016-8716
RESERVED
-CVE-2016-8715
- RESERVED
+CVE-2016-8715 (An exploitable heap corruption vulnerability exists in the loadTrailer ...)
+ TODO: check
CVE-2016-8714
RESERVED
CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability exists ...)
@@ -19754,11 +19807,9 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/02/4
CVE-2016-8390
RESERVED
-CVE-2016-8389
- RESERVED
+CVE-2016-8389 (An exploitable integer-overflow vulnerability exists within Iceni ...)
NOT-FOR-US: Iceni Argus
-CVE-2016-8388
- RESERVED
+CVE-2016-8388 (An exploitable arbitrary heap-overwrite vulnerability exists within ...)
NOT-FOR-US: Iceni Argus
CVE-2016-8387 (An exploitable heap-based buffer overflow exists in Iceni Argus. When ...)
NOT-FOR-US: Iceni Argus
@@ -20016,7 +20067,7 @@
RESERVED
CVE-2016-1000243
RESERVED
-CVE-2016-7553 (The buf.pl before 2.20 script in Irssi before 0.8.20 uses weak ...)
+CVE-2016-7553 (The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak ...)
{DLA-722-1}
- irssi 0.8.20-2 (bug #838762)
[jessie] - irssi 0.8.17-1+deb8u2
More information about the Secure-testing-commits
mailing list