[Secure-testing-commits] r53134 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun Jul 2 21:10:14 UTC 2017
Author: sectracker
Date: 2017-07-02 21:10:14 +0000 (Sun, 02 Jul 2017)
New Revision: 53134
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-02 20:23:31 UTC (rev 53133)
+++ data/CVE/list 2017-07-02 21:10:14 UTC (rev 53134)
@@ -1,3 +1,11 @@
+CVE-2017-10796
+ RESERVED
+CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows ...)
+ TODO: check
+CVE-2017-10794
+ RESERVED
+CVE-2017-10793
+ RESERVED
CVE-2017-10792 (There is a NULL Pointer Dereference in the function ll_insert() of the ...)
- pspp <unfixed> (bug #866890)
[jessie] - pspp <no-dsa> (Minor issue)
@@ -182,8 +190,8 @@
RESERVED
CVE-2017-10707
RESERVED
-CVE-2017-10706
- RESERVED
+CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...)
+ TODO: check
CVE-2017-10705
RESERVED
CVE-2017-10704
@@ -4932,10 +4940,10 @@
RESERVED
CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...)
NOT-FOR-US: Veritas
-CVE-2017-8894
- RESERVED
-CVE-2017-8893
- RESERVED
+CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software ...)
+ TODO: check
+CVE-2017-8893 (AeroAdmin 4.1 uses a function to copy data between two pointers where ...)
+ TODO: check
CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...)
NOT-FOR-US: OpenText Tempo Box
CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a ...)
@@ -5247,8 +5255,7 @@
- miniupnpc 1.9.20140610-3 (bug #862273)
NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
-CVE-2017-8797 [nfsd: remote DoS]
- RESERVED
+CVE-2017-8797 (The NFSv4 server in the Linux kernel before 4.11.3 does not properly ...)
- linux 4.9.30-1
NOTE: Fixed by: https://git.kernel.org/linus/b550a32e60a4941994b437a8d662432a486235a5 (4.12-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/f961e3f2acae94b727380c0b74e2d3954d0edf79 (4.12-rc1)
@@ -8374,7 +8381,7 @@
CVE-2017-7680
RESERVED
CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...)
- {DSA-3896-1}
+ {DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
CVE-2017-7678
RESERVED
@@ -8397,7 +8404,7 @@
CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...)
- hadoop <itp> (bug #793644)
CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and ...)
- {DSA-3896-1}
+ {DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the ...)
NOT-FOR-US: Apache NiFi
@@ -8832,6 +8839,7 @@
RESERVED
CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key recovery]
RESERVED
+ {DSA-3901-1}
- libgcrypt20 1.7.8-1
- libgcrypt11 <removed>
NOTE: https://eprint.iacr.org/2017/627
@@ -21976,12 +21984,12 @@
CVE-2017-3170
RESERVED
CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl ...)
- {DSA-3896-1}
+ {DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
CVE-2017-3168
RESERVED
CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...)
- {DSA-3896-1}
+ {DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
CVE-2017-3166
RESERVED
@@ -28552,8 +28560,7 @@
RESERVED
CVE-2017-0378
RESERVED
-CVE-2017-0377 [TROVE-2017-006: Regression in guard family avoidance in 0.3.0 series]
- RESERVED
+CVE-2017-0377 (Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only ...)
- tor <not-affected> (Affects only 0.3.x series)
NOTE: https://trac.torproject.org/projects/tor/ticket/22753
NOTE: https://blog.torproject.org/blog/tor-0309-released-security-update-clients
More information about the Secure-testing-commits
mailing list