[Secure-testing-commits] r53157 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Jul 3 21:10:17 UTC 2017 

Author: sectracker
Date: 2017-07-03 21:10:17 +0000 (Mon, 03 Jul 2017)
New Revision: 53157

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-03 20:30:08 UTC (rev 53156)
+++ data/CVE/list	2017-07-03 21:10:17 UTC (rev 53157)
@@ -1,3 +1,11 @@
+CVE-2017-10805
+	RESERVED
+CVE-2017-10804
+	RESERVED
+CVE-2017-10803
+	RESERVED
+CVE-2017-10802
+	RESERVED
 CVE-2017-10801
 	RESERVED
 CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it ...)
@@ -3741,6 +3749,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378 (v4.12-rc5)
 	NOTE: Fixed by: https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728 (v4.12-rc5)
 CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an ...)
+	{DLA-1011-1}
 	- sudo 1.8.20p1-1.1 (bug #863897)
 	[buster] - sudo 1.8.19p1-2.1
 	[stretch] - sudo 1.8.19p1-2.1
@@ -3903,8 +3912,8 @@
 	NOT-FOR-US: jerryscript
 CVE-2017-9249 (Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows ...)
 	NOT-FOR-US: Allen Disk
-CVE-2017-9248
-	RESERVED
+CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 ...)
+	TODO: check
 CVE-2017-9247
 	RESERVED
 CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe ...)
@@ -6936,8 +6945,8 @@
 	RESERVED
 CVE-2017-8117
 	RESERVED
-CVE-2017-8116
-	RESERVED
+CVE-2017-8116 (The management interface for the Teltonika RUT9XX routers (aka LuCI) ...)
+	TODO: check
 CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the search ...)
 	NOT-FOR-US: MODX
 CVE-2017-8114 (Roundcube Webmail allows arbitrary password resets by authenticated ...)
@@ -7499,8 +7508,8 @@
 	NOT-FOR-US: Hikvision
 CVE-2017-7920
 	RESERVED
-CVE-2017-7919
-	RESERVED
+CVE-2017-7919 (An Improper Authentication issue was discovered in Newport XPS-Cx and ...)
+	TODO: check
 CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks ...)
 	NOT-FOR-US: Cambium Networks ePMP
 CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell ...)
@@ -13665,12 +13674,10 @@
 	NOTE: https://github.com/rubyzip/rubyzip/issues/315
 CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...)
 	NOT-FOR-US: Moodle plugin
-CVE-2017-5944 [Remote code execution in dashboard interface]
-	RESERVED
+CVE-2017-5944 (The dashboard subscription interface in Request Tracker (RT) 4.x ...)
 	{DSA-3882-1 DLA-987-1}
 	- request-tracker4 4.4.1-4
-CVE-2017-5943 [CSRF verification token information leak]
-	RESERVED
+CVE-2017-5943 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...)
 	{DSA-3882-1 DLA-987-1}
 	- request-tracker4 4.4.1-4
 CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...)
@@ -15947,8 +15954,7 @@
 	RESERVED
 CVE-2017-5362
 	RESERVED
-CVE-2017-5361 [Timing side-channel vulnerability in password verification]
-	RESERVED
+CVE-2017-5361 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...)
 	{DSA-3883-1 DSA-3882-1 DLA-988-1 DLA-987-1}
 	- request-tracker4 4.4.1-4
 	- rt-authen-externalauth <removed>
@@ -24405,7 +24411,7 @@
 	RESERVED
 CVE-2017-2295 [Unsafe YAML deseralization]
 	RESERVED
-	{DSA-3862-1}
+	{DSA-3862-1 DLA-1012-1}
 	- puppet 4.8.2-5 (bug #863212)
 	NOTE: https://puppet.com/security/cve/cve-2017-2295
 	NOTE: https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea
@@ -40509,8 +40515,8 @@
 	RESERVED
 CVE-2016-6202
 	RESERVED
-CVE-2016-6201
-	RESERVED
+CVE-2016-6201 (Cross-site scripting (XSS) vulnerability in Ektron Content Management ...)
+	TODO: check
 CVE-2016-6200
 	RESERVED
 CVE-2016-6199 (ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to ...)
@@ -40865,8 +40871,7 @@
 	NOTE: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
 	NOTE: The CVE is originally assigend to OP-TEE, but the underlying issue seems to be in
 	NOTE: libtomcrypt, thus keep that source package as well for now associated.
-CVE-2016-6127 [XSS in file uploads]
-	RESERVED
+CVE-2016-6127 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x ...)
 	{DSA-3882-1 DLA-987-1}
 	- request-tracker4 4.4.1-4
 CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
@@ -44789,8 +44794,8 @@
 	NOT-FOR-US: NetApp OnCommand System Manager
 CVE-2016-5046
 	RESERVED
-CVE-2016-5045
-	RESERVED
+CVE-2016-5045 (NetApp OnCommand System Manager before 9.0 allows remote attackers to ...)
+	TODO: check
 CVE-2016-5025 (For the NVIDIA Quadro, NVS, and GeForce products, improper ...)
 	NOT-FOR-US: NVIDIA Quadro, NVS, and GeForce product
 CVE-2016-5024 (Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and ...)
@@ -47907,10 +47912,10 @@
 	NOTE: https://hg.python.org/jython/rev/d06e29d100c0
 CVE-2016-3999 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
 	NOT-FOR-US: Zimbra
-CVE-2016-3998
-	RESERVED
-CVE-2016-3997
-	RESERVED
+CVE-2016-3998 (NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to ...)
+	TODO: check
+CVE-2016-3997 (NetApp Clustered Data ONTAP allows man-in-the-middle attackers to ...)
+	TODO: check
 CVE-2016-XXXX [auth bypass]
 	- brltty <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=967436
@@ -49639,8 +49644,8 @@
 	NOT-FOR-US: Zimbra
 CVE-2016-3401 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
 	NOT-FOR-US: Zimbra
-CVE-2016-3400
-	RESERVED
+CVE-2016-3400 (NetApp Data ONTAP, when operating in 7-Mode 8.1 and 8.2, allows ...)
+	TODO: check
 CVE-2016-3399
 	RESERVED
 CVE-2016-3398
@@ -66203,7 +66208,7 @@
 	NOTE: https://savannah.gnu.org/bugs/?45713
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/01/1
 CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in ...)
-	{DLA-317-1}
+	{DLA-1010-1 DLA-317-1}
 	- vorbis-tools 1.4.0-7 (bug #797461)
 	[jessie] - vorbis-tools 1.4.0-6+deb8u1
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
@@ -82758,7 +82763,7 @@
 CVE-2014-9631
 	RESERVED
 CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...)
-	{DLA-317-1}
+	{DLA-1010-1 DLA-317-1}
 	- vorbis-tools 1.4.0-7 (unimportant; bug #776086)
 	[jessie] - vorbis-tools 1.4.0-6+deb8u1
 	- opus-tools 0.1.10-1 (unimportant; bug #780160)
@@ -82767,7 +82772,7 @@
 	NOTE: No security impact
 	NOTE: proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
 CVE-2014-9639 (Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote ...)
-	{DLA-317-1}
+	{DLA-1010-1 DLA-317-1}
 	- vorbis-tools 1.4.0-7 (low; bug #776086)
 	[jessie] - vorbis-tools 1.4.0-6+deb8u1
 	[squeeze] - vorbis-tools <no-dsa> (Minor issue)
@@ -82778,7 +82783,7 @@
 	NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
 	NOTE: proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
 CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause ...)
-	{DLA-317-1}
+	{DLA-1010-1 DLA-317-1}
 	- vorbis-tools 1.4.0-6 (bug #771363)
 	[squeeze] - vorbis-tools <no-dsa> (Minor issue)
 	NOTE: https://trac.xiph.org/ticket/2009

More information about the Secure-testing-commits mailing list