[Secure-testing-commits] r53196 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jul 5 21:10:15 UTC 2017
Author: sectracker
Date: 2017-07-05 21:10:15 +0000 (Wed, 05 Jul 2017)
New Revision: 53196
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-05 21:09:00 UTC (rev 53195)
+++ data/CVE/list 2017-07-05 21:10:15 UTC (rev 53196)
@@ -1,11 +1,15 @@
+CVE-2017-10929 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...)
+ TODO: check
+CVE-2017-10928 (In ImageMagick 7.0.6-0, a heap-based buffer over-read in the ...)
+ TODO: check
CVE-2017-10927
RESERVED
-CVE-2017-10926
- RESERVED
-CVE-2017-10925
- RESERVED
-CVE-2017-10924
- RESERVED
+CVE-2017-10926 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to ...)
+ TODO: check
+CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to ...)
+ TODO: check
+CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execute ...)
+ TODO: check
CVE-2017-10910
RESERVED
CVE-2017-10909
@@ -216,6 +220,7 @@
CVE-2017-10806
RESERVED
CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate ...)
+ {DSA-3902-1}
- jabberd2 <unfixed> (bug #867032)
NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
@@ -284,124 +289,124 @@
RESERVED
CVE-2017-10784
RESERVED
-CVE-2017-10783
- RESERVED
-CVE-2017-10782
- RESERVED
-CVE-2017-10781
- RESERVED
-CVE-2017-10780
- RESERVED
-CVE-2017-10779
- RESERVED
-CVE-2017-10778
- RESERVED
-CVE-2017-10777
- RESERVED
-CVE-2017-10776
- RESERVED
-CVE-2017-10775
- RESERVED
-CVE-2017-10774
- RESERVED
-CVE-2017-10773
- RESERVED
-CVE-2017-10772
- RESERVED
-CVE-2017-10771
- RESERVED
-CVE-2017-10770
- RESERVED
-CVE-2017-10769
- RESERVED
-CVE-2017-10768
- RESERVED
-CVE-2017-10767
- RESERVED
-CVE-2017-10766
- RESERVED
-CVE-2017-10765
- RESERVED
-CVE-2017-10764
- RESERVED
-CVE-2017-10763
- RESERVED
-CVE-2017-10762
- RESERVED
-CVE-2017-10761
- RESERVED
-CVE-2017-10760
- RESERVED
-CVE-2017-10759
- RESERVED
-CVE-2017-10758
- RESERVED
-CVE-2017-10757
- RESERVED
-CVE-2017-10756
- RESERVED
-CVE-2017-10755
- RESERVED
-CVE-2017-10754
- RESERVED
-CVE-2017-10753
- RESERVED
-CVE-2017-10752
- RESERVED
-CVE-2017-10751
- RESERVED
-CVE-2017-10750
- RESERVED
-CVE-2017-10749
- RESERVED
-CVE-2017-10748
- RESERVED
-CVE-2017-10747
- RESERVED
-CVE-2017-10746
- RESERVED
-CVE-2017-10745
- RESERVED
-CVE-2017-10744
- RESERVED
-CVE-2017-10743
- RESERVED
-CVE-2017-10742
- RESERVED
-CVE-2017-10741
- RESERVED
-CVE-2017-10740
- RESERVED
-CVE-2017-10739
- RESERVED
-CVE-2017-10738
- RESERVED
-CVE-2017-10737
- RESERVED
-CVE-2017-10736
- RESERVED
-CVE-2017-10735
- RESERVED
-CVE-2017-10734
- RESERVED
-CVE-2017-10733
- RESERVED
-CVE-2017-10732
- RESERVED
-CVE-2017-10731
- RESERVED
-CVE-2017-10730
- RESERVED
-CVE-2017-10729
- RESERVED
-CVE-2017-10728
- RESERVED
-CVE-2017-10727
- RESERVED
-CVE-2017-10726
- RESERVED
-CVE-2017-10725
- RESERVED
+CVE-2017-10783 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10782 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10781 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10780 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10779 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10778 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10777 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10776 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10775 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10774 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10773 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10772 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10771 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10770 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10769 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10768 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10767 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10766 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10765 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10764 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10763 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10762 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10761 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10760 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10759 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10758 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10757 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10756 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10755 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10754 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10753 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10752 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10751 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
+ TODO: check
+CVE-2017-10750 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10749 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10748 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10747 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10746 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10745 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10744 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10743 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10742 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10741 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10740 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10739 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10738 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10737 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10736 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-10735 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
+ TODO: check
+CVE-2017-10734 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
+ TODO: check
+CVE-2017-10733 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
+ TODO: check
+CVE-2017-10732 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
+ TODO: check
+CVE-2017-10731 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary ...)
+ TODO: check
+CVE-2017-10730 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary ...)
+ TODO: check
+CVE-2017-10729 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary ...)
+ TODO: check
+CVE-2017-10728 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary ...)
+ TODO: check
+CVE-2017-10727 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary ...)
+ TODO: check
+CVE-2017-10726 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary ...)
+ TODO: check
+CVE-2017-10725 (Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code ...)
+ TODO: check
CVE-2017-10724
RESERVED
CVE-2017-10723
@@ -479,6 +484,7 @@
CVE-2017-10689
RESERVED
CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...)
+ {DSA-3903-1}
- tiff 4.0.8-3 (bug #866611)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712
@@ -856,6 +862,7 @@
NOTE: to see this as an issue in libjbig itself.
TODO: wait for futher development on upstream
CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
+ {DSA-3903-1}
- tiff 4.0.8-3 (bug #866113)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
@@ -886,116 +893,116 @@
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/74
-CVE-2017-9927
- RESERVED
-CVE-2017-9926
- RESERVED
-CVE-2017-9925
- RESERVED
-CVE-2017-9924
- RESERVED
-CVE-2017-9923
- RESERVED
-CVE-2017-9922
- RESERVED
-CVE-2017-9921
- RESERVED
-CVE-2017-9920
- RESERVED
-CVE-2017-9919
- RESERVED
-CVE-2017-9918
- RESERVED
-CVE-2017-9917
- RESERVED
-CVE-2017-9916
- RESERVED
-CVE-2017-9915
- RESERVED
-CVE-2017-9914
- RESERVED
-CVE-2017-9913
- RESERVED
-CVE-2017-9912
- RESERVED
-CVE-2017-9911
- RESERVED
-CVE-2017-9910
- RESERVED
-CVE-2017-9909
- RESERVED
-CVE-2017-9908
- RESERVED
-CVE-2017-9907
- RESERVED
-CVE-2017-9906
- RESERVED
-CVE-2017-9905
- RESERVED
-CVE-2017-9904
- RESERVED
-CVE-2017-9903
- RESERVED
-CVE-2017-9902
- RESERVED
-CVE-2017-9901
- RESERVED
-CVE-2017-9900
- RESERVED
-CVE-2017-9899
- RESERVED
-CVE-2017-9898
- RESERVED
-CVE-2017-9897
- RESERVED
-CVE-2017-9896
- RESERVED
-CVE-2017-9895
- RESERVED
-CVE-2017-9894
- RESERVED
-CVE-2017-9893
- RESERVED
-CVE-2017-9892
- RESERVED
-CVE-2017-9891
- RESERVED
-CVE-2017-9890
- RESERVED
-CVE-2017-9889
- RESERVED
-CVE-2017-9888
- RESERVED
-CVE-2017-9887
- RESERVED
-CVE-2017-9886
- RESERVED
-CVE-2017-9885
- RESERVED
-CVE-2017-9884
- RESERVED
-CVE-2017-9883
- RESERVED
-CVE-2017-9882
- RESERVED
-CVE-2017-9881
- RESERVED
-CVE-2017-9880
- RESERVED
-CVE-2017-9879
- RESERVED
-CVE-2017-9878
- RESERVED
-CVE-2017-9877
- RESERVED
-CVE-2017-9876
- RESERVED
-CVE-2017-9875
- RESERVED
-CVE-2017-9874
- RESERVED
-CVE-2017-9873
- RESERVED
+CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
+ TODO: check
+CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
+ TODO: check
+CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
+ TODO: check
+CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
+ TODO: check
+CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
+ TODO: check
+CVE-2017-9922 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
+ TODO: check
+CVE-2017-9921 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
+ TODO: check
+CVE-2017-9920 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
+ TODO: check
+CVE-2017-9919 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
+ TODO: check
+CVE-2017-9918 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
+ TODO: check
+CVE-2017-9917 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
+ TODO: check
+CVE-2017-9916 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
+ TODO: check
+CVE-2017-9915 (IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers ...)
+ TODO: check
+CVE-2017-9914 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9913 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9912 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9911 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9910 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9909 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9908 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9907 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9906 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9905 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9904 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9903 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9902 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9901 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9900 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9899 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9898 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9897 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9896 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9895 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9894 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9893 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9892 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9891 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9890 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9889 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9888 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9887 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9886 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9885 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9884 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9883 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9882 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9881 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9880 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9879 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9878 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9877 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9876 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9875 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9874 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9873 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as used in ...)
- lame <undetermined>
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/
@@ -3162,24 +3169,24 @@
RESERVED
CVE-2017-9537
RESERVED
-CVE-2017-9536
- RESERVED
-CVE-2017-9535
- RESERVED
-CVE-2017-9534
- RESERVED
-CVE-2017-9533
- RESERVED
-CVE-2017-9532
- RESERVED
-CVE-2017-9531
- RESERVED
-CVE-2017-9530
- RESERVED
-CVE-2017-9529
- RESERVED
-CVE-2017-9528
- RESERVED
+CVE-2017-9536 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9535 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9534 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9533 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9532 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9531 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
+ TODO: check
+CVE-2017-9530 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
+ TODO: check
+CVE-2017-9529 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
+ TODO: check
+CVE-2017-9528 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote ...)
+ TODO: check
CVE-2017-9527 (The mark_context_stack function in gc.c in mruby through 1.2.0 allows ...)
[experimental] - mruby 1.2.0+20170601+git51e0e690-1
- mruby <unfixed> (low; bug #865778)
@@ -3560,7 +3567,7 @@
[jessie] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/457
CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...)
- {DLA-984-1 DLA-983-1}
+ {DSA-3903-1 DLA-984-1 DLA-983-1}
- tiff 4.0.8-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2688
@@ -3576,7 +3583,7 @@
NOTE: with backtrace following the methods in http://bugzilla.maptools.org/show_bug.cgi?id=2688
NOTE: is shown.
CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...)
- {DLA-984-1 DLA-983-1}
+ {DSA-3903-1 DLA-984-1 DLA-983-1}
- tiff 4.0.8-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2689
@@ -4487,7 +4494,7 @@
NOTE: http://freeradius.org/security.html#session-resumption-2017
NOTE: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563
CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ...)
- {DLA-984-1 DLA-983-1}
+ {DSA-3903-1 DLA-984-1 DLA-983-1}
- tiff 4.0.8-2 (bug #863185)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2693
@@ -5426,8 +5433,8 @@
RESERVED
CVE-2017-8827 (forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might ...)
NOT-FOR-US: GenixCMS
-CVE-2017-8826
- RESERVED
+CVE-2017-8826 (FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly ...)
+ TODO: check
CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handling ...)
- libetpan 1.6-3 (bug #862151)
[jessie] - libetpan <no-dsa> (Minor issue)
@@ -5524,8 +5531,8 @@
NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7
NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
-CVE-2017-8803
- RESERVED
+CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow ...)
+ TODO: check
CVE-2017-8802
RESERVED
CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build ...)
@@ -5573,8 +5580,8 @@
NOTE: https://bugs.exim.org/show_bug.cgi?id=2079
NOTE: https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/
NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692&r2=697
-CVE-2017-8785
- RESERVED
+CVE-2017-8785 (FastStone Image Viewer 6.2 has a "Data from Faulting Address may be ...)
+ TODO: check
CVE-2017-8784
REJECTED
CVE-2017-8783
@@ -5583,8 +5590,8 @@
{DLA-980-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/70
-CVE-2017-8781
- RESERVED
+CVE-2017-8781 (XnView Classic for Windows Version 2.40 allows user-assisted remote ...)
+ TODO: check
CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during ...)
NOT-FOR-US: GenixCMS
CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 ...)
@@ -5619,8 +5626,8 @@
NOT-FOR-US: Atlassian SourceTree
CVE-2017-8767
REJECTED
-CVE-2017-8766
- RESERVED
+CVE-2017-8766 (IrfanView version 4.44 (32bit) allows remote attackers to execute code ...)
+ TODO: check
CVE-2017-8765 (The function named ReadICONImage in coders\icon.c in ImageMagick ...)
{DSA-3863-1 DLA-960-1}
- imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862653)
@@ -6332,8 +6339,8 @@
[wheezy] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb
-CVE-2017-8420
- RESERVED
+CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...)
+ TODO: check
CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values ...)
- lame 3.99.5+repack1-7
[wheezy] - lame 3.99.5+repack1-3+deb7u1
@@ -6484,8 +6491,8 @@
RESERVED
CVE-2017-8388 (GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger ...)
NOT-FOR-US: GeniXCMS
-CVE-2017-8387
- RESERVED
+CVE-2017-8387 (STDU Viewer version 1.6.375 might allow user-assisted attackers to ...)
+ TODO: check
CVE-2017-8386 (git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before ...)
{DSA-3848-1 DLA-938-1}
- git 1:2.11.0-3
@@ -6501,8 +6508,8 @@
NOT-FOR-US: Craft CMS
CVE-2017-8382 (admidio 3.2.8 has CSRF in ...)
NOT-FOR-US: admidio
-CVE-2017-8381
- RESERVED
+CVE-2017-8381 (XnView Classic for Windows Version 2.40 allows user-assisted remote ...)
+ TODO: check
CVE-2017-8380 [scsi: megasas: out-of-bounds read in megasas_mmio_write]
RESERVED
- qemu 1:2.8+dfsg-5 (bug #862282)
@@ -6542,12 +6549,12 @@
NOTE: Addressed by patch from #508133
CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses ...)
NOT-FOR-US: Schneider Electric
-CVE-2017-8370
- RESERVED
-CVE-2017-8369
- RESERVED
-CVE-2017-8368
- RESERVED
+CVE-2017-8370 (IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote ...)
+ TODO: check
+CVE-2017-8369 (IrfanView version 4.44 (32bit) has a "Data from Faulting Address ...)
+ TODO: check
+CVE-2017-8368 (Sublime Text 3 Build 3126 might allow user-assisted attackers to ...)
+ TODO: check
CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD ...)
NOT-FOR-US: Ether Software
CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote ...)
@@ -6845,8 +6852,8 @@
- qemu-kvm <removed> (unimportant)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=30663fd26c0307e414622c7a8607fbc04f92ec14
NOTE: qemu issue without security implication per upstream
-CVE-2017-8282
- RESERVED
+CVE-2017-8282 (XnView Classic for Windows Version 2.40 allows user-assisted remote ...)
+ TODO: check
CVE-2017-8281
RESERVED
CVE-2017-8280
@@ -7924,8 +7931,8 @@
NOT-FOR-US: Qualcomm component for Android
CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a buffer ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-7894
- RESERVED
+CVE-2017-7894 (WinDjView 2.1 might allow user-assisted attackers to execute code via a ...)
+ TODO: check
CVE-2017-7893
RESERVED
CVE-2017-7892 (Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a ...)
@@ -8249,7 +8256,7 @@
RESERVED
CVE-2017-7778
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
- firefox 54.0-1
@@ -8260,7 +8267,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778
CVE-2017-7777
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -8269,7 +8276,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
CVE-2017-7776
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -8277,7 +8284,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
CVE-2017-7775
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -8285,7 +8292,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
CVE-2017-7774
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -8293,7 +8300,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
CVE-2017-7773
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -8301,7 +8308,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
CVE-2017-7772
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -8309,7 +8316,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
CVE-2017-7771
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -17626,7 +17633,7 @@
CVE-2017-4955 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions ...)
NOT-FOR-US: Pivotal PCF Elastic Runtime
CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in ...)
- {DLA-984-1 DLA-983-1}
+ {DSA-3903-1 DLA-984-1 DLA-983-1}
- tiff 4.0.8-2 (bug #850316)
- tiff3 <removed>
NOTE: This is a duplicate of CVE-2015-7554, both were reported against tiffsplit
@@ -20318,14 +20325,14 @@
NOT-FOR-US: IBM
CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
-CVE-2016-9989
- RESERVED
-CVE-2016-9988
- RESERVED
-CVE-2016-9987
- RESERVED
-CVE-2016-9986
- RESERVED
+CVE-2016-9989 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...)
+ TODO: check
+CVE-2016-9988 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...)
+ TODO: check
+CVE-2016-9987 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...)
+ TODO: check
+CVE-2016-9986 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...)
+ TODO: check
CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information ...)
NOT-FOR-US: IBM
CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote ...)
@@ -24655,14 +24662,13 @@
RESERVED
CVE-2017-2296
RESERVED
-CVE-2017-2295 [Unsafe YAML deseralization]
- RESERVED
+CVE-2017-2295 (Versions of Puppet prior to 4.10.1 will deserialize data off the wire ...)
{DSA-3862-1 DLA-1012-1}
- puppet 4.8.2-5 (bug #863212)
NOTE: https://puppet.com/security/cve/cve-2017-2295
NOTE: https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea
-CVE-2017-2294
- RESERVED
+CVE-2017-2294 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to ...)
+ TODO: check
CVE-2017-2293
RESERVED
CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...)
@@ -26713,8 +26719,8 @@
RESERVED
CVE-2017-1270
RESERVED
-CVE-2017-1269
- RESERVED
+CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A ...)
+ TODO: check
CVE-2017-1268
RESERVED
CVE-2017-1267
@@ -26723,8 +26729,8 @@
RESERVED
CVE-2017-1265
RESERVED
-CVE-2017-1264
- RESERVED
+CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently proves ...)
+ TODO: check
CVE-2017-1263
RESERVED
CVE-2017-1262
@@ -26735,18 +26741,18 @@
RESERVED
CVE-2017-1259
RESERVED
-CVE-2017-1258
- RESERVED
+CVE-2017-1258 (IBM Security Guardium 10.0 and 10.1 does not perform an authentication ...)
+ TODO: check
CVE-2017-1257
RESERVED
-CVE-2017-1256
- RESERVED
+CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site ...)
+ TODO: check
CVE-2017-1255
RESERVED
-CVE-2017-1254
- RESERVED
-CVE-2017-1253
- RESERVED
+CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable XML External Entity Injection ...)
+ TODO: check
+CVE-2017-1253 (IBM Security Guardium 10.0 could allow a remote authenticated attacker ...)
+ TODO: check
CVE-2017-1252
RESERVED
CVE-2017-1251
@@ -26817,8 +26823,8 @@
RESERVED
CVE-2017-1218
RESERVED
-CVE-2017-1217
- RESERVED
+CVE-2017-1217 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2017-1216
RESERVED
CVE-2017-1215
@@ -26835,10 +26841,10 @@
RESERVED
CVE-2017-1209
RESERVED
-CVE-2017-1208
- RESERVED
-CVE-2017-1207
- RESERVED
+CVE-2017-1208 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to ...)
+ TODO: check
+CVE-2017-1207 (IBM WebSphere Message Broker stores user credentials in plain in clear ...)
+ TODO: check
CVE-2017-1206
RESERVED
CVE-2017-1205 (IBM Platform LSF 10.1 contains an unspecified vulnerability that could ...)
@@ -26900,10 +26906,10 @@
NOT-FOR-US: IBM
CVE-2017-1177
RESERVED
-CVE-2017-1176
- RESERVED
-CVE-2017-1175
- RESERVED
+CVE-2017-1176 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user ...)
+ TODO: check
+CVE-2017-1175 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL ...)
+ TODO: check
CVE-2017-1174
RESERVED
CVE-2017-1173
@@ -26938,8 +26944,8 @@
NOT-FOR-US: IBM
CVE-2017-1158
RESERVED
-CVE-2017-1157
- RESERVED
+CVE-2017-1157 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an ...)
+ TODO: check
CVE-2017-1156 (IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to ...)
NOT-FOR-US: IBM
CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...)
@@ -26964,8 +26970,8 @@
NOT-FOR-US: IBM
CVE-2017-1145 (IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents ...)
NOT-FOR-US: IBM
-CVE-2017-1144
- RESERVED
+CVE-2017-1144 (IBM WebSphere Message Broker could allow a local user with specialized ...)
+ TODO: check
CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...)
NOT-FOR-US: IBM
CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...)
@@ -27026,8 +27032,8 @@
RESERVED
CVE-2017-1114
RESERVED
-CVE-2017-1113
- RESERVED
+CVE-2017-1113 (IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to ...)
+ TODO: check
CVE-2017-1112
RESERVED
CVE-2017-1111
@@ -27060,8 +27066,8 @@
RESERVED
CVE-2017-1097
RESERVED
-CVE-2017-1096
- RESERVED
+CVE-2017-1096 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to ...)
+ TODO: check
CVE-2017-1095
RESERVED
CVE-2017-1094
@@ -27513,8 +27519,8 @@
NOT-FOR-US: IBM
CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
-CVE-2016-9746
- RESERVED
+CVE-2016-9746 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2016-9745
RESERVED
CVE-2016-9744
@@ -27539,8 +27545,8 @@
NOT-FOR-US: IBM
CVE-2016-9734
RESERVED
-CVE-2016-9733
- RESERVED
+CVE-2016-9733 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2016-9732
RESERVED
CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site scripting. ...)
@@ -27603,10 +27609,10 @@
NOT-FOR-US: IBM
CVE-2016-9702
RESERVED
-CVE-2016-9701
- RESERVED
-CVE-2016-9700
- RESERVED
+CVE-2016-9701 (IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
+ TODO: check
+CVE-2016-9700 (IBM Jazz Foundation could allow an authenticated attacker to obtain ...)
+ TODO: check
CVE-2016-9699
RESERVED
CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of ...)
@@ -60605,8 +60611,8 @@
NOT-FOR-US: IBM
CVE-2016-0239 (IBM Security Guardium Database Activity Monitor 9.x through 9.5 before ...)
NOT-FOR-US: IBM
-CVE-2016-0238
- RESERVED
+CVE-2016-0238 (IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits ...)
+ TODO: check
CVE-2016-0237
RESERVED
CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
More information about the Secure-testing-commits
mailing list