[Secure-testing-commits] r53236 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jul 6 21:10:15 UTC 2017
Author: sectracker
Date: 2017-07-06 21:10:15 +0000 (Thu, 06 Jul 2017)
New Revision: 53236
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-06 20:43:51 UTC (rev 53235)
+++ data/CVE/list 2017-07-06 21:10:15 UTC (rev 53236)
@@ -1,3 +1,15 @@
+CVE-2017-10977
+ RESERVED
+CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to ...)
+ TODO: check
+CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might ...)
+ TODO: check
+CVE-2017-10974
+ RESERVED
+CVE-2017-10973 (In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php ...)
+ TODO: check
+CVE-2017-10970 (Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 ...)
+ TODO: check
CVE-2017-XXXX [Seg fault when loading hostile phar]
- php7.1 7.1.1-1
- php7.0 7.0.15-1
@@ -44,11 +56,11 @@
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73807
NOTE: Fixed in 7.1.3, 7.0.17
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
-CVE-2017-10972
+CVE-2017-10972 (Uninitialized data in endianness conversion in the XEvent handling of ...)
- xorg-server <unfixed> (bug #867492)
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
-CVE-2017-10971
+CVE-2017-10971 (In the X.Org X server before 2017-06-19, a user authenticated to an X ...)
- xorg-server <unfixed> (bug #867492)
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
@@ -58,8 +70,8 @@
RESERVED
CVE-2017-10968
RESERVED
-CVE-2017-10967
- RESERVED
+CVE-2017-10967 (In FineCMS before 2017-07-06, application\core\controller\config.php ...)
+ TODO: check
CVE-2017-10966
RESERVED
CVE-2017-10965
@@ -139,6 +151,7 @@
NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
CVE-2017-10929 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...)
+ {DLA-1016-1}
- radare2 <unfixed> (bug #867369)
[stretch] - radare2 <no-dsa> (Minor issue)
[jessie] - radare2 <no-dsa> (Minor issue)
@@ -3352,8 +3365,7 @@
NOTE: Curve Ed25519 signing and verification inplemented in 1.6.0 with
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6
NOTE: and following refactorings.
-CVE-2017-9524 [nbd: segmentation fault due to client non-negotiation]
- RESERVED
+CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with the ...)
- qemu <unfixed> (bug #865755)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -5287,8 +5299,7 @@
- perltidy 20140328-2 (bug #862667)
[jessie] - perltidy <no-dsa> (Minor issue; can be fixed via point release)
[wheezy] - perltidy <no-dsa> (Minor issue)
-CVE-2017-8932 [Elliptic curves carry propagation issue in x86-64 P-256]
- RESERVED
+CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve P-256 ...)
- golang-1.8 1.8.3-1 (bug #863307)
[stretch] - golang-1.8 <no-dsa> (Minor issue)
- golang-1.7 1.7.6-1 (bug #863308)
@@ -6992,8 +7003,8 @@
RESERVED
CVE-2017-8292
RESERVED
-CVE-2017-8290
- RESERVED
+CVE-2017-8290 (A potential Buffer Overflow Vulnerability (from a BB Code handling ...)
+ TODO: check
CVE-2017-8289 (Stack-based buffer overflow in the ipv6_addr_from_str function in ...)
NOT-FOR-US: RIOS OS
CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to ...)
@@ -13314,10 +13325,10 @@
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2017-6249
RESERVED
-CVE-2017-6248
- RESERVED
-CVE-2017-6247
- RESERVED
+CVE-2017-6248 (An elevation of privilege vulnerability in the NVIDIA sound driver ...)
+ TODO: check
+CVE-2017-6247 (An elevation of privilege vulnerability in the NVIDIA sound driver ...)
+ TODO: check
CVE-2017-6246
RESERVED
CVE-2017-6245
@@ -26933,7 +26944,7 @@
NOT-FOR-US: IBM
CVE-2017-1255
RESERVED
-CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable XML External Entity Injection ...)
+CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable to a XML External Entity ...)
NOT-FOR-US: IBM
CVE-2017-1253 (IBM Security Guardium 10.0 could allow a remote authenticated attacker ...)
NOT-FOR-US: IBM
@@ -26969,8 +26980,8 @@
RESERVED
CVE-2017-1237
RESERVED
-CVE-2017-1236
- RESERVED
+CVE-2017-1236 (IBM WebSphere MQ 9.0.2 could allow an authenticated user to ...)
+ TODO: check
CVE-2017-1235
RESERVED
CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
@@ -28163,102 +28174,102 @@
RESERVED
CVE-2017-0712
RESERVED
-CVE-2017-0711
- RESERVED
-CVE-2017-0710
- RESERVED
-CVE-2017-0709
- RESERVED
-CVE-2017-0708
- RESERVED
-CVE-2017-0707
- RESERVED
-CVE-2017-0706
- RESERVED
-CVE-2017-0705
- RESERVED
-CVE-2017-0704
- RESERVED
-CVE-2017-0703
- RESERVED
-CVE-2017-0702
- RESERVED
-CVE-2017-0701
- RESERVED
-CVE-2017-0700
- RESERVED
-CVE-2017-0699
- RESERVED
-CVE-2017-0698
- RESERVED
-CVE-2017-0697
- RESERVED
-CVE-2017-0696
- RESERVED
-CVE-2017-0695
- RESERVED
-CVE-2017-0694
- RESERVED
-CVE-2017-0693
- RESERVED
-CVE-2017-0692
- RESERVED
-CVE-2017-0691
- RESERVED
-CVE-2017-0690
- RESERVED
-CVE-2017-0689
- RESERVED
-CVE-2017-0688
- RESERVED
+CVE-2017-0711 (A elevation of privilege vulnerability in the MediaTek networking ...)
+ TODO: check
+CVE-2017-0710 (A elevation of privilege vulnerability in the Upstream Linux tcb. ...)
+ TODO: check
+CVE-2017-0709 (A information disclosure vulnerability in the HTC sensor hub driver. ...)
+ TODO: check
+CVE-2017-0708 (A information disclosure vulnerability in the HTC sound driver. ...)
+ TODO: check
+CVE-2017-0707 (A elevation of privilege vulnerability in the HTC led driver. Product: ...)
+ TODO: check
+CVE-2017-0706 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
+ TODO: check
+CVE-2017-0705 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
+ TODO: check
+CVE-2017-0704 (A elevation of privilege vulnerability in the Android system ui. ...)
+ TODO: check
+CVE-2017-0703 (A elevation of privilege vulnerability in the Android system ui. ...)
+ TODO: check
+CVE-2017-0702 (A remote code execution vulnerability in the Android system ui. ...)
+ TODO: check
+CVE-2017-0701 (A remote code execution vulnerability in the Android system ui. ...)
+ TODO: check
+CVE-2017-0700 (A remote code execution vulnerability in the Android system ui. ...)
+ TODO: check
+CVE-2017-0699 (A information disclosure vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0698 (A information disclosure vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0697 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0696 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0695 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0694 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0693 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0692 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0691 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0690 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0689 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0688 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
CVE-2017-0687
RESERVED
-CVE-2017-0686
- RESERVED
-CVE-2017-0685
- RESERVED
-CVE-2017-0684
- RESERVED
-CVE-2017-0683
- RESERVED
-CVE-2017-0682
- RESERVED
-CVE-2017-0681
- RESERVED
-CVE-2017-0680
- RESERVED
-CVE-2017-0679
- RESERVED
-CVE-2017-0678
- RESERVED
-CVE-2017-0677
- RESERVED
-CVE-2017-0676
- RESERVED
-CVE-2017-0675
- RESERVED
-CVE-2017-0674
- RESERVED
-CVE-2017-0673
- RESERVED
-CVE-2017-0672
- RESERVED
-CVE-2017-0671
- RESERVED
-CVE-2017-0670
- RESERVED
-CVE-2017-0669
- RESERVED
-CVE-2017-0668
- RESERVED
-CVE-2017-0667
- RESERVED
-CVE-2017-0666
- RESERVED
-CVE-2017-0665
- RESERVED
-CVE-2017-0664
- RESERVED
+CVE-2017-0686 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0685 (A denial of service vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0684 (A elevation of privilege vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0683 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0682 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0681 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0680 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0679 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0678 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0677 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0676 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0675 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0674 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0673 (A remote code execution vulnerability in the Android media framework. ...)
+ TODO: check
+CVE-2017-0672 (A denial of service vulnerability in the Android libraries. Product: ...)
+ TODO: check
+CVE-2017-0671 (A remote code execution vulnerability in the Android libraries. ...)
+ TODO: check
+CVE-2017-0670 (A denial of service vulnerability in the Android framework. Product: ...)
+ TODO: check
+CVE-2017-0669 (A information disclosure vulnerability in the Android framework. ...)
+ TODO: check
+CVE-2017-0668 (A information disclosure vulnerability in the Android framework. ...)
+ TODO: check
+CVE-2017-0667 (A elevation of privilege vulnerability in the Android framework. ...)
+ TODO: check
+CVE-2017-0666 (A elevation of privilege vulnerability in the Android framework. ...)
+ TODO: check
+CVE-2017-0665 (A elevation of privilege vulnerability in the Android framework. ...)
+ TODO: check
+CVE-2017-0664 (A elevation of privilege vulnerability in the Android framework. ...)
+ TODO: check
CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable an ...)
- libxml2 <undetermined>
NOTE: https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc
@@ -48342,8 +48353,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326540
NOTE: Upstream commit: https://git.kernel.org/linus/7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 (v4.4-rc3)
NOTE: Introduced by: https://git.kernel.org/linus/fb09692e71f13af7298eb603a1975850b1c7a8d8 (v3.9-rc1)
-CVE-2016-4000 [Unsafe deserialization leads to code execution]
- RESERVED
+CVE-2016-4000 (Jython before 2.7.1rc1 allows attackers to execute arbitrary code via ...)
{DSA-3893-1 DLA-989-1}
- jython 2.5.3-17 (bug #864859)
NOTE: http://bugs.jython.org/issue2454
More information about the Secure-testing-commits
mailing list