[Secure-testing-commits] r53593 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Jul 17 21:10:14 UTC 2017


Author: sectracker
Date: 2017-07-17 21:10:14 +0000 (Mon, 17 Jul 2017)
New Revision: 53593

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-17 20:56:56 UTC (rev 53592)
+++ data/CVE/list	2017-07-17 21:10:14 UTC (rev 53593)
@@ -1,3 +1,75 @@
+CVE-2017-11399 (Integer overflow in the ape_decode_frame function in ...)
+	TODO: check
+CVE-2017-11398
+	RESERVED
+CVE-2017-11397
+	RESERVED
+CVE-2017-11396
+	RESERVED
+CVE-2017-11395
+	RESERVED
+CVE-2017-11394
+	RESERVED
+CVE-2017-11393
+	RESERVED
+CVE-2017-11392
+	RESERVED
+CVE-2017-11391
+	RESERVED
+CVE-2017-11390
+	RESERVED
+CVE-2017-11389
+	RESERVED
+CVE-2017-11388
+	RESERVED
+CVE-2017-11387
+	RESERVED
+CVE-2017-11386
+	RESERVED
+CVE-2017-11385
+	RESERVED
+CVE-2017-11384
+	RESERVED
+CVE-2017-11383
+	RESERVED
+CVE-2017-11382
+	RESERVED
+CVE-2017-11381
+	RESERVED
+CVE-2017-11380
+	RESERVED
+CVE-2017-11379
+	RESERVED
+CVE-2017-11378
+	RESERVED
+CVE-2017-11377
+	RESERVED
+CVE-2017-11376
+	RESERVED
+CVE-2017-11375
+	RESERVED
+CVE-2017-11374
+	RESERVED
+CVE-2017-11373
+	RESERVED
+CVE-2017-11372
+	RESERVED
+CVE-2017-11371
+	RESERVED
+CVE-2017-11370
+	RESERVED
+CVE-2017-11369
+	RESERVED
+CVE-2017-11368
+	RESERVED
+CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-07-17 ...)
+	TODO: check
+CVE-2017-11366
+	RESERVED
+CVE-2017-11365
+	RESERVED
+CVE-2017-11364
+	RESERVED
 CVE-2017-11363
 	RESERVED
 CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...)
@@ -6,8 +78,8 @@
 	- php5 <removed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73473
 	NOTE: Fixed in 7.1.7, 7.0.21
-CVE-2017-11361
-	RESERVED
+CVE-2017-11361 (Inteno routers have a JUCI ACL misconfiguration that allows the "user" ...)
+	TODO: check
 CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...)
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
@@ -788,10 +860,10 @@
 	RESERVED
 CVE-2017-11129
 	RESERVED
-CVE-2017-11128
-	RESERVED
-CVE-2017-11127
-	RESERVED
+CVE-2017-11128 (Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by ...)
+	TODO: check
+CVE-2017-11127 (Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a ...)
+	TODO: check
 CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123 through ...)
 	- mpg123 <unfixed> (unimportant)
 	NOTE: no security impact
@@ -1134,81 +1206,71 @@
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
 	NOTE: http://marc.info/?l=sqlite-users&m=149933696214713&w=2
 CVE-2017-10988 [Decode 'signed' attributes correctly]
-	RESERVED
+	REJECTED
 	- freeradius <unfixed>
 	[jessie] - freeradius <not-affected> (Only affects 3.x series)
 	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-305
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/de3b3b2e4153db26442facbd5e9b268a3bf795ba
-CVE-2017-10987 [DHCP - Buffer over-read in fr_dhcp_decode_suboptions()]
-	RESERVED
+CVE-2017-10987 (An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - ...)
 	- freeradius <unfixed>
 	[jessie] - freeradius <not-affected> (Only affects 3.x series)
 	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-304
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/19a18bf7c8af649c9e9742fb6a046f6aff639866
-CVE-2017-10986 [DHCP - Infinite read in dhcp_attr2vp()]
-	RESERVED
+CVE-2017-10986 (An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - ...)
 	- freeradius <unfixed>
 	[jessie] - freeradius <not-affected> (Only affects 3.x series)
 	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-303
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/21e2e95751bfb54c0fb0328392d06671a75c191c
-CVE-2017-10985 [Infinite loop and memory exhaustion with 'concat' attributes]
-	RESERVED
+CVE-2017-10985 (An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite ...)
 	- freeradius <unfixed>
 	[jessie] - freeradius <not-affected> (Only affects 3.x series)
 	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-302
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/6726c16549b131ed39f6f8886cdf5d9d922a9a97
-CVE-2017-10984 [Write overflow in data2vp_wimax()]
-	RESERVED
+CVE-2017-10984 (An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write ...)
 	- freeradius <unfixed>
 	[jessie] - freeradius <not-affected> (Only affects 3.x series)
 	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-301
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/931850e5d2f65193520c2d9c9878148c0cdc16a6
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/4b059296e14b6ab75dc17163077490528a819806
-CVE-2017-10983 [DHCP - Read overflow when decoding option 63]
-	RESERVED
+CVE-2017-10983 (An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before ...)
 	- freeradius <unfixed>
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-206
 	NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/ec08b30f87066f82073d02fab57e8ffeef81373d
 	NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/5759b20af99af6d30924f0efd8da5eac2a17163d
-CVE-2017-10982 [DHCP - Read overflow in fr_dhcp_decode_options()]
-	RESERVED
+CVE-2017-10982 (An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - ...)
 	- freeradius 3.0.12+dfsg-3
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-205
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/10b6de9345c9e0d9d4d5e0426fa5c3d68d702875
 	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
 	NOTE: This is not fully technically correct, the issue affects only the 2.x
 	NOTE: series but not 3.x.
-CVE-2017-10981 [DHCP - Memory leak in fr_dhcp_decode()]
-	RESERVED
+CVE-2017-10981 (An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - ...)
 	- freeradius 3.0.12+dfsg-3
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-204
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/812766e2150faa07b4c574e51393b014feaffe6c
 	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
 	NOTE: This is not fully technically correct, the issue affects only the 2.x
 	NOTE: series but not 3.x.
-CVE-2017-10980 [DHCP - Memory leak in decode_tlv()]
-	RESERVED
+CVE-2017-10980 (An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - ...)
 	- freeradius 3.0.12+dfsg-3
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-203
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ef0727fc68e211a36637b5c4e4a6fa1326f0a029
 	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
 	NOTE: This is not fully technically correct, the issue affects only the 2.x
 	NOTE: series but not 3.x.
-CVE-2017-10979 [Write overflow in rad_coalesce]
-	RESERVED
+CVE-2017-10979 (An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write ...)
 	- freeradius 3.0.12+dfsg-3
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-202
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ae3ba0011e7d299e92c45300e0137a56a650e8f5
 	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
 	NOTE: This is not fully technically correct, the issue affects only the 2.x
 	NOTE: series but not 3.x.
-CVE-2017-10978 [Read / write overflow in make_secret()]
-	RESERVED
+CVE-2017-10978 (An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before ...)
 	- freeradius <unfixed>
 	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-201
 	NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/38ee90f2a5a28dc5887a30bdfdc98109c0418e68
@@ -2543,12 +2605,14 @@
 	NOTE: script used in some embedded product relying on BOA as webserver.
 	NOTE: I asked Mitre to reject the CVE. -- Raphael Hertzog
 CVE-2017-9832 (An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL ...)
+	{DLA-1029-1}
 	- libmtp 1.1.13-1
 	[jessie] - libmtp <no-dsa> (Minor issue; can be fixed in a point release)
 	NOTE: https://sourceforge.net/p/libmtp/mailman/message/35729062/
 	NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/
 	NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at
 CVE-2017-9831 (An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx ...)
+	{DLA-1029-1}
 	- libmtp 1.1.13-1
 	[jessie] - libmtp <no-dsa> (Minor issue; can be fixed in a point release)
 	NOTE: https://sourceforge.net/p/libmtp/mailman/message/35735992/
@@ -4399,8 +4463,8 @@
 	RESERVED
 CVE-2017-9640
 	RESERVED
-CVE-2017-9639
-	RESERVED
+CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...)
+	TODO: check
 CVE-2017-9638
 	RESERVED
 CVE-2017-9637
@@ -8942,8 +9006,8 @@
 	RESERVED
 CVE-2017-8035
 	RESERVED
-CVE-2017-8034
-	RESERVED
+CVE-2017-8034 (The Cloud Controller and Router in Cloud Foundry (CAPI-release capi ...)
+	TODO: check
 CVE-2017-8033
 	RESERVED
 CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release all ...)
@@ -8988,8 +9052,8 @@
 	RESERVED
 CVE-2017-8012
 	RESERVED
-CVE-2017-8011
-	RESERVED
+CVE-2017-8011 (EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution ...)
+	TODO: check
 CVE-2017-8010
 	RESERVED
 CVE-2017-8009
@@ -8998,20 +9062,20 @@
 	RESERVED
 CVE-2017-8007
 	RESERVED
-CVE-2017-8006
-	RESERVED
-CVE-2017-8005
-	RESERVED
-CVE-2017-8004
-	RESERVED
+CVE-2017-8006 (In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a ...)
+	TODO: check
+CVE-2017-8005 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and ...)
+	TODO: check
+CVE-2017-8004 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and ...)
+	TODO: check
 CVE-2017-8003 (EMC Data Protection Advisor prior to 6.4 contains a path traversal ...)
 	NOT-FOR-US: EMC Data Protection Advisor
 CVE-2017-8002 (EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL ...)
 	NOT-FOR-US: EMC Data Protection Advisor
 CVE-2017-8001
 	RESERVED
-CVE-2017-8000
-	RESERVED
+CVE-2017-8000 (In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA ...)
+	TODO: check
 CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote ...)
 	NOT-FOR-US: Atlassian Eucalyptus
 CVE-2017-7998
@@ -10607,10 +10671,10 @@
 	RESERVED
 CVE-2017-7533
 	RESERVED
-CVE-2017-7532
-	RESERVED
-CVE-2017-7531
-	RESERVED
+CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default ...)
+	TODO: check
+CVE-2017-7531 (In Moodle 3.3, the course overview block reveals activities in hidden ...)
+	TODO: check
 CVE-2017-7530
 	RESERVED
 CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable ...)
@@ -21743,8 +21807,8 @@
 	RESERVED
 CVE-2017-3755
 	RESERVED
-CVE-2017-3754
-	RESERVED
+CVE-2017-3754 (Some Lenovo brand notebook systems do not have write protections ...)
+	TODO: check
 CVE-2017-3753
 	RESERVED
 CVE-2017-3752
@@ -21767,8 +21831,8 @@
 	NOT-FOR-US: Lenovo
 CVE-2017-3743 (If multiple users are concurrently logged into a single system where ...)
 	NOT-FOR-US: Lenovo
-CVE-2017-3742
-	RESERVED
+CVE-2017-3742 (In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and ...)
+	TODO: check
 CVE-2017-3741 (In the Lenovo Power Management driver before 1.67.12.24, a local user ...)
 	NOT-FOR-US: Lenovo
 CVE-2017-3740 (In Lenovo Active Protection System before 1.82.0.14, an attacker with ...)
@@ -25250,8 +25314,8 @@
 	- moodle <not-affected> (Only affects 3.2 to 3.2.1)
 	NOTE: https://tracker.moodle.org/browse/MDL-56526
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56526
-CVE-2017-2642
-	RESERVED
+CVE-2017-2642 (Moodle 3.x has user fullname disclosure on the user preferences page. ...)
+	TODO: check
 CVE-2017-2641 (In Moodle 2.x and 3.x, SQL injection can occur via user preferences. ...)
 	- moodle 2.7.19+dfsg-1
 	NOTE: https://tracker.moodle.org/browse/MDL-58010
@@ -176342,7 +176406,7 @@
 CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM WebSphere MQ ...)
 	NOT-FOR-US: IMB WebSphere MQ
 CVE-2010-0771
-	RESERVED
+	REJECTED
 CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)




More information about the Secure-testing-commits mailing list