[Secure-testing-commits] r53756 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Jul 21 21:10:17 UTC 2017


Author: sectracker
Date: 2017-07-21 21:10:17 +0000 (Fri, 21 Jul 2017)
New Revision: 53756

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-21 19:32:01 UTC (rev 53755)
+++ data/CVE/list	2017-07-21 21:10:17 UTC (rev 53756)
@@ -1,3 +1,29 @@
+CVE-2017-11518
+	RESERVED
+CVE-2017-11517 (Stack-based buffer overflow in GCoreServer.exe in the server in ...)
+	TODO: check
+CVE-2017-11516 (An XSS vulnerability exists in ...)
+	TODO: check
+CVE-2017-11515
+	RESERVED
+CVE-2017-11514
+	RESERVED
+CVE-2017-11513
+	RESERVED
+CVE-2017-11512
+	RESERVED
+CVE-2017-11511
+	RESERVED
+CVE-2017-11510
+	RESERVED
+CVE-2017-11509
+	RESERVED
+CVE-2017-11508
+	RESERVED
+CVE-2017-11507
+	RESERVED
+CVE-2017-11506
+	RESERVED
 CVE-2017-XXXX [endless loop in ReadTXTImage]
 	- imagemagick <unfixed> (bug #869210)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/591
@@ -456,7 +482,8 @@
 	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/527
-CVE-2017-11505 [CPU exhaustion in ReadOneJNGImage]
+CVE-2017-11505 (The ReadOneJNGImage function in coders/png.c in ImageMagick through ...)
+	{DSA-3914-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867824)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/526
 CVE-2017-XXXX [memory exhaustion in ReadEPTImage in ept.c]
@@ -733,7 +760,7 @@
 	RESERVED
 CVE-2017-1000083 [Evince command injection vulnerability in CBT handler]
 	RESERVED
-	{DSA-3911-1 DLA-1031-1}
+	{DSA-3916-1 DSA-3911-1 DLA-1031-1}
 	- evince 3.22.1-4
 	- atril <unfixed> (bug #868500)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
@@ -5505,8 +5532,8 @@
 	NOT-FOR-US: Broadcom hardware issue
 CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...)
 	NOT-FOR-US: Odoo
-CVE-2017-9415
-	RESERVED
+CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 ...)
+	TODO: check
 CVE-2017-9414
 	RESERVED
 CVE-2017-9413
@@ -6514,7 +6541,6 @@
 CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not ...)
 	- tikiwiki <removed>
 CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash ...)
-	{DSA-3914-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #868469)
 	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/502
@@ -9288,7 +9314,7 @@
 CVE-2017-8087
 	RESERVED
 CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in ...)
-	{DLA-965-1}
+	{DLA-1035-1 DLA-965-1}
 	- qemu 1:2.8+dfsg-5 (bug #861348)
 	- qemu-kvm <removed>
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 (v2.9.0-rc4)
@@ -9598,7 +9624,7 @@
 	NOT-FOR-US: Enalean Tuleap
 CVE-2017-7980
 	RESERVED
-	{DLA-939-1}
+	{DLA-1035-1 DLA-939-1}
 	- qemu 1:2.8+dfsg-4
 	- qemu-kvm <removed>
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=026aeffcb4752054830ba203020ed6eb05bcaba8
@@ -10570,7 +10596,7 @@
 CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
 	NOT-FOR-US: Spider Event Calendar
 CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ...)
-	{DLA-939-1}
+	{DLA-1035-1 DLA-939-1}
 	- qemu 1:2.8+dfsg-4
 	- qemu-kvm <removed>
 	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904
@@ -11117,8 +11143,7 @@
 	RESERVED
 CVE-2017-7543
 	RESERVED
-CVE-2017-7542
-	RESERVED
+CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6
 CVE-2017-7541
@@ -11317,7 +11342,7 @@
 	- samba 2:4.5.8+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html
 CVE-2017-7493 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing ...)
-	{DLA-965-1}
+	{DLA-1035-1 DLA-965-1}
 	- qemu 1:2.8+dfsg-6
 	- qemu-kvm <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1451709
@@ -11440,6 +11465,7 @@
 	NOTE: https://lkml.org/lkml/2017/4/3/724
 CVE-2017-7471 [9p: virtfs allows guest to change filesystem attributes on host]
 	RESERVED
+	{DLA-1035-1}
 	- qemu 1:2.8+dfsg-5 (bug #860785)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602)
@@ -11756,7 +11782,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847
 CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...)
-	{DLA-965-1}
+	{DLA-1035-1 DLA-965-1}
 	- qemu 1:2.8+dfsg-4 (bug #859854)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -22325,7 +22351,7 @@
 CVE-2017-3735
 	RESERVED
 CVE-2017-3734
-	RESERVED
+	REJECTED
 CVE-2017-3733 (During a renegotiation handshake if the Encrypt-Then-Mac extension is ...)
 	- openssl 1.1.0e-1
 	[jessie] - openssl <not-affected> (Only affects 1.1)
@@ -26678,15 +26704,15 @@
 	NOT-FOR-US: Juniper
 CVE-2017-2340 (On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 ...)
 	NOT-FOR-US: Juniper
-CVE-2017-2339 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
+CVE-2017-2339 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...)
 	NOT-FOR-US: Juniper
-CVE-2017-2338 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
+CVE-2017-2338 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...)
 	NOT-FOR-US: Juniper
-CVE-2017-2337 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
+CVE-2017-2337 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...)
 	NOT-FOR-US: Juniper
-CVE-2017-2336 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
+CVE-2017-2336 (A reflected cross site scripting vulnerability in NetScreen WebUI of ...)
 	NOT-FOR-US: Juniper
-CVE-2017-2335 (A security researcher testing a Juniper NetScreen Firewall+VPN found ...)
+CVE-2017-2335 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...)
 	NOT-FOR-US: Juniper
 CVE-2017-2334 (An information leak vulnerability in Juniper Networks NorthStar ...)
 	NOT-FOR-US: Juniper
@@ -28600,8 +28626,8 @@
 	RESERVED
 CVE-2017-1382
 	RESERVED
-CVE-2017-1381
-	RESERVED
+CVE-2017-1381 (IBM WebSphere Application Server Proxy Server or On-demand-router ...)
+	TODO: check
 CVE-2017-1380
 	RESERVED
 CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain ...)
@@ -28614,14 +28640,14 @@
 	RESERVED
 CVE-2017-1375
 	RESERVED
-CVE-2017-1374
-	RESERVED
-CVE-2017-1373
-	RESERVED
-CVE-2017-1372
-	RESERVED
-CVE-2017-1371
-	RESERVED
+CVE-2017-1374 (Sensitive data can be exposed in the IBM TRIRIGA Application Platform ...)
+	TODO: check
+CVE-2017-1373 (Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and ...)
+	TODO: check
+CVE-2017-1372 (IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to ...)
+	TODO: check
+CVE-2017-1371 (Builder tools running in the IBM TRIRIGA Application Platform 3.3, ...)
+	TODO: check
 CVE-2017-1370
 	RESERVED
 CVE-2017-1369
@@ -28828,8 +28854,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1268
 	RESERVED
-CVE-2017-1267
-	RESERVED
+CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image backups ...)
+	TODO: check
 CVE-2017-1266
 	RESERVED
 CVE-2017-1265
@@ -31315,7 +31341,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
 CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection]
 	RESERVED
-	{DLA-939-1}
+	{DLA-1035-1 DLA-939-1}
 	- qemu 1:2.8+dfsg-4 (bug #857744)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
@@ -31325,7 +31351,7 @@
 	NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6
 CVE-2016-9602 [9p: virtfs allows guest to access host filesystem]
 	RESERVED
-	{DLA-965-1}
+	{DLA-1035-1 DLA-965-1}
 	- qemu 1:2.8+dfsg-3 (bug #853006)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -39839,11 +39865,11 @@
 CVE-2016-7060 (The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does ...)
 	NOT-FOR-US: Red Hat QCI
 CVE-2016-7059
-	RESERVED
+	REJECTED
 CVE-2016-7058
-	RESERVED
+	REJECTED
 CVE-2016-7057
-	RESERVED
+	REJECTED
 CVE-2016-7056 [ECDSA P-256 timing attack key recovery]
 	RESERVED
 	{DSA-3773-1 DLA-814-1}
@@ -72356,8 +72382,7 @@
 	NOT-FOR-US: abrt/libreport
 CVE-2015-5301 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)
 	NOT-FOR-US: Ipsilon
-CVE-2015-5300 [MITM attacker can force ntpd to make a step larger than the panic threshold]
-	RESERVED
+CVE-2015-5300 (The panic_gate check in NTP before 4.2.8p5 is only re-enabled after ...)
 	{DSA-3388-1 DLA-335-1}
 	- ntp 1:4.2.8p4+dfsg-2
 	NOTE: https://www.cs.bu.edu/~goldbe/NTPattack.html
@@ -72701,8 +72726,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/20/4
 CVE-2015-5220 (The Web Console in Red Hat Enterprise Application Platform (EAP) ...)
 	NOT-FOR-US: JBoss EAP
-CVE-2015-5219 [infinite loop in sntp processing crafted packet]
-	RESERVED
+CVE-2015-5219 (The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not ...)
 	{DSA-3388-1 DLA-335-1}
 	- ntp 1:4.2.8p3+dfsg-1 (low)
 	[jessie] - ntp <no-dsa> (Minor issue)
@@ -72788,16 +72812,14 @@
 	REJECTED
 CVE-2015-5196
 	REJECTED
-CVE-2015-5195 [ntpd crash when processing config commands with statistics type]
-	RESERVED
+CVE-2015-5195 (ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers ...)
 	{DSA-3388-1 DLA-335-1}
 	- ntp 1:4.2.8p3+dfsg-1 (low)
 	[jessie] - ntp <no-dsa> (Minor issue)
 	[wheezy] - ntp <no-dsa> (Minor issue)
 	[squeeze] - ntp <no-dsa> (Minor issue)
 	NOTE: https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be
-CVE-2015-5194 [crash with crafted logconfig configuration command]
-	RESERVED
+CVE-2015-5194 (The log_config_command function in ntp_parser.y in ntpd in NTP before ...)
 	{DSA-3388-1 DLA-335-1}
 	- ntp 1:4.2.8p3+dfsg-1 (low)
 	[jessie] - ntp <no-dsa> (Minor issue)
@@ -74376,8 +74398,8 @@
 	NOTE: https://bugs.php.net/bug.php?id=69667
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
-CVE-2015-4639
-	RESERVED
+CVE-2015-4639 (Multiple cross-site request forgery (CSRF) vulnerabilities in Koha ...)
+	TODO: check
 CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
 	NOT-FOR-US: FastL4
 CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 ...)
@@ -76326,10 +76348,10 @@
 	RESERVED
 CVE-2015-3933
 	RESERVED
-CVE-2015-3932
-	RESERVED
-CVE-2015-3931
-	RESERVED
+CVE-2015-3932 (Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML ...)
+	TODO: check
+CVE-2015-3931 (Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform ...)
+	TODO: check
 CVE-2015-3930
 	RESERVED
 CVE-2015-3929
@@ -76596,8 +76618,7 @@
 	[jessie] - horizon <not-affected> (Vulnerable code not present)
 	[wheezy] - horizon <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/9
-CVE-2015-3886 [does not correctly check certificates for validity]
-	RESERVED
+CVE-2015-3886 (libinfinity before 0.6.6-1 does not validate expired SSL certificates, ...)
 	- libinfinity 0.6.6-1 (bug #783601)
 	[jessie] - libinfinity 0.6.6-1~deb8u1
 	[wheezy] - libinfinity <not-affected> (vulnerable code not present)
@@ -77161,12 +77182,12 @@
 	RESERVED
 CVE-2015-3641
 	RESERVED
-CVE-2015-3640
-	RESERVED
-CVE-2015-3639
-	RESERVED
-CVE-2015-3638
-	RESERVED
+CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "." ...)
+	TODO: check
+CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input ...)
+	TODO: check
+CVE-2015-3638 (phpMyBackupPro before 2.5 does not validate integer input, which ...)
+	TODO: check
 CVE-2015-3637
 	RESERVED
 CVE-2015-3635
@@ -77669,8 +77690,8 @@
 	RESERVED
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 ...)
 	NOT-FOR-US: SearchBlox
-CVE-2015-3421
-	RESERVED
+CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop ...)
+	TODO: check
 CVE-2015-3419
 	RESERVED
 CVE-2015-3413
@@ -78523,8 +78544,7 @@
 	NOTE: http://redmine.lighttpd.net/issues/2646
 CVE-2015-3199
 	REJECTED
-CVE-2015-3198
-	RESERVED
+CVE-2015-3198 (The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before ...)
 	NOT-FOR-US: Undertow module of WildFly / JBOSS
 CVE-2015-3197 (ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f ...)
 	{DLA-421-1}
@@ -78633,8 +78653,7 @@
 	- sosreport 3.2-2 (bug #769521)
 	NOTE: https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
 	NOTE: https://github.com/sosreport/sos/issues/425
-CVE-2015-3170
-	RESERVED
+CVE-2015-3170 (selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows ...)
 	NOT-FOR-US: Red Hat specific issue with selinux-policy rpm package
 CVE-2015-3169 [XSS]
 	RESERVED
@@ -84459,8 +84478,7 @@
 CVE-2015-1324
 	RESERVED
 	[experimental] - apport 2.17.3-1
-CVE-2015-1323 [information disclosure via simulate dbus method]
-	RESERVED
+CVE-2015-1323 (The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 ...)
 	{DLA-261-1}
 	- aptdaemon 1.1.1+bzr982-1 (bug #789162)
 	[jessie] - aptdaemon 1.1.1-4+deb8u1
@@ -135985,7 +136003,7 @@
 CVE-2012-5638 (The setup_logging function in log.h in SANLock uses world-writable ...)
 	- sanlock 2.2-2 (bug #696424)
 CVE-2012-5637
-	RESERVED
+	REJECTED
 CVE-2012-5636
 	RESERVED
 CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...)
@@ -141639,7 +141657,7 @@
 CVE-2012-3551 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Crowbar
 CVE-2012-3550
-	RESERVED
+	REJECTED
 CVE-2012-3549 (The SCTP implementation in FreeBSD 8.2 allows remote attackers to ...)
 	- kfreebsd-8 8.3-5 (bug #686961)
 	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
@@ -144736,7 +144754,7 @@
 	- linux-2.6 3.2.17-1
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2012-2382
-	RESERVED
+	REJECTED
 CVE-2012-2381 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller ...)
 	NOT-FOR-US: Apache Roller
 CVE-2012-2380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -144920,7 +144938,7 @@
 CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
 	NOT-FOR-US: MyBB
 CVE-2012-2323
-	RESERVED
+	REJECTED
 CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in gdhcp/client.c ...)
 	- connman 1.0-1 (bug #672989)
 	[squeeze] - connman <not-affected> (Vulnerable code not present)
@@ -152614,10 +152632,10 @@
 CVE-2011-4367 (Multiple directory traversal vulnerabilities in MyFaces JavaServer ...)
 	- mojarra <not-affected> (The Debian package only ships some API classes)
 CVE-2011-4366
-	RESERVED
+	REJECTED
 	NOT-FOR-US: ** REJECT ** duplicate of CVE-2011-4090
 CVE-2011-4365
-	RESERVED
+	REJECTED
 	NOTE: duplicate of CVE-2011-4090
 CVE-2011-4364 (Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg ...)
 	{DSA-2378-1}
@@ -162829,7 +162847,7 @@
 	NOTE: Python 2.7 and 3.1 are fixed
 	NOTE: http://bugs.python.org/issue2254
 CVE-2011-1014
-	RESERVED
+	REJECTED
 CVE-2011-1013 (Integer signedness error in the drm_modeset_ctl function in (1) ...)
 	- linux-2.6 2.6.38-1
 	[wheezy] - linux-2.6 2.6.32-31
@@ -170274,7 +170292,7 @@
 	{DSA-2109-1}
 	- samba 2:3.5.5~dfsg-1 (bug #596891)
 CVE-2010-3068
-	RESERVED
+	REJECTED
 CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-24




More information about the Secure-testing-commits mailing list