[Secure-testing-commits] r53872 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Jul 24 21:10:14 UTC 2017 

Author: sectracker
Date: 2017-07-24 21:10:14 +0000 (Mon, 24 Jul 2017)
New Revision: 53872

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-24 20:23:41 UTC (rev 53871)
+++ data/CVE/list	2017-07-24 21:10:14 UTC (rev 53872)
@@ -1,3 +1,11 @@
+CVE-2017-11611
+	RESERVED
+CVE-2017-11610
+	RESERVED
+CVE-2017-11609
+	RESERVED
+CVE-2017-11608 (There is a heap-based buffer over-read in the ...)
+	TODO: check
 CVE-2017-11607
 	RESERVED
 CVE-2017-11606
@@ -459,8 +467,8 @@
 	- libmspack <unfixed> (bug #868956)
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public)
 	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
-CVE-2017-11422
-	RESERVED
+CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a session's ...)
+	TODO: check
 CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...)
 	NOT-FOR-US: ASUS
 CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
@@ -742,14 +750,14 @@
 CVE-2017-11328 (Heap buffer overflow in the yr_object_array_set_item() function in ...)
 	- yara 3.6.3+dfsg-1
 	NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f
-CVE-2017-11327
-	RESERVED
-CVE-2017-11326
-	RESERVED
-CVE-2017-11325
-	RESERVED
-CVE-2017-11324
-	RESERVED
+CVE-2017-11327 (An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve ...)
+	TODO: check
+CVE-2017-11326 (An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass ...)
+	TODO: check
+CVE-2017-11325 (An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read ...)
+	TODO: check
+CVE-2017-11324 (An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of ...)
+	TODO: check
 CVE-2017-11323
 	RESERVED
 CVE-2017-11322
@@ -1459,7 +1467,7 @@
 	[jessie] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392415
 CVE-2017-11110 (The ole_init function in ole.c in catdoc 0.95 allows remote attackers ...)
-	{DSA-3917-1}
+	{DSA-3917-1 DLA-1037-1}
 	- catdoc 1:0.95-3 (bug #867717)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471
 CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid free) or ...)
@@ -2281,6 +2289,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
 	NOTE: No security impact as built in Debian
 CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes ...)
+	{DLA-1038-1}
 	- libtasn1-6 <unfixed> (bug #867398)
 	[stretch] - libtasn1-6 <no-dsa> (Minor issue)
 	[jessie] - libtasn1-6 <no-dsa> (Minor issue)
@@ -2447,8 +2456,8 @@
 	RESERVED
 CVE-2017-10712
 	RESERVED
-CVE-2017-10711
-	RESERVED
+CVE-2017-10711 (In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send ...)
+	TODO: check
 CVE-2017-10710
 	RESERVED
 CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...)
@@ -4675,6 +4684,7 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
 CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and ...)
+	{DLA-1036-1}
 	- gsoap 2.8.48-1
 	NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
 	NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
@@ -5336,10 +5346,10 @@
 	RESERVED
 CVE-2017-9555
 	RESERVED
-CVE-2017-9554
-	RESERVED
-CVE-2017-9553
-	RESERVED
+CVE-2017-9554 (An information exposure vulnerability in forget_passwd.cgi in Synology ...)
+	TODO: check
+CVE-2017-9553 (A design flaw in SYNO.API.Encryption in Synology DiskStation Manager ...)
+	TODO: check
 CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 ...)
 	NOT-FOR-US: Synology Photo Station
 CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...)
@@ -9691,8 +9701,8 @@
 	RESERVED
 CVE-2017-8037
 	RESERVED
-CVE-2017-8036
-	RESERVED
+CVE-2017-8036 (An issue was discovered in the Cloud Controller API in Cloud Foundry ...)
+	TODO: check
 CVE-2017-8035
 	RESERVED
 CVE-2017-8034 (The Cloud Controller and Router in Cloud Foundry (CAPI-release capi ...)
@@ -26255,7 +26265,7 @@
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2605
-	RESERVED
+	REJECTED
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2604
@@ -66007,8 +66017,7 @@
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
 	NOTE: Original ntp fix applied in 1:4.2.8p4+dfsg-1for CVE-2015-7704 is apparently broken
 	NOTE: http://lists.ntp.org/pipermail/pool/2015-October/007631.html
-CVE-2015-7703
-	RESERVED
+CVE-2015-7703 (The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before ...)
 	{DSA-3388-1 DLA-335-1}
 	- ntp 1:4.2.8p4+dfsg-1
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
@@ -81699,10 +81708,10 @@
 	NOT-FOR-US: SAP
 CVE-2015-2281 (Stack-based buffer overflow in collectoragent.exe in Fortinet Single ...)
 	NOT-FOR-US: Fortinet Single Sign On
-CVE-2015-2280
-	RESERVED
-CVE-2015-2279
-	RESERVED
+CVE-2015-2280 (snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network ...)
+	TODO: check
+CVE-2015-2279 (cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with ...)
+	TODO: check
 CVE-2015-2278 (The LZH decompression implementation (CsObjectInt::BuildHufTree ...)
 	NOT-FOR-US: SAP
 CVE-2015-2277
@@ -82917,8 +82926,8 @@
 CVE-2015-1848 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the ...)
 	- pcs <not-affected> (Fixed before initial release to Debian)
 	NOTE: https://github.com/feist/pcs/commit/898204596a779673c88097bbdbe2d7ed6ed0cc8b (0.9.140)
-CVE-2015-1847
-	RESERVED
+CVE-2015-1847 (Directory traversal vulnerability in the web request/response ...)
+	TODO: check
 CVE-2015-1846 (unzoo allows remote attackers to cause a denial of service (infinite ...)
 	- unzoo <removed>
 CVE-2015-1845 (Buffer overflow in the EntrReadArch function in unzoo might allow ...)
@@ -150611,7 +150620,7 @@
 	- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
 	[squeeze] - freeradius <no-dsa> (Minor issue)
 CVE-2011-4965
-	RESERVED
+	REJECTED
 CVE-2011-4964
 	REJECTED
 CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ...)
@@ -150692,16 +150701,16 @@
 	RESERVED
 	NOT-FOR-US: Joomla
 CVE-2011-4936
-	RESERVED
+	REJECTED
 	NOT-FOR-US: Joomla
 CVE-2011-4935
-	RESERVED
+	REJECTED
 	NOT-FOR-US: Joomla
 CVE-2011-4934
-	RESERVED
+	REJECTED
 	NOT-FOR-US: Joomla
 CVE-2011-4933
-	RESERVED
+	REJECTED
 	NOT-FOR-US: Joomla
 CVE-2011-4932 (Eval injection vulnerability in ...)
 	NOT-FOR-US: ImpressPages CMS not in Debian
@@ -155317,7 +155326,7 @@
 	RESERVED
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2011-3608
-	RESERVED
+	REJECTED
 CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the ...)
 	{DSA-2405-1}
 	- apache2 2.2.21-4
@@ -167197,7 +167206,7 @@
 	- pootle 2.0.5-0.3 (low; bug #604060)
 	[lenny] - pootle <not-affected> (Vulnerable code not present)
 CVE-2010-4244
-	RESERVED
+	REJECTED
 CVE-2010-4243 (fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM ...)
 	{DSA-2153-1}
 	- linux-2.6 2.6.32-30
@@ -169738,7 +169747,7 @@
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-25
 CVE-2010-3309
-	RESERVED
+	REJECTED
 CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...)
 	- openswan 1:2.6.28+dfsg-2
 	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
@@ -173182,7 +173191,7 @@
 	- xen-3 3.2.1-2
 	NOTE: The respective patch is present in Lenny's version of xen-3, might be fixed even earlier
 CVE-2010-2069
-	RESERVED
+	REJECTED
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...)
 	- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
 CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...)
@@ -174418,7 +174427,7 @@
 CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...)
 	- axis2c 1.6.0-1
 CVE-2010-1631
-	RESERVED
+	REJECTED
 CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has ...)
 	- phpbb3 3.0.7-PL1-1 (low)
 	[lenny] - phpbb3 <no-dsa> (Minor issue)
@@ -175083,7 +175092,7 @@
 CVE-2010-1432
 	RESERVED
 CVE-2010-1430
-	RESERVED
+	REJECTED
 CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss ...)
@@ -175987,7 +175996,7 @@
 	- irssi 0.8.15-1 (low)
 	[lenny] - irssi <no-dsa> (Minor issue)
 CVE-2010-1154
-	RESERVED
+	REJECTED
 	- irssi 0.8.15-1 (low)
 	[lenny] - irssi <no-dsa> (Minor issue)
 CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 ...)

More information about the Secure-testing-commits mailing list