[Secure-testing-commits] r54140 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Jul 31 21:10:12 UTC 2017
Author: sectracker
Date: 2017-07-31 21:10:12 +0000 (Mon, 31 Jul 2017)
New Revision: 54140
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-31 20:59:20 UTC (rev 54139)
+++ data/CVE/list 2017-07-31 21:10:12 UTC (rev 54140)
@@ -1,3 +1,11 @@
+CVE-2017-11760 (uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated ...)
+ TODO: check
+CVE-2017-11759
+ RESERVED
+CVE-2017-11758
+ RESERVED
+CVE-2017-11757 (Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 ...)
+ TODO: check
CVE-2017-XXXX [executes javascript code downloaded from insecure URL]
- smplayer <unfixed> (bug #870233)
CVE-2017-XXXX [bad free in RelinquishMagickMemory]
@@ -78,8 +86,8 @@
RESERVED
CVE-2017-11744 (In MODX Revolution 2.5.7, the "key" and "name" parameters in the System ...)
TODO: check
-CVE-2017-11743
- RESERVED
+CVE-2017-11743 (MEDHOST Connex contains a hard-coded Mirth Connect admin credential ...)
+ TODO: check
CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in ...)
- expat <not-affected> (Windows specfic issue)
CVE-2017-11741
@@ -96,8 +104,8 @@
TODO: check, possibly not affected in older version
CVE-2017-11736 (SQL injection vulnerability in ...)
NOT-FOR-US: BigTree CMS
-CVE-2017-11735
- RESERVED
+CVE-2017-11735 (The vorbis_block_clear function in lib/block.c in Xiph.Org libvorbis ...)
+ TODO: check
CVE-2017-11734 (A heap-based buffer over-read was found in the function ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/83
@@ -293,14 +301,11 @@
NOTE: http://openwall.com/lists/oss-security/2017/07/27/2
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180
NOTE: https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html
-CVE-2017-11670
- RESERVED
+CVE-2017-11670 (A length validation (leading to out-of-bounds read and write) flaw was ...)
NOT-FOR-US: eapmd5pass
-CVE-2017-11669
- RESERVED
+CVE-2017-11669 (An out-of-bounds read flaw related to the assess_packet function in ...)
NOT-FOR-US: eapmd5pass
-CVE-2017-11668
- RESERVED
+CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet function in ...)
NOT-FOR-US: eapmd5pass
CVE-2017-XXXX [crash in jp2 codec]
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869830)
@@ -509,6 +514,7 @@
RESERVED
CVE-2017-11610 [Authenticated RCE]
RESERVED
+ {DLA-1047-1}
- supervisor <unfixed> (bug #870187)
NOTE: https://github.com/Supervisor/supervisor/issues/964
NOTE: 3.3.3 https://github.com/Supervisor/supervisor/commit/058f46141e346b18dee0497ba11203cb81ecb19e
@@ -661,18 +667,18 @@
TODO: check
CVE-2017-11552
RESERVED
-CVE-2017-11551
- RESERVED
-CVE-2017-11550
- RESERVED
-CVE-2017-11549
- RESERVED
-CVE-2017-11548
- RESERVED
-CVE-2017-11547
- RESERVED
-CVE-2017-11546
- RESERVED
+CVE-2017-11551 (The id3_field_parse function in field.c in libid3tag 0.15.1b allows ...)
+ TODO: check
+CVE-2017-11550 (The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows ...)
+ TODO: check
+CVE-2017-11549 (The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote ...)
+ TODO: check
+CVE-2017-11548 (The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 ...)
+ TODO: check
+CVE-2017-11547 (The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows ...)
+ TODO: check
+CVE-2017-11546 (The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 ...)
+ TODO: check
CVE-2017-11545 (tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print ...)
- tcpdump <unfixed>
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/segv/print-sl
@@ -1161,10 +1167,10 @@
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
-CVE-2017-11359
- RESERVED
-CVE-2017-11358
- RESERVED
+CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
+ TODO: check
+CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...)
+ TODO: check
CVE-2017-11357
RESERVED
CVE-2017-11356
@@ -1268,14 +1274,14 @@
- qemu <unfixed> (bug #869173)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html
-CVE-2017-11333
- RESERVED
-CVE-2017-11332
- RESERVED
-CVE-2017-11331
- RESERVED
-CVE-2017-11330
- RESERVED
+CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...)
+ TODO: check
+CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
+ TODO: check
+CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
+ TODO: check
+CVE-2017-11330 (The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in ...)
+ TODO: check
CVE-2017-11329 (GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
@@ -1966,17 +1972,17 @@
RESERVED
CVE-2017-11120
RESERVED
-CVE-2017-11119
- RESERVED
-CVE-2017-11118
- RESERVED
-CVE-2017-11117
- RESERVED
-CVE-2017-11116
- RESERVED
-CVE-2017-11115
- RESERVED
-CVE-2017-11114 (The put_chars function in html_r.c in Links 2.14 allows remote denial of service ...)
+CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a ...)
+ TODO: check
+CVE-2017-11118 (The ExifImageFile::readImage function in ExifImageFileRead.cpp in ...)
+ TODO: check
+CVE-2017-11117 (The ExifImageFile::readDHT function in ExifImageFileRead.cpp in ...)
+ TODO: check
+CVE-2017-11116 (The ExifImageFile::readDQT function in ExifImageFileRead.cpp in ...)
+ TODO: check
+CVE-2017-11115 (The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in ...)
+ TODO: check
+CVE-2017-11114 (The put_chars function in html_r.c in Twibright Links 2.14 allows ...)
- links2 <unfixed> (bug #870299)
NOTE: PoC: http://seclists.org/fulldisclosure/2017/Jul/76
CVE-2017-11527 (The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 ...)
More information about the Secure-testing-commits
mailing list