[Secure-testing-commits] r52210 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Jun 1 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-06-01 21:10:13 +0000 (Thu, 01 Jun 2017)
New Revision: 52210

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-01 21:02:06 UTC (rev 52209)
+++ data/CVE/list	2017-06-01 21:10:13 UTC (rev 52210)
@@ -381,7 +381,7 @@
 	[wheezy] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html
 CVE-2017-9287 (servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...)
-	{DSA-3868-1}
+	{DSA-3868-1 DLA-972-1}
 	- openldap 2.4.44+dfsg-5 (bug #863563)
 	NOTE: http://www.openldap.org/its/?findid=8655
 	NOTE: https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
@@ -887,8 +887,7 @@
 	NOT-FOR-US: MODX Revolution
 CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is ...)
 	NOT-FOR-US: MODX Revolution
-CVE-2017-9060 [virtio-gpu: host memory leakage in Virtio GPU device]
-	RESERVED
+CVE-2017-9060 (Memory leak in the virtio_gpu_set_scanout function in ...)
 	- qemu <unfixed> (unimportant)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -1058,12 +1057,12 @@
 	NOT-FOR-US: Secure Bytes Cisco Configuration Manager
 CVE-2017-9023
 	RESERVED
-	{DSA-3866-1}
+	{DSA-3866-1 DLA-973-1}
 	- strongswan 5.5.1-4
 	NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=407fcca200fdf6a41a04ac0885a770b6b53c5d23
 CVE-2017-9022
 	RESERVED
-	{DSA-3866-1}
+	{DSA-3866-1 DLA-973-1}
 	- strongswan 5.5.1-4
 	NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=6681d98d18d24b31410fc12c3d61f150107481b3
 CVE-2017-9021
@@ -2599,8 +2598,7 @@
 	NOT-FOR-US: GeniXCMS
 CVE-2017-8387
 	RESERVED
-CVE-2017-8386
-	RESERVED
+CVE-2017-8386 (git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before ...)
 	{DSA-3848-1 DLA-938-1}
 	- git 1:2.11.0-3
 	NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
@@ -3609,8 +3607,8 @@
 	RESERVED
 CVE-2017-8000
 	RESERVED
-CVE-2017-7999
-	RESERVED
+CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote ...)
+	TODO: check
 CVE-2017-7998
 	RESERVED
 CVE-2017-7997
@@ -5088,7 +5086,7 @@
 CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of ...)
 	NOT-FOR-US: Red Hat JBoss EAP implementation of javax.xml.transform.TransformerFactory
 CVE-2017-7502 (Null pointer dereference vulnerability in NSS since 3.24.0 was found ...)
-	{DLA-971-1}
+	{DSA-3872-1 DLA-971-1}
 	[experimental] - nss 2:3.29-1
 	- nss <unfixed> (bug #863839)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
@@ -5494,8 +5492,8 @@
 	NOT-FOR-US: symetrie
 CVE-2017-7385
 	RESERVED
-CVE-2017-7384
-	RESERVED
+CVE-2017-7384 (Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF ...)
+	TODO: check
 CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #859329)
@@ -7868,8 +7866,7 @@
 	RESERVED
 CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before ...)
 	NOT-FOR-US: Softaculous Virtualizor
-CVE-2017-6512 [File-Path rmtree/remove_tree race condition]
-	RESERVED
+CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the ...)
 	- perl 5.24.1-3 (bug #863870)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
 	NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
@@ -10737,6 +10734,7 @@
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
 CVE-2017-5637
 	RESERVED
+	{DSA-3871-1}
 	- zookeeper <unfixed> (bug #863811)
 	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
 CVE-2017-5636
@@ -11469,7 +11467,7 @@
 	- firefox <not-affected> (Only affects Firefox on Android)
 CVE-2017-5462
 	RESERVED
-	{DSA-3831-1 DLA-946-1 DLA-906-1}
+	{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
 	- firefox 52.0.1-1
 	- firefox-esr 45.9.0esr-1
 	[experimental] - nss 2:3.30-1
@@ -11477,7 +11475,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462
 	NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
 CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...)
-	{DSA-3831-1 DLA-946-1 DLA-906-1}
+	{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
 	- firefox 52.0.1-1
 	[experimental] - nss 2:3.30.1-1
 	- nss <unfixed> (bug #862958)
@@ -18122,8 +18120,8 @@
 	NOT-FOR-US: Fortinet FortiWeb
 CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...)
 	NOT-FOR-US: Fortinet FortiOS
-CVE-2017-3127
-	RESERVED
+CVE-2017-3127 (A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 ...)
+	TODO: check
 CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through ...)
 	NOT-FOR-US: Fortinet FortiAnalyzer
 CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and ...)
@@ -62554,8 +62552,8 @@
 	RESERVED
 CVE-2015-6532
 	RESERVED
-CVE-2015-6531
-	RESERVED
+CVE-2015-6531 (Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 ...)
+	TODO: check
 CVE-2015-6530 (Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 ...)
 	NOT-FOR-US: OpenText Secure MFT 2013
 CVE-2015-6529 (Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 ...)
@@ -65301,8 +65299,8 @@
 	NOTE: https://github.com/bestpractical/rt/commit/4ec786bb4743f67a35a634c1bf43b13d3d3b39a9 (4.0.x)
 CVE-2015-5474 (BitTorrent and uTorrent allow remote attackers to inject command line ...)
 	NOT-FOR-US: uTorrent
-CVE-2015-5473
-	RESERVED
+CVE-2015-5473 (Multiple directory traversal vulnerabilities in Samsung SyncThru 6 ...)
+	TODO: check
 CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in the IBS ...)
 	NOT-FOR-US: IBS Mappro plugin for WordPress
 CVE-2015-5471 (Absolute path traversal vulnerability in include/user/download.php in ...)
@@ -79419,8 +79417,8 @@
 	NOT-FOR-US: Blue Coat
 CVE-2015-0937 (Cross-site scripting (XSS) vulnerability in search.php on the Blue ...)
 	NOT-FOR-US: Blue Coat
-CVE-2015-0936
-	RESERVED
+CVE-2015-0936 (Ceragon FibeAir IP-10 have a default SSH public key in the ...)
+	TODO: check
 CVE-2015-0935 (Bomgar Remote Support before 15.1.1 allows remote attackers to execute ...)
 	NOT-FOR-US: Bomgar Remote Support
 CVE-2015-0934 (Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ...)

More information about the Secure-testing-commits mailing list