[Secure-testing-commits] r52339 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Jun 5 21:10:14 UTC 2017 

Author: sectracker
Date: 2017-06-05 21:10:14 +0000 (Mon, 05 Jun 2017)
New Revision: 52339

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-05 20:49:27 UTC (rev 52338)
+++ data/CVE/list	2017-06-05 21:10:14 UTC (rev 52339)
@@ -1,4 +1,30 @@
-CVE-2017-9434 [out-of-bounds read in zinflate]
+CVE-2017-9447
+	RESERVED
+CVE-2017-9446
+	RESERVED
+CVE-2017-9445
+	RESERVED
+CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the ...)
+	TODO: check
+CVE-2017-9443 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...)
+	TODO: check
+CVE-2017-9442 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...)
+	TODO: check
+CVE-2017-9441 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...)
+	TODO: check
+CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...)
+	TODO: check
+CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers ...)
+	TODO: check
+CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This ...)
+	TODO: check
+CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in ...)
+	TODO: check
+CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in ...)
+	TODO: check
+CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read ...)
 	- libcrypto++ 5.6.4-7 (bug #864214)
 	NOTE: https://github.com/weidai11/cryptopp/issues/414
 	NOTE: https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
@@ -11,8 +37,7 @@
 	- grpc 1.3.2-0.1 (bug #864210)
 	NOTE: https://github.com/grpc/grpc/pull/10492
 	NOTE: Fixed by: https://github.com/grpc/grpc/commit/c6ec1155d026c91b1badb07ef1605bb747cff064
-CVE-2017-9430 [stack-based buffer overflow]
-	RESERVED
+CVE-2017-9430 (Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...)
 	- dnstracer <unfixed> (unimportant)
 	NOTE: Crash in CLI tool, disputable if any exposed service makes use of dnstrace.
 	NOTE: One scenario would be to have a web application that launches dnstracer
@@ -35,8 +60,8 @@
 	RESERVED
 CVE-2017-9421
 	RESERVED
-CVE-2017-9420
-	RESERVED
+CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...)
+	TODO: check
 CVE-2017-9419
 	RESERVED
 CVE-2017-9418
@@ -487,13 +512,12 @@
 	RESERVED
 CVE-2014-9971
 	RESERVED
-CVE-2017-1000368 [Arbitrary terminal access]
-	RESERVED
+CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an ...)
 	- sudo 1.8.20p1-1.1 (bug #863897)
 	[stretch] - sudo 1.8.19p1-2.1
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7
 	NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
-CVE-2017-1000367 [Potential overwrite of arbitrary files]
+CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an ...)
 	{DSA-3867-1 DLA-970-1}
 	- sudo 1.8.20p1-1 (bug #863731)
 	[stretch] - sudo 1.8.19p1-2
@@ -969,6 +993,7 @@
 CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows ...)
 	NOT-FOR-US: ImageWorsener
 CVE-2017-9148 (The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably ...)
+	{DLA-977-1}
 	- freeradius 3.0.12+dfsg-5 (bug #863673)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/29/1
 	NOTE: http://freeradius.org/security.html#session-resumption-2017
@@ -1835,20 +1860,20 @@
 	NOTE: https://github.com/ckolivas/lrzip/issues/66
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
 	NOTE: Crash in CLI tool, no security implications
-CVE-2017-8841
-	RESERVED
-CVE-2017-8840
-	RESERVED
-CVE-2017-8839
-	RESERVED
-CVE-2017-8838
-	RESERVED
-CVE-2017-8837
-	RESERVED
-CVE-2017-8836
-	RESERVED
-CVE-2017-8835
-	RESERVED
+CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, ...)
+	TODO: check
+CVE-2017-8840 (Debug information disclosure exists on Peplink Balance 305, 380, 580, ...)
+	TODO: check
+CVE-2017-8839 (XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, ...)
+	TODO: check
+CVE-2017-8838 (XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and ...)
+	TODO: check
+CVE-2017-8837 (Cleartext password storage exists on Peplink Balance 305, 380, 580, ...)
+	TODO: check
+CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 ...)
+	TODO: check
+CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and ...)
+	TODO: check
 CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...)
 	NOT-FOR-US: OnePlus
 CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a ...)
@@ -2722,14 +2747,14 @@
 	RESERVED
 CVE-2017-8442
 	RESERVED
-CVE-2017-8441
-	RESERVED
-CVE-2017-8440
-	RESERVED
-CVE-2017-8439
-	RESERVED
-CVE-2017-8438
-	RESERVED
+CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not ...)
+	TODO: check
+CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) ...)
+	TODO: check
+CVE-2017-8439 (Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug ...)
+	TODO: check
+CVE-2017-8438 (Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege ...)
+	TODO: check
 CVE-2017-8437
 	RESERVED
 CVE-2017-8436
@@ -8213,7 +8238,7 @@
 CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before ...)
 	NOT-FOR-US: Softaculous Virtualizor
 CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the ...)
-	{DSA-3873-1}
+	{DSA-3873-1 DLA-978-1}
 	- perl 5.24.1-3 (bug #863870)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
 	NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
@@ -68167,6 +68192,7 @@
 	{DSA-3302-1 DLA-257-1}
 	- libwmf 0.2.8.4-10.4 (bug #784205)
 CVE-2015-4680 (FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly ...)
+	{DLA-977-1}
 	- freeradius 2.2.8+dfsg-0.1 (bug #789623)
 	[jessie] - freeradius <no-dsa> (Minor issue)
 	[squeeze] - freeradius <no-dsa> (Minor issue)
@@ -102553,6 +102579,7 @@
 CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to conduct ...)
 	- egroupware <removed>
 CVE-2014-2015 (Stack-based buffer overflow in the normify function in the rlm_pap ...)
+	{DLA-977-1}
 	- freeradius 2.2.5+dfsg-0.1 (low; bug #742820)
 	[squeeze] - freeradius <no-dsa> (Minor issue)
 	NOTE: http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html

More information about the Secure-testing-commits mailing list