[Secure-testing-commits] r52564 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Jun 14 21:10:14 UTC 2017 

Author: sectracker
Date: 2017-06-14 21:10:14 +0000 (Wed, 14 Jun 2017)
New Revision: 52564

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-14 20:50:57 UTC (rev 52563)
+++ data/CVE/list	2017-06-14 21:10:14 UTC (rev 52564)
@@ -1,3 +1,15 @@
+CVE-2017-9620
+	RESERVED
+CVE-2017-9619
+	RESERVED
+CVE-2017-9618
+	RESERVED
+CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...)
+	TODO: check
+CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion ...)
+	TODO: check
+CVE-2017-9615
+	RESERVED
 CVE-2017-9614
 	RESERVED
 CVE-2017-9613
@@ -257,8 +269,7 @@
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html
-CVE-2017-9502
-	RESERVED
+CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default protocol ...)
 	- curl <not-affected> (Windows only)
 CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the ...)
 	- imagemagick <unfixed> (low)
@@ -365,10 +376,10 @@
 	[jessie] - yara <no-dsa> (Minor issue)
 	NOTE: https://github.com/VirusTotal/yara/issues/678
 	NOTE: https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661
-CVE-2017-9464
-	RESERVED
-CVE-2017-9463
-	RESERVED
+CVE-2017-9464 (An open redirect vulnerability is present in Piwigo 2.9 and probably ...)
+	TODO: check
+CVE-2017-9463 (The application Piwigo is affected by a SQL injection vulnerability in ...)
+	TODO: check
 CVE-2017-9460
 	RESERVED
 CVE-2017-9459
@@ -2137,8 +2148,8 @@
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810
 	NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
 	NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present.
-CVE-2017-8907
-	RESERVED
+CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.3 did not ...)
+	TODO: check
 CVE-2017-8906 (An integer underflow vulnerability exists in pixel-a.asm, the x86 ...)
 	- x265 <not-affected> (Affected code is not enabled)
 	NOTE: https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common
@@ -5152,6 +5163,7 @@
 	RESERVED
 CVE-2017-7778
 	RESERVED
+	{DSA-3881-1}
 	- graphite2 1.3.10-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
 	- firefox <unfixed>
@@ -5160,6 +5172,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778
 CVE-2017-7777
 	RESERVED
+	{DSA-3881-1}
 	- graphite2 1.3.10-1
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
@@ -5167,36 +5180,42 @@
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
 CVE-2017-7776
 	RESERVED
+	{DSA-3881-1}
 	- graphite2 1.3.10-1
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
 CVE-2017-7775
 	RESERVED
+	{DSA-3881-1}
 	- graphite2 1.3.10-1
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
 CVE-2017-7774
 	RESERVED
+	{DSA-3881-1}
 	- graphite2 1.3.10-1
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
 CVE-2017-7773
 	RESERVED
+	{DSA-3881-1}
 	- graphite2 1.3.10-1
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
 CVE-2017-7772
 	RESERVED
+	{DSA-3881-1}
 	- graphite2 1.3.10-1
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
 CVE-2017-7771
 	RESERVED
+	{DSA-3881-1}
 	- graphite2 1.3.10-1
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
@@ -5233,6 +5252,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7765
 CVE-2017-7764
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764
@@ -5265,18 +5285,21 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759
 CVE-2017-7758
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758
 CVE-2017-7757
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757
 CVE-2017-7756
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756
@@ -5289,6 +5312,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755
 CVE-2017-7754
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754
@@ -5297,24 +5321,28 @@
 	RESERVED
 CVE-2017-7752
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752
 CVE-2017-7751
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751
 CVE-2017-7750
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750
 CVE-2017-7749
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7749
@@ -5527,10 +5555,10 @@
 	RESERVED
 CVE-2017-7678
 	RESERVED
-CVE-2017-7677
-	RESERVED
-CVE-2017-7676
-	RESERVED
+CVE-2017-7677 (In environments that use external location for hive tables, Hive ...)
+	TODO: check
+CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores ...)
+	TODO: check
 CVE-2017-7675
 	RESERVED
 CVE-2017-7674
@@ -11315,8 +11343,8 @@
 	RESERVED
 CVE-2017-5698
 	RESERVED
-CVE-2017-5697
-	RESERVED
+CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of ...)
+	TODO: check
 CVE-2017-5696
 	RESERVED
 CVE-2017-5695
@@ -12407,6 +12435,7 @@
 	NOTE: https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15
 CVE-2017-5472
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472
@@ -12417,6 +12446,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471
 CVE-2017-5470
 	RESERVED
+	{DSA-3881-1}
 	- firefox <unfixed>
 	- firefox-esr 52.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470
@@ -20057,8 +20087,8 @@
 	RESERVED
 CVE-2017-2811
 	RESERVED
-CVE-2017-2810
-	RESERVED
+CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...)
+	TODO: check
 CVE-2017-2809
 	RESERVED
 CVE-2017-2808
@@ -24771,8 +24801,8 @@
 	RESERVED
 CVE-2017-0664
 	RESERVED
-CVE-2017-0663
-	RESERVED
+CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable an ...)
+	TODO: check
 CVE-2017-0662
 	RESERVED
 CVE-2017-0661
@@ -24795,38 +24825,38 @@
 	RESERVED
 CVE-2017-0652
 	RESERVED
-CVE-2017-0651
-	RESERVED
-CVE-2017-0650
-	RESERVED
-CVE-2017-0649
-	RESERVED
-CVE-2017-0648
-	RESERVED
-CVE-2017-0647
-	RESERVED
-CVE-2017-0646
-	RESERVED
-CVE-2017-0645
-	RESERVED
-CVE-2017-0644
-	RESERVED
-CVE-2017-0643
-	RESERVED
-CVE-2017-0642
-	RESERVED
-CVE-2017-0641
-	RESERVED
-CVE-2017-0640
-	RESERVED
-CVE-2017-0639
-	RESERVED
-CVE-2017-0638
-	RESERVED
-CVE-2017-0637
-	RESERVED
-CVE-2017-0636
-	RESERVED
+CVE-2017-0651 (An information disclosure vulnerability in the kernel ION subsystem ...)
+	TODO: check
+CVE-2017-0650 (An information disclosure vulnerability in the Synaptics touchscreen ...)
+	TODO: check
+CVE-2017-0649 (An elevation of privilege vulnerability in the MediaTek sound driver ...)
+	TODO: check
+CVE-2017-0648 (An elevation of privilege vulnerability in the kernel FIQ debugger ...)
+	TODO: check
+CVE-2017-0647 (An information disclosure vulnerability in libziparchive could enable ...)
+	TODO: check
+CVE-2017-0646 (An information disclosure vulnerability in Bluetooth component could ...)
+	TODO: check
+CVE-2017-0645 (An elevation of privilege vulnerability in Bluetooth could enable a ...)
+	TODO: check
+CVE-2017-0644 (A remote denial of service vulnerability in Mediaserver could enable ...)
+	TODO: check
+CVE-2017-0643 (A remote denial of service vulnerability in Mediaserver could enable ...)
+	TODO: check
+CVE-2017-0642 (A remote denial of service vulnerability in libhevc in Mediaserver ...)
+	TODO: check
+CVE-2017-0641 (A remote denial of service vulnerability in libvpx in Mediaserver ...)
+	TODO: check
+CVE-2017-0640 (A remote denial of service vulnerability in Mediaserver could enable ...)
+	TODO: check
+CVE-2017-0639 (An information disclosure vulnerability in Bluetooth component could ...)
+	TODO: check
+CVE-2017-0638 (A remote code execution vulnerability in System UI component could ...)
+	TODO: check
+CVE-2017-0637 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
+	TODO: check
+CVE-2017-0636 (An elevation of privilege vulnerability in the MediaTek command queue ...)
+	TODO: check
 CVE-2017-0635 (A remote denial of service vulnerability in HevcUtils.cpp in ...)
 	NOT-FOR-US: libstagefright
 CVE-2017-0634 (An information disclosure vulnerability in the Synaptics touchscreen ...)
@@ -28754,8 +28784,7 @@
 CVE-2016-8752
 	RESERVED
 	NOT-FOR-US: Apache Atlas
-CVE-2016-8751
-	RESERVED
+CVE-2016-8751 (Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site ...)
 	NOT-FOR-US: Apache Ranger
 CVE-2016-8750
 	RESERVED
@@ -28767,8 +28796,7 @@
 	- tomcat8 8.5.9-1
 	[jessie] - tomcat8 <not-affected> (Only affects 8.5.7 to 8.5.9)
 	NOTE: http://svn.apache.org/r1774166
-CVE-2016-8746
-	RESERVED
+CVE-2016-8746 (Apache Ranger before 0.6.3 policy engine incorrectly matches paths in ...)
 	NOT-FOR-US: Apache Ranger
 CVE-2016-8745
 	RESERVED

More information about the Secure-testing-commits mailing list