[Secure-testing-commits] r52826 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jun 22 21:10:14 UTC 2017
Author: sectracker
Date: 2017-06-22 21:10:14 +0000 (Thu, 22 Jun 2017)
New Revision: 52826
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-22 20:50:49 UTC (rev 52825)
+++ data/CVE/list 2017-06-22 21:10:14 UTC (rev 52826)
@@ -1,3 +1,41 @@
+CVE-2017-9825
+ RESERVED
+CVE-2017-9824
+ RESERVED
+CVE-2017-9823
+ RESERVED
+CVE-2017-9822
+ RESERVED
+CVE-2017-9821
+ RESERVED
+CVE-2017-9820
+ RESERVED
+CVE-2017-9819
+ RESERVED
+CVE-2017-9818
+ RESERVED
+CVE-2017-9817
+ RESERVED
+CVE-2017-9816
+ RESERVED
+CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in ...)
+ TODO: check
+CVE-2017-9814
+ RESERVED
+CVE-2017-9813
+ RESERVED
+CVE-2017-9812
+ RESERVED
+CVE-2017-9811
+ RESERVED
+CVE-2017-9810
+ RESERVED
+CVE-2017-9809
+ RESERVED
+CVE-2017-9808
+ RESERVED
+CVE-2015-9098 (In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote ...)
+ TODO: check
CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 ...)
TODO: check
CVE-2017-9806
@@ -1256,7 +1294,7 @@
NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1
CVE-2017-9779
RESERVED
-CVE-2012-6706 [VMSF_DELTA filter in unrar allows arbitrary memory write]
+CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as ...)
- unrar-nonfree 1:5.5.5-1 (bug #865461)
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
@@ -1301,6 +1339,7 @@
CVE-2017-9764
RESERVED
CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ...)
+ {DSA-3895-1}
- flatpak 0.8.7-1 (bug #865413)
NOTE: https://github.com/flatpak/flatpak/issues/845
CVE-2017-XXXX [XSA 225]
@@ -1339,6 +1378,7 @@
- qemu <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-216.html
CVE-2017-1000381 [c-ares NAPTR parser out of bounds access]
+ {DLA-998-1}
- c-ares <unfixed> (bug #865360)
NOTE: https://c-ares.haxx.se/adv_20170620.html
NOTE: Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch
@@ -2288,8 +2328,8 @@
RESERVED
CVE-2017-9425
RESERVED
-CVE-2017-9424
- RESERVED
+CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers ...)
+ TODO: check
CVE-2017-9423
RESERVED
CVE-2017-9422
@@ -3475,7 +3515,8 @@
{DSA-3886-1 DLA-993-1}
- linux 4.9.30-1
NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1
-CVE-2017-9073 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in ...)
+CVE-2017-9073
+ REJECTED
NOT-FOR-US: Windows
CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. ...)
NOT-FOR-US: CalendarXP
@@ -6976,7 +7017,7 @@
RESERVED
CVE-2017-7778
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-991-1}
- graphite2 1.3.10-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
- firefox 54.0-1
@@ -6987,7 +7028,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778
CVE-2017-7777
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -6996,7 +7037,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
CVE-2017-7776
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7004,7 +7045,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
CVE-2017-7775
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7012,7 +7053,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
CVE-2017-7774
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7020,7 +7061,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
CVE-2017-7773
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7028,7 +7069,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
CVE-2017-7772
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7036,7 +7077,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
CVE-2017-7771
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7396,6 +7437,7 @@
CVE-2017-7680
RESERVED
CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...)
+ {DSA-3896-1}
- apache2 2.4.25-4
CVE-2017-7678
RESERVED
@@ -7418,6 +7460,7 @@
CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...)
- hadoop <itp> (bug #793644)
CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and ...)
+ {DSA-3896-1}
- apache2 2.4.25-4
CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the ...)
NOT-FOR-US: Apache NiFi
@@ -7877,6 +7920,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
CVE-2017-7520 [Pre-authentication remote crash/information disclosure for clients]
RESERVED
+ {DLA-999-1}
- openvpn 2.4.3-1 (bug #865480)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/7718c8984f
NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
@@ -19013,10 +19057,10 @@
NOT-FOR-US: IBM
CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote ...)
NOT-FOR-US: IBM
-CVE-2016-9983
- RESERVED
-CVE-2016-9982
- RESERVED
+CVE-2016-9983 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an ...)
+ TODO: check
+CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an ...)
+ TODO: check
CVE-2016-9981
RESERVED
CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
@@ -19658,12 +19702,12 @@
RESERVED
CVE-2017-3632
RESERVED
-CVE-2017-3631
- RESERVED
-CVE-2017-3630
- RESERVED
-CVE-2017-3629
- RESERVED
+CVE-2017-3631 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2017-3630 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
+CVE-2017-3629 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
+ TODO: check
CVE-2017-3628
RESERVED
CVE-2017-3627
@@ -20961,10 +21005,12 @@
CVE-2017-3170
RESERVED
CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl ...)
+ {DSA-3896-1}
- apache2 2.4.25-4
CVE-2017-3168
RESERVED
CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...)
+ {DSA-3896-1}
- apache2 2.4.25-4
CVE-2017-3166
RESERVED
@@ -25257,8 +25303,8 @@
RESERVED
CVE-2017-1327
RESERVED
-CVE-2017-1326
- RESERVED
+CVE-2017-1326 (IBM Sterling File Gateway does not properly restrict user requests ...)
+ TODO: check
CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1324
@@ -26169,8 +26215,8 @@
RESERVED
CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive ...)
NOT-FOR-US: IBM
-CVE-2016-9747
- RESERVED
+CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This ...)
+ TODO: check
CVE-2016-9746
RESERVED
CVE-2016-9745
@@ -32900,8 +32946,8 @@
NOT-FOR-US: Microsoft
CVE-2017-0177
RESERVED
-CVE-2017-0176
- RESERVED
+CVE-2017-0176 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in ...)
+ TODO: check
CVE-2017-0175 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows ...)
NOT-FOR-US: Microsoft
CVE-2017-0174
@@ -46805,7 +46851,7 @@
NOTE: Introduced by: https://git.kernel.org/linus/fb09692e71f13af7298eb603a1975850b1c7a8d8 (v3.9-rc1)
CVE-2016-4000 [Unsafe deserialization leads to code execution]
RESERVED
- {DLA-989-1}
+ {DSA-3893-1 DLA-989-1}
- jython 2.5.3-17 (bug #864859)
NOTE: http://bugs.jython.org/issue2454
NOTE: https://hg.python.org/jython/rev/d06e29d100c0
More information about the Secure-testing-commits
mailing list