[Secure-testing-commits] r52931 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Jun 26 21:10:16 UTC 2017


Author: sectracker
Date: 2017-06-26 21:10:16 +0000 (Mon, 26 Jun 2017)
New Revision: 52931

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-26 19:56:27 UTC (rev 52930)
+++ data/CVE/list	2017-06-26 21:10:16 UTC (rev 52931)
@@ -1,3 +1,41 @@
+CVE-2017-9951
+	RESERVED
+CVE-2017-9950
+	RESERVED
+CVE-2017-9949 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...)
+	TODO: check
+CVE-2017-9948 (A stack buffer overflow vulnerability has been discovered in Microsoft ...)
+	TODO: check
+CVE-2017-9947
+	RESERVED
+CVE-2017-9946
+	RESERVED
+CVE-2017-9945
+	RESERVED
+CVE-2017-9944
+	RESERVED
+CVE-2017-9943
+	RESERVED
+CVE-2017-9942
+	RESERVED
+CVE-2017-9941
+	RESERVED
+CVE-2017-9940
+	RESERVED
+CVE-2017-9939
+	RESERVED
+CVE-2017-9938
+	RESERVED
+CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A ...)
+	TODO: check
+CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
+	TODO: check
+CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
+	TODO: check
+CVE-2017-9934
+	RESERVED
+CVE-2017-9933
+	RESERVED
 CVE-2017-9932
 	RESERVED
 CVE-2017-9931
@@ -2358,7 +2396,7 @@
 CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...)
 	NOT-FOR-US: Atlassian Confluence
 CVE-2017-9504
-	RESERVED
+	REJECTED
 CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host ...)
 	- qemu <unfixed> (bug #865754)
 	[stretch] - qemu <no-dsa> (Minor issue)
@@ -3591,8 +3629,8 @@
 	[stretch] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
 	[jessie] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
 	NOTE: https://github.com/Yeraze/ytnef/issues/47
-CVE-2017-9145
-	RESERVED
+CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not ...)
+	TODO: check
 CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because ...)
 	{DSA-3863-1 DLA-960-1}
 	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863126)
@@ -8300,8 +8338,8 @@
 CVE-2017-7497
 	RESERVED
 	NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2017-7496
-	RESERVED
+CVE-2017-7496 (fedora-arm-installer up to and including 1.99.16 is vulnerable to ...)
+	TODO: check
 CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...)
 	- linux 4.6.2-1
 	[jessie] - linux 3.16.39-1
@@ -11734,7 +11772,7 @@
 CVE-2017-6385
 	RESERVED
 CVE-2017-6383
-	RESERVED
+	REJECTED
 CVE-2017-6382
 	RESERVED
 CVE-2017-6381 (A 3rd party development library including with Drupal 8 development ...)
@@ -32074,17 +32112,19 @@
 CVE-2016-8499
 	REJECTED
 CVE-2016-8498
-	RESERVED
-CVE-2016-8497 (An escalation of privilege vulnerability in Fortinet FortiClient ...)
+	REJECTED
+CVE-2016-8497
+	REJECTED
 	NOT-FOR-US: Fortinet FortiClient SSL_VPN Linux
-CVE-2016-8496 (A potential execution of unauthorized code or commands vulnerability ...)
+CVE-2016-8496
+	REJECTED
 	NOT-FOR-US: Fortinet FortiClient SSL_VPN Linux
 CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...)
 	NOT-FOR-US: FortiManager
 CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...)
 	NOT-FOR-US: Fortiguard
 CVE-2016-8493
-	RESERVED
+	REJECTED
 CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows ...)
 	NOT-FOR-US: Fortinet FortiWLC
 CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...)
@@ -37185,7 +37225,7 @@
 CVE-2016-6878 (The Curve25519 code in botan before 1.11.31, on systems without a ...)
 	- botan1.10 <not-affected> (Introduced in 1.11.12)
 	NOTE: Introduced in 1.11.12, fixed in 1.11.31
-CVE-2016-6877 (Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle ...)
+CVE-2016-6877 (** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows ...)
 	NOT-FOR-US: Citrix
 CVE-2016-6876 (The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link ...)
 	NOT-FOR-US: F5
@@ -74940,8 +74980,7 @@
 	NOTE: https://bugs.php.net/bug.php?id=69441
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/16/22
 	NOTE: Fixed in 5.6.8 and 5.4.40
-CVE-2015-3315
-	RESERVED
+CVE-2015-3315 (Automatic Bug Reporting Tool (ABRT) allows local users to read, change ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
 CVE-2015-3309 [incomplete fix for CVE-2015-3297]
 	RESERVED
@@ -75320,8 +75359,7 @@
 CVE-2015-3216 (Race condition in a certain Red Hat patch to the PRNG lock ...)
 	- openssl <not-affected> (Affects Red Hat specific patch)
 	NOTE: More information in https://bugzilla.redhat.com/show_bug.cgi?id=1225994
-CVE-2015-3215
-	RESERVED
+CVE-2015-3215 (The NetKVM Windows Virtio driver allows remote attackers to cause a ...)
 	NOT-FOR-US: virtio Windows drivers
 CVE-2015-3214 (The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and ...)
 	{DSA-3348-1}
@@ -75651,8 +75689,7 @@
 	{DSA-3232-1 DLA-211-1}
 	- curl 7.42.0-1
 	NOTE: http://curl.haxx.se/docs/adv_20150422A.html
-CVE-2015-3142
-	RESERVED
+CVE-2015-3142 (The kernel-invoked coredump processor in Automatic Bug Reporting Tool ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
 CVE-2015-3141 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: Synametrics Technologies Xeams
@@ -79468,8 +79505,7 @@
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
 CVE-2015-1871
 	RESERVED
-CVE-2015-1870
-	RESERVED
+CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
 CVE-2015-1869
 	RESERVED
@@ -89754,8 +89790,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD]
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither)
 	NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
-CVE-2014-8127 [out-of-bound reads]
-	RESERVED
+CVE-2014-8127 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service ...)
 	{DSA-3273-1}
 	- tiff 4.0.6-3 (unimportant; bug #776185)
 	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)




More information about the Secure-testing-commits mailing list