[Secure-testing-commits] r52931 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Jun 26 21:10:16 UTC 2017
Author: sectracker
Date: 2017-06-26 21:10:16 +0000 (Mon, 26 Jun 2017)
New Revision: 52931
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-26 19:56:27 UTC (rev 52930)
+++ data/CVE/list 2017-06-26 21:10:16 UTC (rev 52931)
@@ -1,3 +1,41 @@
+CVE-2017-9951
+ RESERVED
+CVE-2017-9950
+ RESERVED
+CVE-2017-9949 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...)
+ TODO: check
+CVE-2017-9948 (A stack buffer overflow vulnerability has been discovered in Microsoft ...)
+ TODO: check
+CVE-2017-9947
+ RESERVED
+CVE-2017-9946
+ RESERVED
+CVE-2017-9945
+ RESERVED
+CVE-2017-9944
+ RESERVED
+CVE-2017-9943
+ RESERVED
+CVE-2017-9942
+ RESERVED
+CVE-2017-9941
+ RESERVED
+CVE-2017-9940
+ RESERVED
+CVE-2017-9939
+ RESERVED
+CVE-2017-9938
+ RESERVED
+CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A ...)
+ TODO: check
+CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
+ TODO: check
+CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
+ TODO: check
+CVE-2017-9934
+ RESERVED
+CVE-2017-9933
+ RESERVED
CVE-2017-9932
RESERVED
CVE-2017-9931
@@ -2358,7 +2396,7 @@
CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...)
NOT-FOR-US: Atlassian Confluence
CVE-2017-9504
- RESERVED
+ REJECTED
CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host ...)
- qemu <unfixed> (bug #865754)
[stretch] - qemu <no-dsa> (Minor issue)
@@ -3591,8 +3629,8 @@
[stretch] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
[jessie] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
NOTE: https://github.com/Yeraze/ytnef/issues/47
-CVE-2017-9145
- RESERVED
+CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not ...)
+ TODO: check
CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because ...)
{DSA-3863-1 DLA-960-1}
- imagemagick 8:6.9.7.4+dfsg-9 (bug #863126)
@@ -8300,8 +8338,8 @@
CVE-2017-7497
RESERVED
NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2017-7496
- RESERVED
+CVE-2017-7496 (fedora-arm-installer up to and including 1.99.16 is vulnerable to ...)
+ TODO: check
CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...)
- linux 4.6.2-1
[jessie] - linux 3.16.39-1
@@ -11734,7 +11772,7 @@
CVE-2017-6385
RESERVED
CVE-2017-6383
- RESERVED
+ REJECTED
CVE-2017-6382
RESERVED
CVE-2017-6381 (A 3rd party development library including with Drupal 8 development ...)
@@ -32074,17 +32112,19 @@
CVE-2016-8499
REJECTED
CVE-2016-8498
- RESERVED
-CVE-2016-8497 (An escalation of privilege vulnerability in Fortinet FortiClient ...)
+ REJECTED
+CVE-2016-8497
+ REJECTED
NOT-FOR-US: Fortinet FortiClient SSL_VPN Linux
-CVE-2016-8496 (A potential execution of unauthorized code or commands vulnerability ...)
+CVE-2016-8496
+ REJECTED
NOT-FOR-US: Fortinet FortiClient SSL_VPN Linux
CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...)
NOT-FOR-US: FortiManager
CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...)
NOT-FOR-US: Fortiguard
CVE-2016-8493
- RESERVED
+ REJECTED
CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows ...)
NOT-FOR-US: Fortinet FortiWLC
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...)
@@ -37185,7 +37225,7 @@
CVE-2016-6878 (The Curve25519 code in botan before 1.11.31, on systems without a ...)
- botan1.10 <not-affected> (Introduced in 1.11.12)
NOTE: Introduced in 1.11.12, fixed in 1.11.31
-CVE-2016-6877 (Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle ...)
+CVE-2016-6877 (** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows ...)
NOT-FOR-US: Citrix
CVE-2016-6876 (The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link ...)
NOT-FOR-US: F5
@@ -74940,8 +74980,7 @@
NOTE: https://bugs.php.net/bug.php?id=69441
NOTE: http://www.openwall.com/lists/oss-security/2015/04/16/22
NOTE: Fixed in 5.6.8 and 5.4.40
-CVE-2015-3315
- RESERVED
+CVE-2015-3315 (Automatic Bug Reporting Tool (ABRT) allows local users to read, change ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3309 [incomplete fix for CVE-2015-3297]
RESERVED
@@ -75320,8 +75359,7 @@
CVE-2015-3216 (Race condition in a certain Red Hat patch to the PRNG lock ...)
- openssl <not-affected> (Affects Red Hat specific patch)
NOTE: More information in https://bugzilla.redhat.com/show_bug.cgi?id=1225994
-CVE-2015-3215
- RESERVED
+CVE-2015-3215 (The NetKVM Windows Virtio driver allows remote attackers to cause a ...)
NOT-FOR-US: virtio Windows drivers
CVE-2015-3214 (The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and ...)
{DSA-3348-1}
@@ -75651,8 +75689,7 @@
{DSA-3232-1 DLA-211-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422A.html
-CVE-2015-3142
- RESERVED
+CVE-2015-3142 (The kernel-invoked coredump processor in Automatic Bug Reporting Tool ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3141 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: Synametrics Technologies Xeams
@@ -79468,8 +79505,7 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
CVE-2015-1871
RESERVED
-CVE-2015-1870
- RESERVED
+CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1869
RESERVED
@@ -89754,8 +89790,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD]
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither)
NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
-CVE-2014-8127 [out-of-bound reads]
- RESERVED
+CVE-2014-8127 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service ...)
{DSA-3273-1}
- tiff 4.0.6-3 (unimportant; bug #776185)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
More information about the Secure-testing-commits
mailing list