[Secure-testing-commits] r53055 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jun 30 21:10:16 UTC 2017
Author: sectracker
Date: 2017-06-30 21:10:16 +0000 (Fri, 30 Jun 2017)
New Revision: 53055
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-30 20:48:04 UTC (rev 53054)
+++ data/CVE/list 2017-06-30 21:10:16 UTC (rev 53055)
@@ -1,3 +1,41 @@
+CVE-2017-10717
+ RESERVED
+CVE-2017-10716
+ RESERVED
+CVE-2017-10715
+ RESERVED
+CVE-2017-10714
+ RESERVED
+CVE-2017-10713
+ RESERVED
+CVE-2017-10712
+ RESERVED
+CVE-2017-10711
+ RESERVED
+CVE-2017-10710
+ RESERVED
+CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...)
+ TODO: check
+CVE-2017-10708
+ RESERVED
+CVE-2017-10707
+ RESERVED
+CVE-2017-10706
+ RESERVED
+CVE-2017-10705
+ RESERVED
+CVE-2017-10704
+ RESERVED
+CVE-2017-10703
+ RESERVED
+CVE-2017-10702
+ RESERVED
+CVE-2017-10701
+ RESERVED
+CVE-2017-10700
+ RESERVED
+CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before ...)
+ TODO: check
CVE-2017-10698
RESERVED
CVE-2017-10697
@@ -50,16 +88,16 @@
RESERVED
CVE-2017-10675
RESERVED
-CVE-2017-10674
- RESERVED
-CVE-2015-9105
- RESERVED
-CVE-2015-9104
- RESERVED
-CVE-2015-9103
- RESERVED
-CVE-2015-9102
- RESERVED
+CVE-2017-10674 (Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a ...)
+ TODO: check
+CVE-2015-9105 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Video ...)
+ TODO: check
+CVE-2015-9104 (Cross-site scripting (XSS) vulnerabilities in Synology Audio Station ...)
+ TODO: check
+CVE-2015-9103 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Note ...)
+ TODO: check
+CVE-2015-9102 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo ...)
+ TODO: check
CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name field. ...)
NOT-FOR-US: GetSimple CMS
CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...)
@@ -67,12 +105,12 @@
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246
CVE-2017-10671 (Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in ...)
- thttpd <removed>
-CVE-2017-10670
- RESERVED
-CVE-2017-10669
- RESERVED
-CVE-2017-10668
- RESERVED
+CVE-2017-10670 (An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used ...)
+ TODO: check
+CVE-2017-10669 (Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI ...)
+ TODO: check
+CVE-2017-10668 (A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport ...)
+ TODO: check
CVE-2017-10667 (In index.php in Zen Cart 1.6.0, the products_id parameter can cause ...)
NOT-FOR-US: Zen Cart
CVE-2017-10666
@@ -4278,21 +4316,25 @@
NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039
CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based ...)
+ {DLA-1008-1}
- libxml2 <unfixed> (bug #863018)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based ...)
+ {DLA-1008-1}
- libxml2 <unfixed> (bug #863019)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based ...)
+ {DLA-1008-1}
- libxml2 <unfixed> (bug #863021)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
CVE-2017-9047 (A buffer overflow was discovered in libxml2 ...)
+ {DLA-1008-1}
- libxml2 <unfixed> (bug #863022)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
@@ -5763,8 +5805,8 @@
RESERVED
CVE-2017-8444
RESERVED
-CVE-2017-8443
- RESERVED
+CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...)
+ TODO: check
CVE-2017-8442
RESERVED
CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not ...)
@@ -6179,10 +6221,12 @@
- telegram-desktop <unfixed>
NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666
CVE-2016-10350 (The archive_read_format_cab_read_header function in ...)
+ {DLA-1006-1}
- libarchive <unfixed> (bug #861609)
NOTE: https://github.com/libarchive/libarchive/issues/835
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3
CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 ...)
+ {DLA-1006-1}
- libarchive <unfixed> (bug #861609)
NOTE: https://github.com/libarchive/libarchive/issues/834
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3
@@ -7725,7 +7769,7 @@
RESERVED
CVE-2017-7778
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
- firefox 54.0-1
@@ -7736,7 +7780,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778
CVE-2017-7777
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7745,7 +7789,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
CVE-2017-7776
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7753,7 +7797,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
CVE-2017-7775
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7761,7 +7805,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
CVE-2017-7774
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7769,7 +7813,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
CVE-2017-7773
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7777,7 +7821,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
CVE-2017-7772
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7785,7 +7829,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
CVE-2017-7771
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-991-1}
+ {DSA-3894-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -7825,7 +7869,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7765
CVE-2017-7764
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -7862,7 +7906,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759
CVE-2017-7758
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -7871,7 +7915,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7758
CVE-2017-7757
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -7880,7 +7924,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7757
CVE-2017-7756
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -7895,7 +7939,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755
CVE-2017-7754
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -7906,7 +7950,7 @@
RESERVED
CVE-2017-7752
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -7915,7 +7959,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7752
CVE-2017-7751
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -7924,7 +7968,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7751
CVE-2017-7750
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -7933,7 +7977,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7750
CVE-2017-7749
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -9182,6 +9226,7 @@
NOTE: Fix upstream not yet complete as per 2017-06-17
CVE-2017-7375 [Missing validation for external entities in xmlParsePEReference]
RESERVED
+ {DLA-1008-1}
- libxml2 <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
@@ -13499,6 +13544,7 @@
[jessie] - yara 3.1.0-2+deb8u1
NOTE: https://github.com/VirusTotal/yara/issues/576
CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...)
+ {DLA-1006-1}
- libarchive <unfixed> (low; bug #859456)
[stretch] - libarchive <no-dsa> (Minor issue)
[jessie] - libarchive <no-dsa> (Minor issue)
@@ -15116,7 +15162,7 @@
NOTE: https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15
CVE-2017-5472
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -15129,7 +15175,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471
CVE-2017-5470
RESERVED
- {DSA-3881-1 DLA-991-1}
+ {DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -24107,8 +24153,8 @@
NOT-FOR-US: Juniper
CVE-2017-2299
RESERVED
-CVE-2017-2298
- RESERVED
+CVE-2017-2298 (The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a ...)
+ TODO: check
CVE-2017-2297
RESERVED
CVE-2017-2296
@@ -24123,8 +24169,8 @@
RESERVED
CVE-2017-2293
RESERVED
-CVE-2017-2292
- RESERVED
+CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...)
+ TODO: check
CVE-2017-2291
RESERVED
CVE-2017-2290 (On Windows installations of the mcollective-puppet-agent plugin, ...)
@@ -83190,7 +83236,8 @@
RESERVED
CVE-2015-0956
RESERVED
-CVE-2015-0955 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ...)
+CVE-2015-0955
+ REJECTED
NOT-FOR-US: Adobe Experience Manager
CVE-2015-0954
RESERVED
More information about the Secure-testing-commits
mailing list