[Secure-testing-commits] r49461 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Mar 6 21:10:12 UTC 2017
Author: sectracker
Date: 2017-03-06 21:10:11 +0000 (Mon, 06 Mar 2017)
New Revision: 49461
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-06 21:08:09 UTC (rev 49460)
+++ data/CVE/list 2017-03-06 21:10:11 UTC (rev 49461)
@@ -1,40 +1,43 @@
+CVE-2017-6506
+ RESERVED
CVE-2017-6505 [usb: an infinite loop issue in ohci_service_ed_list]
+ RESERVED
- qemu <unfixed> (bug #856969)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
-CVE-2017-6504
+CVE-2017-6504 (WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options ...)
- qbittorrent <unfixed> (low; bug #856978)
[jessie] - qbittorrent <no-dsa> (Minor issue)
NOTE: https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d
NOTE: Fixed upstream in 3.3.11
-CVE-2017-6503
+CVE-2017-6503 (WebUI in qBittorrent before 3.3.11 did not escape many values, which ...)
- qbittorrent <unfixed> (low; bug #856977)
[jessie] - qbittorrent <no-dsa> (Minor issue)
NOTE: https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16
NOTE: Fixed upstream in 3.3.11
-CVE-2017-6502
+CVE-2017-6502 (An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...)
- imagemagick <unfixed> (unimportant; bug #856883)
NOTE: webp is disable under Debian, cf. https://bugs.debian.org/856883#14
NOTE: https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df
-CVE-2017-6501
+CVE-2017-6501 (An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf ...)
- imagemagick 8:6.9.7.4+dfsg-2 (bug #856881)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751
-CVE-2017-6500
+CVE-2017-6500 (An issue was discovered in ImageMagick 6.9.7. A specially crafted sun ...)
- imagemagick 8:6.9.7.4+dfsg-2 (bug #856879)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528
NOTE: https://github.com/ImageMagick/ImageMagick/issues/375
NOTE: https://github.com/ImageMagick/ImageMagick/issues/376
-CVE-2017-6499
+CVE-2017-6499 (An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially ...)
- imagemagick 8:6.9.7.4+dfsg-2 (bug #856880)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543
-CVE-2017-6498
+CVE-2017-6498 (An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could ...)
- imagemagick 8:6.9.7.4+dfsg-2 (bug #856878)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9
NOTE: https://github.com/ImageMagick/ImageMagick/pull/359
-CVE-2017-6497
+CVE-2017-6497 (An issue was discovered in ImageMagick 6.9.7. A specially crafted psd ...)
- imagemagick 8:6.9.7.4+dfsg-2 (bug #856882)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94
@@ -76,7 +79,7 @@
NOT-FOR-US: FenixHosting (different than fenix game engine)
CVE-2017-6478 (paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected ...)
NOT-FOR-US: MaNGOSWebV4
-CVE-2016-10244 [denial of service]
+CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before ...)
- freetype <unfixed> (bug #856971)
NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
@@ -378,8 +381,8 @@
RESERVED
CVE-2017-6417
RESERVED
-CVE-2017-6416
- RESERVED
+CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow ...)
+ TODO: check
CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
- radare2 1.1.0+dfsg-3 (bug #856572)
NOTE: https://github.com/radare/radare2/issues/6872
@@ -393,8 +396,8 @@
NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
CVE-2017-6412
RESERVED
-CVE-2017-6411
- RESERVED
+CVE-2017-6411 (Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 ...)
+ TODO: check
CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls ...)
- kio <unfixed> (bug #856889)
- kde4libs <unfixed> (bug #856890)
@@ -553,8 +556,8 @@
RESERVED
CVE-2017-6352
RESERVED
-CVE-2017-6351
- RESERVED
+CVE-2017-6351 (The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer ...)
+ TODO: check
CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...)
- vim <unfixed> (bug #856266)
[jessie] - vim <no-dsa> (Minor issue, can be fixed via point release)
@@ -581,8 +584,8 @@
RESERVED
CVE-2017-6336
RESERVED
-CVE-2017-6334
- RESERVED
+CVE-2017-6334 (dnslookup.cgi on NETGEAR DGN2200 devices with firmware through ...)
+ TODO: check
CVE-2017-6333
RESERVED
CVE-2017-6332
@@ -1395,8 +1398,8 @@
NOTE: Fixed by: https://git.kernel.org/linus/321027c1fe77f892f4ea07846aeae08cefbbb290
CVE-2017-6000
REJECTED
-CVE-2017-5999
- RESERVED
+CVE-2017-5999 (An issue was discovered in sysPass 2.x before 2.1, in which an ...)
+ TODO: check
CVE-2017-5998 (Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE ...)
NOT-FOR-US: InterSect Alliance SNARE Epilog
CVE-2017-5997 (The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows ...)
@@ -1577,7 +1580,7 @@
CVE-2017-5947
RESERVED
CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...)
- {DSA-3801-1}
+ {DSA-3801-1 DLA-846-1}
- ruby-zip 1.2.0-1.1 (bug #856269)
- libzip-ruby <removed>
NOTE: https://github.com/rubyzip/rubyzip/issues/315
@@ -2501,8 +2504,8 @@
RESERVED
CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows ...)
NOT-FOR-US: Norwegian
-CVE-2017-5633
- RESERVED
+CVE-2017-5633 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
+ TODO: check
CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router with ...)
NOT-FOR-US: Asus router
CVE-2017-5631
@@ -4132,8 +4135,8 @@
RESERVED
CVE-2017-5198
RESERVED
-CVE-2017-5197
- RESERVED
+CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. ...)
+ TODO: check
CVE-2017-5192 [local_batch client external authentication not respected]
RESERVED
- salt 2016.11.2+ds-1
@@ -15765,11 +15768,11 @@
[wheezy] - linux 3.2.81-1
NOTE: Fixed by: https://git.kernel.org/linus/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f (v4.6-rc1)
CVE-2016-9649
- RESERVED
+ REJECTED
CVE-2016-9648
- RESERVED
+ REJECTED
CVE-2016-9647
- RESERVED
+ REJECTED
CVE-2016-9646 [commit metadata forgery]
RESERVED
{DSA-3760-1 DLA-812-1}
@@ -49694,15 +49697,15 @@
CVE-2015-7961
RESERVED
CVE-2015-7960
- RESERVED
+ REJECTED
CVE-2015-7959
- RESERVED
+ REJECTED
CVE-2015-7958
- RESERVED
+ REJECTED
CVE-2015-7957
- RESERVED
+ REJECTED
CVE-2015-7956
- RESERVED
+ REJECTED
CVE-2015-7955
RESERVED
CVE-2015-7954
More information about the Secure-testing-commits
mailing list