[Secure-testing-commits] r49520 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Mar 8 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-03-08 21:10:13 +0000 (Wed, 08 Mar 2017)
New Revision: 49520

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-08 21:02:43 UTC (rev 49519)
+++ data/CVE/list	2017-03-08 21:10:13 UTC (rev 49520)
@@ -1,23 +1,23 @@
 CVE-2017-6542
 	RESERVED
-CVE-2017-6541
-	RESERVED
-CVE-2017-6540
-	RESERVED
-CVE-2017-6539
-	RESERVED
-CVE-2017-6538
-	RESERVED
-CVE-2017-6537
-	RESERVED
-CVE-2017-6536
-	RESERVED
-CVE-2017-6535
-	RESERVED
-CVE-2017-6534
-	RESERVED
-CVE-2017-6533
-	RESERVED
+CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
+	TODO: check
+CVE-2017-6540 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
+	TODO: check
+CVE-2017-6539 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
+	TODO: check
+CVE-2017-6538 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
+	TODO: check
+CVE-2017-6537 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
+	TODO: check
+CVE-2017-6536 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
+	TODO: check
+CVE-2017-6535 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
+	TODO: check
+CVE-2017-6534 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
+	TODO: check
+CVE-2017-6533 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
+	TODO: check
 CVE-2017-6532
 	RESERVED
 CVE-2017-6531
@@ -186,6 +186,7 @@
 CVE-2017-6478 (paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected ...)
 	NOT-FOR-US: MaNGOSWebV4
 CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before ...)
+	{DLA-848-1}
 	- freetype <unfixed> (bug #856971)
 	NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
@@ -724,9 +725,11 @@
 	NOTE: https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d
 	NOTE: https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559
 CVE-2017-6353 (net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
 	NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2
 CVE-2017-6348 (The hashbin_delete function in net/irda/irqueue.c in the Linux kernel ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788
 CVE-2017-6347 (The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the ...)
@@ -735,9 +738,11 @@
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0)
 	NOTE: Fixed by: https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
 CVE-2017-6346 (Race condition in net/packet/af_packet.c in the Linux kernel before ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b
 CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not ensure ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
 CVE-2017-6321
@@ -1023,6 +1028,7 @@
 CVE-2017-6211
 	RESERVED
 CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 (v4.10-rc8)
 CVE-2017-6210 [null pointer dereference in vrend_decode_reset]
@@ -1556,6 +1562,7 @@
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html
 CVE-2017-5986 (Race condition in the sctp_wait_for_sndbuf function in ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.10-1
 	NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90
 CVE-2017-5985
@@ -2545,6 +2552,7 @@
 CVE-2017-5670
 	RESERVED
 CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=192931
 CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...)
@@ -4404,8 +4412,8 @@
 	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
 CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before ...)
 	NOT-FOR-US: Nessus
-CVE-2017-5178
-	RESERVED
+CVE-2017-5178 (An issue was discovered in Schneider Electric Tableau Server/Desktop ...)
+	TODO: check
 CVE-2017-5177
 	RESERVED
 CVE-2017-5176
@@ -7727,8 +7735,8 @@
 	RESERVED
 CVE-2016-9986
 	RESERVED
-CVE-2016-9985
-	RESERVED
+CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information ...)
+	TODO: check
 CVE-2016-9984
 	RESERVED
 CVE-2016-9983
@@ -10919,6 +10927,7 @@
 CVE-2017-2637
 	RESERVED
 CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/07/6
 CVE-2017-2635 [Null pointer dereference when updating storage size on empty drives]
@@ -14039,8 +14048,8 @@
 	RESERVED
 CVE-2017-1151
 	RESERVED
-CVE-2017-1150
-	RESERVED
+CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...)
+	TODO: check
 CVE-2017-1149
 	RESERVED
 CVE-2017-1148
@@ -16227,6 +16236,7 @@
 CVE-2016-9589
 	RESERVED
 CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP ...)
+	{DSA-3804-1 DLA-849-1}
 	- linux 4.8.15-2
 	NOTE: https://www.spinics.net/lists/kvm/msg142495.html
 	NOTE: Fixed by: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388
@@ -18497,8 +18507,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-9007
 	RESERVED
-CVE-2016-9006
-	RESERVED
+CVE-2016-9006 (IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site ...)
+	TODO: check
 CVE-2016-9005 (IBM System Storage TS3100-TS3200 Tape Library could allow an ...)
 	NOT-FOR-US: IBM
 CVE-2016-9004
@@ -28458,8 +28468,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-5934 (IBM Tivoli Storage Manager FastBack installer could allow a remote ...)
 	NOT-FOR-US: IBM
-CVE-2016-5933
-	RESERVED
+CVE-2016-5933 (IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host ...)
+	TODO: check
 CVE-2016-5932 (IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
 CVE-2016-5931
@@ -28536,8 +28546,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-5895
 	RESERVED
-CVE-2016-5894
-	RESERVED
+CVE-2016-5894 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
+	TODO: check
 CVE-2016-5893
 	RESERVED
 CVE-2016-5892 (Cross-site scripting (XSS) vulnerability in IBM 10x, as used in ...)

More information about the Secure-testing-commits mailing list