[Secure-testing-commits] r49579 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Mar 10 21:10:15 UTC 2017 

Author: sectracker
Date: 2017-03-10 21:10:15 +0000 (Fri, 10 Mar 2017)
New Revision: 49579

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-10 19:16:10 UTC (rev 49578)
+++ data/CVE/list	2017-03-10 21:10:15 UTC (rev 49579)
@@ -1,13 +1,19 @@
-CVE-2017-6802 [Potential buffer overrun in compressed RTF streams]
+CVE-2017-6804 (A Stored XSS Vulnerability exists in the WP Markdown Editor (aka ...)
+	TODO: check
+CVE-2017-6803
+	RESERVED
+CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking ...)
+	TODO: check
+CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a potential ...)
 	- libytnef 1.9.2-1
 	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc
-CVE-2017-6801 [Missing check for fields of size 0]
+CVE-2017-6801 (An issue was discovered in ytnef before 1.9.2. There is a potential ...)
 	- libytnef 1.9.2-1
 	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7
-CVE-2017-6800 [Invalid memory access (heap overrun) in handling LONG data types]
+CVE-2017-6800 (An issue was discovered in ytnef before 1.9.2. An invalid memory access ...)
 	- libytnef 1.9.2-1
 	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89
-CVE-2017-6799
+CVE-2017-6799 (A cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
 	- mantis <not-affected> (Vulnerable versions only 2.1.0 through 2.2.0)
 	NOTE: https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=22497
@@ -416,8 +422,8 @@
 	RESERVED
 CVE-2017-6597
 	RESERVED
-CVE-2017-6596
-	RESERVED
+CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer ...)
+	TODO: check
 CVE-2017-6595
 	RESERVED
 CVE-2017-6594
@@ -634,8 +640,8 @@
 	[jessie] - wget <no-dsa> (Minor issue)
 	NOTE: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
 	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
-CVE-2017-6506
-	RESERVED
+CVE-2017-6506 (In Azure Data Expert Ultimate 2.2.16, the SMTP verification function ...)
+	TODO: check
 CVE-2017-6505 [usb: an infinite loop issue in ohci_service_ed_list]
 	RESERVED
 	- qemu <unfixed> (bug #856969)
@@ -875,8 +881,8 @@
 	NOTE: https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9
 CVE-2017-6428
 	RESERVED
-CVE-2017-6427
-	RESERVED
+CVE-2017-6427 (A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A ...)
+	TODO: check
 CVE-2017-XXXX [NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp)]
 	- libpodofo <unfixed> (bug #856592)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
@@ -2545,8 +2551,8 @@
 	RESERVED
 CVE-2017-5860
 	RESERVED
-CVE-2017-5859
-	RESERVED
+CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there is a ...)
+	TODO: check
 CVE-2017-5858 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	NOT-FOR-US: converse.js
 CVE-2017-5836 (The plist_free_data function in plist.c in libplist allows attackers ...)
@@ -4026,7 +4032,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411
 CVE-2017-5410
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>
@@ -4041,7 +4047,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409
 CVE-2017-5408
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>
@@ -4050,7 +4056,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
 CVE-2017-5407
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>
@@ -4063,7 +4069,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406
 CVE-2017-5405
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>
@@ -4072,7 +4078,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
 CVE-2017-5404
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>
@@ -4085,7 +4091,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
 CVE-2017-5402
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>
@@ -4094,7 +4100,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
 CVE-2017-5401
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>
@@ -4103,7 +4109,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
 CVE-2017-5400
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>
@@ -4116,7 +4122,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399
 CVE-2017-5398
 	RESERVED
-	{DSA-3805-1}
+	{DSA-3805-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove <unfixed>

More information about the Secure-testing-commits mailing list