[Secure-testing-commits] r49690 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Mar 14 21:10:14 UTC 2017
Author: sectracker
Date: 2017-03-14 21:10:14 +0000 (Tue, 14 Mar 2017)
New Revision: 49690
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-14 21:08:59 UTC (rev 49689)
+++ data/CVE/list 2017-03-14 21:10:14 UTC (rev 49690)
@@ -1,3 +1,31 @@
+CVE-2017-6898
+ RESERVED
+CVE-2017-6897
+ RESERVED
+CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 ...)
+ TODO: check
+CVE-2017-6895
+ RESERVED
+CVE-2017-6894
+ RESERVED
+CVE-2017-6893
+ RESERVED
+CVE-2017-6892
+ RESERVED
+CVE-2017-6891
+ RESERVED
+CVE-2017-6890
+ RESERVED
+CVE-2017-6889
+ RESERVED
+CVE-2017-6888
+ RESERVED
+CVE-2017-6887
+ RESERVED
+CVE-2017-6886
+ RESERVED
+CVE-2017-6885
+ RESERVED
CVE-2017-XXXX
- ioquake3 1.36+u20161101+dfsg1-2 (bug #857699)
- iortcw 1.50a+dfsg1-3 (bug #857714)
@@ -5,8 +33,8 @@
NOTE: Also affects openjk (only in experimental; bug #857715)
CVE-2017-6884
RESERVED
-CVE-2017-6883
- RESERVED
+CVE-2017-6883 (The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF ...)
+ TODO: check
CVE-2017-6882
RESERVED
CVE-2017-6881
@@ -17,14 +45,13 @@
RESERVED
CVE-2017-6878
RESERVED
-CVE-2017-6877
- RESERVED
+CVE-2017-6877 (Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim ...)
+ TODO: check
CVE-2017-6876
RESERVED
CVE-2017-6875
RESERVED
-CVE-2017-6874
- RESERVED
+CVE-2017-6874 (Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -805,8 +832,8 @@
NOT-FOR-US: SanaCMS
CVE-2017-6517
RESERVED
-CVE-2017-6516
- RESERVED
+CVE-2017-6516 (A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo ...)
+ TODO: check
CVE-2017-6515
RESERVED
CVE-2017-6514
@@ -1299,8 +1326,8 @@
NOT-FOR-US: Veritas NetBackup
CVE-2017-6399 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
NOT-FOR-US: Veritas NetBackup
-CVE-2017-6398
- RESERVED
+CVE-2017-6398 (An issue was discovered in Trend Micro InterScan Messaging Security ...)
+ TODO: check
CVE-2017-6397 (An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability ...)
NOT-FOR-US: FlightAirMap
CVE-2017-6396 (An issue was discovered in WPO-Foundation WebPageTest 3.0. The ...)
@@ -1364,8 +1391,8 @@
RESERVED
CVE-2017-6368
RESERVED
-CVE-2017-6367
- RESERVED
+CVE-2017-6367 (In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the ...)
+ TODO: check
CVE-2017-6366
RESERVED
CVE-2017-6365
@@ -1525,8 +1552,7 @@
RESERVED
CVE-2017-6315
RESERVED
-CVE-2017-6335 [out of bounds access when reading CMYKA tiff]
- RESERVED
+CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick ...)
- graphicsmagick 1.3.25-8
NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
CVE-2017-6317 [memory leakage issue in add_shader_program]
@@ -2331,8 +2357,7 @@
{DSA-3804-1 DLA-849-1}
- linux 4.9.10-1
NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90
-CVE-2017-5985 [lxc-user-nic didn't verify network namespace ownership]
- RESERVED
+CVE-2017-5985 (lxc-user-nic in Linux Containers (LXC) allows local users with a ...)
- lxc 1:2.0.7-2 (bug #857295)
[jessie] - lxc <no-dsa> (Minor issue, can be fixed via point release)
[wheezy] - lxc <not-affected> (vulnerable code not present)
@@ -2441,8 +2466,7 @@
NOT-FOR-US: GenixCMS
CVE-2017-5958
RESERVED
-CVE-2017-5957
- RESERVED
+CVE-2017-5957 (Stack-based buffer overflow in the vrend_decode_set_framebuffer_state ...)
- virglrenderer <unfixed>
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421126
@@ -3500,8 +3524,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559
NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/2
-CVE-2017-5668 [Incomplete fix for "Null pointer dereference with file transfer request from unknown contacts"]
- RESERVED
+CVE-2017-5668 (bitlbee-libpurple before 3.5.1 allows remote attackers to cause a ...)
- bitlbee 3.5.1-1 (bug #853282)
[jessie] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
[wheezy] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
@@ -3509,8 +3532,7 @@
NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 (3.5.1)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189
-CVE-2016-10189 [Null pointer dereference with file transfer request from unknown contacts]
- RESERVED
+CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of ...)
{DLA-832-1}
- bitlbee 3.5-1
NOTE: https://bugs.bitlbee.org/ticket/1282
@@ -3519,8 +3541,7 @@
NOTE: When fixing this CVE make sure to apply as well
NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
NOTE: to not open CVE-2017-5668
-CVE-2016-10188 [bitlbee-libpurple: Use after free when expiring file transfer requests]
- RESERVED
+CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows ...)
{DLA-832-1}
- bitlbee 3.5-1
NOTE: https://bugs.bitlbee.org/ticket/1281
@@ -3606,26 +3627,22 @@
NOTE: https://github.com/halostatue/minitar/issues/16
NOTE: https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4
NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740
-CVE-2016-10172 [heap oob read in read_new_config_info / open_utils.c]
- RESERVED
+CVE-2016-10172 (The read_new_config_info function in open_utils.c in Wavpack before ...)
- wavpack 5.0.0-2 (bug #853076)
[wheezy] - wavpack <not-affected> (Vulnerable code not present)
NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/
NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
-CVE-2016-10171 [heap out of bounds read in unreorder_channels / wvunpack.c]
- RESERVED
+CVE-2016-10171 (The unreorder_channels function in cli/wvunpack.c in Wavpack before ...)
- wavpack 5.0.0-2 (bug #853076)
[wheezy] - wavpack <not-affected> (Vulnerable code not present)
NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561939/
NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
-CVE-2016-10170 [heap out of bounds read in WriteCaffHeader / caff.c]
- RESERVED
+CVE-2016-10170 (The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 ...)
- wavpack 5.0.0-2 (bug #853076)
[wheezy] - wavpack <not-affected> (Vulnerable code not present)
NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561921/
NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
-CVE-2016-10169 [global buffer overread in read_code / read_words.c]
- RESERVED
+CVE-2016-10169 (The read_code function in read_words.c in Wavpack before 5.1.0 allows ...)
- wavpack 5.0.0-2 (bug #853076)
[wheezy] - wavpack <not-affected> (Vulnerable code not present)
NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/
@@ -9875,7 +9892,7 @@
CVE-2017-3314 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3313 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-3767-1 DLA-797-1}
+ {DSA-3809-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 <unfixed>
- mariadb-10.0 <removed>
- mysql-5.7 5.7.17-1 (bug #851235)
@@ -9907,7 +9924,7 @@
CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x ...)
- {DLA-819-1}
+ {DSA-3809-1 DLA-819-1}
- mariadb-10.1 <unfixed>
- mariadb-10.0 <removed>
- mysql-5.7 <not-affected> (Fixed before initial release in Debian)
@@ -10769,20 +10786,20 @@
RESERVED
CVE-2017-3004
RESERVED
-CVE-2017-3003
- RESERVED
-CVE-2017-3002
- RESERVED
-CVE-2017-3001
- RESERVED
-CVE-2017-3000
- RESERVED
-CVE-2017-2999
- RESERVED
-CVE-2017-2998
- RESERVED
-CVE-2017-2997
- RESERVED
+CVE-2017-3003 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
+ TODO: check
+CVE-2017-3002 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
+ TODO: check
+CVE-2017-3001 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
+ TODO: check
+CVE-2017-3000 (Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability ...)
+ TODO: check
+CVE-2017-2999 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
+ TODO: check
+CVE-2017-2998 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
+ TODO: check
+CVE-2017-2997 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
+ TODO: check
CVE-2017-2996 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
NOT-FOR-US: Adobe Flash
CVE-2017-2995 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
@@ -10809,8 +10826,8 @@
NOT-FOR-US: Adobe Flash
CVE-2017-2984 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2983
- RESERVED
+CVE-2017-2983 (Adobe Shockwave versions 12.2.7.197 and earlier have an insecure ...)
+ TODO: check
CVE-2017-2982 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
NOT-FOR-US: Adobe Flash
CVE-2017-2981 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
@@ -17035,8 +17052,8 @@
- qemu <unfixed> (bug #857744)
- qemu-kvm <removed>
- xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
- NOTE: https://xenbits.xen.org/xsa/advisory-211.html
+ NOTE: Xen switched to qemu-system in 4.4.0-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-211.html
NOTE: http://www.openwall.com/lists/oss-security/2017/03/14/2
CVE-2016-9602 [9p: virtfs allows guest to access host filesystem]
RESERVED
@@ -17775,7 +17792,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master)
CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote ...)
- {DLA-756-1}
+ {DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
@@ -17941,8 +17958,8 @@
RESERVED
CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
NOT-FOR-US: Moxa
-CVE-2016-9368
- RESERVED
+CVE-2016-9368 (An issue was discovered in Eaton xComfort Ethernet Communication ...)
+ TODO: check
CVE-2016-9367 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
NOT-FOR-US: Moxa
CVE-2016-9366 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
@@ -19893,8 +19910,7 @@
NOT-FOR-US: Apache Camel
CVE-2016-8748
RESERVED
-CVE-2016-8747
- RESERVED
+CVE-2016-8747 (An information disclosure issue was discovered in Apache Tomcat 8.5.7 ...)
- tomcat8 8.5.9-1
[jessie] - tomcat8 <not-affected> (Only affects 8.5.7 to 8.5.9)
NOTE: http://svn.apache.org/r1774166
@@ -76984,8 +77000,8 @@
NOT-FOR-US: Exponent CMS
CVE-2014-8689
RESERVED
-CVE-2014-8688
- RESERVED
+CVE-2014-8688 (An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for ...)
+ TODO: check
CVE-2014-8687
RESERVED
CVE-2014-8686
@@ -106361,8 +106377,8 @@
NOT-FOR-US: CiviCRM
CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without ...)
NOT-FOR-US: js-yaml
-CVE-2013-4659
- RESERVED
+CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execute ...)
+ TODO: check
CVE-2013-4658
RESERVED
CVE-2013-4657
More information about the Secure-testing-commits
mailing list