[Secure-testing-commits] r49944 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Mar 22 21:10:12 UTC 2017


Author: sectracker
Date: 2017-03-22 21:10:12 +0000 (Wed, 22 Mar 2017)
New Revision: 49944

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-22 20:46:23 UTC (rev 49943)
+++ data/CVE/list	2017-03-22 21:10:12 UTC (rev 49944)
@@ -1,3 +1,21 @@
+CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow ...)
+	TODO: check
+CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and ...)
+	TODO: check
+CVE-2017-7229
+	RESERVED
+CVE-2017-7228
+	RESERVED
+CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based ...)
+	TODO: check
+CVE-2017-7226 (The pe_ILF_object_p function in the Binary File Descriptor (BFD) ...)
+	TODO: check
+CVE-2017-7225 (The find_nearest_line function in addr2line in GNU Binutils 2.28 does ...)
+	TODO: check
+CVE-2017-7224 (The find_nearest_line function in objdump in GNU Binutils 2.28 is ...)
+	TODO: check
+CVE-2017-7223 (GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer ...)
+	TODO: check
 CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 ...)
 	- mantis <removed>
 CVE-2017-7221
@@ -556,12 +574,12 @@
 	RESERVED
 CVE-2017-6973
 	RESERVED
-CVE-2017-6972
-	RESERVED
-CVE-2017-6971
-	RESERVED
-CVE-2017-6970
-	RESERVED
+CVE-2017-6972 (Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and ...)
+	TODO: check
+CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
+	TODO: check
+CVE-2017-6970 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
+	TODO: check
 CVE-2017-6968
 	RESERVED
 CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer ...)
@@ -823,70 +841,83 @@
 CVE-2017-6853
 	RESERVED
 CVE-2017-6839 (Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
 	NOTE: https://github.com/mpruett/audiofile/issues/41
 	NOTE: https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9
 CVE-2017-6838 (Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
 	NOTE: https://github.com/mpruett/audiofile/issues/41
 	NOTE: https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
 	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
 CVE-2017-6837 (WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
 	NOTE: https://github.com/mpruett/audiofile/issues/41
 	NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
 CVE-2017-6836 (Heap-based buffer overflow in the Expand3To4Module::run function in ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
 	NOTE: https://github.com/mpruett/audiofile/issues/40
 	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
 	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
 CVE-2017-6835 (The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp
 	NOTE: https://github.com/mpruett/audiofile/issues/39
 	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
 CVE-2017-6834 (Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
 	NOTE: https://github.com/mpruett/audiofile/issues/38
 	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
 	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
 CVE-2017-6833 (The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp
 	NOTE: https://github.com/mpruett/audiofile/issues/37
 	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
 CVE-2017-6832 (Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
 	NOTE: https://github.com/mpruett/audiofile/issues/36
 	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
 CVE-2017-6831 (Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
 	NOTE: https://github.com/mpruett/audiofile/issues/35
 	NOTE: https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6
 CVE-2017-6830 (Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
 	NOTE: https://github.com/mpruett/audiofile/issues/34
 	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
 	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
 CVE-2017-6829 (The decodeSample function in IMA.cpp in Audio File Library (aka ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://github.com/mpruett/audiofile/issues/33
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
 	NOTE: https://github.com/mpruett/audiofile/pull/43/commits/25eb00ce913452c2e614548d7df93070bf0d066f
 CVE-2017-6828 (Heap-based buffer overflow in the readValue function in FileHandle.cpp ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://github.com/mpruett/audiofile/issues/31
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp
 	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
 CVE-2017-6827 (Heap-based buffer overflow in the MSADPCM::initializeCoefficients ...)
+	{DSA-3814-1}
 	- audiofile 0.3.6-4 (bug #857651)
 	NOTE: https://github.com/mpruett/audiofile/issues/32
 	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
@@ -4116,8 +4147,8 @@
 	NOT-FOR-US: GoAhead Web Server
 CVE-2017-5674 (A vulnerability in a custom-built GoAhead web server used on Foscam, ...)
 	NOT-FOR-US: GoAhead Web Server
-CVE-2017-5673
-	RESERVED
+CVE-2017-5673 (In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum ...)
+	TODO: check
 CVE-2017-5672
 	RESERVED
 CVE-2017-5671
@@ -8977,8 +9008,8 @@
 	NOT-FOR-US: Cisco
 CVE-2017-3865
 	RESERVED
-CVE-2017-3864
-	RESERVED
+CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2, ...)
+	TODO: check
 CVE-2017-3863
 	RESERVED
 CVE-2017-3862
@@ -8987,24 +9018,24 @@
 	RESERVED
 CVE-2017-3860
 	RESERVED
-CVE-2017-3859
-	RESERVED
-CVE-2017-3858
-	RESERVED
-CVE-2017-3857
-	RESERVED
-CVE-2017-3856
-	RESERVED
+CVE-2017-3859 (A vulnerability in the DHCP code for the Zero Touch Provisioning ...)
+	TODO: check
+CVE-2017-3858 (A vulnerability in the web framework of Cisco IOS XE Software could ...)
+	TODO: check
+CVE-2017-3857 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing ...)
+	TODO: check
+CVE-2017-3856 (A vulnerability in the web user interface of Cisco IOS XE 3.1 through ...)
+	TODO: check
 CVE-2017-3855
 	RESERVED
 CVE-2017-3854 (A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) ...)
 	NOT-FOR-US: Cisco
-CVE-2017-3853
-	RESERVED
-CVE-2017-3852
-	RESERVED
-CVE-2017-3851
-	RESERVED
+CVE-2017-3853 (A vulnerability in the Data-in-Motion (DMo) process installed with the ...)
+	TODO: check
+CVE-2017-3852 (A vulnerability in the Cisco application-hosting framework (CAF) ...)
+	TODO: check
+CVE-2017-3851 (A Directory Traversal vulnerability in the web framework code of the ...)
+	TODO: check
 CVE-2017-3850 (A vulnerability in the Autonomic Networking Infrastructure (ANI) ...)
 	NOT-FOR-US: Cisco
 CVE-2017-3849 (A vulnerability in the Autonomic Networking Infrastructure (ANI) ...)
@@ -32868,40 +32899,32 @@
 	RESERVED
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9832 [Fix heap overflow in pcx files]
-	RESERVED
+CVE-2014-9832 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9833 [Fix heap overflow in psd files]
-	RESERVED
+CVE-2014-9833 (Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9834 [Fix heap overflow in pict files]
-	RESERVED
+CVE-2014-9834 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9835 [Fix heap overflow in wpf files]
-	RESERVED
+CVE-2014-9835 (Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9836 [DOS in xpm files]
-	RESERVED
+CVE-2014-9836 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
 CVE-2014-9837 [Add additional PNM sanity checks]
 	RESERVED
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9838 [Avoid a crash to out of memory in magick/cache.c]
-	RESERVED
+CVE-2014-9838 (magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9839 [Fix a theoretical out of bound access in magick/colormap-private.h]
-	RESERVED
+CVE-2014-9839 (magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9840 [Fix an out of bound access in palm file]
-	RESERVED
+CVE-2014-9840 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of ...)
 	{DLA-731-1}
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
 CVE-2014-9841 (The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 ...)




More information about the Secure-testing-commits mailing list