[Secure-testing-commits] r49944 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Mar 22 21:10:12 UTC 2017
Author: sectracker
Date: 2017-03-22 21:10:12 +0000 (Wed, 22 Mar 2017)
New Revision: 49944
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-22 20:46:23 UTC (rev 49943)
+++ data/CVE/list 2017-03-22 21:10:12 UTC (rev 49944)
@@ -1,3 +1,21 @@
+CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow ...)
+ TODO: check
+CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and ...)
+ TODO: check
+CVE-2017-7229
+ RESERVED
+CVE-2017-7228
+ RESERVED
+CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based ...)
+ TODO: check
+CVE-2017-7226 (The pe_ILF_object_p function in the Binary File Descriptor (BFD) ...)
+ TODO: check
+CVE-2017-7225 (The find_nearest_line function in addr2line in GNU Binutils 2.28 does ...)
+ TODO: check
+CVE-2017-7224 (The find_nearest_line function in objdump in GNU Binutils 2.28 is ...)
+ TODO: check
+CVE-2017-7223 (GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer ...)
+ TODO: check
CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 ...)
- mantis <removed>
CVE-2017-7221
@@ -556,12 +574,12 @@
RESERVED
CVE-2017-6973
RESERVED
-CVE-2017-6972
- RESERVED
-CVE-2017-6971
- RESERVED
-CVE-2017-6970
- RESERVED
+CVE-2017-6972 (Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and ...)
+ TODO: check
+CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
+ TODO: check
+CVE-2017-6970 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
+ TODO: check
CVE-2017-6968
RESERVED
CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer ...)
@@ -823,70 +841,83 @@
CVE-2017-6853
RESERVED
CVE-2017-6839 (Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
NOTE: https://github.com/mpruett/audiofile/issues/41
NOTE: https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9
CVE-2017-6838 (Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
NOTE: https://github.com/mpruett/audiofile/issues/41
NOTE: https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6837 (WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
NOTE: https://github.com/mpruett/audiofile/issues/41
NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6836 (Heap-based buffer overflow in the Expand3To4Module::run function in ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
NOTE: https://github.com/mpruett/audiofile/issues/40
NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6835 (The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp
NOTE: https://github.com/mpruett/audiofile/issues/39
NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6834 (Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
NOTE: https://github.com/mpruett/audiofile/issues/38
NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6833 (The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp
NOTE: https://github.com/mpruett/audiofile/issues/37
NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6832 (Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
NOTE: https://github.com/mpruett/audiofile/issues/36
NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6831 (Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
NOTE: https://github.com/mpruett/audiofile/issues/35
NOTE: https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6
CVE-2017-6830 (Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
NOTE: https://github.com/mpruett/audiofile/issues/34
NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6829 (The decodeSample function in IMA.cpp in Audio File Library (aka ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://github.com/mpruett/audiofile/issues/33
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
NOTE: https://github.com/mpruett/audiofile/pull/43/commits/25eb00ce913452c2e614548d7df93070bf0d066f
CVE-2017-6828 (Heap-based buffer overflow in the readValue function in FileHandle.cpp ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://github.com/mpruett/audiofile/issues/31
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp
NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6827 (Heap-based buffer overflow in the MSADPCM::initializeCoefficients ...)
+ {DSA-3814-1}
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://github.com/mpruett/audiofile/issues/32
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
@@ -4116,8 +4147,8 @@
NOT-FOR-US: GoAhead Web Server
CVE-2017-5674 (A vulnerability in a custom-built GoAhead web server used on Foscam, ...)
NOT-FOR-US: GoAhead Web Server
-CVE-2017-5673
- RESERVED
+CVE-2017-5673 (In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum ...)
+ TODO: check
CVE-2017-5672
RESERVED
CVE-2017-5671
@@ -8977,8 +9008,8 @@
NOT-FOR-US: Cisco
CVE-2017-3865
RESERVED
-CVE-2017-3864
- RESERVED
+CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2, ...)
+ TODO: check
CVE-2017-3863
RESERVED
CVE-2017-3862
@@ -8987,24 +9018,24 @@
RESERVED
CVE-2017-3860
RESERVED
-CVE-2017-3859
- RESERVED
-CVE-2017-3858
- RESERVED
-CVE-2017-3857
- RESERVED
-CVE-2017-3856
- RESERVED
+CVE-2017-3859 (A vulnerability in the DHCP code for the Zero Touch Provisioning ...)
+ TODO: check
+CVE-2017-3858 (A vulnerability in the web framework of Cisco IOS XE Software could ...)
+ TODO: check
+CVE-2017-3857 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing ...)
+ TODO: check
+CVE-2017-3856 (A vulnerability in the web user interface of Cisco IOS XE 3.1 through ...)
+ TODO: check
CVE-2017-3855
RESERVED
CVE-2017-3854 (A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) ...)
NOT-FOR-US: Cisco
-CVE-2017-3853
- RESERVED
-CVE-2017-3852
- RESERVED
-CVE-2017-3851
- RESERVED
+CVE-2017-3853 (A vulnerability in the Data-in-Motion (DMo) process installed with the ...)
+ TODO: check
+CVE-2017-3852 (A vulnerability in the Cisco application-hosting framework (CAF) ...)
+ TODO: check
+CVE-2017-3851 (A Directory Traversal vulnerability in the web framework code of the ...)
+ TODO: check
CVE-2017-3850 (A vulnerability in the Autonomic Networking Infrastructure (ANI) ...)
NOT-FOR-US: Cisco
CVE-2017-3849 (A vulnerability in the Autonomic Networking Infrastructure (ANI) ...)
@@ -32868,40 +32899,32 @@
RESERVED
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9832 [Fix heap overflow in pcx files]
- RESERVED
+CVE-2014-9832 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9833 [Fix heap overflow in psd files]
- RESERVED
+CVE-2014-9833 (Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9834 [Fix heap overflow in pict files]
- RESERVED
+CVE-2014-9834 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9835 [Fix heap overflow in wpf files]
- RESERVED
+CVE-2014-9835 (Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9836 [DOS in xpm files]
- RESERVED
+CVE-2014-9836 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9837 [Add additional PNM sanity checks]
RESERVED
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9838 [Avoid a crash to out of memory in magick/cache.c]
- RESERVED
+CVE-2014-9838 (magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9839 [Fix a theoretical out of bound access in magick/colormap-private.h]
- RESERVED
+CVE-2014-9839 (magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9840 [Fix an out of bound access in palm file]
- RESERVED
+CVE-2014-9840 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9841 (The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 ...)
More information about the Secure-testing-commits
mailing list