[Secure-testing-commits] r50006 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Mar 24 21:10:13 UTC 2017


Author: sectracker
Date: 2017-03-24 21:10:12 +0000 (Fri, 24 Mar 2017)
New Revision: 50006

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-24 19:32:32 UTC (rev 50005)
+++ data/CVE/list	2017-03-24 21:10:12 UTC (rev 50006)
@@ -1,3 +1,29 @@
+CVE-2017-7260
+	RESERVED
+CVE-2017-7259
+	RESERVED
+CVE-2017-7258
+	RESERVED
+CVE-2017-7257 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...)
+	TODO: check
+CVE-2017-7256 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...)
+	TODO: check
+CVE-2017-7255 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...)
+	TODO: check
+CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2016-10268 (tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2016-10267 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2016-10266 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+	TODO: check
 CVE-2017-7254
 	RESERVED
 CVE-2017-7253
@@ -32,14 +58,14 @@
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
 	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
-CVE-2017-7243
-	RESERVED
+CVE-2017-7243 (Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause ...)
+	TODO: check
 CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules ...)
 	NOT-FOR-US: SLiMS
 CVE-2017-7241
 	RESERVED
-CVE-2017-7240
-	RESERVED
+CVE-2017-7240 (An issue was discovered on Miele Professional PG 8528 PST10 devices. ...)
+	TODO: check
 CVE-2017-7239
 	RESERVED
 CVE-2017-7238
@@ -2991,8 +3017,7 @@
 CVE-2017-6088
 	RESERVED
 	NOT-FOR-US: EyesOfNetwork
-CVE-2017-6087
-	RESERVED
+CVE-2017-6087 (EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated ...)
 	NOT-FOR-US: EyesOfNetwork
 CVE-2017-6086
 	RESERVED
@@ -3684,8 +3709,7 @@
 	RESERVED
 CVE-2017-5870
 	RESERVED
-CVE-2017-5869
-	RESERVED
+CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...)
 	NOT-FOR-US: Nuxeo
 CVE-2017-5868
 	RESERVED
@@ -4311,8 +4335,7 @@
 	RESERVED
 CVE-2017-5645
 	RESERVED
-CVE-2017-5644 [denial-of-service]
-	RESERVED
+CVE-2017-5644 (Apache POI in versions prior to release 3.15 allows remote attackers ...)
 	- libapache-poi-java <unfixed> (bug #858301)
 	[jessie] - libapache-poi-java <no-dsa> (Minor issue)
 	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
@@ -4811,18 +4834,22 @@
 	NOTE: Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229)
 	NOTE: Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228)
 CVE-2017-5616 (Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho ...)
+	{DLA-869-1}
 	- cgiemail <removed> (bug #852031)
 	[jessie] - cgiemail <no-dsa> (Will be removed in next point update)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
 CVE-2017-5615 (cgiemail and cgiecho allow remote attackers to inject HTTP headers via ...)
+	{DLA-869-1}
 	- cgiemail <removed> (bug #852031)
 	[jessie] - cgiemail <no-dsa> (Will be removed in next point update)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
 CVE-2017-5614 (Open redirect vulnerability in cgiemail and cgiecho allows remote ...)
+	{DLA-869-1}
 	- cgiemail <removed> (bug #852031)
 	[jessie] - cgiemail <no-dsa> (Will be removed in next point update)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
 CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote ...)
+	{DLA-869-1}
 	- cgiemail <removed> (bug #852031)
 	[jessie] - cgiemail <no-dsa> (Will be removed in next point update)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
@@ -5524,28 +5551,24 @@
 	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h
 	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
 	NOTE: https://github.com/mdadams/jasper/issues/62
-CVE-2017-5506 [double free in profile]
-	RESERVED
+CVE-2017-5506 (Double free vulnerability in magick/profile.c in ImageMagick allows ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851383)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
-CVE-2017-5507 [memory leak in MPC file handling]
-	RESERVED
+CVE-2017-5507 (Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851382)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
-CVE-2017-5508 [Crash - PushQuantumPixel - Heap-Buffer-Overflow (TIFF)]
-	RESERVED
+CVE-2017-5508 (Heap-based buffer overflow in the PushQuantumPixel function in ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851381)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4
-CVE-2016-10146 [memory leak in caption and label handling]
-	RESERVED
+CVE-2016-10146 (Multiple memory leaks in the caption and label handling code in ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
@@ -5556,35 +5579,30 @@
 	NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1697
 	NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63
 	NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4
-CVE-2017-5509 [out of bound in psd file handling]
-	RESERVED
+CVE-2017-5509 (coders/psd.c in ImageMagick allows remote attackers to have ...)
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851377)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/350
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
-CVE-2017-5510 [memory corruption heap overflow, psb file related, another one]
-	RESERVED
+CVE-2017-5510 (coders/psd.c in ImageMagick allows remote attackers to have ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851376)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/348
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9
-CVE-2017-5511 [memory corruption heap overflow, psb file related]
-	RESERVED
+CVE-2017-5511 (coders/psd.c in ImageMagick allows remote attackers to have ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851374)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/347
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790
-CVE-2016-10144 [ipl file missing malloc check]
-	RESERVED
+CVE-2016-10144 (coders/ipl.c in ImageMagick allows remote attackers to have unspecific ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851485)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
-CVE-2016-10145 [wpg file off by one]
-	RESERVED
+CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851483)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
@@ -5671,11 +5689,9 @@
 	- tcpdump 4.9.0-1
 CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...)
 	NOT-FOR-US: MuJS
-CVE-2016-10133
-	RESERVED
+CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...)
 	NOT-FOR-US: MuJS
-CVE-2016-10132
-	RESERVED
+CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a ...)
 	NOT-FOR-US: MuJS
 CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote ...)
 	NOT-FOR-US: CodeIgniter
@@ -5963,18 +5979,15 @@
 	- libgit2 <unfixed> (unimportant; bug #851406)
 	NOTE: https://github.com/libgit2/libgit2/commit/98d66240ecb7765e191da19b535c75c92ccc90fe (v0.25.1)
 	NOTE: https://github.com/libgit2/libgit2/commit/ca531956619f021913ac01669b3818a705b7b676 (v0.24.6)
-CVE-2016-10130 [http: check certificate validity before clobbering the error variable]
-	RESERVED
+CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before ...)
 	- libgit2 <unfixed> (bug #851406)
 	NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (v0.25.1)
 	NOTE: https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211 (v0.24.6)
-CVE-2016-10129 [smart_pkt: treat empty packet lines as error]
-	RESERVED
+CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x ...)
 	- libgit2 <unfixed> (bug #851406)
 	NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a (v0.25.1)
 	NOTE: https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 (v0.24.6)
-CVE-2016-10128 [smart_pkt: verify packet length exceeds PKT_LEN_SIZE]
-	RESERVED
+CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in ...)
 	- libgit2 <unfixed> (bug #851406)
 	NOTE: https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 (v0.25.1)
 	NOTE: https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2 (v0.24.6)
@@ -5987,8 +6000,7 @@
 	NOTE: https://github.com/rohe/pysaml2/issues/366
 	NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12
-CVE-2016-10149 [CWE-776 (Entity Expansion)]
-	RESERVED
+CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier ...)
 	{DSA-3759-1}
 	- python-pysaml2 3.0.0-5 (bug #850716)
 	NOTE: NOTE: https://github.com/rohe/pysaml2/pull/379
@@ -6002,26 +6014,22 @@
 	- zabbix 1:3.0.4+dfsg-1 (bug #850936)
 	NOTE: https://support.zabbix.com/browse/ZBX-11023
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/4
-CVE-2017-5337
-	RESERVED
+CVE-2017-5337 (Multiple heap-based buffer overflows in the read_attribute function in ...)
 	- gnutls28 3.5.8-1
 	[jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
-CVE-2017-5336
-	RESERVED
+CVE-2017-5336 (Stack-based buffer overflow in the cdk_pk_get_keyid function in ...)
 	- gnutls28 3.5.8-1
 	[jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732
-CVE-2017-5335
-	RESERVED
+CVE-2017-5335 (The stream reading functions in lib/opencdk/read-packet.c in GnuTLS ...)
 	- gnutls28 3.5.8-1
 	[jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a
-CVE-2017-5334
-	RESERVED
+CVE-2017-5334 (Double free vulnerability in the gnutls_x509_ext_import_proxy function ...)
 	- gnutls28 3.5.8-1
 	[jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-1
@@ -24387,8 +24395,7 @@
 	NOTE: https://github.com/attr-encrypted/attr_encrypted/issues/203
 	- ruby-encryptor 3.0.0-1
 	NOTE: https://github.com/attr-encrypted/encryptor/pull/22
-CVE-2016-7797
-	RESERVED
+CVE-2016-7797 (Pacemaker before 1.1.15, when using pacemaker remote, might allow ...)
 	- pacemaker 1.1.15~rc3-1
 	[wheezy] - pacemaker <not-affected> (Vulnerable code introduced after 1.1.10)
 	NOTE: http://bugs.clusterlabs.org/show_bug.cgi?id=5269
@@ -29526,8 +29533,8 @@
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
 	- icinga <not-affected> (Vulnerable code not present)
 	NOTE: http://seclists.org/fulldisclosure/2016/Jun/20
-CVE-2016-6206
-	RESERVED
+CVE-2016-6206 (Huawei AR3200 routers with software before V200R007C00SPC600 allow ...)
+	TODO: check
 CVE-2016-6205
 	RESERVED
 CVE-2016-6204 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
@@ -40110,15 +40117,13 @@
 	- chromium-browser 49.0.2623.75-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-3178
-	RESERVED
+CVE-2016-3178 (The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 ...)
 	{DLA-454-1}
 	- minissdpd 1.2.20130907-3.2 (bug #816759)
 	[jessie] - minissdpd 1.2.20130907-3+deb8u1
 	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
 	NOTE: https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
-CVE-2016-3179
-	RESERVED
+CVE-2016-3179 (The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 ...)
 	{DLA-454-1}
 	- minissdpd 1.2.20130907-3.2 (bug #816759)
 	[jessie] - minissdpd 1.2.20130907-3+deb8u1
@@ -42416,15 +42421,13 @@
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2016-2218
 	RESERVED
-CVE-2016-2224 [denial of service while parsing compressed items]
-	RESERVED
+CVE-2016-2224 (The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...)
 	{DLA-561-1}
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
 	NOTE: http://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
-CVE-2016-2225 [crafted packet will make the parser terminate early]
-	RESERVED
+CVE-2016-2225 (The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng ...)
 	{DLA-561-1}
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
@@ -46599,8 +46602,8 @@
 	NOT-FOR-US: Huawei
 CVE-2015-8679 (The (1) ION and (2) Maxim_smartpa_dev drivers in Huawei P8 smartphones ...)
 	NOT-FOR-US: Huawei
-CVE-2015-8678
-	RESERVED
+CVE-2015-8678 (The ION driver in Huawei P8 smartphones with software GRA-TL00 before ...)
+	TODO: check
 CVE-2015-8677 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8676 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and ...)
@@ -48241,8 +48244,7 @@
 	NOT-FOR-US: NetApp
 CVE-2015-8542 (An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The ...)
 	NOT-FOR-US: Open-Xchange
-CVE-2015-8556 [Local Privilege Escalation in QEMU virtfs-proxy-helper]
-	RESERVED
+CVE-2015-8556 (Local privilege escalation vulnerability in the Gentoo QEMU package ...)
 	- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
 CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux ...)




More information about the Secure-testing-commits mailing list