[Secure-testing-commits] r50045 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Mar 25 09:10:12 UTC 2017
Author: sectracker
Date: 2017-03-25 09:10:12 +0000 (Sat, 25 Mar 2017)
New Revision: 50045
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-25 09:05:34 UTC (rev 50044)
+++ data/CVE/list 2017-03-25 09:10:12 UTC (rev 50045)
@@ -1,7 +1,11 @@
+CVE-2017-7262 (The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows ...)
+ TODO: check
+CVE-2017-7261 (The vmw_surface_define_ioctl function in ...)
+ TODO: check
CVE-2017-7260
RESERVED
CVE-2017-7259
- RESERVED
+ REJECTED
CVE-2017-7258
RESERVED
CVE-2017-7257 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...)
@@ -11,11 +15,13 @@
CVE-2017-7255 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...)
NOT-FOR-US: CMS Made Simple
CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+ {DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
+ {DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
@@ -2037,6 +2043,7 @@
[jessie] - libplist <no-dsa> (Minor issue)
NOTE: https://github.com/libimobiledevice/libplist/issues/99
CVE-2017-6439 (Heap-based buffer overflow in the parse_string_node function in ...)
+ {DLA-870-1}
- libplist 1.12+git+1+e37ca00-0.1
[jessie] - libplist <no-dsa> (Minor issue)
NOTE: https://github.com/libimobiledevice/libplist/issues/95
@@ -2050,11 +2057,13 @@
[jessie] - libplist <no-dsa> (Minor issue)
NOTE: https://github.com/libimobiledevice/libplist/issues/100
CVE-2017-6436 (The parse_string_node function in bplist.c in libimobiledevice ...)
+ {DLA-870-1}
- libplist 1.12+git+1+e37ca00-0.1
[jessie] - libplist <no-dsa> (Minor issue)
NOTE: https://github.com/libimobiledevice/libplist/issues/94
NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd
CVE-2017-6435 (The parse_string_node function in bplist.c in libimobiledevice ...)
+ {DLA-870-1}
- libplist 1.12+git+1+e37ca00-0.1
[jessie] - libplist <no-dsa> (Minor issue)
NOTE: https://github.com/libimobiledevice/libplist/issues/93
@@ -18053,6 +18062,7 @@
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035
CVE-2016-9601 [Heap-buffer overflow due to Integer overflow in jbig2_image_new function]
RESERVED
+ {DSA-3817-1}
- jbig2dec 0.13-4 (bug #850497)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
@@ -47750,7 +47760,7 @@
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45
CVE-2016-0772 (The smtplib library in CPython (aka Python) before 2.7.12, 3.x before ...)
- {DLA-522-1}
+ {DLA-871-1 DLA-522-1}
- python3.5 3.5.2~rc1-1
- python3.4 <removed>
[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
More information about the Secure-testing-commits
mailing list