[Secure-testing-commits] r50148 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Mar 28 21:10:12 UTC 2017
Author: sectracker
Date: 2017-03-28 21:10:12 +0000 (Tue, 28 Mar 2017)
New Revision: 50148
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-28 20:29:31 UTC (rev 50147)
+++ data/CVE/list 2017-03-28 21:10:12 UTC (rev 50148)
@@ -1,3 +1,15 @@
+CVE-2017-7292
+ RESERVED
+CVE-2017-7291
+ RESERVED
+CVE-2017-7290
+ RESERVED
+CVE-2017-7289
+ RESERVED
+CVE-2017-7288
+ RESERVED
+CVE-2017-7287
+ RESERVED
CVE-2017-7286
RESERVED
CVE-2016-10303
@@ -248,12 +260,14 @@
NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+ {DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
NOTE: https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2604
CVE-2016-10268 (tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
+ {DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (issue in tiffcp that is not shipped by the source package)
@@ -261,12 +275,14 @@
NOTE: https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2598
CVE-2016-10267 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+ {DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero/
NOTE: https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2611
CVE-2016-10266 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+ {DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero
@@ -994,7 +1010,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21137
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493
CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and ...)
- {DLA-876-1}
+ {DSA-3823-1 DLA-876-1}
- eject 2.1.5+deb1+cvs20081104-13.2 (bug #858872)
NOTE: https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627
CVE-2017-6963
@@ -1395,9 +1411,11 @@
CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking ...)
NOT-FOR-US: Trend Micro Endpoint Sensor
CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a potential ...)
+ {DLA-878-1}
- libytnef 1.9.2-1
NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc
CVE-2017-6801 (An issue was discovered in ytnef before 1.9.2. There is a potential ...)
+ {DLA-878-1}
- libytnef 1.9.2-1
NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7
CVE-2017-6800 (An issue was discovered in ytnef before 1.9.2. An invalid memory access ...)
@@ -2823,41 +2841,49 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
+ {DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
+ {DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
+ {DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
+ {DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
+ {DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
+ {DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
+ {DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
+ {DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
@@ -5152,8 +5178,7 @@
[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1)
-CVE-2016-10152 [Use of hard-coded DNS domain if configuration file cannot be read]
- RESERVED
+CVE-2016-10152 (The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls ...)
{DLA-796-1}
- hesiod <unfixed> (low; bug #852093)
[jessie] - hesiod <no-dsa> (Minor issue)
@@ -18452,7 +18477,7 @@
- openjpeg2 2.1.2-1.1 (bug #851422)
NOTE: https://github.com/uclouvain/openjpeg/issues/863
NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
-CVE-2016-9571 (Apache Camel's camel-jackson and camel-jacksonxml components are ...)
+CVE-2016-9571
REJECTED
CVE-2016-9570
RESERVED
@@ -21121,8 +21146,7 @@
NOT-FOR-US: Apache Ranger
CVE-2016-8750
RESERVED
-CVE-2016-8749
- RESERVED
+CVE-2016-8749 (Apache Camel's Jackson and JacksonXML unmarshalling operation are ...)
NOT-FOR-US: Apache Camel
CVE-2016-8748
RESERVED
@@ -21342,8 +21366,7 @@
CVE-2016-8885 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before ...)
- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
-CVE-2016-8884
- RESERVED
+CVE-2016-8884 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 ...)
- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
CVE-2016-8883 (The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 ...)
@@ -23986,8 +24009,8 @@
RESERVED
CVE-2016-8032
RESERVED
-CVE-2016-8031
- RESERVED
+CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...)
+ TODO: check
CVE-2016-8030
RESERVED
CVE-2016-8029
@@ -27406,8 +27429,8 @@
NOTE: Fixed by: http://svn.apache.org/r1762057
NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.42
NOTE: This is though only Windows/IIS specific, thus marked as not-affected, cf. #840000
-CVE-2016-6807
- RESERVED
+CVE-2016-6807 (Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) ...)
+ TODO: check
CVE-2016-6806
RESERVED
CVE-2016-6805
@@ -84003,8 +84026,7 @@
RESERVED
CVE-2014-6441
RESERVED
-CVE-2014-6440 [Heap Overflow in VLC Transcode Module]
- RESERVED
+CVE-2014-6440 (VideoLAN VLC media player before 2.1.5 allows remote attackers to ...)
- vlc 2.1.5-1 (low)
[wheezy] - vlc <not-affected> (Introduced in 2.1)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
More information about the Secure-testing-commits
mailing list