[Secure-testing-commits] r51316 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed May 3 21:10:11 UTC 2017
Author: sectracker
Date: 2017-05-03 21:10:11 +0000 (Wed, 03 May 2017)
New Revision: 51316
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-03 21:02:33 UTC (rev 51315)
+++ data/CVE/list 2017-05-03 21:10:11 UTC (rev 51316)
@@ -1,3 +1,629 @@
+CVE-2017-8761
+ RESERVED
+CVE-2017-8760
+ RESERVED
+CVE-2017-8759
+ RESERVED
+CVE-2017-8758
+ RESERVED
+CVE-2017-8757
+ RESERVED
+CVE-2017-8756
+ RESERVED
+CVE-2017-8755
+ RESERVED
+CVE-2017-8754
+ RESERVED
+CVE-2017-8753
+ RESERVED
+CVE-2017-8752
+ RESERVED
+CVE-2017-8751
+ RESERVED
+CVE-2017-8750
+ RESERVED
+CVE-2017-8749
+ RESERVED
+CVE-2017-8748
+ RESERVED
+CVE-2017-8747
+ RESERVED
+CVE-2017-8746
+ RESERVED
+CVE-2017-8745
+ RESERVED
+CVE-2017-8744
+ RESERVED
+CVE-2017-8743
+ RESERVED
+CVE-2017-8742
+ RESERVED
+CVE-2017-8741
+ RESERVED
+CVE-2017-8740
+ RESERVED
+CVE-2017-8739
+ RESERVED
+CVE-2017-8738
+ RESERVED
+CVE-2017-8737
+ RESERVED
+CVE-2017-8736
+ RESERVED
+CVE-2017-8735
+ RESERVED
+CVE-2017-8734
+ RESERVED
+CVE-2017-8733
+ RESERVED
+CVE-2017-8732
+ RESERVED
+CVE-2017-8731
+ RESERVED
+CVE-2017-8730
+ RESERVED
+CVE-2017-8729
+ RESERVED
+CVE-2017-8728
+ RESERVED
+CVE-2017-8727
+ RESERVED
+CVE-2017-8726
+ RESERVED
+CVE-2017-8725
+ RESERVED
+CVE-2017-8724
+ RESERVED
+CVE-2017-8723
+ RESERVED
+CVE-2017-8722
+ RESERVED
+CVE-2017-8721
+ RESERVED
+CVE-2017-8720
+ RESERVED
+CVE-2017-8719
+ RESERVED
+CVE-2017-8718
+ RESERVED
+CVE-2017-8717
+ RESERVED
+CVE-2017-8716
+ RESERVED
+CVE-2017-8715
+ RESERVED
+CVE-2017-8714
+ RESERVED
+CVE-2017-8713
+ RESERVED
+CVE-2017-8712
+ RESERVED
+CVE-2017-8711
+ RESERVED
+CVE-2017-8710
+ RESERVED
+CVE-2017-8709
+ RESERVED
+CVE-2017-8708
+ RESERVED
+CVE-2017-8707
+ RESERVED
+CVE-2017-8706
+ RESERVED
+CVE-2017-8705
+ RESERVED
+CVE-2017-8704
+ RESERVED
+CVE-2017-8703
+ RESERVED
+CVE-2017-8702
+ RESERVED
+CVE-2017-8701
+ RESERVED
+CVE-2017-8700
+ RESERVED
+CVE-2017-8699
+ RESERVED
+CVE-2017-8698
+ RESERVED
+CVE-2017-8697
+ RESERVED
+CVE-2017-8696
+ RESERVED
+CVE-2017-8695
+ RESERVED
+CVE-2017-8694
+ RESERVED
+CVE-2017-8693
+ RESERVED
+CVE-2017-8692
+ RESERVED
+CVE-2017-8691
+ RESERVED
+CVE-2017-8690
+ RESERVED
+CVE-2017-8689
+ RESERVED
+CVE-2017-8688
+ RESERVED
+CVE-2017-8687
+ RESERVED
+CVE-2017-8686
+ RESERVED
+CVE-2017-8685
+ RESERVED
+CVE-2017-8684
+ RESERVED
+CVE-2017-8683
+ RESERVED
+CVE-2017-8682
+ RESERVED
+CVE-2017-8681
+ RESERVED
+CVE-2017-8680
+ RESERVED
+CVE-2017-8679
+ RESERVED
+CVE-2017-8678
+ RESERVED
+CVE-2017-8677
+ RESERVED
+CVE-2017-8676
+ RESERVED
+CVE-2017-8675
+ RESERVED
+CVE-2017-8674
+ RESERVED
+CVE-2017-8673
+ RESERVED
+CVE-2017-8672
+ RESERVED
+CVE-2017-8671
+ RESERVED
+CVE-2017-8670
+ RESERVED
+CVE-2017-8669
+ RESERVED
+CVE-2017-8668
+ RESERVED
+CVE-2017-8667
+ RESERVED
+CVE-2017-8666
+ RESERVED
+CVE-2017-8665
+ RESERVED
+CVE-2017-8664
+ RESERVED
+CVE-2017-8663
+ RESERVED
+CVE-2017-8662
+ RESERVED
+CVE-2017-8661
+ RESERVED
+CVE-2017-8660
+ RESERVED
+CVE-2017-8659
+ RESERVED
+CVE-2017-8658
+ RESERVED
+CVE-2017-8657
+ RESERVED
+CVE-2017-8656
+ RESERVED
+CVE-2017-8655
+ RESERVED
+CVE-2017-8654
+ RESERVED
+CVE-2017-8653
+ RESERVED
+CVE-2017-8652
+ RESERVED
+CVE-2017-8651
+ RESERVED
+CVE-2017-8650
+ RESERVED
+CVE-2017-8649
+ RESERVED
+CVE-2017-8648
+ RESERVED
+CVE-2017-8647
+ RESERVED
+CVE-2017-8646
+ RESERVED
+CVE-2017-8645
+ RESERVED
+CVE-2017-8644
+ RESERVED
+CVE-2017-8643
+ RESERVED
+CVE-2017-8642
+ RESERVED
+CVE-2017-8641
+ RESERVED
+CVE-2017-8640
+ RESERVED
+CVE-2017-8639
+ RESERVED
+CVE-2017-8638
+ RESERVED
+CVE-2017-8637
+ RESERVED
+CVE-2017-8636
+ RESERVED
+CVE-2017-8635
+ RESERVED
+CVE-2017-8634
+ RESERVED
+CVE-2017-8633
+ RESERVED
+CVE-2017-8632
+ RESERVED
+CVE-2017-8631
+ RESERVED
+CVE-2017-8630
+ RESERVED
+CVE-2017-8629
+ RESERVED
+CVE-2017-8628
+ RESERVED
+CVE-2017-8627
+ RESERVED
+CVE-2017-8626
+ RESERVED
+CVE-2017-8625
+ RESERVED
+CVE-2017-8624
+ RESERVED
+CVE-2017-8623
+ RESERVED
+CVE-2017-8622
+ RESERVED
+CVE-2017-8621
+ RESERVED
+CVE-2017-8620
+ RESERVED
+CVE-2017-8619
+ RESERVED
+CVE-2017-8618
+ RESERVED
+CVE-2017-8617
+ RESERVED
+CVE-2017-8616
+ RESERVED
+CVE-2017-8615
+ RESERVED
+CVE-2017-8614
+ RESERVED
+CVE-2017-8613
+ RESERVED
+CVE-2017-8612
+ RESERVED
+CVE-2017-8611
+ RESERVED
+CVE-2017-8610
+ RESERVED
+CVE-2017-8609
+ RESERVED
+CVE-2017-8608
+ RESERVED
+CVE-2017-8607
+ RESERVED
+CVE-2017-8606
+ RESERVED
+CVE-2017-8605
+ RESERVED
+CVE-2017-8604
+ RESERVED
+CVE-2017-8603
+ RESERVED
+CVE-2017-8602
+ RESERVED
+CVE-2017-8601
+ RESERVED
+CVE-2017-8600
+ RESERVED
+CVE-2017-8599
+ RESERVED
+CVE-2017-8598
+ RESERVED
+CVE-2017-8597
+ RESERVED
+CVE-2017-8596
+ RESERVED
+CVE-2017-8595
+ RESERVED
+CVE-2017-8594
+ RESERVED
+CVE-2017-8593
+ RESERVED
+CVE-2017-8592
+ RESERVED
+CVE-2017-8591
+ RESERVED
+CVE-2017-8590
+ RESERVED
+CVE-2017-8589
+ RESERVED
+CVE-2017-8588
+ RESERVED
+CVE-2017-8587
+ RESERVED
+CVE-2017-8586
+ RESERVED
+CVE-2017-8585
+ RESERVED
+CVE-2017-8584
+ RESERVED
+CVE-2017-8583
+ RESERVED
+CVE-2017-8582
+ RESERVED
+CVE-2017-8581
+ RESERVED
+CVE-2017-8580
+ RESERVED
+CVE-2017-8579
+ RESERVED
+CVE-2017-8578
+ RESERVED
+CVE-2017-8577
+ RESERVED
+CVE-2017-8576
+ RESERVED
+CVE-2017-8575
+ RESERVED
+CVE-2017-8574
+ RESERVED
+CVE-2017-8573
+ RESERVED
+CVE-2017-8572
+ RESERVED
+CVE-2017-8571
+ RESERVED
+CVE-2017-8570
+ RESERVED
+CVE-2017-8569
+ RESERVED
+CVE-2017-8568
+ RESERVED
+CVE-2017-8567
+ RESERVED
+CVE-2017-8566
+ RESERVED
+CVE-2017-8565
+ RESERVED
+CVE-2017-8564
+ RESERVED
+CVE-2017-8563
+ RESERVED
+CVE-2017-8562
+ RESERVED
+CVE-2017-8561
+ RESERVED
+CVE-2017-8560
+ RESERVED
+CVE-2017-8559
+ RESERVED
+CVE-2017-8558
+ RESERVED
+CVE-2017-8557
+ RESERVED
+CVE-2017-8556
+ RESERVED
+CVE-2017-8555
+ RESERVED
+CVE-2017-8554
+ RESERVED
+CVE-2017-8553
+ RESERVED
+CVE-2017-8552
+ RESERVED
+CVE-2017-8551
+ RESERVED
+CVE-2017-8550
+ RESERVED
+CVE-2017-8549
+ RESERVED
+CVE-2017-8548
+ RESERVED
+CVE-2017-8547
+ RESERVED
+CVE-2017-8546
+ RESERVED
+CVE-2017-8545
+ RESERVED
+CVE-2017-8544
+ RESERVED
+CVE-2017-8543
+ RESERVED
+CVE-2017-8542
+ RESERVED
+CVE-2017-8541
+ RESERVED
+CVE-2017-8540
+ RESERVED
+CVE-2017-8539
+ RESERVED
+CVE-2017-8538
+ RESERVED
+CVE-2017-8537
+ RESERVED
+CVE-2017-8536
+ RESERVED
+CVE-2017-8535
+ RESERVED
+CVE-2017-8534
+ RESERVED
+CVE-2017-8533
+ RESERVED
+CVE-2017-8532
+ RESERVED
+CVE-2017-8531
+ RESERVED
+CVE-2017-8530
+ RESERVED
+CVE-2017-8529
+ RESERVED
+CVE-2017-8528
+ RESERVED
+CVE-2017-8527
+ RESERVED
+CVE-2017-8526
+ RESERVED
+CVE-2017-8525
+ RESERVED
+CVE-2017-8524
+ RESERVED
+CVE-2017-8523
+ RESERVED
+CVE-2017-8522
+ RESERVED
+CVE-2017-8521
+ RESERVED
+CVE-2017-8520
+ RESERVED
+CVE-2017-8519
+ RESERVED
+CVE-2017-8518
+ RESERVED
+CVE-2017-8517
+ RESERVED
+CVE-2017-8516
+ RESERVED
+CVE-2017-8515
+ RESERVED
+CVE-2017-8514
+ RESERVED
+CVE-2017-8513
+ RESERVED
+CVE-2017-8512
+ RESERVED
+CVE-2017-8511
+ RESERVED
+CVE-2017-8510
+ RESERVED
+CVE-2017-8509
+ RESERVED
+CVE-2017-8508
+ RESERVED
+CVE-2017-8507
+ RESERVED
+CVE-2017-8506
+ RESERVED
+CVE-2017-8505
+ RESERVED
+CVE-2017-8504
+ RESERVED
+CVE-2017-8503
+ RESERVED
+CVE-2017-8502
+ RESERVED
+CVE-2017-8501
+ RESERVED
+CVE-2017-8500
+ RESERVED
+CVE-2017-8499
+ RESERVED
+CVE-2017-8498
+ RESERVED
+CVE-2017-8497
+ RESERVED
+CVE-2017-8496
+ RESERVED
+CVE-2017-8495
+ RESERVED
+CVE-2017-8494
+ RESERVED
+CVE-2017-8493
+ RESERVED
+CVE-2017-8492
+ RESERVED
+CVE-2017-8491
+ RESERVED
+CVE-2017-8490
+ RESERVED
+CVE-2017-8489
+ RESERVED
+CVE-2017-8488
+ RESERVED
+CVE-2017-8487
+ RESERVED
+CVE-2017-8486
+ RESERVED
+CVE-2017-8485
+ RESERVED
+CVE-2017-8484
+ RESERVED
+CVE-2017-8483
+ RESERVED
+CVE-2017-8482
+ RESERVED
+CVE-2017-8481
+ RESERVED
+CVE-2017-8480
+ RESERVED
+CVE-2017-8479
+ RESERVED
+CVE-2017-8478
+ RESERVED
+CVE-2017-8477
+ RESERVED
+CVE-2017-8476
+ RESERVED
+CVE-2017-8475
+ RESERVED
+CVE-2017-8474
+ RESERVED
+CVE-2017-8473
+ RESERVED
+CVE-2017-8472
+ RESERVED
+CVE-2017-8471
+ RESERVED
+CVE-2017-8470
+ RESERVED
+CVE-2017-8469
+ RESERVED
+CVE-2017-8468
+ RESERVED
+CVE-2017-8467
+ RESERVED
+CVE-2017-8466
+ RESERVED
+CVE-2017-8465
+ RESERVED
+CVE-2017-8464
+ RESERVED
+CVE-2017-8463
+ RESERVED
+CVE-2017-8462
+ RESERVED
+CVE-2017-8461
+ RESERVED
+CVE-2017-8460
+ RESERVED
+CVE-2017-8459 (** DISPUTED ** Brave 0.12.4 has a Status Bar Obfuscation issue in which ...)
+ TODO: check
+CVE-2017-8458 (Brave 0.12.4 has a URI Obfuscation issue in which a string such as ...)
+ TODO: check
+CVE-2017-8457
+ RESERVED
+CVE-2017-8456
+ RESERVED
+CVE-2017-8455 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an ...)
+ TODO: check
+CVE-2017-8454 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an ...)
+ TODO: check
+CVE-2017-8453 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an ...)
+ TODO: check
+CVE-2016-10368 (Open redirect vulnerability in Opsview Monitor Pro (Prior to ...)
+ TODO: check
+CVE-2016-10367 (In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, ...)
+ TODO: check
+CVE-2015-9058 (Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix ...)
+ TODO: check
+CVE-2015-9057 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail ...)
+ TODO: check
CVE-2017-8452
RESERVED
CVE-2017-8451
@@ -1164,8 +1790,8 @@
RESERVED
CVE-2017-7996
RESERVED
-CVE-2017-7995
- RESERVED
+CVE-2017-7995 (Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges ...)
+ TODO: check
CVE-2017-7994 (The function TextExtractor::ExtractText in TextExtractor.cpp:77 in ...)
- libpodofo <unfixed> (bug #860930)
[jessie] - libpodofo <no-dsa> (Minor issue)
@@ -1268,7 +1894,7 @@
CVE-2017-7958
RESERVED
CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is not used, ...)
- {DLA-930-1}
+ {DSA-3841-1 DLA-930-1}
- libxstream-java 1.4.9-2 (bug #861521)
NOTE: https://x-stream.github.io/CVE-2017-7957.html
NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be
@@ -2322,71 +2948,71 @@
CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed ...)
NOT-FOR-US: libaacplus
CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote ...)
- {DLA-911-1}
+ {DSA-3844-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (vulnerable code not present)
NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" ...)
- {DLA-912-1 DLA-911-1}
+ {DSA-3844-1 DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
- {DLA-912-1 DLA-911-1}
+ {DSA-3844-1 DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
- {DLA-912-1 DLA-911-1}
+ {DSA-3844-1 DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...)
- {DLA-911-1}
+ {DSA-3844-1 DLA-911-1}
- tiff 4.0.7-6 (low)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (vulnerable code not present)
NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of ...)
- {DLA-912-1 DLA-911-1}
+ {DSA-3844-1 DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
- {DLA-912-1 DLA-911-1}
+ {DSA-3844-1 DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...)
- {DLA-912-1 DLA-911-1}
+ {DSA-3844-1 DLA-912-1 DLA-911-1}
- tiff 4.0.7-6 (low; bug #860003)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2653
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c
NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...)
- {DLA-912-1 DLA-911-1}
+ {DSA-3844-1 DLA-912-1 DLA-911-1}
- tiff 4.0.7-6 (low; bug #860001)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659
NOTE: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...)
- {DLA-912-1 DLA-911-1}
+ {DSA-3844-1 DLA-912-1 DLA-911-1}
- tiff 4.0.7-6 (bug #860000)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651
NOTE: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a ...)
- {DLA-911-1}
+ {DSA-3844-1 DLA-911-1}
- tiff 4.0.7-6 (bug #859998)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (vulnerable code not present)
@@ -2809,16 +3435,16 @@
RESERVED
CVE-2017-7433
RESERVED
-CVE-2017-7432
- RESERVED
-CVE-2017-7431
- RESERVED
-CVE-2017-7430
- RESERVED
+CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
+ TODO: check
+CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
+ TODO: check
+CVE-2017-7430 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
+ TODO: check
CVE-2017-7429
RESERVED
-CVE-2017-7428
- RESERVED
+CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...)
+ TODO: check
CVE-2017-7427
RESERVED
CVE-2017-7426
@@ -3350,8 +3976,7 @@
CVE-2015-9005
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-9004
- RESERVED
+CVE-2015-9004 (kernel/events/core.c in the Linux kernel before 3.19 mishandles ...)
- linux 3.16.7-ckt7-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2014-9959
@@ -3404,8 +4029,7 @@
CVE-2014-9941
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9940
- RESERVED
+CVE-2014-9940 (The regulator_ena_gpio_free function in drivers/regulator/core.c in ...)
- linux 3.19-1
CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5 ...)
NOT-FOR-US: MikroTik
@@ -3521,6 +4145,7 @@
NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
+ {DSA-3844-1}
- tiff 4.0.7-2 (bug #846837)
[wheezy] - tiff 4.0.2-6+deb7u9
- tiff3 <removed>
@@ -3529,7 +4154,7 @@
NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
- {DLA-877-1}
+ {DSA-3844-1 DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Unreproducible)
@@ -3546,7 +4171,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2598
NOTE: Crash in CLI tool not treated as a security issue
CVE-2016-10267 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
- {DLA-877-1}
+ {DSA-3844-1 DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Unreproducible, BigTIFF not supported by this version)
@@ -3554,7 +4179,7 @@
NOTE: https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2611
CVE-2016-10266 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
- {DLA-877-1}
+ {DSA-3844-1 DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Unreproducible)
@@ -3660,8 +4285,8 @@
NOT-FOR-US: pngdefry
CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and ...)
NOT-FOR-US: Disk Sorter Enterprise
-CVE-2017-7229
- RESERVED
+CVE-2017-7229 (PGP/MIME encrypted messages injected into a Vaultive O365 (before ...)
+ TODO: check
CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes available ...)
{DLA-907-1}
- xen 4.8.1-1 (bug #859560)
@@ -8117,7 +8742,7 @@
CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by ...)
NOT-FOR-US: Apache Geode
CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to ...)
- {DLA-924-1}
+ {DSA-3843-1 DSA-3842-1 DLA-924-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.11-2 (bug #860069)
- tomcat7 7.0.72-3
@@ -8128,7 +8753,7 @@
NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat ...)
- {DLA-924-1}
+ {DSA-3843-1 DSA-3842-1 DLA-924-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.11-2 (bug #860068)
- tomcat7 7.0.72-3
@@ -8845,8 +9470,8 @@
CVE-2017-5482 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in ...)
{DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
-CVE-2017-5481
- RESERVED
+CVE-2017-5481 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 ...)
+ TODO: check
CVE-2017-5480 (Directory traversal vulnerability in inc/files/files.ctrl.php in ...)
- b2evolution <removed>
CVE-2017-5479
@@ -9792,16 +10417,16 @@
RESERVED
CVE-2017-5241
RESERVED
-CVE-2017-5240
- RESERVED
+CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a ...)
+ TODO: check
CVE-2017-5239 (Due to a lack of standard encryption when transmitting sensitive ...)
NOT-FOR-US: Eview GPS trackers
CVE-2017-5238 (Due to a lack of bounds checking, several input configuration fields ...)
NOT-FOR-US: Eview GPS trackers
CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who knows the ...)
NOT-FOR-US: Eview GPS trackers
-CVE-2017-5236
- RESERVED
+CVE-2017-5236 (Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 ...)
+ TODO: check
CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 ...)
NOT-FOR-US: Rapid7
CVE-2017-5234 (Rapid7 Insight Collector installers prior to version 1.0.16 contain a ...)
@@ -9821,7 +10446,7 @@
CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain ...)
NOT-FOR-US: QNAP
CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the ...)
- {DLA-795-1}
+ {DSA-3844-1 DLA-795-1}
- tiff 4.0.7-5 (bug #851297)
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656
@@ -13482,8 +14107,8 @@
NOT-FOR-US: IBM
CVE-2016-9977
RESERVED
-CVE-2016-9976
- RESERVED
+CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote ...)
+ TODO: check
CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2016-9974
@@ -19677,7 +20302,8 @@
RESERVED
CVE-2017-1299
RESERVED
-CVE-2017-1298 (A denial of service vulnerability has been discovered in 40-GbE ...)
+CVE-2017-1298
+ REJECTED
NOT-FOR-US: IBM
CVE-2017-1297
RESERVED
@@ -22085,8 +22711,7 @@
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0332 (An elevation of privilege vulnerability in the NVIDIA crypto driver ...)
NOT-FOR-US: NVIDIA driver for Android
-CVE-2017-0331
- RESERVED
+CVE-2017-0331 (An elevation of privilege vulnerability in the NVIDIA video driver ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0330 (An information disclosure vulnerability in the NVIDIA crypto driver ...)
NOT-FOR-US: NVIDIA driver for Android
@@ -23677,7 +24302,7 @@
- tiff3 <not-affected> (tiff3 not shipping tools)
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that ...)
- {DLA-880-1 DLA-795-1}
+ {DSA-3844-1 DLA-880-1 DLA-795-1}
- tiff 4.0.7-1
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
@@ -42217,6 +42842,7 @@
NOTE: http://bugs.cacti.net/view.php?id=2673
NOTE: Requires authenticated user
CVE-2016-3658 (The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in ...)
+ {DSA-3844-1}
- tiff 4.0.6-3 (low)
[wheezy] - tiff <no-dsa> (Minor issue)
- tiff3 <removed> (low)
@@ -44050,8 +44676,8 @@
NOT-FOR-US: IBM
CVE-2016-2931 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to ...)
NOT-FOR-US: IBM
-CVE-2016-2930
- RESERVED
+CVE-2016-2930 (IBM BigFix Remote Control 9.1.3 could allow a remote attacker to ...)
+ TODO: check
CVE-2016-2929 (IBM BigFix Remote Control before 9.1.3 does not properly restrict ...)
NOT-FOR-US: IBM
CVE-2016-2928 (IBM BigFix Remote Control before 9.1.3 allows remote authenticated ...)
@@ -53374,8 +54000,8 @@
RESERVED
CVE-2016-0383
RESERVED
-CVE-2016-0382
- RESERVED
+CVE-2016-0382 (The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes ...)
+ TODO: check
CVE-2016-0381 (IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin ...)
NOT-FOR-US: IBM
CVE-2016-0380 (IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and ...)
More information about the Secure-testing-commits
mailing list