[Secure-testing-commits] r51340 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu May 4 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-05-04 21:10:12 +0000 (Thu, 04 May 2017)
New Revision: 51340

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-04 21:02:47 UTC (rev 51339)
+++ data/CVE/list	2017-05-04 21:10:12 UTC (rev 51340)
@@ -1,4 +1,14 @@
-CVE-2017-8779 [rpcbind: remote rpcbind denial-of-service]
+CVE-2017-8782
+	RESERVED
+CVE-2017-8781
+	RESERVED
+CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during ...)
+	TODO: check
+CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 ...)
+	TODO: check
+CVE-2017-8777
+	RESERVED
+CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through ...)
 	- rpcbind <unfixed> (bug #861835)
 	- libtirpc <unfixed> (bug #861834)
 	- ntirpc <unfixed> (bug #861836)
@@ -1120,8 +1130,7 @@
 	[jessie] - kedpm <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: patch in BTS gives workaround to always prompt for password and do not save to database
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
-CVE-2017-8295
-	RESERVED
+CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a ...)
 	- wordpress <unfixed>
 	NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote ...)
@@ -1515,7 +1524,7 @@
 	NOTE: https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e (1.0.x)
 CVE-2017-8113
 	RESERVED
-CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allow local guest OS ...)
+CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest ...)
 	- qemu <unfixed> (bug #861351)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -2673,7 +2682,7 @@
 	NOT-FOR-US: PrivateTunnel
 CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
 	NOT-FOR-US: Spider Event Calendar
-CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local ...)
+CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ...)
 	- qemu 1:2.8+dfsg-4
 	- qemu-kvm <removed>
 	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904
@@ -11375,8 +11384,8 @@
 	RESERVED
 CVE-2017-4984
 	RESERVED
-CVE-2017-4983
-	RESERVED
+CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before ...)
+	TODO: check
 CVE-2017-4982
 	RESERVED
 CVE-2017-4981
@@ -14080,22 +14089,19 @@
 	RESERVED
 CVE-2017-3734
 	RESERVED
-CVE-2017-3733
-	RESERVED
+CVE-2017-3733 (During a renegotiation handshake if the Encrypt-Then-Mac extension is ...)
 	- openssl 1.1.0e-1
 	[jessie] - openssl <not-affected> (Only affects 1.1)
 	[wheezy] - openssl <not-affected> (Only affects 1.1)
 	- openssl1.0 <not-affected> (Only affects 1.1)
 	NOTE: https://www.openssl.org/news/secadv/20170216.txt
-CVE-2017-3732
-	RESERVED
+CVE-2017-3732 (There is a carry propagating bug in the x86_64 Montgomery squaring ...)
 	- openssl 1.1.0d-1
 	[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
 	[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
 	- openssl1.0 1.0.2k-1
 	NOTE: https://www.openssl.org/news/secadv/20170126.txt
-CVE-2017-3731
-	RESERVED
+CVE-2017-3731 (If an SSL/TLS server or client is running on a 32-bit host, and a ...)
 	{DSA-3773-1 DLA-814-1}
 	- openssl 1.1.0d-1
 	- openssl1.0 1.0.2k-1
@@ -14103,8 +14109,7 @@
 	NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9
 	NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0
 	NOTE: and https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21
-CVE-2017-3730
-	RESERVED
+CVE-2017-3730 (In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad ...)
 	- openssl 1.1.0d-1
 	[jessie] - openssl <not-affected> (Only affects OpenSSL 1.1)
 	[wheezy] - openssl <not-affected> (Only affects OpenSSL 1.1)
@@ -31410,23 +31415,20 @@
 	NOTE: https://eprint.iacr.org/2016/1195.pdf
 	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=f54be179aa4cbbd944728771d7d59ed588158a12
 	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 (OpenSSL_1_0_2-beta3)
-CVE-2016-7055 [Montgomery multiplication may produce incorrect results]
-	RESERVED
+CVE-2016-7055 (There is a carry propagating bug in the Broadwell-specific Montgomery ...)
 	- openssl 1.1.0c-1 (low)
 	[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
 	[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
 	- openssl1.0 1.0.2k-1 (low)
 	NOTE: https://www.openssl.org/news/secadv/20161110.txt
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=2fac86d9abeaa643677d1ffd0a139239fdf9406a
-CVE-2016-7054 [ChaCha20/Poly1305 heap-buffer-overflow]
-	RESERVED
+CVE-2016-7054 (In OpenSSL 1.1.0 before 1.1.0c, TLS connections using ...)
 	- openssl 1.1.0c-1
 	[jessie] - openssl <not-affected> (Only affects 1.1.0)
 	[wheezy] - openssl <not-affected> (Only affects 1.1.0)
 	- openssl1.0 <not-affected> (Only affects 1.1.0)
 	NOTE: https://www.openssl.org/news/secadv/20161110.txt
-CVE-2016-7053 [CMS Null dereference]
-	RESERVED
+CVE-2016-7053 (In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS ...)
 	- openssl 1.1.0c-1
 	[jessie] - openssl <not-affected> (Only affects 1.1.0)
 	[wheezy] - openssl <not-affected> (Only affects 1.1.0)

More information about the Secure-testing-commits mailing list