[Secure-testing-commits] r51533 - data/CVE

Thu May 11 09:10:11 UTC 2017

Author: sectracker
Date: 2017-05-11 09:10:11 +0000 (Thu, 11 May 2017)
New Revision: 51533

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-05-11 09:02:57 UTC (rev 51532)
+++ data/CVE/list	2017-05-11 09:10:11 UTC (rev 51533)
@@ -1,3 +1,5 @@
+CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...)
+	TODO: check
 CVE-2017-8894
 	RESERVED
 CVE-2017-8893
@@ -272,8 +274,7 @@
 	RESERVED
 CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before ...)
 	NOT-FOR-US: iRODS
-CVE-2017-8798 [miniupnp integer signedness error]
-	RESERVED
+CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through ...)
 	- miniupnpc <unfixed> (bug #862273)
 	NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
 	NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
@@ -2250,6 +2251,7 @@
 	NOT-FOR-US: Enalean Tuleap
 CVE-2017-7980
 	RESERVED
+	{DLA-939-1}
 	- qemu 1:2.8+dfsg-4
 	- qemu-kvm <removed>
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=026aeffcb4752054830ba203020ed6eb05bcaba8
@@ -3055,6 +3057,7 @@
 CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
 	NOT-FOR-US: Spider Event Calendar
 CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ...)
+	{DLA-939-1}
 	- qemu 1:2.8+dfsg-4
 	- qemu-kvm <removed>
 	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904
@@ -5620,12 +5623,12 @@
 	RESERVED
 CVE-2017-6868
 	RESERVED
-CVE-2017-6867
-	RESERVED
+CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before ...)
+	TODO: check
 CVE-2017-6866
 	RESERVED
-CVE-2017-6865
-	RESERVED
+CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and V14 ...)
+	TODO: check
 CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...)
 	NOT-FOR-US: Siemens
 CVE-2017-6863
@@ -10037,8 +10040,7 @@
 	- nss <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462
 	NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
-CVE-2017-5461
-	RESERVED
+CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...)
 	{DSA-3831-1 DLA-906-1}
 	- firefox 52.0.1-1
 	[experimental] - nss 2:3.30.1-1
@@ -17833,10 +17835,10 @@
 	NOT-FOR-US: Siemens
 CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...)
 	NOT-FOR-US: Siemens
-CVE-2017-2681
-	RESERVED
-CVE-2017-2680
-	RESERVED
+CVE-2017-2681 (Siemens SIMATIC S7-300 incl. F and T (All versions before V3.X.14), ...)
+	TODO: check
+CVE-2017-2680 (Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...)
+	TODO: check
 CVE-2017-2679
 	RESERVED
 CVE-2017-2678
@@ -23382,6 +23384,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
 CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection]
 	RESERVED
+	{DLA-939-1}
 	- qemu 1:2.8+dfsg-4 (bug #857744)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1


