[Secure-testing-commits] r51665 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon May 15 21:10:15 UTC 2017 

Author: sectracker
Date: 2017-05-15 21:10:15 +0000 (Mon, 15 May 2017)
New Revision: 51665

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-15 20:28:30 UTC (rev 51664)
+++ data/CVE/list	2017-05-15 21:10:15 UTC (rev 51665)
@@ -16,12 +16,12 @@
 	- deluge <unfixed> (bug #862611)
 	NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
 	NOTE: Fixed by: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
-CVE-2017-8934 [single instance socket may be blocked by another user]
+CVE-2017-8934 (PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local ...)
 	- pcmanfm 1.2.5-3 (low; bug #862571)
 	[jessie] - pcmanfm <no-dsa> (Minor issue)
 	[wheezy] - pcmanfm <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08
-CVE-2017-8933 [menu-cached socket may be blocked by another user]
+CVE-2017-8933 (Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a ...)
 	- menu-cache 1.0.2-3 (low; bug #862570)
 	[jessie] - menu-cache <no-dsa> (Minor issue)
 	[wheezy] - menu-cache <no-dsa> (Minor issue)
@@ -2372,10 +2372,12 @@
 CVE-2017-7977
 	RESERVED
 CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...)
+	{DLA-942-1}
 	- jbig2dec <unfixed> (bug #860787)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683
 	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
 CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds ...)
+	{DLA-942-1}
 	- jbig2dec <unfixed> (bug #860788)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
 	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
@@ -2728,6 +2730,7 @@
 	- dolibarr <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
 CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to ...)
+	{DLA-942-1}
 	- jbig2dec <unfixed> (bug #860460)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703
 	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
@@ -3261,7 +3264,7 @@
 CVE-2017-7693
 	RESERVED
 CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) ...)
-	{DSA-3852-1}
+	{DSA-3852-1 DLA-941-1}
 	- squirrelmail <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
 	NOTE: https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
@@ -3808,12 +3811,12 @@
 CVE-2017-7492
 	RESERVED
 	- resteasy <undetermined>
-CVE-2017-7491
-	RESERVED
-CVE-2017-7490
-	RESERVED
-CVE-2017-7489
-	RESERVED
+CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers ...)
+	TODO: check
+CVE-2017-7490 (In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because ...)
+	TODO: check
+CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take ownership of ...)
+	TODO: check
 CVE-2017-7488
 	RESERVED
 	NOT-FOR-US: authconfig in Red Hat
@@ -9351,8 +9354,8 @@
 	RESERVED
 CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of ...)
 	NOT-FOR-US: Apache CXF
-CVE-2017-5655
-	RESERVED
+CVE-2017-5655 (In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be ...)
+	TODO: check
 CVE-2017-5654 (In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of ...)
 	NOT-FOR-US: Apache Ambari
 CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and ...)
@@ -26385,8 +26388,7 @@
 	NOTE: For 2.2 preparation is done in http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
 CVE-2016-8742
 	RESERVED
-CVE-2016-8741
-	RESERVED
+CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use different so ...)
 	NOT-FOR-US: Apache Qpid Java Broker
 CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...)
 	- apache2 2.4.25-1 (bug #847124)
@@ -28375,8 +28377,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2017-0253
 	RESERVED
-CVE-2017-0252
-	RESERVED
+CVE-2017-0252 (A remote code execution vulnerability exists in Microsoft Chakra Core ...)
+	TODO: check
 CVE-2017-0251
 	RESERVED
 CVE-2017-0250
@@ -28433,8 +28435,8 @@
 	RESERVED
 CVE-2017-0224 (A remote code execution vulnerability exists in the way JavaScript ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-0223
-	RESERVED
+CVE-2017-0223 (A remote code execution vulnerability exists in Microsoft Chakra Core ...)
+	TODO: check
 CVE-2017-0222 (A remote code execution vulnerability exists when Internet Explorer ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-0221 (A vulnerability exists when Microsoft Edge improperly accesses objects ...)
@@ -106881,7 +106883,7 @@
 CVE-2014-0052
 	RESERVED
 CVE-2014-0051
-	RESERVED
+	REJECTED
 CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as ...)
 	{DSA-2897-1 DSA-2856-1}
 	- libcommons-fileupload-java 1.3.1-1

More information about the Secure-testing-commits mailing list