[Secure-testing-commits] r51706 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed May 17 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-05-17 21:10:13 +0000 (Wed, 17 May 2017)
New Revision: 51706

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-17 20:32:28 UTC (rev 51705)
+++ data/CVE/list	2017-05-17 21:10:13 UTC (rev 51706)
@@ -1,3 +1,15 @@
+CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
+	TODO: check
+CVE-2017-9029
+	RESERVED
+CVE-2017-9028
+	RESERVED
+CVE-2017-9027
+	RESERVED
+CVE-2017-9026 (Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) ...)
+	TODO: check
+CVE-2017-9025 (Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) ...)
+	TODO: check
 CVE-2017-XXXX [A cross-site scripting (XSS) vulnerability was discovered related to the Customizer]
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
@@ -200,7 +212,7 @@
 	NOT-FOR-US: MoboTap Dolphin Web Browser
 CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS does ...)
 	NOT-FOR-US: Quest Information Systems Indiana Voters app
-CVE-2016-10374 [perltidy.ERR tried to be deleted but not checked if suceeds; then futher used, allowing file overwrite via symlink attack]
+CVE-2016-10374 (perltidy through 20160302, as used by perlcritic, check-all-the-things, ...)
 	- perltidy <unfixed> (bug #862667)
 	[jessie] - perltidy <no-dsa> (Minor issue; can be fixed via point release)
 	[wheezy] - perltidy <no-dsa> (Minor issue)
@@ -216,7 +228,8 @@
 	NOTE: https://github.com/VirusTotal/yara/commit/053e67e3ec81cc9268ce30eaf0d6663d8639ed1e
 CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and other products, has ...)
 	NOT-FOR-US: mailcow
-CVE-2017-9031 [deluge-webui: directory traversal attack vulnerability]
+CVE-2017-9031 (The WebUI component in Deluge before 1.3.15 contains a directory ...)
+	{DLA-943-1}
 	- deluge 1.3.13+git20161130.48cedf63-3 (bug #862611)
 	NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
 	NOTE: Fixed by: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
@@ -414,8 +427,7 @@
 	NOT-FOR-US: OnePlus One
 CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to ...)
 	NOT-FOR-US: OnePlus One
-CVE-2017-8849
-	RESERVED
+CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by ...)
 	- smb4k 1.2.1-2 (bug #862505)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
 	NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt
@@ -1362,8 +1374,7 @@
 	RESERVED
 CVE-2017-8423
 	RESERVED
-CVE-2017-8422
-	RESERVED
+CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to ...)
 	{DSA-3849-1}
 	- kauth 5.28.0-2
 	- kde4libs 4:4.14.26-2
@@ -4013,8 +4024,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824
 CVE-2017-7494
 	RESERVED
-CVE-2017-7493 [9pfs: guest privilege escalation in virtfs mapped-file mode]
-	RESERVED
+CVE-2017-7493 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing ...)
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1451709
@@ -11309,10 +11319,10 @@
 	NOT-FOR-US: Samsung
 CVE-2017-5216 (Stack-based buffer overflow vulnerability in Netop Remote Control ...)
 	NOT-FOR-US: Netop Remote Control
-CVE-2017-5215
-	RESERVED
-CVE-2017-5214
-	RESERVED
+CVE-2017-5215 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
+	TODO: check
+CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
+	TODO: check
 CVE-2017-5213
 	RESERVED
 CVE-2017-5212
@@ -44419,8 +44429,7 @@
 	NOT-FOR-US: Zimbra
 CVE-2016-3404 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
 	NOT-FOR-US: Zimbra
-CVE-2016-3403
-	RESERVED
+CVE-2016-3403 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: Zimbra
 CVE-2016-3402 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
 	NOT-FOR-US: Zimbra
@@ -68319,8 +68328,8 @@
 	RESERVED
 CVE-2015-4071
 	RESERVED
-CVE-2015-4070
-	RESERVED
+CVE-2015-4070 (Open redirect vulnerability in the proxyimages function in ...)
+	TODO: check
 CVE-2015-4069 (The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 ...)
 	NOT-FOR-US: EdgeServiceImpl web service in Arcserve UDP
 CVE-2015-4068 (Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 ...)
@@ -68592,8 +68601,8 @@
 	NOTE: NSS patch increasing limit to 1023 bits: https://hg.mozilla.org/projects/nss/rev/ae72d76f8d24
 CVE-2015-3999 (Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames ...)
 	NOT-FOR-US: Piriform CCleaner
-CVE-2015-3998
-	RESERVED
+CVE-2015-3998 (Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in ...)
+	TODO: check
 CVE-2015-3997
 	RESERVED
 CVE-2015-3996 (The default AFSecurityPolicy.validatesDomainName configuration for ...)
@@ -76622,7 +76631,7 @@
 	[squeeze] - archmage <no-dsa> (Minor issue)
 	[wheezy] - archmage <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/9
-CVE-2015-1419 (Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote ...)
+CVE-2015-1419 (Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote ...)
 	- vsftpd 3.0.2-18 (unimportant; bug #776922)
 	[jessie] - vsftpd 3.0.2-17+deb8u1
 	NOTE: http://seclists.org/oss-sec/2015/q1/389

More information about the Secure-testing-commits mailing list