[Secure-testing-commits] r51763 - data/CVE

Fri May 19 21:10:16 UTC 2017

Author: sectracker
Date: 2017-05-19 21:10:16 +0000 (Fri, 19 May 2017)
New Revision: 51763

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-05-19 20:58:25 UTC (rev 51762)
+++ data/CVE/list	2017-05-19 21:10:16 UTC (rev 51763)
@@ -1,17 +1,59 @@
-CVE-2017-9079 [information disclosure with ~/.ssh/authorized_keys symlink]
+CVE-2017-9099
+	RESERVED
+CVE-2017-9098 (ImageMagick before 7.0.5-2 uses uninitialized memory in the RLE ...)
+	TODO: check
+CVE-2017-9097
+	RESERVED
+CVE-2017-9096
+	RESERVED
+CVE-2017-9095
+	RESERVED
+CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ...)
+	TODO: check
+CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in ...)
+	TODO: check
+CVE-2017-9092
+	RESERVED
+CVE-2017-9091 (/admin/loginc.php in Allen Disk 1.6 doesn't check if ...)
+	TODO: check
+CVE-2017-9090 (reg.php in Allen Disk 1.6 doesn't check if ...)
+	TODO: check
+CVE-2017-9089
+	RESERVED
+CVE-2017-9088
+	RESERVED
+CVE-2017-9087
+	RESERVED
+CVE-2017-9086
+	RESERVED
+CVE-2017-9085
+	RESERVED
+CVE-2017-9084
+	RESERVED
+CVE-2017-9083 (poppler 0.54.0, as used in Evince and other products, has a NULL ...)
+	TODO: check
+CVE-2017-9082
+	RESERVED
+CVE-2017-9081
+	RESERVED
+CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the name ...)
+	TODO: check
+CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files ...)
+	{DSA-3859-1}
 	- dropbear <unfixed> (bug #862970)
 	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
-CVE-2017-9078 [double-free in server TCP listener cleanup]
+CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication ...)
+	{DSA-3859-1}
 	- dropbear <unfixed> (bug #862970)
 	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
 CVE-2017-XXXX [Reset memory for RLE decoder]
 	- imagemagick <unfixed> (bug #862967)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
 	NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
-CVE-2017-9077 [ipv6/dccp: do not inherit ipv6_mc_list from parent: dccp_v6__recv_sock part]
+CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
-CVE-2017-9076 (The IPv6 DCCP implementation in the Linux kernel through 4.11.1 ...)
+CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
 CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux ...)
@@ -2756,8 +2798,8 @@
 	RESERVED
 CVE-2017-7969
 	RESERVED
-CVE-2017-7968
-	RESERVED
+CVE-2017-7968 (An Incorrect Default Permissions issue was discovered in Schneider ...)
+	TODO: check
 CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...)
 	NOT-FOR-US: Schneider
 CVE-2017-7966
@@ -4142,8 +4184,8 @@
 	RESERVED
 CVE-2017-7505
 	RESERVED
-CVE-2017-7504
-	RESERVED
+CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the ...)
+	TODO: check
 CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of ...)
 	NOT-FOR-US: Red Hat JBoss EAP implementation of javax.xml.transform.TransformerFactory
 CVE-2017-7502
@@ -4259,8 +4301,7 @@
 	- gnulib <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=94e01571
 	NOTE: Introduced with 4bc76593 and 4e6e16b3f.
-CVE-2017-7475
-	RESERVED
+CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference ...)
 	- cairo <undetermined>
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
 CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not ...)
@@ -10517,7 +10558,7 @@
 	- firefox <not-affected> (Only affects Firefox on Android)
 CVE-2017-5462
 	RESERVED
-	{DSA-3831-1 DLA-906-1}
+	{DSA-3831-1 DLA-946-1 DLA-906-1}
 	- firefox 52.0.1-1
 	- firefox-esr 45.9.0esr-1
 	[experimental] - nss 2:3.30-1
@@ -10525,7 +10566,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462
 	NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
 CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...)
-	{DSA-3831-1 DLA-906-1}
+	{DSA-3831-1 DLA-946-1 DLA-906-1}
 	- firefox 52.0.1-1
 	[experimental] - nss 2:3.30.1-1
 	- nss <unfixed> (bug #862958)
@@ -12328,10 +12369,10 @@
 	RESERVED
 CVE-2017-4980 (EMC Isilon OneFS is affected by a path traversal vulnerability that may ...)
 	NOT-FOR-US: EMC
-CVE-2017-4979
-	RESERVED
-CVE-2017-4978
-	RESERVED
+CVE-2017-4979 (EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - ...)
+	TODO: check
+CVE-2017-4978 (EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 ...)
+	TODO: check
 CVE-2017-4977 (EMC RSA Archer Security Operations Management with RSA Unified ...)
 	NOT-FOR-US: EMC
 CVE-2017-4976
@@ -15930,6 +15971,7 @@
 CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-3858-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -15943,6 +15985,7 @@
 CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+	{DSA-3858-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -15960,6 +16003,7 @@
 CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-3858-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -15977,6 +16021,7 @@
 CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-3858-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -16018,6 +16063,7 @@
 	- openjdk-7 <not-affected> (MacOSX builds only)
 	NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a
 CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-3858-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -16025,6 +16071,7 @@
 CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
 	NOT-FOR-US: Solaris
 CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+	{DSA-3858-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -65215,8 +65262,8 @@
 	RESERVED
 CVE-2015-5242 (OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict ...)
 	NOT-FOR-US: swiftonfile
-CVE-2015-5241
-	RESERVED
+CVE-2015-5241 (After logging into the portal, the logout jsp page redirects the ...)
+	TODO: check
 CVE-2015-5240 (Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before ...)
 	- neutron 1:7.0.0-1
 	[jessie] - neutron <no-dsa> (Minor issue)


