[Secure-testing-commits] r51802 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun May 21 21:10:21 UTC 2017
Author: sectracker
Date: 2017-05-21 21:10:21 +0000 (Sun, 21 May 2017)
New Revision: 51802
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-21 21:05:09 UTC (rev 51801)
+++ data/CVE/list 2017-05-21 21:10:21 UTC (rev 51802)
@@ -1,3 +1,45 @@
+CVE-2017-9120
+ RESERVED
+CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...)
+ TODO: check
+CVE-2017-9118
+ RESERVED
+CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...)
+ TODO: check
+CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...)
+ TODO: check
+CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function ...)
+ TODO: check
+CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...)
+ TODO: check
+CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
+ TODO: check
+CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...)
+ TODO: check
+CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...)
+ TODO: check
+CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...)
+ TODO: check
+CVE-2017-9109
+ RESERVED
+CVE-2017-9108
+ RESERVED
+CVE-2017-9107
+ RESERVED
+CVE-2017-9106
+ RESERVED
+CVE-2017-9105
+ RESERVED
+CVE-2017-9104
+ RESERVED
+CVE-2017-9103
+ RESERVED
+CVE-2017-9102
+ RESERVED
+CVE-2017-9101 (import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows ...)
+ TODO: check
+CVE-2014-9970 (jasypt before 1.9.2 allows a timing attack against the password hash ...)
+ TODO: check
CVE-2017-9100 (login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote ...)
NOT-FOR-US: D-Link
CVE-2017-XXXX [buffer overflow in output option commandline argument (VL-ID 2068)]
@@ -50,7 +92,7 @@
CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the name ...)
NOT-FOR-US: PlaySMS
CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files ...)
- {DSA-3859-1}
+ {DSA-3859-1 DLA-948-1}
- dropbear 2016.74-5 (bug #862970)
NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication ...)
@@ -147,8 +189,8 @@
- libxml2 <unfixed> (bug #863022)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
-CVE-2017-9046
- RESERVED
+CVE-2017-9046 (winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code ...)
+ TODO: check
CVE-2017-9045 (The Google I/O 2017 application before 5.1.4 for Android downloads ...)
NOT-FOR-US: Google I/O 2017 application
CVE-2017-9044 (The print_symbol_for_build_attribute function in readelf.c in GNU ...)
@@ -236,8 +278,8 @@
- wordpress 4.7.5+dfsg-1 (bug #862816)
NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
NOTE: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
-CVE-2017-9024
- RESERVED
+CVE-2017-9024 (Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes ...)
+ TODO: check
CVE-2017-9023
RESERVED
CVE-2017-9022
@@ -3842,8 +3884,8 @@
NOT-FOR-US: dde-daemon
CVE-2017-7621 (Cross Site Scripting Vulnerability in core-eMLi in AuroMeera ...)
NOT-FOR-US: core-eMLi
-CVE-2017-7620
- RESERVED
+CVE-2017-7620 (MantisBT before 2.4.1 allows Permalink Injection via CSRF attacks on a ...)
+ TODO: check
CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to ...)
{DLA-922-1}
- linux 4.9.25-1
More information about the Secure-testing-commits
mailing list