[Secure-testing-commits] r51873 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue May 23 09:10:12 UTC 2017


Author: sectracker
Date: 2017-05-23 09:10:12 +0000 (Tue, 23 May 2017)
New Revision: 51873

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-23 09:03:59 UTC (rev 51872)
+++ data/CVE/list	2017-05-23 09:10:12 UTC (rev 51873)
@@ -1,28 +1,132 @@
-CVE-2017-9210
+CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux ...)
+	TODO: check
+CVE-2017-9200 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9199 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9198 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9197 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9196 (libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in ...)
+	TODO: check
+CVE-2017-9195 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9194 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9193 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9192 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9191 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9190 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9189 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9188 (libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be ...)
+	TODO: check
+CVE-2017-9187 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9186 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9185 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9184 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9183 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9182 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9181 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9180 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9179 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9178 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9177 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9176 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9175 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9174 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9173 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9172 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9171 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9170 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9169 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9168 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9167 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9166 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9165 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9164 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9163 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9162 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9161 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...)
+	TODO: check
+CVE-2017-9160 (libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9159 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9158 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9157 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9156 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9155 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9154 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9153 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9152 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9151 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux kernel ...)
+	TODO: check
+CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
 	- qpdf <unfixed>
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9209
+CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
 	- qpdf <unfixed>
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9208
+CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
 	- qpdf <unfixed>
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9207
+CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9206
+CVE-2017-9206 (The iw_get_ui16le function in imagew-util.c:405:23 in ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9205
+CVE-2017-9205 (The iw_get_ui16be function in imagew-util.c:422:24 in ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9204
+CVE-2017-9204 (The iw_get_ui16le function in imagew-util.c:405:23 in ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9203
+CVE-2017-9203 (imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9202
+CVE-2017-9202 (imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9201
+CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows ...)
 	NOT-FOR-US: ImageWorsener
 CVE-2017-9148
 	RESERVED
@@ -641,12 +745,12 @@
 	NOT-FOR-US: Joomla
 CVE-2017-8916
 	RESERVED
-CVE-2017-8915
-	RESERVED
-CVE-2017-8914
-	RESERVED
-CVE-2017-8913
-	RESERVED
+CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
+	TODO: check
+CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
+	TODO: check
+CVE-2017-8913 (The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 ...)
+	TODO: check
 CVE-2017-8912 (** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2017-8911 (An integer underflow has been identified in the unicode_to_utf8() ...)
@@ -1935,8 +2039,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e23d04984a78490d8aaa5c45724a3a334933331f (v2.2.0-rc0)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
-CVE-2017-8379 [input: host memory lekage via keyboard]
-	RESERVED
+CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka ...)
 	- qemu 1:2.8+dfsg-5 (bug #862289)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -2133,8 +2236,7 @@
 	RESERVED
 CVE-2017-8310
 	RESERVED
-CVE-2017-8309 [audio: host memory leakage via capture buffer]
-	RESERVED
+CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows ...)
 	- qemu 1:2.8+dfsg-5 (bug #862280)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -5049,8 +5151,8 @@
 	NOT-FOR-US: XOOPS
 CVE-2017-7289
 	RESERVED
-CVE-2017-7288
-	RESERVED
+CVE-2017-7288 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...)
+	TODO: check
 CVE-2017-7287
 	RESERVED
 CVE-2017-7286
@@ -5654,7 +5756,7 @@
 	{DSA-3856-1 DLA-863-1}
 	- deluge 1.3.13+git20161130.48cedf63-2 (bug #857903)
 	NOTE: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
-CVE-2017-9149 ["Clean metadata" contextual menu silently fails]
+CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to ...)
 	- mat 0.6.1-4 (bug #858058)
 	[jessie] - mat <not-affected> (Vulnerable code not present)
 	[wheezy] - mat <not-affected> (Vulnerable code not present)
@@ -6490,8 +6592,8 @@
 	NOT-FOR-US: Fiyo CMS
 CVE-2017-6822
 	RESERVED
-CVE-2017-6821
-	RESERVED
+CVE-2017-6821 (Directory traversal vulnerability in Zimbra Collaboration Suite (aka ...)
+	TODO: check
 CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is ...)
 	{DLA-855-1}
 	- roundcube 1.2.3+dfsg.1-3 (bug #857473)
@@ -6499,8 +6601,8 @@
 	NOTE: https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4
 	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124
 	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.8
-CVE-2017-6813
-	RESERVED
+CVE-2017-6813 (A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 ...)
+	TODO: check
 CVE-2017-6812 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
 	NOT-FOR-US: MaNGOSWebV4
 CVE-2017-6811 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
@@ -7046,7 +7148,7 @@
 	NOT-FOR-US: CMS Made Simple
 CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...)
 	NOT-FOR-US: CMS Made Simple
-CVE-2017-6554 (pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows ...)
+CVE-2017-6554 (pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured ...)
 	NOT-FOR-US: Quest Privilege Manager
 CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for Unix before ...)
 	NOT-FOR-US: Quest One Identity Privilege Manager for Unix
@@ -8929,10 +9031,10 @@
 	{DLA-922-1}
 	- linux 4.9.13-1 (low)
 	[jessie] - linux 3.16.43-1
-CVE-2017-5966
-	RESERVED
-CVE-2017-5965
-	RESERVED
+CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...)
+	TODO: check
+CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote ...)
+	TODO: check
 CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ...)
 	NOT-FOR-US: Emoncms
 CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The ...)
@@ -9309,8 +9411,7 @@
 	NOT-FOR-US: Unisys ClearPath
 CVE-2017-5871
 	RESERVED
-CVE-2017-5870
-	RESERVED
+CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin ...)
 	NOT-FOR-US: ViMbAdmin
 CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...)
 	NOT-FOR-US: Nuxeo
@@ -14792,8 +14893,8 @@
 	NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
 	NOTE: https://github.com/swiftmailer/swiftmailer/issues/844
 	NOTE: Fixed by https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86
-CVE-2016-10073
-	RESERVED
+CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla Forums ...)
+	TODO: check
 CVE-2016-10072 (** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' ...)
 	NOT-FOR-US: WampServer
 CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 ...)
@@ -17889,29 +17990,25 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
-CVE-2016-9843
-	RESERVED
+CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow ...)
 	- zlib 1:1.2.8.dfsg-3 (bug #847275)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9842
-	RESERVED
+CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow ...)
 	- zlib 1:1.2.8.dfsg-3 (bug #847274)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9841
-	RESERVED
+CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to ...)
 	- zlib 1:1.2.8.dfsg-4 (bug #847270)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9840
-	RESERVED
+CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ...)
 	- zlib 1:1.2.8.dfsg-3 (bug #847270)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
@@ -28279,8 +28376,7 @@
 	RESERVED
 CVE-2016-1000245
 	RESERVED
-CVE-2016-7979 [type confusion in .initialize_dsc_parser allows remote code execution]
-	RESERVED
+CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass the ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (bug #839846)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
@@ -28288,16 +28384,14 @@
 	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
-CVE-2016-7978 [reference leak in .setdevice allows use-after-free and remote code execution]
-	RESERVED
+CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (bug #839845)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
 	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
 	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
-CVE-2016-7977 [.libfile doesn't check PermitFileReading array, allowing remote file disclosure]
-	RESERVED
+CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
@@ -37075,8 +37169,8 @@
 	RESERVED
 CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP ...)
 	NOT-FOR-US: BIG-IP
-CVE-2016-5735
-	RESERVED
+CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in rwpng.c ...)
+	TODO: check
 CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...)
 	- phpmyadmin 4:4.6.3-1
 	[jessie] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in jessie)
@@ -39365,13 +39459,11 @@
 	NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
 CVE-2016-5179
 	RESERVED
-CVE-2016-5178
-	RESERVED
+CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3683-1}
 	- chromium-browser 53.0.2785.143-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5177
-	RESERVED
+CVE-2016-5177 (Use-after-free vulnerability in V8 in Google Chrome before ...)
 	{DSA-3683-1}
 	- chromium-browser 53.0.2785.143-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -50057,8 +50149,8 @@
 	RESERVED
 CVE-2016-1877
 	RESERVED
-CVE-2016-1876
-	RESERVED
+CVE-2016-1876 (The backend service process in Lenovo Solution Center (aka LSC) before ...)
+	TODO: check
 CVE-2016-1875
 	RESERVED
 CVE-2016-1874
@@ -57357,8 +57449,8 @@
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
 CVE-2015-8100 (The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for ...)
 	- net-snmp <not-affected> (Specific to packaging in OpenBSD)
-CVE-2015-8089
-	RESERVED
+CVE-2015-8089 (The GPU driver in Huawei P7 phones with software P7-L00 before ...)
+	TODO: check
 CVE-2015-8088 (Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before ...)
@@ -61107,8 +61199,7 @@
 	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2
 	NOTE: https://github.com/ganglia/ganglia-web/issues/267
-CVE-2015-6817 [authentication bypass]
-	RESERVED
+CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows ...)
 	- pgbouncer 1.6.1-1
 	[jessie] - pgbouncer <not-affected> (Introduced in 1.6)
 	[wheezy] - pgbouncer <not-affected> (Introduced in 1.6)
@@ -61727,8 +61818,8 @@
 	{DSA-3320-1 DLA-342-1}
 	- openafs 1.6.13-1
 	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
-CVE-2015-6586
-	RESERVED
+CVE-2015-6586 (The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with ...)
+	TODO: check
 CVE-2015-6585
 	RESERVED
 CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin ...)
@@ -64058,8 +64149,8 @@
 	RESERVED
 CVE-2015-5683
 	RESERVED
-CVE-2015-5682
-	RESERVED
+CVE-2015-5682 (upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows ...)
+	TODO: check
 CVE-2015-5681 (Unrestricted file upload vulnerability in upload.php in the Powerplay ...)
 	NOT-FOR-US: Powerplay Gallery plugin for WordPress
 CVE-2015-5680
@@ -64230,8 +64321,8 @@
 	NOT-FOR-US: Uconnect
 CVE-2015-5610 (The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central ...)
 	NOT-FOR-US: SolarWinds
-CVE-2015-5609
-	RESERVED
+CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export plugin 1.1 ...)
+	TODO: check
 CVE-2015-5608
 	RESERVED
 CVE-2015-5606
@@ -64606,10 +64697,10 @@
 	NOT-FOR-US: IBS Mappro plugin for WordPress
 CVE-2015-5471 (Absolute path traversal vulnerability in include/user/download.php in ...)
 	NOT-FOR-US: Swim Team plugin for WordPress
-CVE-2015-5469
-	RESERVED
-CVE-2015-5468
-	RESERVED
+CVE-2015-5469 (Absolute path traversal vulnerability in the MDC YouTube Downloader ...)
+	TODO: check
+CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop Styling ...)
+	TODO: check
 CVE-2015-5467
 	RESERVED
 CVE-2015-5466
@@ -64770,8 +64861,8 @@
 	NOT-FOR-US: HP Systems Insight Manager
 CVE-2015-5402 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...)
 	NOT-FOR-US: HP Systems Insight Manager
-CVE-2015-5401
-	RESERVED
+CVE-2015-5401 (Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 ...)
+	TODO: check
 CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows ...)
 	NOT-FOR-US: PHPVibe
 CVE-2015-5398
@@ -64894,20 +64985,17 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/6
 	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
 	NOTE: Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch
-CVE-2015-5383 [potential info disclosure from temp directory]
-	RESERVED
+CVE-2015-5383 (Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...)
 	- roundcube <not-affected> (protection is done in apache config in binary package)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490378
-CVE-2015-5382 [security improvement in contact photo handling]
-	RESERVED
+CVE-2015-5382 (program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ...)
 	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
 	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490379
-CVE-2015-5381 [XSS vulnerability in _mbox argument]
-	RESERVED
+CVE-2015-5381 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
 	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
 	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
@@ -67081,8 +67169,7 @@
 CVE-2015-4706 [IPython XSS in JSON error responses -- /api/contents path]
 	RESERVED
 	- ipython <not-affected> (Only affects 3.x)
-CVE-2015-4704
-	RESERVED
+CVE-2015-4704 (Directory traversal vulnerability in the Download Zip Attachments ...)
 	NOT-FOR-US: WordPress plugin download-zip-attachments
 CVE-2015-4703 (Absolute path traversal vulnerability in mysqldump_download.php in the ...)
 	NOT-FOR-US: WordPress plugin wp-instance-rename
@@ -67748,8 +67835,7 @@
 	{DSA-3363-1}
 	- owncloud-client 1.8.4+dfsg-1
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-009
-CVE-2015-4455
-	RESERVED
+CVE-2015-4455 (Unrestricted file upload vulnerability in includes/upload.php in the ...)
 	NOT-FOR-US: WordPress plugin aviary-image-editor-add-on-for-gravity-forms
 CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template function in ...)
 	{DSA-3295-1 DLA-255-1}
@@ -68790,8 +68876,7 @@
 	RESERVED
 CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: osCMax
-CVE-2015-4054 [remote crash/DoS - invalid packet order causes lookup of NULL pointer]
-	RESERVED
+CVE-2015-4054 (PgBouncer before 1.5.5 allows remote attackers to cause a denial of ...)
 	- pgbouncer 1.5.5-1
 	[jessie] - pgbouncer 1.5.4-6+deb8u1
 	[wheezy] - pgbouncer 1.5.2-4+deb7u1
@@ -68804,10 +68889,10 @@
 	REJECTED
 CVE-2015-8146
 	REJECTED
-CVE-2015-4046
-	RESERVED
-CVE-2015-4045
-	RESERVED
+CVE-2015-4046 (The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows ...)
+	TODO: check
+CVE-2015-4045 (The sudoers file in the asset discovery scanner in AlienVault OSSIM ...)
+	TODO: check
 CVE-2015-4044
 	RESERVED
 CVE-2015-4043
@@ -75032,8 +75117,7 @@
 	NOTE: Fixed upstream in 2.22
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/22/15
-CVE-2015-8477 [Potential XSS vulnerability when rendering some flash messages]
-	RESERVED
+CVE-2015-8477 (Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 ...)
 	- redmine 3.0~20140825-5 (low)
 	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
 	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
@@ -76433,8 +76517,8 @@
 	RESERVED
 CVE-2015-1530
 	RESERVED
-CVE-2015-1529
-	RESERVED
+CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...)
+	TODO: check
 CVE-2015-1528 (Integer overflow in the native_handle_create function in ...)
 	NOT-FOR-US: Android
 CVE-2015-1527
@@ -211374,7 +211458,7 @@
 	NOT-FOR-US: WSPortal
 CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...)
 	NOT-FOR-US: WSPortal
-CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...)
+CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause a ...)
 	- gimp <unfixed> (unimportant)
 CVE-2007-3125
 	REJECTED




More information about the Secure-testing-commits mailing list