[Secure-testing-commits] r51981 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri May 26 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-05-26 21:10:12 +0000 (Fri, 26 May 2017)
New Revision: 51981

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-26 18:31:06 UTC (rev 51980)
+++ data/CVE/list	2017-05-26 21:10:12 UTC (rev 51981)
@@ -1,3 +1,7 @@
+CVE-2017-9240
+	RESERVED
+CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function ...)
+	TODO: check
 CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the ...)
 	- exiv2 <unfixed> (bug #863410)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
@@ -362,7 +366,7 @@
 CVE-2017-9099
 	RESERVED
 CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use ...)
-	{DSA-3863-1}
+	{DSA-3863-1 DLA-953-1}
 	- imagemagick <unfixed> (bug #862967)
 	- graphicsmagick 1.3.24-1
 	NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
@@ -601,8 +605,8 @@
 	RESERVED
 CVE-2017-9022
 	RESERVED
-CVE-2017-9021
-	RESERVED
+CVE-2017-9021 (The vrend_clear dispatch function in vrend_renderer.c in virglrenderer ...)
+	TODO: check
 CVE-2017-9020
 	RESERVED
 CVE-2016-10373
@@ -1715,22 +1719,22 @@
 	RESERVED
 CVE-2017-8543
 	RESERVED
-CVE-2017-8542
-	RESERVED
-CVE-2017-8541
-	RESERVED
-CVE-2017-8540
-	RESERVED
-CVE-2017-8539
-	RESERVED
-CVE-2017-8538
-	RESERVED
-CVE-2017-8537
-	RESERVED
-CVE-2017-8536
-	RESERVED
-CVE-2017-8535
-	RESERVED
+CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
+CVE-2017-8541 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
+CVE-2017-8540 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
+CVE-2017-8539 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
+CVE-2017-8538 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
+CVE-2017-8537 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
+CVE-2017-8536 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
+CVE-2017-8535 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
 CVE-2017-8534
 	RESERVED
 CVE-2017-8533
@@ -2197,6 +2201,7 @@
 	NOTE: https://github.com/erikd/libsndfile/issues/230
 	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
 CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers ...)
+	{DLA-955-1}
 	- rzip <unfixed> (bug #861614)
 	[jessie] - rzip <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
@@ -4603,8 +4608,7 @@
 	RESERVED
 CVE-2017-7506
 	RESERVED
-CVE-2017-7505
-	RESERVED
+CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...)
 	- foreman <itp> (bug #663101)
 CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the ...)
 	NOT-FOR-US: Red Hat JBoss
@@ -6599,8 +6603,8 @@
 	NOT-FOR-US: Siemens
 CVE-2017-6863
 	RESERVED
-CVE-2017-6862
-	RESERVED
+CVE-2017-6862 (NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before ...)
+	TODO: check
 CVE-2017-6861
 	RESERVED
 CVE-2017-6860
@@ -16409,7 +16413,7 @@
 CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3858-1}
+	{DSA-3858-1 DLA-954-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -16423,7 +16427,7 @@
 CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3858-1}
+	{DSA-3858-1 DLA-954-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -16441,7 +16445,7 @@
 CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3858-1}
+	{DSA-3858-1 DLA-954-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -16459,7 +16463,7 @@
 CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3858-1}
+	{DSA-3858-1 DLA-954-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -16501,7 +16505,7 @@
 	- openjdk-7 <not-affected> (MacOSX builds only)
 	NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a
 CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-3858-1}
+	{DSA-3858-1 DLA-954-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -16509,7 +16513,7 @@
 CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
 	NOT-FOR-US: Solaris
 CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-3858-1}
+	{DSA-3858-1 DLA-954-1}
 	- openjdk-8 8u131-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
@@ -21768,8 +21772,8 @@
 	RESERVED
 CVE-2017-1326
 	RESERVED
-CVE-2017-1325
-	RESERVED
+CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
+	TODO: check
 CVE-2017-1324
 	RESERVED
 CVE-2017-1323
@@ -21834,10 +21838,10 @@
 	RESERVED
 CVE-2017-1293
 	RESERVED
-CVE-2017-1292
-	RESERVED
-CVE-2017-1291
-	RESERVED
+CVE-2017-1292 (IBM Maximo Asset Management 7.5 and 7.6 generates error messages that ...)
+	TODO: check
+CVE-2017-1291 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response ...)
+	TODO: check
 CVE-2017-1290
 	RESERVED
 CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External Entity ...)
@@ -79004,7 +79008,7 @@
 	NOT-FOR-US: Labtech
 CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows remote ...)
 	NOT-FOR-US: iPass Open Mobile
-CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the root ...)
+CVE-2015-0924 (Ceragon FibeAir IP-10 bridges have a default password for the root ...)
 	NOT-FOR-US: Ceragon FiberAir IP-10 bridges
 CVE-2015-0923 (The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron ...)
 	NOT-FOR-US: Ektron CMS
@@ -82917,8 +82921,8 @@
 	- zendframework <not-affected> (the vulnerability was introduced in the 2 series)
 	- php-zend-db <not-affected> (Fixed before initial upload to the archive)
 	NOTE: http://framework.zend.com/security/advisory/ZF2015-02
-CVE-2015-0269
-	RESERVED
+CVE-2015-0269 (Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x ...)
+	TODO: check
 CVE-2015-0268 (The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when ...)
 	- xen <not-affected> (Only affects 4.5)
 	NOTE: http://xenbits.xen.org/xsa/advisory-117.html

More information about the Secure-testing-commits mailing list