[Secure-testing-commits] r57198 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Nov 1 09:10:18 UTC 2017
Author: sectracker
Date: 2017-11-01 09:10:18 +0000 (Wed, 01 Nov 2017)
New Revision: 57198
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-01 07:52:47 UTC (rev 57197)
+++ data/CVE/list 2017-11-01 09:10:18 UTC (rev 57198)
@@ -1,3 +1,219 @@
+CVE-2017-16351
+ RESERVED
+CVE-2017-16350
+ RESERVED
+CVE-2017-16349
+ RESERVED
+CVE-2017-16348
+ RESERVED
+CVE-2017-16347
+ RESERVED
+CVE-2017-16346
+ RESERVED
+CVE-2017-16345
+ RESERVED
+CVE-2017-16344
+ RESERVED
+CVE-2017-16343
+ RESERVED
+CVE-2017-16342
+ RESERVED
+CVE-2017-16341
+ RESERVED
+CVE-2017-16340
+ RESERVED
+CVE-2017-16339
+ RESERVED
+CVE-2017-16338
+ RESERVED
+CVE-2017-16337
+ RESERVED
+CVE-2017-16336
+ RESERVED
+CVE-2017-16335
+ RESERVED
+CVE-2017-16334
+ RESERVED
+CVE-2017-16333
+ RESERVED
+CVE-2017-16332
+ RESERVED
+CVE-2017-16331
+ RESERVED
+CVE-2017-16330
+ RESERVED
+CVE-2017-16329
+ RESERVED
+CVE-2017-16328
+ RESERVED
+CVE-2017-16327
+ RESERVED
+CVE-2017-16326
+ RESERVED
+CVE-2017-16325
+ RESERVED
+CVE-2017-16324
+ RESERVED
+CVE-2017-16323
+ RESERVED
+CVE-2017-16322
+ RESERVED
+CVE-2017-16321
+ RESERVED
+CVE-2017-16320
+ RESERVED
+CVE-2017-16319
+ RESERVED
+CVE-2017-16318
+ RESERVED
+CVE-2017-16317
+ RESERVED
+CVE-2017-16316
+ RESERVED
+CVE-2017-16315
+ RESERVED
+CVE-2017-16314
+ RESERVED
+CVE-2017-16313
+ RESERVED
+CVE-2017-16312
+ RESERVED
+CVE-2017-16311
+ RESERVED
+CVE-2017-16310
+ RESERVED
+CVE-2017-16309
+ RESERVED
+CVE-2017-16308
+ RESERVED
+CVE-2017-16307
+ RESERVED
+CVE-2017-16306
+ RESERVED
+CVE-2017-16305
+ RESERVED
+CVE-2017-16304
+ RESERVED
+CVE-2017-16303
+ RESERVED
+CVE-2017-16302
+ RESERVED
+CVE-2017-16301
+ RESERVED
+CVE-2017-16300
+ RESERVED
+CVE-2017-16299
+ RESERVED
+CVE-2017-16298
+ RESERVED
+CVE-2017-16297
+ RESERVED
+CVE-2017-16296
+ RESERVED
+CVE-2017-16295
+ RESERVED
+CVE-2017-16294
+ RESERVED
+CVE-2017-16293
+ RESERVED
+CVE-2017-16292
+ RESERVED
+CVE-2017-16291
+ RESERVED
+CVE-2017-16290
+ RESERVED
+CVE-2017-16289
+ RESERVED
+CVE-2017-16288
+ RESERVED
+CVE-2017-16287
+ RESERVED
+CVE-2017-16286
+ RESERVED
+CVE-2017-16285
+ RESERVED
+CVE-2017-16284
+ RESERVED
+CVE-2017-16283
+ RESERVED
+CVE-2017-16282
+ RESERVED
+CVE-2017-16281
+ RESERVED
+CVE-2017-16280
+ RESERVED
+CVE-2017-16279
+ RESERVED
+CVE-2017-16278
+ RESERVED
+CVE-2017-16277
+ RESERVED
+CVE-2017-16276
+ RESERVED
+CVE-2017-16275
+ RESERVED
+CVE-2017-16274
+ RESERVED
+CVE-2017-16273
+ RESERVED
+CVE-2017-16272
+ RESERVED
+CVE-2017-16271
+ RESERVED
+CVE-2017-16270
+ RESERVED
+CVE-2017-16269
+ RESERVED
+CVE-2017-16268
+ RESERVED
+CVE-2017-16267
+ RESERVED
+CVE-2017-16266
+ RESERVED
+CVE-2017-16265
+ RESERVED
+CVE-2017-16264
+ RESERVED
+CVE-2017-16263
+ RESERVED
+CVE-2017-16262
+ RESERVED
+CVE-2017-16261
+ RESERVED
+CVE-2017-16260
+ RESERVED
+CVE-2017-16259
+ RESERVED
+CVE-2017-16258
+ RESERVED
+CVE-2017-16257
+ RESERVED
+CVE-2017-16256
+ RESERVED
+CVE-2017-16255
+ RESERVED
+CVE-2017-16254
+ RESERVED
+CVE-2017-16253
+ RESERVED
+CVE-2017-16252
+ RESERVED
+CVE-2017-16251
+ RESERVED
+CVE-2017-16250
+ RESERVED
+CVE-2017-16249
+ RESERVED
+CVE-2017-16247
+ RESERVED
+CVE-2017-16246
+ RESERVED
+CVE-2017-16245
+ RESERVED
+CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) ...)
+ TODO: check
+CVE-2017-16243
+ RESERVED
CVE-2017-16242
RESERVED
CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...)
@@ -8,7 +224,7 @@
CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...)
- vim <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
-CVE-2017-16248 [leaks files without extention, inadvertently]
+CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows ...)
- libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558
CVE-2017-16241
@@ -1904,8 +2120,8 @@
NOT-FOR-US: ILIAS
CVE-2017-15536
RESERVED
-CVE-2017-15535
- RESERVED
+CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...)
+ TODO: check
CVE-2017-15534
RESERVED
CVE-2017-15533
@@ -3127,7 +3343,7 @@
- koji <unfixed> (bug #877921)
NOTE: https://pagure.io/koji/issue/563
NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
-CVE-2017-1000257 [curl: IMAP FETCH response out of bounds read]
+CVE-2017-1000257 (An IMAP FETCH response line indicates the size of the returned data, ...)
{DSA-4007-1 DLA-1143-1}
- curl 7.56.1-1
NOTE: https://curl.haxx.se/docs/adv_20171023.html
@@ -5202,10 +5418,10 @@
RESERVED
CVE-2017-14377
RESERVED
-CVE-2017-14376
- RESERVED
-CVE-2017-14375
- RESERVED
+CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ...)
+ TODO: check
+CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...)
+ TODO: check
CVE-2017-14374
RESERVED
CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a ...)
@@ -5848,6 +6064,7 @@
CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in ...)
- openjpeg2 <not-affected> (Incomplete fix for CVE-2017-14152 not applied)
CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...)
+ {DSA-4013-1}
- openjpeg2 2.3.0-1 (bug #874431)
NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/
NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
@@ -6275,8 +6492,8 @@
RESERVED
CVE-2017-14028
RESERVED
-CVE-2017-14027
- RESERVED
+CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...)
+ TODO: check
CVE-2017-14026
RESERVED
CVE-2017-14025
@@ -6287,8 +6504,8 @@
RESERVED
CVE-2017-14022
RESERVED
-CVE-2017-14021
- RESERVED
+CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...)
+ TODO: check
CVE-2017-14020
RESERVED
CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...)
@@ -7124,16 +7341,19 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage function ...)
+ {DSA-4013-1}
- openjpeg2 2.3.0-1 (bug #874115)
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
NOTE: https://github.com/uclouvain/openjpeg/issues/997
CVE-2017-14040 (An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG ...)
+ {DSA-4013-1}
- openjpeg2 2.3.0-1 (bug #874117)
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
NOTE: https://github.com/uclouvain/openjpeg/issues/995
CVE-2017-14039 (A heap-based buffer overflow was discovered in the opj_t2_encode_packet ...)
+ {DSA-4013-1}
- openjpeg2 2.3.0-1 (bug #874118)
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
@@ -47996,6 +48216,7 @@
- moin 1.9.9-1 (bug #844338)
NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd
CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of ...)
+ {DSA-4013-1}
- openjpeg2 2.1.2-1.2 (bug #844557)
NOTE: https://github.com/uclouvain/openjpeg/issues/861
NOTE: https://github.com/uclouvain/openjpeg/commit/c22cbd8bdf8ff2ae372f94391a4be2d322b36b41
@@ -61449,7 +61670,7 @@
- chromium-browser 53.0.2785.89-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5152 (Integer overflow in the opj_tcd_get_decoded_tile_size function in ...)
- {DSA-3660-1}
+ {DSA-4013-1 DSA-3660-1}
- openjpeg2 2.1.2-1.2
- chromium-browser 53.0.2785.89-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -72770,7 +72991,7 @@
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1628 (pi.c in OpenJPEG, as used in PDFium in Google Chrome before ...)
- {DSA-3486-1}
+ {DSA-4013-1 DSA-3486-1}
- openjpeg <removed>
[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
More information about the Secure-testing-commits
mailing list