[Secure-testing-commits] r57987 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Nov 24 09:10:15 UTC 2017
Author: sectracker
Date: 2017-11-24 09:10:15 +0000 (Fri, 24 Nov 2017)
New Revision: 57987
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-24 07:08:06 UTC (rev 57986)
+++ data/CVE/list 2017-11-24 09:10:15 UTC (rev 57987)
@@ -1,11 +1,25 @@
-CVE-2017-16932
+CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...)
+ TODO: check
+CVE-2017-16937
+ RESERVED
+CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on Shenzhen Tenda ...)
+ TODO: check
+CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs containing a ...)
+ TODO: check
+CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execute ...)
+ TODO: check
+CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown ...)
+ TODO: check
+CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...)
+ TODO: check
+CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in ...)
- libxml2 <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
-CVE-2017-16931
+CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity references ...)
- libxml2 2.9.4+dfsg1-3.1
- [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
- [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
+ [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
+ [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956
NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050
@@ -1063,6 +1077,7 @@
CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...)
NOT-FOR-US: RemObjects Remoting SDK
CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...)
+ {DSA-4047-1}
- otrs2 5.0.24-1 (bug #882370)
NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -9548,14 +9563,14 @@
NOT-FOR-US: Moxa
CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
NOT-FOR-US: Moxa
-CVE-2017-13701
- RESERVED
+CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
+ TODO: check
CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
NOT-FOR-US: Moxa
-CVE-2017-13699
- RESERVED
-CVE-2017-13698
- RESERVED
+CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
+ TODO: check
+CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
+ TODO: check
CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...)
NOT-FOR-US: FineCMS
CVE-2017-13696
@@ -19600,7 +19615,7 @@
CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19685,7 +19700,7 @@
CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...)
NOT-FOR-US: Oracle
CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19693,7 +19708,7 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19701,7 +19716,7 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19717,13 +19732,13 @@
CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
- openjdk-7 <removed>
CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19731,7 +19746,7 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19739,7 +19754,7 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19747,7 +19762,7 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19755,7 +19770,7 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19872,7 +19887,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19904,7 +19919,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19922,7 +19937,7 @@
CVE-2017-10282
RESERVED
CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19947,7 +19962,7 @@
CVE-2017-10275 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE ...)
- {DSA-4015-1 DLA-1187-1}
+ {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -36126,6 +36141,7 @@
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5130
RESERVED
+ {DLA-1188-1}
- libxml2 2.9.4+dfsg1-5.1 (bug #880000)
[stretch] - libxml2 <no-dsa> (Minor issue)
[jessie] - libxml2 <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list