[Secure-testing-commits] r56464 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Oct 6 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-10-06 21:10:13 +0000 (Fri, 06 Oct 2017)
New Revision: 56464

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-06 21:00:09 UTC (rev 56463)
+++ data/CVE/list	2017-10-06 21:10:13 UTC (rev 56464)
@@ -1,3 +1,47 @@
+CVE-2017-15083
+	RESERVED
+CVE-2017-15082
+	RESERVED
+CVE-2017-15081
+	RESERVED
+CVE-2017-15080
+	RESERVED
+CVE-2017-15079 (The Smush Image Compression and Optimization plugin before 2.7.6 for ...)
+	TODO: check
+CVE-2017-15078 (The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris ...)
+	TODO: check
+CVE-2017-15077 (The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal ...)
+	TODO: check
+CVE-2017-15076 (** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra ...)
+	TODO: check
+CVE-2017-15075 (The Intel Puma 5, 6, and 7 chips, as used on various Technicolor ...)
+	TODO: check
+CVE-2017-15074 (The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow ...)
+	TODO: check
+CVE-2017-15073 (The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server ...)
+	TODO: check
+CVE-2017-15072 (The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, ...)
+	TODO: check
+CVE-2017-15071 (The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, ...)
+	TODO: check
+CVE-2017-15070 (The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, ...)
+	TODO: check
+CVE-2017-15069 (The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, ...)
+	TODO: check
+CVE-2017-15068 (The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded ...)
+	TODO: check
+CVE-2017-15067 (The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, ...)
+	TODO: check
+CVE-2017-15066 (The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box ...)
+	TODO: check
+CVE-2017-15065 (The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow ...)
+	TODO: check
+CVE-2017-15064 (The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, ...)
+	TODO: check
+CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing an attacker ...)
+	TODO: check
+CVE-2017-1000255
+	RESERVED
 CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2017-15062
@@ -35,10 +79,10 @@
 CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...)
 	- redis <unfixed>
 	NOTE: https://github.com/antirez/redis/issues/4278
-CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow, a different ...)
+CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples ...)
 	- lame <unfixed>
 	NOTE: https://sourceforge.net/p/lame/bugs/479/
-CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read, a different ...)
+CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in ...)
 	- lame <unfixed>
 	NOTE: https://sourceforge.net/p/lame/bugs/478/
 CVE-2017-15044
@@ -1597,7 +1641,7 @@
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45
 CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote ...)
-	{DSA-3989-1}
+	{DSA-3989-1 DLA-1124-1}
 	- dnsmasq 2.78-1
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262
@@ -1608,12 +1652,12 @@
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033
 CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote ...)
-	{DSA-3989-1}
+	{DSA-3989-1 DLA-1124-1}
 	- dnsmasq 2.78-1
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10
 CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote ...)
-	{DSA-3989-1}
+	{DSA-3989-1 DLA-1124-1}
 	- dnsmasq 2.78-1
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
@@ -2559,8 +2603,8 @@
 	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
 	NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
 	NOTE: https://github.com/uclouvain/openjpeg/issues/982
-CVE-2017-1000254 [FTP PWD response parser out of bounds read]
-	{DLA-1121-1}
+CVE-2017-1000254 (libcurl may read outside of a heap allocated buffer when doing FTP. ...)
+	{DSA-3992-1 DLA-1121-1}
 	- curl <unfixed> (bug #877671)
 	NOTE: https://curl.haxx.se/docs/adv_20171004.html
 	NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
@@ -5157,10 +5201,10 @@
 	RESERVED
 CVE-2017-13070
 	RESERVED
-CVE-2017-13069
-	RESERVED
-CVE-2017-13068
-	RESERVED
+CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities found in ...)
+	TODO: check
+CVE-2017-13068 (QNAP has already patched this vulnerability. This security concern ...)
+	TODO: check
 CVE-2017-13067 (QNAP has patched a remote code execution vulnerability affecting the ...)
 	NOT-FOR-US: QNAP
 CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the function ...)
@@ -6817,12 +6861,13 @@
 CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...)
 	NOT-FOR-US: SpiderControl SCADA Web Server
 CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user can pass a numerical ...)
+	{DSA-3992-1}
 	- curl 7.55.0-1 (bug #871554)
 	[wheezy] - curl <not-affected> (Vulnerable code not present, introduced later in 7.34.0)
 	NOTE: https://curl.haxx.se/docs/adv_20170809A.html
 	NOTE: https://curl.haxx.se/CVE-2017-1000101.patch
 CVE-2017-1000100 (When doing a TFTP transfer and curl/libcurl is given a URL that ...)
-	{DLA-1062-1}
+	{DSA-3992-1 DLA-1062-1}
 	- curl 7.55.0-1 (bug #871555)
 	NOTE: https://curl.haxx.se/docs/adv_20170809B.html
 	NOTE: https://curl.haxx.se/CVE-2017-1000100.patch
@@ -10844,7 +10889,7 @@
 	NOT-FOR-US: Pulse Connect Secure
 CVE-2017-11192
 	RESERVED
-CVE-2017-11191 (FreeIPA 4.x with API version 2.213 allows a remote authenticated users ...)
+CVE-2017-11191 (** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote ...)
 	- freeipa <unfixed>
 CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...)
 	- unrar-free <unfixed> (unimportant)
@@ -16383,10 +16428,10 @@
 	RESERVED
 CVE-2017-9274
 	RESERVED
-CVE-2017-9273
-	RESERVED
-CVE-2017-9272
-	RESERVED
+CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be ...)
+	TODO: check
+CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be ...)
+	TODO: check
 CVE-2017-9271
 	RESERVED
 CVE-2017-9270
@@ -83552,8 +83597,7 @@
 	NOTE: http://security.libvirt.org/2015/0003.html
 	NOTE: Broken by https://libvirt.org/git/?p=libvirt.git;a=commit;h=155ca616eb231181f6978efc9e3a1eb0eb60af8a (v1.2.14-rc1)
 	NOTE: and by https://libvirt.org/git/?p=libvirt.git;a=commit;h=7c2d65dde2595c07d56aad1e043f7b1836592d89 (v1.2.16-rc1)
-CVE-2015-5246
-	RESERVED
+CVE-2015-5246 (The LDAP Authentication functionality in Foreman might allow remote ...)
 	- foreman <itp> (bug #663101)
 CVE-2015-5245 (CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw ...)
 	[experimental] - ceph 0.94.3-1
@@ -92918,8 +92962,7 @@
 	NOTE: present since release_candidate_2013-10-28
 	NOTE: https://github.com/splitbrain/dokuwiki/issues/1056
 	NOTE: https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
-CVE-2015-2158 [pngcrush_measure_idat() off-by-one error]
-	RESERVED
+CVE-2015-2158 (Off-by-one error in the pngcrush_measure_idat function in pngcrush.c ...)
 	- pngcrush <not-affected> (Vulnerable code not present)
 	NOTE: Introduced by http://sourceforge.net/p/pmt/code/ci/e1a36a9639e2db16494d90459c7c2b78677a20bf/ (1.7.83)
 	NOTE: Fixed by: http://sourceforge.net/p/pmt/code/ci/a1ce646d00a400fd9ec321ab5cb522f40b7bdfe6/ (1.7.84)
@@ -94229,8 +94272,7 @@
 	NOTE: code does neither of the following: 1) checking for slashes after decoding
 	NOTE: 2) checking for ordinary slashes before decoding and prohibiting overlong
 	NOTE: encodings
-CVE-2015-2297 [Remote null pointer dereference]
-	RESERVED
+CVE-2015-2297 (nanohttp in libcsoap allows remote attackers to cause a denial of ...)
 	- libcsoap <removed> (bug #778599)
 	[squeeze] - libcsoap <no-dsa> (Minor issue)
 	[wheezy] - libcsoap <no-dsa> (Minor issue)
@@ -95950,8 +95992,8 @@
 	- ffmpeg 7:2.6.1-1
 	- libav <removed>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
-CVE-2015-1206
-	RESERVED
+CVE-2015-1206 (Heap-based buffer overflow in Google Chrome before M40 allows remote ...)
+	TODO: check
 CVE-2015-1204 (Cross-site scripting (XSS) vulnerability in the Save Filters ...)
 	NOT-FOR-US: Save Filters functionality in the WP Slimstat plugin for WordPress
 CVE-2015-1190
@@ -102593,8 +102635,8 @@
 	NOT-FOR-US: ESTsoft ALUpdate
 CVE-2014-8493 (ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to ...)
 	NOT-FOR-US: ZTE ZXHN H108L
-CVE-2014-8492
-	RESERVED
+CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2014-8491
 	RESERVED
 CVE-2014-8490
@@ -103189,8 +103231,8 @@
 	NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b
 CVE-2014-8759
 	RESERVED
-CVE-2014-8758
-	RESERVED
+CVE-2014-8758 (Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin ...)
+	TODO: check
 CVE-2014-8757 (LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to ...)
 	NOT-FOR-US: LG On-Screen Phone
 CVE-2014-8756 (The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder ...)
@@ -105879,8 +105921,8 @@
 	RESERVED
 CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows remote ...)
 	NOT-FOR-US: TSUTAYA application for Android
-CVE-2014-7240
-	RESERVED
+CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form ...)
+	TODO: check
 CVE-2014-7239
 	RESERVED
 CVE-2014-7238
@@ -116949,8 +116991,7 @@
 	- wolfssl 3.4.8+dfsg-1 (bug #792646)
 	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
 	NOTE: according to maintainer addressed in 3.2.0 upstream
-CVE-2014-2903
-	RESERVED
+CVE-2014-2903 (CyaSSL does not check the key usage extension in leaf certificates, ...)
 	- cyassl <removed> (bug #770229)
 	- wolfssl 3.4.8+dfsg-1 (bug #792646)
 	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
@@ -125497,8 +125538,7 @@
 	RESERVED
 	- docker.io 1.6.0+dfsg1-1
 	NOTE: According to Red Hat bug no longer present in 1.5
-CVE-2014-0047 [multiple temporary file creation vulnerabilities]
-	RESERVED
+CVE-2014-0047 (Docker before 1.5 allows local users to have unspecified impact via ...)
 	- docker.io 1.6.0+dfsg1-1
 	NOTE: According to Red Hat bug no longer present in 1.5
 CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper in ...)

More information about the Secure-testing-commits mailing list