[Secure-testing-commits] r56484 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Oct 7 09:02:48 UTC 2017
Author: carnil
Date: 2017-10-07 09:02:48 +0000 (Sat, 07 Oct 2017)
New Revision: 56484
Modified:
data/CVE/list
data/next-point-update.txt
Log:
Merge second round of fixes for Stretch point release (9.2)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-07 08:52:25 UTC (rev 56483)
+++ data/CVE/list 2017-10-07 09:02:48 UTC (rev 56484)
@@ -1392,7 +1392,7 @@
NOT-FOR-US: Zoho
CVE-2017-XXXX [pcb code injection by malicious layout file]
- pcb-rnd 1.2.5-2 (bug #876540)
- [stretch] - pcb-rnd <no-dsa> (Minor issue)
+ [stretch] - pcb-rnd 1.1.4-2
CVE-2017-14581 (The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 ...)
NOT-FOR-US: SAP
CVE-2017-14580 (XnView Classic for Windows Version 2.41 allows attackers to execute ...)
@@ -2382,7 +2382,7 @@
NOTE: Fixed by: https://github.com/mongodb/libbson/commit/42900956dc461dfe7fb91d93361d10737c1602b3
CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and ...)
- libwpd 0.10.2-1 (bug #876001)
- [stretch] - libwpd <no-dsa> (Minor issue)
+ [stretch] - libwpd 0.10.1-5+deb9u1
[jessie] - libwpd <no-dsa> (Minor issue)
[wheezy] - libwpd <not-affected> (Vulnerable code do not exist)
NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269
@@ -10416,7 +10416,7 @@
CVE-2017-11368 (In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker ...)
{DLA-1058-1}
- krb5 1.15.1-2 (bug #869260)
- [stretch] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
+ [stretch] - krb5 1.15-1+deb9u1
[jessie] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
NOTE: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2
CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-07-17 ...)
@@ -10481,7 +10481,7 @@
NOT-FOR-US: ASUS
CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition ...)
- yadm 1.11.1-1 (bug #868300)
- [stretch] - yadm <no-dsa> (Minor issue)
+ [stretch] - yadm 1.06-1+deb9u1
NOTE: https://github.com/TheLocehiliosan/yadm/issues/74
CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN ...)
- chicken <unfixed> (bug #870266)
@@ -11351,7 +11351,7 @@
CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid free) or ...)
{DLA-1030-1}
- vim 2:8.0.0197-5 (low; bug #867720)
- [stretch] - vim <postponed> (Minor issue)
+ [stretch] - vim 2:8.0.0197-4+deb9u1
[jessie] - vim <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468492
CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers to cause a denial of service ...)
@@ -14242,7 +14242,7 @@
CVE-2017-10140 [Berkeley DB reads DB_CONFIG from cwd]
RESERVED
- db5.3 5.3.28-13.1 (bug #872436)
- [stretch] - db5.3 <no-dsa> (Minor issue; will be fixed via point release)
+ [stretch] - db5.3 5.3.28-12+deb9u1
[jessie] - db5.3 <no-dsa> (Minor issue; will be fixed via point release)
- db5.2 <removed>
- db5.1 <removed>
@@ -14708,7 +14708,7 @@
CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and ...)
{DLA-1036-1}
- gsoap 2.8.48-1
- [stretch] - gsoap <no-dsa> (Minor issue)
+ [stretch] - gsoap 2.8.35-4+deb9u1
[jessie] - gsoap <no-dsa> (Minor issue)
NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
@@ -17852,6 +17852,7 @@
NOT-FOR-US: Allen Disk
CVE-2017-8831 (The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c ...)
- linux 4.12.6-1
+ [stretch] - linux 4.9.47-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=195559
CVE-2017-8830 (In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows ...)
{DSA-3863-1 DLA-960-1}
@@ -21699,7 +21700,7 @@
[wheezy] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported)
CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication ...)
- dnsdist 1.2.0-1 (low; bug #872854)
- [stretch] - dnsdist <no-dsa> (Minor issue)
+ [stretch] - dnsdist 1.1.0-2+deb9u1
NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html
NOTE: https://downloads.powerdns.com/patches/2017-02
CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to CSRF ...)
@@ -23525,6 +23526,7 @@
NOT-FOR-US: Broadcom driver for Android
CVE-2017-7064 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7063 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
@@ -23533,6 +23535,7 @@
NOT-FOR-US: Apple
CVE-2017-7061 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: Not covered by security support
CVE-2017-7060 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
NOT-FOR-US: Apple
@@ -23545,9 +23548,11 @@
RESERVED
CVE-2017-7056 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: Not covered by security support
CVE-2017-7055 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7054 (An issue was discovered in certain Apple products. macOS before ...)
@@ -23556,6 +23561,7 @@
NOT-FOR-US: Apple
CVE-2017-7052 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.4-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7051 (An issue was discovered in certain Apple products. macOS before ...)
@@ -23568,12 +23574,14 @@
NOTE: Not covered by security support
CVE-2017-7048 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7047 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
NOT-FOR-US: Apple
CVE-2017-7046 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7045 (An issue was discovered in certain Apple products. macOS before ...)
@@ -23598,14 +23606,17 @@
NOTE: Not covered by security support
CVE-2017-7039 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7038 (A DOMParser XSS issue was discovered in certain Apple products. iOS ...)
- webkit2gtk 2.16.3-2 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7037 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7036 (An issue was discovered in certain Apple products. macOS before ...)
@@ -23614,6 +23625,7 @@
NOT-FOR-US: Apple
CVE-2017-7034 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7033 (An issue was discovered in certain Apple products. macOS before ...)
@@ -23624,6 +23636,7 @@
NOT-FOR-US: Apple
CVE-2017-7030 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7029 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
@@ -23654,6 +23667,7 @@
NOTE: Not covered by security support
CVE-2017-7018 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
- webkit2gtk 2.16.6-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
NOTE: Not covered by security support
CVE-2017-7017 (An issue was discovered in certain Apple products. macOS before ...)
@@ -25955,7 +25969,7 @@
NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6259 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
- nvidia-graphics-drivers 375.82-1 (bug #869783)
- [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <not-affected> (Limited to E384 and E375)
@@ -25964,7 +25978,7 @@
RESERVED
CVE-2017-6257 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
- nvidia-graphics-drivers 375.82-1 (bug #869783)
- [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <not-affected> (Limited to E384 and E375)
@@ -37222,6 +37236,7 @@
NOTE: Not covered by security support
CVE-2017-2538 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
- webkit2gtk 2.16.4-1 (unimportant)
+ [stretch] - webkit2gtk 2.16.6-0+deb9u1
NOTE: Not covered by security support
CVE-2017-2537 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
@@ -50891,7 +50906,7 @@
CVE-2016-7069 [Crafted backend responses can cause a denial of service]
RESERVED
- dnsdist 1.2.0-1 (low; bug #872854)
- [stretch] - dnsdist <no-dsa> (Minor issue)
+ [stretch] - dnsdist 1.1.0-2+deb9u1
NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
NOTE: https://downloads.powerdns.com/patches/2017-01
CVE-2016-7068
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2017-10-07 08:52:25 UTC (rev 56483)
+++ data/next-point-update.txt 2017-10-07 09:02:48 UTC (rev 56484)
@@ -1,56 +1,3 @@
-CVE-2017-6257
- [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
-CVE-2017-6259
- [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
-CVE-2017-11368
- [stretch] - krb5 1.15-1+deb9u1
-CVE-2017-7064
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7061
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7056
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7055
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7052
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7048
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7046
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7039
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7038
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7037
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7034
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7030
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-7018
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-2538
- [stretch] - webkit2gtk 2.16.6-0+deb9u1
-CVE-2017-9765
- [stretch] - gsoap 2.8.35-4+deb9u1
-CVE-2016-7069
- [stretch] - dnsdist 1.1.0-2+deb9u1
-CVE-2017-7557
- [stretch] - dnsdist 1.1.0-2+deb9u1
-CVE-2017-11353
- [stretch] - yadm 1.06-1+deb9u1
-CVE-2017-8831
- [stretch] - linux 4.9.47-1
-CVE-2017-14226
- [stretch] - libwpd 0.10.1-5+deb9u1
-CVE-2017-XXXX [pcb code injection by malicious layout file]
- [stretch] - pcb-rnd 1.1.4-2
- NOTE: for #876139, #876540
-CVE-2017-10140
- [stretch] - db5.3 5.3.28-12+deb9u1
-CVE-2017-11109
- [stretch] - vim 2:8.0.0197-4+deb9u1
CVE-2017-12424
[stretch] - shadow 1:4.4-4.1+deb9u1
CVE-2017-10989
More information about the Secure-testing-commits
mailing list