[Secure-testing-commits] r56588 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Oct 10 21:10:16 UTC 2017
Author: sectracker
Date: 2017-10-10 21:10:16 +0000 (Tue, 10 Oct 2017)
New Revision: 56588
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-10 20:29:04 UTC (rev 56587)
+++ data/CVE/list 2017-10-10 21:10:16 UTC (rev 56588)
@@ -284,35 +284,50 @@
RESERVED
CVE-2017-15079 (The Smush Image Compression and Optimization plugin before 2.7.6 for ...)
NOT-FOR-US: Smush Image Compression and Optimization plugin for WordPress
-CVE-2017-15078 (The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris ...)
+CVE-2017-15078
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15077 (The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal ...)
+CVE-2017-15077
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15076 (** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra ...)
+CVE-2017-15076
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15075 (The Intel Puma 5, 6, and 7 chips, as used on various Technicolor ...)
+CVE-2017-15075
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15074 (The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow ...)
+CVE-2017-15074
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15073 (The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server ...)
+CVE-2017-15073
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15072 (The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, ...)
+CVE-2017-15072
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15071 (The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, ...)
+CVE-2017-15071
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15070 (The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, ...)
+CVE-2017-15070
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15069 (The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, ...)
+CVE-2017-15069
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15068 (The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded ...)
+CVE-2017-15068
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15067 (The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, ...)
+CVE-2017-15067
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15066 (The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box ...)
+CVE-2017-15066
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15065 (The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow ...)
+CVE-2017-15065
+ REJECTED
NOT-FOR-US: Intel
-CVE-2017-15064 (The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, ...)
+CVE-2017-15064
+ REJECTED
NOT-FOR-US: Intel
CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing an attacker ...)
- koji <unfixed> (bug #877921)
@@ -1172,6 +1187,7 @@
CVE-2017-14768
RESERVED
CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d
@@ -2700,6 +2716,7 @@
NOTE: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
NOTE: https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
@@ -2709,10 +2726,12 @@
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b
CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
CVE-2017-14222 (In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382
@@ -2824,14 +2843,17 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7
CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2
CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
@@ -3224,26 +3246,32 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48
CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329
CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...)
+ {DSA-3996-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49
@@ -4097,7 +4125,7 @@
NOTE: This is in libxkbfile in wheezy
CVE-2017-13722 [pcfGetProperties: Check string boundaries]
RESERVED
- {DLA-1126-1}
+ {DSA-3995-1 DLA-1126-1}
- libxfont 1:2.0.1-4
- libxfont1 <unfixed> (unimportant)
NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
@@ -4108,7 +4136,7 @@
NOTE: In wheezy this is possibly libxext, src/XShm.c?
CVE-2017-13720 [Check for end of string in PatternMatch]
RESERVED
- {DLA-1126-1}
+ {DSA-3995-1 DLA-1126-1}
- libxfont 1:2.0.1-4
- libxfont1 <unfixed> (unimportant)
NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
@@ -4275,16 +4303,16 @@
RESERVED
CVE-2017-13680
RESERVED
-CVE-2017-13679
- RESERVED
+CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...)
+ TODO: check
CVE-2017-13678
RESERVED
CVE-2017-13677
RESERVED
CVE-2017-13676 (Norton Remove & Reinstall can be susceptible to a DLL preloading ...)
NOT-FOR-US: Symantec
-CVE-2017-13675
- RESERVED
+CVE-2017-13675 (A denial of service (DoS) attack in Symantec Endpoint Encryption ...)
+ TODO: check
CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...)
NOT-FOR-US: Symantec ProxyClient
CVE-2017-13673 (The vga display update in mis-calculated the region for the dirty ...)
More information about the Secure-testing-commits
mailing list