[Secure-testing-commits] r56588 - data/CVE

Tue Oct 10 21:10:16 UTC 2017

Author: sectracker
Date: 2017-10-10 21:10:16 +0000 (Tue, 10 Oct 2017)
New Revision: 56588

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-10-10 20:29:04 UTC (rev 56587)
+++ data/CVE/list	2017-10-10 21:10:16 UTC (rev 56588)
@@ -284,35 +284,50 @@
 	RESERVED
 CVE-2017-15079 (The Smush Image Compression and Optimization plugin before 2.7.6 for ...)
 	NOT-FOR-US: Smush Image Compression and Optimization plugin for WordPress
-CVE-2017-15078 (The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris ...)
+CVE-2017-15078
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15077 (The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal ...)
+CVE-2017-15077
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15076 (** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra ...)
+CVE-2017-15076
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15075 (The Intel Puma 5, 6, and 7 chips, as used on various Technicolor ...)
+CVE-2017-15075
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15074 (The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow ...)
+CVE-2017-15074
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15073 (The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server ...)
+CVE-2017-15073
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15072 (The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, ...)
+CVE-2017-15072
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15071 (The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, ...)
+CVE-2017-15071
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15070 (The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, ...)
+CVE-2017-15070
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15069 (The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, ...)
+CVE-2017-15069
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15068 (The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded ...)
+CVE-2017-15068
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15067 (The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, ...)
+CVE-2017-15067
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15066 (The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box ...)
+CVE-2017-15066
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15065 (The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow ...)
+CVE-2017-15065
+	REJECTED
 	NOT-FOR-US: Intel
-CVE-2017-15064 (The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, ...)
+CVE-2017-15064
+	REJECTED
 	NOT-FOR-US: Intel
 CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing an attacker ...)
 	- koji <unfixed> (bug #877921)
@@ -1172,6 +1187,7 @@
 CVE-2017-14768
 	RESERVED
 CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d
@@ -2700,6 +2716,7 @@
 	NOTE: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
 	NOTE: https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
 CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
@@ -2709,10 +2726,12 @@
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b
 CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
 CVE-2017-14222 (In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382
@@ -2824,14 +2843,17 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
 CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7
 CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2
 CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
@@ -3224,26 +3246,32 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48
 CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
 CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
 CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329
 CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
 CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
 CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...)
+	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49
@@ -4097,7 +4125,7 @@
 	NOTE: This is in libxkbfile in wheezy
 CVE-2017-13722 [pcfGetProperties: Check string boundaries]
 	RESERVED
-	{DLA-1126-1}
+	{DSA-3995-1 DLA-1126-1}
 	- libxfont 1:2.0.1-4
 	- libxfont1 <unfixed> (unimportant)
 	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
@@ -4108,7 +4136,7 @@
 	NOTE: In wheezy this is possibly libxext, src/XShm.c?
 CVE-2017-13720 [Check for end of string in PatternMatch]
 	RESERVED
-	{DLA-1126-1}
+	{DSA-3995-1 DLA-1126-1}
 	- libxfont 1:2.0.1-4
 	- libxfont1 <unfixed> (unimportant)
 	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
@@ -4275,16 +4303,16 @@
 	RESERVED
 CVE-2017-13680
 	RESERVED
-CVE-2017-13679
-	RESERVED
+CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...)
+	TODO: check
 CVE-2017-13678
 	RESERVED
 CVE-2017-13677
 	RESERVED
 CVE-2017-13676 (Norton Remove & Reinstall can be susceptible to a DLL preloading ...)
 	NOT-FOR-US: Symantec
-CVE-2017-13675
-	RESERVED
+CVE-2017-13675 (A denial of service (DoS) attack in Symantec Endpoint Encryption ...)
+	TODO: check
 CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...)
 	NOT-FOR-US: Symantec ProxyClient
 CVE-2017-13673 (The vga display update in mis-calculated the region for the dirty ...)


