[Secure-testing-commits] r55361 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Sep 1 09:10:16 UTC 2017
Author: sectracker
Date: 2017-09-01 09:10:16 +0000 (Fri, 01 Sep 2017)
New Revision: 55361
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-01 08:12:55 UTC (rev 55360)
+++ data/CVE/list 2017-09-01 09:10:16 UTC (rev 55361)
@@ -1,3 +1,53 @@
+CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping ...)
+ TODO: check
+CVE-2017-14101
+ RESERVED
+CVE-2017-14100
+ RESERVED
+CVE-2017-14099
+ RESERVED
+CVE-2017-14098
+ RESERVED
+CVE-2017-14097
+ RESERVED
+CVE-2017-14096
+ RESERVED
+CVE-2017-14095
+ RESERVED
+CVE-2017-14094
+ RESERVED
+CVE-2017-14093
+ RESERVED
+CVE-2017-14092
+ RESERVED
+CVE-2017-14091
+ RESERVED
+CVE-2017-14090
+ RESERVED
+CVE-2017-14089
+ RESERVED
+CVE-2017-14088
+ RESERVED
+CVE-2017-14087
+ RESERVED
+CVE-2017-14086
+ RESERVED
+CVE-2017-14085
+ RESERVED
+CVE-2017-14084
+ RESERVED
+CVE-2017-14083
+ RESERVED
+CVE-2017-14082
+ RESERVED
+CVE-2017-14081
+ RESERVED
+CVE-2017-14080
+ RESERVED
+CVE-2017-14079
+ RESERVED
+CVE-2017-14078
+ RESERVED
CVE-2017-XXXX [AST-2017-007: Remote Crash Vulerability in res_pjsip]
- asterisk <unfixed> (bug #873909)
[stretch] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
@@ -13778,6 +13828,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690
NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...)
+ {DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
@@ -13797,6 +13848,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...)
+ {DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
@@ -13806,6 +13858,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...)
+ {DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
@@ -17280,8 +17333,8 @@
[jessie] - libreoffice <not-affected> (Vulnerable code not present)
[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416
-CVE-2017-7855
- RESERVED
+CVE-2017-7855 (In the webmail component in IceWarp Server 11.3.1.5, there was an XSS ...)
+ TODO: check
CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote ...)
- radare2 <not-affected> (Vulnerable code introduced later)
CVE-2017-7853 (In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can ...)
@@ -51536,8 +51589,8 @@
NOT-FOR-US: Tollgrade
CVE-2016-5796 (An issue was discovered in Fatek Automation PM Designer V3 Version ...)
NOT-FOR-US: Fatek Automation PM Designer
-CVE-2016-5795
- RESERVED
+CVE-2016-5795 (An XXE issue was discovered in Automated Logic Corporation (ALC) ...)
+ TODO: check
CVE-2016-5794
REJECTED
CVE-2016-5793 (Unquoted Windows search path vulnerability in Moxa Active OPC Server ...)
@@ -73301,8 +73354,8 @@
RESERVED
CVE-2015-7712 (Multiple eval injection vulnerabilities in ...)
NOT-FOR-US: ATutor
-CVE-2015-7711
- RESERVED
+CVE-2015-7711 (Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor ...)
+ TODO: check
CVE-2015-7710
RESERVED
CVE-2015-7709 (The arkeiad daemon in the Arkeia Backup Agent in Western Digital ...)
@@ -73386,8 +73439,8 @@
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/d7cd5e186034340402f1393e0813c7d2b14ea6ca
NOTE: https://github.com/ntp-project/ntp/commit/79604d925e4477247eee202155215e7865293809
-CVE-2015-7700
- RESERVED
+CVE-2015-7700 (Double-free vulnerability in the sPLT chunk structure and png.c in ...)
+ TODO: check
CVE-2015-7697 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...)
{DSA-3386-1 DLA-330-1}
- unzip 6.0-19 (bug #802160)
@@ -77987,8 +78040,8 @@
NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
NOTE: _gnutls_x509_dn_to_string() introduced in 3.1.10 via:
NOTE: https://gitlab.com/gnutls/gnutls/commit/6be35136333b5d6289f23209cf896e741462909a
-CVE-2015-5958
- RESERVED
+CVE-2015-5958 (phpFileManager 0.9.8 allows remote attackers to execute arbitrary ...)
+ TODO: check
CVE-2015-5956 (The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before ...)
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life> (See DSA 3314)
@@ -78788,8 +78841,7 @@
NOT-FOR-US: Symantec
CVE-2009-5148
RESERVED
-CVE-2015-5695 [Quotas were being bypassed]
- RESERVED
+CVE-2015-5695 (Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo ...)
[experimental] - designate 1:1.0.0~b2-1
- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
[jessie] - designate 2014.1-18+deb8u1
@@ -98647,12 +98699,12 @@
RESERVED
CVE-2014-8678 (The ConfigSaveServlet servlet in ManageEngine OpUtils before build ...)
NOT-FOR-US: ManageEngine OpUtils
-CVE-2014-8677
- RESERVED
-CVE-2014-8676
- RESERVED
-CVE-2014-8675
- RESERVED
+CVE-2014-8677 (The installation process for SOPlanning 1.32 and earlier allows remote ...)
+ TODO: check
+CVE-2014-8676 (Directory traversal vulnerability in the file_get_contents function in ...)
+ TODO: check
+CVE-2014-8675 (Soplanning 1.32 and earlier generates static links for sharing ICAL ...)
+ TODO: check
CVE-2014-8674
RESERVED
CVE-2014-8673
More information about the Secure-testing-commits
mailing list