[Secure-testing-commits] r55373 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Sep 1 21:10:14 UTC 2017
Author: sectracker
Date: 2017-09-01 21:10:14 +0000 (Fri, 01 Sep 2017)
New Revision: 55373
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-01 19:47:02 UTC (rev 55372)
+++ data/CVE/list 2017-09-01 21:10:14 UTC (rev 55373)
@@ -1,7 +1,17 @@
-CVE-2017-14106 [net/ipv4: divide by 0 in __tcp_select_window()]
+CVE-2017-14109
+ RESERVED
+CVE-2017-14108
+ RESERVED
+CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 ...)
+ TODO: check
+CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...)
+ TODO: check
+CVE-2017-14104
+ RESERVED
+CVE-2017-14106 (The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel ...)
- linux 4.12.6-1
NOTE: Fixed by: https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8 (v4.12-rc3)
-CVE-2017-14103 [use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403)]
+CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in ...)
- graphicsmagick <unfixed>
[stretch] - graphicsmagick <not-affected> (Incomplete fix not applied)
[jessie] - graphicsmagick <not-affected> (Incomplete fix not applied)
@@ -982,8 +992,7 @@
[stretch] - lame <no-dsa> (Minor issue)
[jessie] - lame <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/lame/bugs/472/
-CVE-2017-13711 [Slirp: use-after-free when sending response]
- RESERVED
+CVE-2017-13711 (Use-after-free vulnerability in the sofree function in slirp/socket.c ...)
- qemu <unfixed> (bug #873875)
[stretch] - qemu <no-dsa> (Minor issue)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
@@ -1110,14 +1119,13 @@
RESERVED
CVE-2017-13675
RESERVED
-CVE-2017-13674
- RESERVED
+CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...)
+ TODO: check
CVE-2017-13673 (The vga display update in Qemu 2.8.0 through 2.9.0 mis-calculated the ...)
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
-CVE-2017-13672 [vga: OOB read access during display update]
- RESERVED
+CVE-2017-13672 (QEMU (aka Quick Emulator), when built with the VGA display emulator ...)
- qemu <unfixed> (bug #873851)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html
@@ -3445,16 +3453,13 @@
[jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
[wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
NOTE: https://simplesamlphp.org/security/201703-02
-CVE-2017-12870 [Unauthenticated encryption in CBC mode]
- RESERVED
+CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ...)
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201704-01
-CVE-2017-12869 [Authentication context bypass in the multiauth module]
- RESERVED
+CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows ...)
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201704-02
-CVE-2017-12868 [Session fixation issue and authentication bypass in the authcrypt module]
- RESERVED
+CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in ...)
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201705-01
CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 ...)
@@ -8938,14 +8943,14 @@
RESERVED
CVE-2017-10852
RESERVED
-CVE-2017-10851
- RESERVED
-CVE-2017-10850
- RESERVED
-CVE-2017-10849
- RESERVED
-CVE-2017-10848
- RESERVED
+CVE-2017-10851 (Untrusted search path vulnerability in Installer for ContentsBridge ...)
+ TODO: check
+CVE-2017-10850 (Untrusted search path vulnerability in Installers of ART EX Driver for ...)
+ TODO: check
+CVE-2017-10849 (Untrusted search path vulnerability in Self-extracting document ...)
+ TODO: check
+CVE-2017-10848 (Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 ...)
+ TODO: check
CVE-2017-10847
RESERVED
CVE-2017-10846
@@ -8982,8 +8987,8 @@
NOT-FOR-US: The CRCA user's Software system
CVE-2017-10830 (Untrusted search path vulnerability in Security Setup Tool all ...)
NOT-FOR-US: Security Setup Tool
-CVE-2017-10829
- RESERVED
+CVE-2017-10829 (Untrusted search path vulnerability in Remote Support Tool (Enkaku ...)
+ TODO: check
CVE-2017-10828 (Untrusted search path vulnerability in Flets Install Tool all versions ...)
NOT-FOR-US: Flets Install Tool
CVE-2017-10827 (Untrusted search path vulnerability in Flets Azukeru for Windows Auto ...)
@@ -18570,7 +18575,7 @@
RESERVED
CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key recovery]
RESERVED
- {DSA-3901-1 DLA-1080-1 DLA-1015-1}
+ {DSA-3960-1 DSA-3901-1 DLA-1080-1 DLA-1015-1}
- libgcrypt20 1.7.8-1
- libgcrypt11 <removed>
- gnupg2 <not-affected> (Uses system libgcrypt)
@@ -29457,10 +29462,10 @@
RESERVED
CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense ...)
NOT-FOR-US: Intel antivirus
-CVE-2017-3898
- RESERVED
-CVE-2017-3897
- RESERVED
+CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based ...)
+ TODO: check
+CVE-2017-3897 (A Code Injection vulnerability in the non-certificate-based ...)
+ TODO: check
CVE-2017-3896 (Unvalidated parameter vulnerability in the remote log viewing ...)
NOT-FOR-US: Intel McAfee
CVE-2017-3895
@@ -73291,8 +73296,8 @@
NOT-FOR-US: Juniper
CVE-2015-7748 (Juniper chassis with Trio (Trinity) chipset line cards and Junos OS ...)
NOT-FOR-US: Juniper
-CVE-2015-7746
- RESERVED
+CVE-2015-7746 (NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows ...)
+ TODO: check
CVE-2015-7745
RESERVED
CVE-2015-7744 (wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...)
@@ -111076,7 +111081,7 @@
RESERVED
CVE-2014-3713
RESERVED
-CVE-2014-3712 (Katello allows remote attackers to cause a denial foser service ...)
+CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory ...)
NOT-FOR-US: Katello
CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause ...)
{DSA-3070-1}
@@ -142834,7 +142839,7 @@
NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop ...)
NOT-FOR-US: SAMEDIA LandShop
-CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classees in the ARDoc ActiveX ...)
+CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX ...)
NOT-FOR-US: Quest in Trust
CVE-2012-5896 (The Annotation Objects Extension ActiveX control in AnnotateX.dll in ...)
NOT-FOR-US: Quest in Trust
@@ -161160,7 +161165,7 @@
- kfreebsd-7 <removed>
CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) ...)
NOT-FOR-US: DB2
-CVE-2011-4060 (The runtime linker in QNX Neutrino RTOS 6.5.0 does not properly clear ...)
+CVE-2011-4060 (The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 ...)
NOT-FOR-US: QNX
CVE-2011-4059
RESERVED
More information about the Secure-testing-commits
mailing list