[Secure-testing-commits] r55396 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Sep 2 21:10:12 UTC 2017
Author: sectracker
Date: 2017-09-02 21:10:12 +0000 (Sat, 02 Sep 2017)
New Revision: 55396
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-02 20:52:17 UTC (rev 55395)
+++ data/CVE/list 2017-09-02 21:10:12 UTC (rev 55396)
@@ -7,7 +7,7 @@
CVE-2017-XXXX [directory traversal vulnerability]
- unrar-free <unfixed> (bug #874059)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
-CVE-2017-14114 [information disclosure or denial of service]
+CVE-2017-14114 (RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...)
- rtpproxy <unfixed> (bug #874070)
NOTE: https://rtpbleed.com/
CVE-2017-14113
@@ -97,16 +97,16 @@
RESERVED
CVE-2017-14078
RESERVED
-CVE-2017-14098 [AST-2017-007: Remote Crash Vulerability in res_pjsip]
+CVE-2017-14098 (In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 ...)
- asterisk <unfixed> (bug #873909)
[stretch] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
[jessie] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
[wheezy] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27152
-CVE-2017-14100 [AST-2017-006: Shell access command injection inapp_minivm]
+CVE-2017-14100 (In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before ...)
- asterisk <unfixed> (bug #873908)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27103
-CVE-2017-14099 [AST-2017-005: Media takeover in RTP stack]
+CVE-2017-14099 (In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before ...)
- asterisk <unfixed> (bug #873907)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013
CVE-2017-14077
More information about the Secure-testing-commits
mailing list