[Secure-testing-commits] r55483 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Sep 5 21:10:16 UTC 2017
Author: sectracker
Date: 2017-09-05 21:10:16 +0000 (Tue, 05 Sep 2017)
New Revision: 55483
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-05 20:35:51 UTC (rev 55482)
+++ data/CVE/list 2017-09-05 21:10:16 UTC (rev 55483)
@@ -1,4 +1,23 @@
+CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...)
+ TODO: check
+CVE-2017-14158 (Scrapy 1.4 allows remote attackers to cause a denial of service (memory ...)
+ TODO: check
+CVE-2017-14157
+ RESERVED
+CVE-2017-14156 (The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the ...)
+ TODO: check
+CVE-2017-14155
+ RESERVED
+CVE-2017-14154
+ RESERVED
+CVE-2017-14153
+ RESERVED
+CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...)
+ TODO: check
+CVE-2017-14151 (An off-by-one error was discovered in ...)
+ TODO: check
CVE-2017-1000249 [stack based buffer overflow]
+ {DSA-3965-1}
- file 1:5.32-1
[jessie] - file <not-affected> (Vulnerable code introduced later)
[wheezy] - file <not-affected> (Vulnerable code introduced later)
@@ -244,6 +263,7 @@
CVE-2017-14065
RESERVED
CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can ...)
+ {DSA-3966-1}
- ruby2.3 <unfixed> (bug #873906)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -3803,6 +3823,7 @@
CVE-2017-12795
RESERVED
CVE-2017-12794 [Possible XSS in traceback section of technical 500 debug page]
+ RESERVED
- python-django <unfixed> (low; bug #874415)
[stretch] - python-django <postponed> (Only affects debug mode)
[jessie] - python-django <postponed> (Only affects debug mode)
@@ -7024,14 +7045,17 @@
CVE-2017-11544
REJECTED
CVE-2017-11543 (tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in ...)
+ {DLA-1090-1}
- tcpdump 4.9.1-3 (bug #873806)
NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl
CVE-2017-11542 (tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print ...)
+ {DLA-1090-1}
- tcpdump 4.9.1-3 (bug #873805)
NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim
CVE-2017-11541 (tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print ...)
+ {DLA-1090-1}
- tcpdump 4.9.1-3 (bug #873804)
NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print
@@ -8466,6 +8490,7 @@
[jessie] - vim <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468492
CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers to cause a denial of service ...)
+ {DLA-1090-1}
- tcpdump 4.9.1-1 (bug #867718)
[stretch] - tcpdump <no-dsa> (Minor issue)
[jessie] - tcpdump <no-dsa> (Minor issue)
@@ -8927,12 +8952,14 @@
CVE-2017-10967 (In FineCMS before 2017-07-06, application\core\controller\config.php ...)
NOT-FOR-US: FineCMS
CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the ...)
+ {DLA-1089-1}
- irssi 1.0.4-1 (low; bug #867598)
[stretch] - irssi <no-dsa> (Minor issue)
[jessie] - irssi <no-dsa> (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...)
+ {DLA-1089-1}
- irssi 1.0.4-1 (low; bug #867598)
[stretch] - irssi <no-dsa> (Minor issue)
[jessie] - irssi <no-dsa> (Minor issue)
@@ -12500,6 +12527,7 @@
CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 ...)
NOT-FOR-US: Synology Photo Station
CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...)
+ {DSA-3966-1}
- ruby2.3 <unfixed> (bug #864860)
- ruby2.1 <removed>
[jessie] - ruby2.1 <no-dsa> (Minor issue)
@@ -24336,8 +24364,8 @@
RESERVED
CVE-2017-5717
RESERVED
-CVE-2017-5716
- RESERVED
+CVE-2017-5716 (Buffer overflow in ConnMan Project connection manager daemon version ...)
+ TODO: check
CVE-2017-5715
RESERVED
CVE-2017-5714
@@ -24372,8 +24400,8 @@
RESERVED
CVE-2017-5699
RESERVED
-CVE-2017-5698
- RESERVED
+CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, and ...)
+ TODO: check
CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of ...)
NOT-FOR-US: Intel
CVE-2017-5696
@@ -33135,8 +33163,7 @@
RESERVED
CVE-2017-2871
RESERVED
-CVE-2017-2870 [tiff: Check for integer overflows in multiplication]
- RESERVED
+CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the ...)
- gdk-pixbuf <unfixed> (bug #873787)
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
@@ -33155,8 +33182,7 @@
RESERVED
CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing ...)
NOT-FOR-US: Iceni Infix
-CVE-2017-2862 [gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability]
- RESERVED
+CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...)
- gdk-pixbuf <unfixed>
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=c2a40a92fe3df4111ed9da51fe3368c079b86926
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb
@@ -33277,10 +33303,10 @@
NOTE: https://support.zabbix.com/browse/ZBX-12075
CVE-2017-2823 (A use-after-free vulnerability exists in the .ISO parsing ...)
NOT-FOR-US: PowerISO
-CVE-2017-2822
- RESERVED
-CVE-2017-2821
- RESERVED
+CVE-2017-2822 (An exploitable code execution vulnerability exists in the image ...)
+ TODO: check
+CVE-2017-2821 (An exploitable use-after-free exists in the PDF parsing functionality ...)
+ TODO: check
CVE-2017-2820 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...)
- poppler <unfixed> (unimportant)
NOTE: Debian uses openjpeg for processing JPEG 2000 images, this advisory is
@@ -33316,10 +33342,10 @@
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
CVE-2017-2809
RESERVED
-CVE-2017-2808
- RESERVED
-CVE-2017-2807
- RESERVED
+CVE-2017-2808 (An exploitable use-after-free vulnerability exists in the account ...)
+ TODO: check
+CVE-2017-2807 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
+ TODO: check
CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...)
NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality
CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
@@ -33389,8 +33415,8 @@
- matrixssl <removed>
[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276
-CVE-2017-2779
- RESERVED
+CVE-2017-2779 (An exploitable memory corruption vulnerability exists in the RSRC ...)
+ TODO: check
CVE-2017-2778
RESERVED
CVE-2017-2777
@@ -37430,6 +37456,7 @@
CVE-2017-0903
RESERVED
CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking ...)
+ {DSA-3966-1}
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -37441,6 +37468,7 @@
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification ...)
+ {DSA-3966-1}
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -37450,6 +37478,7 @@
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
+ {DSA-3966-1}
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -37459,6 +37488,7 @@
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
+ {DSA-3966-1}
- ruby2.3 <unfixed> (unimportant; bug #873802)
- ruby2.1 <removed> (unimportant)
- ruby1.9.1 <removed> (unimportant)
@@ -45659,6 +45689,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector (IV) in ...)
+ {DSA-3966-1}
- ruby2.3 <unfixed> (bug #842432)
- ruby2.1 <removed> (bug #842544)
[jessie] - ruby2.1 <no-dsa> (Minor issue)
@@ -60585,8 +60616,7 @@
CVE-2016-3087 (Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
NOTE: https://struts.apache.org/docs/s2-033.html
-CVE-2016-3086
- RESERVED
+CVE-2016-3086 (The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x ...)
- hadoop <itp> (bug #793644)
CVE-2016-3085 (Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x ...)
NOT-FOR-US: Apache CloudStack
More information about the Secure-testing-commits
mailing list