[Secure-testing-commits] r55680 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Sep 12 09:10:12 UTC 2017 

Author: sectracker
Date: 2017-09-12 09:10:12 +0000 (Tue, 12 Sep 2017)
New Revision: 55680

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-12 08:15:55 UTC (rev 55679)
+++ data/CVE/list	2017-09-12 09:10:12 UTC (rev 55680)
@@ -1,3 +1,61 @@
+CVE-2017-14340
+	RESERVED
+CVE-2017-14339
+	RESERVED
+CVE-2017-14338
+	RESERVED
+CVE-2017-14337
+	RESERVED
+CVE-2017-14336
+	RESERVED
+CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because user-controlled input ...)
+	TODO: check
+CVE-2017-14334
+	RESERVED
+CVE-2017-14333 (The process_version_sections function in readelf.c in GNU Binutils 2.29 ...)
+	TODO: check
+CVE-2017-14332
+	RESERVED
+CVE-2017-14331
+	RESERVED
+CVE-2017-14330
+	RESERVED
+CVE-2017-14329
+	RESERVED
+CVE-2017-14328
+	RESERVED
+CVE-2017-14327
+	RESERVED
+CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
+	TODO: check
+CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
+	TODO: check
+CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
+	TODO: check
+CVE-2017-14323
+	RESERVED
+CVE-2017-14322
+	RESERVED
+CVE-2017-14321
+	RESERVED
+CVE-2017-14320
+	RESERVED
+CVE-2017-14319
+	RESERVED
+CVE-2017-14318
+	RESERVED
+CVE-2017-14317
+	RESERVED
+CVE-2017-14316
+	RESERVED
+CVE-2017-14315
+	RESERVED
+CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in ...)
+	TODO: check
+CVE-2017-14312 (Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root ...)
+	TODO: check
+CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for ...)
+	TODO: check
 CVE-2017-XXXX [XSA 235]
 	- xen <unfixed>
 	[stretch] - xen 4.8.1-1+deb9u3
@@ -98,7 +156,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/11/1
 	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
-CVE-2017-14313 [XSS due to add_query_arg]
+CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...)
 	- wordpress-shibboleth 1.8-1 (bug #874416)
 	NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
 	NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/
@@ -108,8 +166,8 @@
 	NOT-FOR-US: EE 4GEE WiFi MBB
 CVE-2017-14267 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related ...)
 	NOT-FOR-US: EE 4GEE WiFi MBB
-CVE-2017-14266
-	RESERVED
+CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow ...)
+	TODO: check
 CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...)
 	- libraw <unfixed>
 	NOTE: https://github.com/LibRaw/LibRaw/issues/99
@@ -4191,6 +4249,7 @@
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201708-01
 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-230.html
 CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is ...)
@@ -5970,6 +6029,7 @@
 CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in ...)
 	NOT-FOR-US: XOOPS
 CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-227.html
 CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x ...)
@@ -5979,6 +6039,7 @@
 	[wheezy] - xen <not-affected> (Only affects 4.6 and later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-228.html
 CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-226.html
 CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in ...)
@@ -12395,12 +12456,15 @@
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-225.html
 CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO region ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure sufficient ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...)
@@ -12410,9 +12474,11 @@
 	[wheezy] - xen <not-affected> (arm not supported)
 	NOTE: https://xenbits.xen.org/xsa/advisory-223.html
 CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-222.html
 CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled event ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-221.html
@@ -12423,15 +12489,19 @@
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-220.html
 CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-219.html
 CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race condition ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-218.html
 CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false mapping ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-218.html
 CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest OS users ...)
+	{DSA-3969-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-217.html
 CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...)
@@ -18297,7 +18367,7 @@
 	RESERVED
 CVE-2017-7809
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
@@ -18306,7 +18376,7 @@
 	- firefox 55.0-1
 CVE-2017-7807
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
@@ -18322,25 +18392,25 @@
 	- icedove <not-affected> (Windows-specific)
 CVE-2017-7803
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7802
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7801
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7800
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
@@ -18367,13 +18437,13 @@
 	RESERVED
 CVE-2017-7792
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7791
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
@@ -18389,25 +18459,25 @@
 	- firefox 55.0-1
 CVE-2017-7787
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7786
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7785
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7784
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
@@ -18427,7 +18497,7 @@
 	- firefox 55.0-1
 CVE-2017-7779
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
@@ -18612,7 +18682,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754
 CVE-2017-7753
 	RESERVED
-	{DSA-3928-1 DLA-1087-1 DLA-1053-1}
+	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
 	- firefox 55.0-1
 	- firefox-esr 52.3.0esr-1
 	- icedove 1:52.3.0-1 (bug #872834)
@@ -18702,10 +18772,10 @@
 	NOT-FOR-US: Fortinet
 CVE-2017-7736
 	RESERVED
-CVE-2017-7735
-	RESERVED
-CVE-2017-7734
-	RESERVED
+CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
+	TODO: check
+CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
+	TODO: check
 CVE-2017-7733
 	RESERVED
 CVE-2017-7732
@@ -32999,12 +33069,12 @@
 	NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434
 CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD ...)
 	NOT-FOR-US: Fortinet FortiWLC-SD
-CVE-2017-3133
-	RESERVED
-CVE-2017-3132
-	RESERVED
-CVE-2017-3131
-	RESERVED
+CVE-2017-3133 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
+	TODO: check
+CVE-2017-3132 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
+	TODO: check
+CVE-2017-3131 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
+	TODO: check
 CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 5.6.0, ...)
 	NOT-FOR-US: Fortinet
 CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions ...)

More information about the Secure-testing-commits mailing list