[Secure-testing-commits] r55885 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Sep 18 21:10:17 UTC 2017 

Author: sectracker
Date: 2017-09-18 21:10:17 +0000 (Mon, 18 Sep 2017)
New Revision: 55885

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-18 20:48:11 UTC (rev 55884)
+++ data/CVE/list	2017-09-18 21:10:17 UTC (rev 55885)
@@ -1,89 +1,91 @@
-CVE-2017-14580
+CVE-2017-14581
 	RESERVED
-CVE-2017-14579
-	RESERVED
-CVE-2017-14578
-	RESERVED
-CVE-2017-14577
-	RESERVED
-CVE-2017-14576
-	RESERVED
-CVE-2017-14575
-	RESERVED
-CVE-2017-14574
-	RESERVED
-CVE-2017-14573
-	RESERVED
-CVE-2017-14572
-	RESERVED
-CVE-2017-14571
-	RESERVED
-CVE-2017-14570
-	RESERVED
-CVE-2017-14569
-	RESERVED
-CVE-2017-14568
-	RESERVED
-CVE-2017-14567
-	RESERVED
-CVE-2017-14566
-	RESERVED
-CVE-2017-14565
-	RESERVED
-CVE-2017-14564
-	RESERVED
-CVE-2017-14563
-	RESERVED
-CVE-2017-14562
-	RESERVED
-CVE-2017-14561
-	RESERVED
-CVE-2017-14560
-	RESERVED
-CVE-2017-14559
-	RESERVED
-CVE-2017-14558
-	RESERVED
-CVE-2017-14557
-	RESERVED
-CVE-2017-14556
-	RESERVED
-CVE-2017-14555
-	RESERVED
-CVE-2017-14554
-	RESERVED
-CVE-2017-14553
-	RESERVED
-CVE-2017-14552
-	RESERVED
-CVE-2017-14551
-	RESERVED
-CVE-2017-14550
-	RESERVED
-CVE-2017-14549
-	RESERVED
-CVE-2017-14548
-	RESERVED
-CVE-2017-14547
-	RESERVED
-CVE-2017-14546
-	RESERVED
-CVE-2017-14545
-	RESERVED
-CVE-2017-14544
-	RESERVED
-CVE-2017-14543
-	RESERVED
-CVE-2017-14542
-	RESERVED
-CVE-2017-14541
-	RESERVED
-CVE-2017-14540
-	RESERVED
-CVE-2017-14539
-	RESERVED
-CVE-2017-14538
-	RESERVED
+CVE-2017-14580 (XnView Classic for Windows Version 2.41 allows attackers to execute ...)
+	TODO: check
+CVE-2017-14579 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14578 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14577 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14576 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14575 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14574 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14573 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14572 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14571 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14570 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14569 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14568 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14567 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14566 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14565 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14564 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14563 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14562 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14561 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14560 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14559 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14558 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14557 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14556 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14555 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14554 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14553 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14552 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14551 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14550 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14549 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14548 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14547 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14546 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14545 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14544 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14543 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14542 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14541 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+	TODO: check
+CVE-2017-14540 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14539 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14538 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+	TODO: check
 CVE-2017-14537
 	RESERVED
 CVE-2017-14536
@@ -205,6 +207,7 @@
 	- libarchive <unfixed> (bug #875966)
 	NOTE: https://github.com/libarchive/libarchive/issues/949
 CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in ...)
+	{DSA-3977-1}
 	- newsbeuter 2.9-7 (bug #876004)
 	NOTE: http://openwall.com/lists/oss-security/2017/09/16/1
 	NOTE: newsbeuter-2.9.x: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
@@ -2080,7 +2083,7 @@
 	NOT-FOR-US: ONOS
 CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. ...)
 	NOT-FOR-US: ONOS
-CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magneto2, when used with a ...)
+CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magento2, when used with a ...)
 	NOT-FOR-US: Fastly CDN module for Magento2
 CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in ...)
 	- sleuthkit <unfixed> (unimportant; bug #873724)
@@ -11668,8 +11671,7 @@
 	NOTE: http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
 CVE-2017-9799 (It was found that under some situations and configurations of Apache ...)
 	NOT-FOR-US: Apache Storm
-CVE-2017-9798
-	RESERVED
+CVE-2017-9798 (Apache httpd allows remote attackers to read secret data from process ...)
 	- apache2 <unfixed> (bug #876109)
 	NOTE: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
 	NOTE: https://github.com/hannob/optionsbleed
@@ -24548,8 +24550,8 @@
 	RESERVED
 CVE-2017-6148
 	RESERVED
-CVE-2017-6147
-	RESERVED
+CVE-2017-6147 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
+	TODO: check
 CVE-2017-6146
 	RESERVED
 CVE-2017-6145
@@ -34597,6 +34599,7 @@
 CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing ...)
 	NOT-FOR-US: Iceni Infix
 CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...)
+	{DSA-3978-1}
 	- gdk-pixbuf <unfixed> (bug #874552)
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=c2a40a92fe3df4111ed9da51fe3368c079b86926
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb
@@ -40340,8 +40343,7 @@
 	{DSA-3731-1}
 	- chromium-browser 55.0.2883.75-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-0380 [Stack disclosure in hidden services logs when SafeLogging disabled]
-	RESERVED
+CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...)
 	- tor <unfixed>
 	[jessie] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
 	[wheezy] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
@@ -107035,8 +107037,8 @@
 	RESERVED
 CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
 	NOT-FOR-US: IBM
-CVE-2014-6106
-	RESERVED
+CVE-2014-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
+	TODO: check
 CVE-2014-6105 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
 	NOT-FOR-US: IBM
 CVE-2014-6104

More information about the Secure-testing-commits mailing list