[Secure-testing-commits] r55896 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Sep 19 09:10:18 UTC 2017
Author: sectracker
Date: 2017-09-19 09:10:18 +0000 (Tue, 19 Sep 2017)
New Revision: 55896
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-19 07:57:28 UTC (rev 55895)
+++ data/CVE/list 2017-09-19 09:10:18 UTC (rev 55896)
@@ -1,3 +1,43 @@
+CVE-2017-14601 (Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in ...)
+ TODO: check
+CVE-2017-14600 (Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in ...)
+ TODO: check
+CVE-2017-14599
+ RESERVED
+CVE-2017-14598
+ RESERVED
+CVE-2017-14597 (AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the ...)
+ TODO: check
+CVE-2017-14596
+ RESERVED
+CVE-2017-14595
+ RESERVED
+CVE-2017-14594
+ RESERVED
+CVE-2017-14593
+ RESERVED
+CVE-2017-14592
+ RESERVED
+CVE-2017-14591
+ RESERVED
+CVE-2017-14590
+ RESERVED
+CVE-2017-14589
+ RESERVED
+CVE-2017-14588
+ RESERVED
+CVE-2017-14587
+ RESERVED
+CVE-2017-14586
+ RESERVED
+CVE-2017-14585
+ RESERVED
+CVE-2017-14584
+ RESERVED
+CVE-2017-14583
+ RESERVED
+CVE-2017-14582
+ RESERVED
CVE-2017-XXXX [pcb code injection by malicious layout file]
- pcb-rnd 1.2.5-2
[stretch] - pcb-rnd <no-dsa> (Minor issue)
@@ -179,8 +219,8 @@
NOT-FOR-US: SugarCRM
CVE-2017-14508 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before ...)
NOT-FOR-US: SugarCRM
-CVE-2016-10511
- RESERVED
+CVE-2016-10511 (The Twitter iOS client versions 6.62 and 6.62.1 fail to validate ...)
+ TODO: check
CVE-2017-14507
RESERVED
CVE-2017-14506
@@ -240,6 +280,7 @@
CVE-2017-14490
RESERVED
CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...)
+ {DLA-1099-1}
- linux 4.12.13-1
NOTE: https://patchwork.kernel.org/patch/9923803/
CVE-2017-14488
@@ -609,6 +650,7 @@
NOTE: https://github.com/LibRaw/LibRaw/issues/100
NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2
CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux ...)
+ {DLA-1099-1}
- linux 4.12.13-1
NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
CVE-2017-14339
@@ -1109,6 +1151,7 @@
CVE-2017-14157
RESERVED
CVE-2017-14156 (The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the ...)
+ {DLA-1099-1}
- linux 4.12.13-1 (low)
CVE-2017-14155
RESERVED
@@ -1140,6 +1183,7 @@
NOTE: https://marc.info/?l=kvm&m=150549145711115&w=2
NOTE: https://marc.info/?l=kvm&m=150549146311117&w=2
CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at ...)
+ {DLA-1099-1}
- linux 4.12.13-1 (bug #875881)
NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
NOTE: https://www.armis.com/blueborne/
@@ -1177,6 +1221,7 @@
CVE-2017-14141
RESERVED
CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel before ...)
+ {DLA-1099-1}
- linux 4.12.12-1
NOTE: Fixed by: https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9
CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in ...)
@@ -1300,6 +1345,7 @@
CVE-2017-14104
RESERVED
CVE-2017-14106 (The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel ...)
+ {DLA-1099-1}
- linux 4.12.6-1
NOTE: Fixed by: https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8 (v4.12-rc3)
CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in ...)
@@ -5132,6 +5178,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa
NOTE: Harmless in Debian since unprivileged user namespaces are disabled
CVE-2017-1000111 [heap out-of-bounds in AF_PACKET sockets]
+ {DLA-1099-1}
- linux 4.12.6-1
NOTE: Introduced by: https://git.kernel.org/linus/8913336a7e8d56e984109a3137d6c0e3362596a4 (2.6.27-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7
@@ -6668,11 +6715,13 @@
RESERVED
CVE-2017-12154 [kvm: nVMX: L2 guest could access hardware(L0) CR8 register]
RESERVED
+ {DLA-1099-1}
- linux 4.12.13-1
NOTE: Fixed by: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (v4.14-rc1)
NOTE: https://www.spinics.net/lists/kvm/msg155414.html
CVE-2017-12153 [null pointer dereference in nl80211_set_rekey_data()]
RESERVED
+ {DLA-1099-1}
- linux 4.12.13-1
NOTE: https://marc.info/?t=150525503100001&r=1&w=2
NOTE: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
@@ -6735,6 +6784,7 @@
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-226.html
CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in ...)
+ {DLA-1099-1}
- linux 4.12.12-1
NOTE: https://xenbits.xen.org/xsa/advisory-229.html
NOTE: https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0 (v4.13-rc6)
@@ -8159,6 +8209,7 @@
CVE-2017-11601
RESERVED
CVE-2017-11600 (net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when ...)
+ {DLA-1099-1}
- linux 4.12.6-1
NOTE: http://seclists.org/bugtraq/2017/Jul/30
CVE-2017-11599
@@ -9357,7 +9408,7 @@
CVE-2017-11177
RESERVED
CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...)
- {DSA-3945-1 DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
CVE-2017-11175
@@ -10993,6 +11044,7 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/b9dd46188edc2f0d1f37328637860bb65a771124 (v4.12-rc1)
CVE-2017-10661 (Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 ...)
+ {DLA-1099-1}
- linux 4.9.30-1
NOTE: Fixed by: https://git.kernel.org/linus/1e38da300e1e395a15048b0af1e5305bd91402f6 (v4.11-rc1)
CVE-2017-10660
@@ -11664,8 +11716,8 @@
[wheezy] - libstruts1.2-java <ignored> (Minor issue)
NOTE: DOS class vulnerability and classified as low by upstream.
NOTE: https://struts.apache.org/docs/s2-050.html
-CVE-2017-9803
- RESERVED
+CVE-2017-9803 (Solr's Kerberos plugin can be configured to use delegation tokens, ...)
+ TODO: check
CVE-2017-9802 (The Javascript method Sling.evalString() in Apache Sling Servlets Post ...)
NOT-FOR-US: Apache Sling
CVE-2017-9801 (When a call-site passes a subject for an email that contains ...)
@@ -13213,7 +13265,7 @@
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-217.html
CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...)
- {DSA-3945-1 DSA-3927-1 DSA-3920-1}
+ {DSA-3945-1 DSA-3927-1 DSA-3920-1 DLA-1099-1}
- linux 4.11.11-1
- qemu 1:2.8+dfsg-7 (bug #869706)
[wheezy] - qemu <no-dsa> (Wheezy's xen uses an embedded qemu copy)
@@ -13272,7 +13324,7 @@
[stretch] - linux 4.9.30-2+deb9u1
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and ...)
- {DSA-3945-1 DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
NOTE: Fixed by: https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c
@@ -14776,6 +14828,7 @@
CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-1000380 (sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a ...)
+ {DLA-1099-1}
- linux 4.11.6-1
NOTE: Fixed by: https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378 (v4.12-rc5)
NOTE: Fixed by: https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728 (v4.12-rc5)
@@ -18161,7 +18214,7 @@
CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...)
NOT-FOR-US: Exponent CMS
CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds ...)
- {DSA-3945-1}
+ {DSA-3945-1 DLA-1099-1}
- linux 4.9.30-1 (low)
NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
NOTE: https://alephsecurity.com/vulns/aleph-2017023
@@ -18857,7 +18910,7 @@
CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default ...)
- apcupsd <not-affected> (Only APC UPS Daemon on Windows)
CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...)
- {DSA-3945-1}
+ {DSA-3945-1 DLA-1099-1}
- linux 4.9.25-1
NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7)
CVE-2017-7883
@@ -20135,7 +20188,7 @@
- neutron <not-affected> (Specific to Red Hat packaging)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792
CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux ...)
- {DSA-3945-1 DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.12.6-1
NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6
CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...)
@@ -20414,7 +20467,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
CVE-2017-7482
RESERVED
- {DSA-3945-1 DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
CVE-2017-7481 [Security issue with lookup return not tainting the jinja2 environment]
More information about the Secure-testing-commits
mailing list