[Secure-testing-commits] r56228 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Sep 28 21:10:16 UTC 2017
Author: sectracker
Date: 2017-09-28 21:10:16 +0000 (Thu, 28 Sep 2017)
New Revision: 56228
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-28 18:41:21 UTC (rev 56227)
+++ data/CVE/list 2017-09-28 21:10:16 UTC (rev 56228)
@@ -1,3 +1,5 @@
+CVE-2017-14868
+ RESERVED
CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...)
- exiv2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
@@ -273,7 +275,8 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22148
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=94670f6cf11fc29cc6db6814b38c4305d9bcac96 (master)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6ff33ca50c1180725dde11c84ee93fcdb4235ef (binutils-2_29-branch)
-CVE-2017-14867 [Git cvsserver OS Command Injection]
+CVE-2017-14867 (Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x ...)
+ {DSA-3984-1}
- git 1:2.14.2-1 (bug #876854)
NOTE: http://www.openwall.com/lists/oss-security/2017/09/26/9
NOTE: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u
@@ -901,8 +904,8 @@
NOT-FOR-US: SugarCRM
CVE-2016-10511 (The Twitter iOS client versions 6.62 and 6.62.1 fail to validate ...)
NOT-FOR-US: Twitter iOS client
-CVE-2017-14507
- RESERVED
+CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline plugin ...)
+ TODO: check
CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...)
NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...)
@@ -9357,8 +9360,8 @@
RESERVED
CVE-2017-11480
RESERVED
-CVE-2017-11479
- RESERVED
+CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) ...)
+ TODO: check
CVE-2017-11477
RESERVED
CVE-2017-11476
@@ -11671,8 +11674,8 @@
RESERVED
CVE-2017-10702
RESERVED
-CVE-2017-10701
- RESERVED
+CVE-2017-10701 (Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 ...)
+ TODO: check
CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an ...)
NOT-FOR-US: QNAP
CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before ...)
@@ -12521,8 +12524,7 @@
CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.3.x might allow remote code ...)
- libstruts1.2-java <not-affected> (Vulnerable code not present)
NOTE: Issue is specific to Struts 2.x.
-CVE-2017-9790
- RESERVED
+CVE-2017-9790 (When handling a libprocess message wrapped in an HTTP request, ...)
- apache-mesos <itp> (bug #760315)
CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling code ...)
- apache2 <not-affected> (Only affected 2.4.26)
@@ -17972,16 +17974,16 @@
NOT-FOR-US: Kibana addon
CVE-2017-8449 (X-Pack Security 5.2.x would allow access to more fields than the user ...)
NOT-FOR-US: Kibana addon
-CVE-2017-8448
- RESERVED
-CVE-2017-8447
- RESERVED
+CVE-2017-8448 (An error was found in the permission model used by X-Pack Alerting ...)
+ TODO: check
+CVE-2017-8447 (An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege ...)
+ TODO: check
CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and ...)
NOT-FOR-US: X-Pack plugin for Kibana
CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for ...)
NOT-FOR-US: X-PackSecurity TLS trust manager plugin for Elasticsearch
-CVE-2017-8444
- RESERVED
+CVE-2017-8444 (The client-forwarder in Elastic Cloud Enterprise versions prior to ...)
+ TODO: check
CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...)
NOT-FOR-US: Kibana X-Pack Security
CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, ...)
@@ -20456,8 +20458,7 @@
NOT-FOR-US: Schneider Electric
CVE-2017-7688 (Apache OpenMeetings 1.0.0 updates user password in insecure manner. ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7687
- RESERVED
+CVE-2017-7687 (When handling a decoding failure for a malformed URL path of an HTTP ...)
- apache-mesos <itp> (bug #760315)
CVE-2017-7686 (Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to ...)
NOT-FOR-US: Apache Ignite
@@ -20913,14 +20914,11 @@
- augeas 1.8.1-1 (bug #872400)
NOTE: https://github.com/hercules-team/augeas/pull/480
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1478373
-CVE-2017-7554
- RESERVED
+CVE-2017-7554 (It was found that the App Studio component of RHMAP 4.4 executes ...)
NOT-FOR-US: Red Hat Mobile Application Platform
-CVE-2017-7553
- RESERVED
+CVE-2017-7553 (The external_request api call in App Studio (millicore) allows server ...)
NOT-FOR-US: Red Hat Mobile Application Platform
-CVE-2017-7552
- RESERVED
+CVE-2017-7552 (The file editor in millicore allows files to be executed, as well as ...)
NOT-FOR-US: Red Hat Mobile Application Platform
CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to ...)
- 389-ds-base 1.3.6.7-1 (bug #870752)
@@ -29107,58 +29105,70 @@
RESERVED
CVE-2017-5122
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2017-5121
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2017-5120
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5119
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5118
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5117
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5116
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2017-5115
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2017-5114
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5113
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5112
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5111
RESERVED
+ {DSA-3985-1}
- chromium-browser 61.0.3163.100-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5110
@@ -77285,7 +77295,7 @@
NOT-FOR-US: ZTE modems
CVE-2015-7257 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
NOT-FOR-US: ZTE modems
-CVE-2015-7256 (ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, NWA1123-NI Access ...)
+CVE-2015-7256 (ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI ...)
NOT-FOR-US: ZyXEL
CVE-2015-7255 (ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, ...)
NOT-FOR-US: ZTE
@@ -95831,8 +95841,7 @@
NOTE: http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2015-January/009318.html
CVE-2015-1028 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link ...)
NOT-FOR-US: D-Link router
-CVE-2015-1027 [MITM vulnerability via version check]
- RESERVED
+CVE-2015-1027 (The version checking subroutine in percona-toolkit before 2.2.13 and ...)
- percona-toolkit 2.2.13-1 (unimportant)
[wheezy] - percona-toolkit <not-affected> (version-check introduced in 2.1.4)
- percona-xtrabackup <unfixed> (unimportant)
@@ -118749,8 +118758,7 @@
- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
[squeeze] - imagemagick <not-affected> (CVE only for versions with r1448 applied)
NOTE: for the issue in newer imagemagick versions using "L%06ld" string.
-CVE-2014-2029 [remote code execution / information leak]
- RESERVED
+CVE-2014-2029 (The automatic version check functionality in the tools in Percona ...)
- percona-toolkit 2.2.7-1~dfsg1 (bug #740846)
[wheezy] - percona-toolkit <not-affected> (version-check introduced in 2.1.4)
- percona-xtrabackup 2.2.3-1 (bug #751377)
More information about the Secure-testing-commits
mailing list