Author: sectracker Date: 2017-04-29 21:10:12 +0000 (Sat, 29 Apr 2017) New Revision: 51195
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-29 20:40:44 UTC (rev 51194) +++ data/CVE/list 2017-04-29 21:10:12 UTC (rev 51195) @@ -1,3 +1,9 @@ +CVE-2017-8327 (The bmpr_read_uncompressed function in imagew-bmp.c in ...) + TODO: check +CVE-2017-8326 (libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot ...) + TODO: check +CVE-2017-8325 (The iw_process_cols_to_intermediate function in imagew-main.c in ...) + TODO: check CVE-2017-8324 RESERVED CVE-2017-8323 @@ -51,6 +57,7 @@ CVE-2017-8297 (A path traversal vulnerability exists in simple-file-manager before ...) NOT-FOR-US: simple-file-manager CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is ...) + {DLA-925-1} - kedpm <removed> (bug #860817) [jessie] - kedpm <no-dsa> (Minor issue, can be fixed via point release) NOTE: patch in BTS gives workaround to always prompt for password and do not save to database @@ -438,8 +445,7 @@ RESERVED CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the search ...) NOT-FOR-US: MODX -CVE-2017-8114 [Fix security issue in virtualmin and sasl drivers] - RESERVED +CVE-2017-8114 (Roundcube Webmail allows arbitrary password resets by authenticated ...) - roundcube <unfixed> (bug #861388) NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.2.5 NOTE: https://github.com/roundcube/roundcubemail/commit/6e054a37d13dc3772d0aa454a32d5dc3bdcc7003 (1.2.x) @@ -804,8 +810,8 @@ NOTE: https://github.com/libimobiledevice/libplist/issues/103 NOTE: The issue seems covered in prior versions of upstream dccd9290745345896e3a4a73154576a599fd8b7b NOTE: which is CVE-2017-6440. -CVE-2017-7981 - RESERVED +CVE-2017-7981 (Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 ...) + TODO: check CVE-2017-7980 RESERVED - qemu 1:2.8+dfsg-4 @@ -867,8 +873,8 @@ RESERVED CVE-2017-7958 RESERVED -CVE-2017-7957 - RESERVED +CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is not used, ...) + TODO: check CVE-2017-7956 RESERVED CVE-2017-7955 @@ -1546,11 +1552,13 @@ CVE-2017-7743 RESERVED CVE-2017-7742 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" ...) + {DLA-928-1} - libsndfile <unfixed> (bug #860255) [jessie] - libsndfile <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/ CVE-2017-7741 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" ...) + {DLA-928-1} - libsndfile 1.0.27-2 [jessie] - libsndfile <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 @@ -2013,6 +2021,7 @@ CVE-2017-7587 RESERVED CVE-2017-7586 (In libsndfile before 1.0.28, an error in the "header_read()" function ...) + {DLA-928-1} - libsndfile 1.0.27-2 [jessie] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074 @@ -2020,6 +2029,7 @@ NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue NOTE: https://sources.debian.net/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch CVE-2017-7585 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" ...) + {DLA-928-1} - libsndfile 1.0.27-2 [jessie] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 @@ -2570,6 +2580,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1 CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in ...) + {DLA-929-1} - libpodofo <unfixed> (bug #859331) NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2 NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/ @@ -4781,8 +4792,8 @@ NOT-FOR-US: CMS Made Simple CVE-2017-6554 (pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows ...) NOT-FOR-US: Quest Privilege Manager -CVE-2017-6553 - RESERVED +CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for Unix before ...) + TODO: check CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently ...) NOT-FOR-US: Livebox 3 Sagemcom CVE-2017-6551 @@ -5253,6 +5264,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/6 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...) + {DLA-929-1} - libpodofo <unfixed> (bug #856592) NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp @@ -6976,6 +6988,7 @@ NOTE: Fixed by: https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (4.10-rc1) NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1) CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken ...) + {DLA-929-1} - libpodofo <unfixed> (bug #854604) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp @@ -7511,6 +7524,7 @@ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/02/21 CVE-2015-8981 (Heap-based buffer overflow in the PdfParser::ReadXRefSubsection ...) + {DLA-929-1} - libpodofo 0.9.4-1 (bug #854599) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/ @@ -7522,12 +7536,14 @@ NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ...) + {DLA-929-1} - libpodofo <unfixed> (bug #854602) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote ...) + {DLA-929-1} - libpodofo <unfixed> (bug #854601) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp @@ -7535,6 +7551,7 @@ NOTE: Proposed fix: https://sourceforge.net/p/podofo/mailman/message/35692197/ NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/ CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in ...) + {DLA-929-1} - libpodofo <unfixed> (bug #854600) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp @@ -7585,12 +7602,14 @@ CVE-2017-5663 RESERVED CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the ...) + {DLA-926-1} - batik <unfixed> (bug #860566) NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/1 NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139 NOTE: Fixed by: http://svn.apache.org/r1743326 NOTE: Similar issue to CVE-2015-0250 CVE-2017-5661 (In Apache FOP before 2.2, files lying on the filesystem of the server ...) + {DLA-927-1} - fop <unfixed> (bug #860567) NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/2 NOTE: Upstream bug: https://issues.apache.org/jira/browse/FOP-2668 @@ -55895,7 +55914,7 @@ CVE-2015-7806 RESERVED CVE-2015-7805 (Heap-based buffer overflow in libsndfile 1.0.25 allows remote ...) - {DLA-356-1} + {DLA-928-1 DLA-356-1} - libsndfile 1.0.25-10 (bug #804445) [jessie] - libsndfile 1.0.25-9.1+deb8u1 NOTE: http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/ @@ -56130,7 +56149,7 @@ CVE-2015-7706 (Multiple cross-site scripting (XSS) vulnerabilities in Secure Data ...) NOT-FOR-US: Secure Data Space CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attackers to ...) - {DLA-356-1} + {DLA-928-1 DLA-356-1} - libsndfile 1.0.25-10 (bug #804447) [jessie] - libsndfile 1.0.25-9.1+deb8u1 NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 @@ -78210,7 +78229,7 @@ NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=610bfc6bc99bc83680d190ebc69359a05fc7f605 (v3.13-rc1) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b6698b0e4a37053de35cc24ee695b98a7eb712b CVE-2014-9496 (The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows ...) - {DLA-356-1} + {DLA-928-1 DLA-356-1} - libsndfile 1.0.25-9.1 (low; bug #774162) [squeeze] - libsndfile <no-dsa> (Minor issue) CVE-2014-XXXX [a2p: buffer overflow] _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits