Author: sectracker Date: 2017-10-09 21:10:13 +0000 (Mon, 09 Oct 2017) New Revision: 56552
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-09 20:35:13 UTC (rev 56551) +++ data/CVE/list 2017-10-09 21:10:13 UTC (rev 56552) @@ -1,3 +1,5 @@ +CVE-2017-15186 + RESERVED CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis ...) - mp3splt 2.6.2+20170630-2 NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932 @@ -323,8 +325,7 @@ RESERVED CVE-2017-15039 RESERVED -CVE-2017-15038 [Qemu: 9p: virtfs: information disclosure when reading extended attributes] - RESERVED +CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...) {DLA-1129-1 DLA-1128-1} - qemu 1:2.10.0+dfsg-2 (bug #877890) [stretch] - qemu <no-dsa> (Minor issue) @@ -554,8 +555,8 @@ RESERVED CVE-2017-14981 (Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The ...) NOT-FOR-US: ATutor -CVE-2017-14980 - RESERVED +CVE-2017-14980 (Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote ...) + TODO: check CVE-2017-14979 (Gxlcms uses an unsafe character-replacement approach in an attempt to ...) NOT-FOR-US: Gxlcms CVE-2017-14978 @@ -1526,8 +1527,7 @@ NOT-FOR-US: WatchGuard Fireware CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. ...) NOT-FOR-US: WatchGuard Fireware -CVE-2017-14614 - RESERVED +CVE-2017-14614 (Directory traversal vulnerability in the Visor GUI Console in GridGain ...) NOT-FOR-US: GridGain CVE-2017-14613 RESERVED @@ -1568,8 +1568,7 @@ NOTE: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ NOTE: https://github.com/freedomofpress/securedrop/issues/2238 NOTE: https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0 -CVE-2017-14603 [followup-to AST-2017-005: RTP/RTCP information leak] - RESERVED +CVE-2017-14603 (In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before ...) {DSA-3990-1} - asterisk 1:13.17.2~dfsg-1 (bug #876328) [wheezy] - asterisk <ignored> (strictrtp option is disabled by default. Too intrusive too backport) @@ -4018,8 +4017,7 @@ - tcpdump 4.9.2-1 CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site ...) NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 -CVE-2017-13723 [Handle xkb formated string output safely] - RESERVED +CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local ...) - xorg-server <unfixed> NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac NOTE: This is in libxkbfile in wheezy @@ -4030,8 +4028,7 @@ - libxfont1 <unfixed> (unimportant) NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd NOTE: libxfont1 is only used by xfonts-utils, no security impact -CVE-2017-13721 [Xext/shm: Validate shmseg resource id] - RESERVED +CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an ...) - xorg-server <unfixed> NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 NOTE: In wheezy this is possibly libxext, src/XShm.c? @@ -36408,7 +36405,7 @@ RESERVED CVE-2017-2921 RESERVED -CVE-2017-2920 (An exploitable buffer overflow vulnerability exists in the tag parsing ...) +CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing ...) NOT-FOR-US: Computerinsel Photoline CVE-2017-2919 RESERVED @@ -76627,8 +76624,8 @@ NOT-FOR-US: Huawei CVE-2015-7843 (The management interface on Huawei FusionServer rack servers RH2288 V3 ...) NOT-FOR-US: Huawei -CVE-2015-7842 - RESERVED +CVE-2015-7842 (Huawei FusionServer rack servers RH2288 V3 with software before ...) + TODO: check CVE-2015-7841 (The login page of the server on Huawei FusionServer rack servers ...) NOT-FOR-US: Huawei CVE-2015-7872 (The key_gc_unused_keys function in security/keys/gc.c in the Linux ...) @@ -93097,7 +93094,7 @@ NOT-FOR-US: phpBugTracker CVE-2015-2145 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...) NOT-FOR-US: phpBugTracker -CVE-2015-2144 (Multiple cross-site scriping (XSS) vulnerabilities in Issuetracker ...) +CVE-2015-2144 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...) NOT-FOR-US: phpBugTracker CVE-2015-2143 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: phpBugTracker @@ -100129,8 +100126,7 @@ NOT-FOR-US: Google Analytics by Yoast (google-analytics-for-wordpress) plugin for WordPress CVE-2014-9173 (SQL injection vulnerability in view.php in the Google Doc Embedder ...) NOT-FOR-US: Google Doc Embedder plugin for WordPress -CVE-2014-9474 [buffer overflow in mpfr_strtofr] - RESERVED +CVE-2014-9474 (Buffer overflow in the mpfr_strtofr function in GNU MPFR before ...) - mpfr4 3.1.2-2 (low; bug #772008) [squeeze] - mpfr4 <no-dsa> (Minor issue) [wheezy] - mpfr4 <no-dsa> (Minor issue) @@ -125857,8 +125853,8 @@ [wheezy] - subversion 1.6.17dfsg-4+deb7u5 CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache ...) NOT-FOR-US: Apache CloudStack -CVE-2014-0030 - RESERVED +CVE-2014-0030 (The XML-RPC protocol support in Apache Roller before 5.0.3 allows ...) + TODO: check CVE-2014-0029 RESERVED NOT-FOR-US: Katello _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits