Author: sectracker
Date: 2017-10-09 21:10:13 +0000 (Mon, 09 Oct 2017)
New Revision: 56552
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-09 20:35:13 UTC (rev 56551)
+++ data/CVE/list 2017-10-09 21:10:13 UTC (rev 56552)
@@ -1,3 +1,5 @@
+CVE-2017-15186
+ RESERVED
CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis ...)
- mp3splt 2.6.2+20170630-2
NOTE:
https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932
@@ -323,8 +325,7 @@
RESERVED
CVE-2017-15039
RESERVED
-CVE-2017-15038 [Qemu: 9p: virtfs: information disclosure when reading extended
attributes]
- RESERVED
+CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c
in QEMU ...)
{DLA-1129-1 DLA-1128-1}
- qemu 1:2.10.0+dfsg-2 (bug #877890)
[stretch] - qemu <no-dsa> (Minor issue)
@@ -554,8 +555,8 @@
RESERVED
CVE-2017-14981 (Cross-Site Scripting (XSS) was discovered in ATutor before
2.2.3. The ...)
NOT-FOR-US: ATutor
-CVE-2017-14980
- RESERVED
+CVE-2017-14980 (Buffer overflow in Sync Breeze Enterprise 10.0.28 allows
remote ...)
+ TODO: check
CVE-2017-14979 (Gxlcms uses an unsafe character-replacement approach in an
attempt to ...)
NOT-FOR-US: Gxlcms
CVE-2017-14978
@@ -1526,8 +1527,7 @@
NOT-FOR-US: WatchGuard Fireware
CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before
12.0. ...)
NOT-FOR-US: WatchGuard Fireware
-CVE-2017-14614
- RESERVED
+CVE-2017-14614 (Directory traversal vulnerability in the Visor GUI Console in
GridGain ...)
NOT-FOR-US: GridGain
CVE-2017-14613
RESERVED
@@ -1568,8 +1568,7 @@
NOTE:
https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
NOTE: https://github.com/freedomofpress/securedrop/issues/2238
NOTE:
https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0
-CVE-2017-14603 [followup-to AST-2017-005: RTP/RTCP information leak]
- RESERVED
+CVE-2017-14603 (In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x
before ...)
{DSA-3990-1}
- asterisk 1:13.17.2~dfsg-1 (bug #876328)
[wheezy] - asterisk <ignored> (strictrtp option is disabled by default.
Too intrusive too backport)
@@ -4018,8 +4017,7 @@
- tcpdump 4.9.2-1
CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross
Site ...)
NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
-CVE-2017-13723 [Handle xkb formated string output safely]
- RESERVED
+CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a
local ...)
- xorg-server <unfixed>
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac
NOTE: This is in libxkbfile in wheezy
@@ -4030,8 +4028,7 @@
- libxfont1 <unfixed> (unimportant)
NOTE: Fixed by:
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
NOTE: libxfont1 is only used by xfonts-utils, no security impact
-CVE-2017-13721 [Xext/shm: Validate shmseg resource id]
- RESERVED
+CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4,
an ...)
- xorg-server <unfixed>
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1
NOTE: In wheezy this is possibly libxext, src/XShm.c?
@@ -36408,7 +36405,7 @@
RESERVED
CVE-2017-2921
RESERVED
-CVE-2017-2920 (An exploitable buffer overflow vulnerability exists in the tag
parsing ...)
+CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing
...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-2919
RESERVED
@@ -76627,8 +76624,8 @@
NOT-FOR-US: Huawei
CVE-2015-7843 (The management interface on Huawei FusionServer rack servers
RH2288 V3 ...)
NOT-FOR-US: Huawei
-CVE-2015-7842
- RESERVED
+CVE-2015-7842 (Huawei FusionServer rack servers RH2288 V3 with software before
...)
+ TODO: check
CVE-2015-7841 (The login page of the server on Huawei FusionServer rack
servers ...)
NOT-FOR-US: Huawei
CVE-2015-7872 (The key_gc_unused_keys function in security/keys/gc.c in the
Linux ...)
@@ -93097,7 +93094,7 @@
NOT-FOR-US: phpBugTracker
CVE-2015-2145 (Multiple cross-site scripting (XSS) vulnerabilities in
Issuetracker ...)
NOT-FOR-US: phpBugTracker
-CVE-2015-2144 (Multiple cross-site scriping (XSS) vulnerabilities in
Issuetracker ...)
+CVE-2015-2144 (Multiple cross-site scripting (XSS) vulnerabilities in
Issuetracker ...)
NOT-FOR-US: phpBugTracker
CVE-2015-2143 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
NOT-FOR-US: phpBugTracker
@@ -100129,8 +100126,7 @@
NOT-FOR-US: Google Analytics by Yoast (google-analytics-for-wordpress)
plugin for WordPress
CVE-2014-9173 (SQL injection vulnerability in view.php in the Google Doc
Embedder ...)
NOT-FOR-US: Google Doc Embedder plugin for WordPress
-CVE-2014-9474 [buffer overflow in mpfr_strtofr]
- RESERVED
+CVE-2014-9474 (Buffer overflow in the mpfr_strtofr function in GNU MPFR before
...)
- mpfr4 3.1.2-2 (low; bug #772008)
[squeeze] - mpfr4 <no-dsa> (Minor issue)
[wheezy] - mpfr4 <no-dsa> (Minor issue)
@@ -125857,8 +125853,8 @@
[wheezy] - subversion 1.6.17dfsg-4+deb7u5
CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in
Apache ...)
NOT-FOR-US: Apache CloudStack
-CVE-2014-0030
- RESERVED
+CVE-2014-0030 (The XML-RPC protocol support in Apache Roller before 5.0.3
allows ...)
+ TODO: check
CVE-2014-0029
RESERVED
NOT-FOR-US: Katello
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
