Author: sectracker Date: 2017-10-19 09:10:14 +0000 (Thu, 19 Oct 2017) New Revision: 56858
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-19 08:07:28 UTC (rev 56857) +++ data/CVE/list 2017-10-19 09:10:14 UTC (rev 56858) @@ -1,3 +1,79 @@ +CVE-2017-15637 + RESERVED +CVE-2017-15636 + RESERVED +CVE-2017-15635 + RESERVED +CVE-2017-15634 + RESERVED +CVE-2017-15633 + RESERVED +CVE-2017-15632 + RESERVED +CVE-2017-15631 + RESERVED +CVE-2017-15630 + RESERVED +CVE-2017-15629 + RESERVED +CVE-2017-15628 + RESERVED +CVE-2017-15627 + RESERVED +CVE-2017-15626 + RESERVED +CVE-2017-15625 + RESERVED +CVE-2017-15624 + RESERVED +CVE-2017-15623 + RESERVED +CVE-2017-15622 + RESERVED +CVE-2017-15621 + RESERVED +CVE-2017-15620 + RESERVED +CVE-2017-15619 + RESERVED +CVE-2017-15618 + RESERVED +CVE-2017-15617 + RESERVED +CVE-2017-15616 + RESERVED +CVE-2017-15615 + RESERVED +CVE-2017-15614 + RESERVED +CVE-2017-15613 + RESERVED +CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...) + TODO: check +CVE-2017-15611 (In Octopus before 3.17.7, an authenticated user who was explicitly ...) + TODO: check +CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the special ...) + TODO: check +CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive cleartext ...) + TODO: check +CVE-2017-15608 + RESERVED +CVE-2017-15607 + RESERVED +CVE-2017-15606 + RESERVED +CVE-2017-15605 + RESERVED +CVE-2017-15604 + RESERVED +CVE-2017-15603 + RESERVED +CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error for the ...) + TODO: check +CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...) + TODO: check +CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the ...) + TODO: check CVE-2017-15599 RESERVED CVE-2017-15598 @@ -743,6 +819,7 @@ CVE-2017-15282 RESERVED CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote ...) + {DLA-1139-1} - imagemagick <unfixed> (low; bug #878579) NOTE: https://github.com/ImageMagick/ImageMagick/issues/832 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e @@ -754,6 +831,7 @@ CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...) NOT-FOR-US: TeamPass CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...) + {DLA-1140-1 DLA-1139-1} - imagemagick <unfixed> (bug #878578) - graphicsmagick 1.3.26-14 NOTE: https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5 @@ -1276,6 +1354,7 @@ NOTE: https://pagure.io/koji/issue/563 NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3 CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for clients] + RESERVED - libvirt 3.8.0-3 (bug #878799) [jessie] - libvirt <not-affected> (Vulnerable code introduced later) [wheezy] - libvirt <not-affected> (Vulnerable code introduced later) @@ -3356,6 +3435,7 @@ - linux 4.12.13-1 NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc CVE-2017-14339 (The DNS packet parser in YADIFA before 2.2.6 does not check for the ...) + {DSA-4001-1} - yadifa 2.2.6-1 (bug #876315) NOTE: https://www.tarlogic.com/blog/fuzzing-yadifa-dns/ NOTE: https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog @@ -5037,6 +5117,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4 CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...) + {DLA-1140-1} - graphicsmagick 1.3.26-15 (low; bug #878511) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196 NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/ @@ -9273,42 +9354,42 @@ RESERVED CVE-2017-12302 RESERVED -CVE-2017-12301 - RESERVED +CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco NX-OS ...) + TODO: check CVE-2017-12300 RESERVED CVE-2017-12299 RESERVED -CVE-2017-12298 - RESERVED +CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an ...) + TODO: check CVE-2017-12297 RESERVED -CVE-2017-12296 - RESERVED +CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) + TODO: check CVE-2017-12295 RESERVED CVE-2017-12294 RESERVED -CVE-2017-12293 - RESERVED +CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) + TODO: check CVE-2017-12292 RESERVED CVE-2017-12291 RESERVED CVE-2017-12290 RESERVED -CVE-2017-12289 - RESERVED -CVE-2017-12288 - RESERVED -CVE-2017-12287 - RESERVED -CVE-2017-12286 - RESERVED -CVE-2017-12285 - RESERVED -CVE-2017-12284 - RESERVED +CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the IPsec ...) + TODO: check +CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check +CVE-2017-12287 (A vulnerability in the cluster database (CDB) management component of ...) + TODO: check +CVE-2017-12286 (A vulnerability in the web interface of Cisco Jabber could allow an ...) + TODO: check +CVE-2017-12285 (A vulnerability in the web interface of Cisco Network Analysis Module ...) + TODO: check +CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Client ...) + TODO: check CVE-2017-12283 RESERVED CVE-2017-12282 @@ -9331,10 +9412,10 @@ RESERVED CVE-2017-12273 RESERVED -CVE-2017-12272 - RESERVED -CVE-2017-12271 - RESERVED +CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software ...) + TODO: check +CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow ...) + TODO: check CVE-2017-12270 (A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco ...) NOT-FOR-US: Cisco CVE-2017-12269 (A vulnerability in the web UI of Cisco Spark Messaging Software could ...) @@ -9355,10 +9436,10 @@ RESERVED CVE-2017-12261 RESERVED -CVE-2017-12260 - RESERVED -CVE-2017-12259 - RESERVED +CVE-2017-12260 (A vulnerability in the implementation of Session Initiation Protocol ...) + TODO: check +CVE-2017-12259 (A vulnerability in the implementation of Session Initiation Protocol ...) + TODO: check CVE-2017-12258 (A vulnerability in the web-based UI of Cisco Unified Communications ...) NOT-FOR-US: Cisco CVE-2017-12257 (A vulnerability in the web framework of Cisco WebEx Meetings Server ...) @@ -9373,8 +9454,8 @@ NOT-FOR-US: Cisco CVE-2017-12252 (A vulnerability in the Cisco FindIT Network Discovery Utility could ...) NOT-FOR-US: Cisco -CVE-2017-12251 - RESERVED +CVE-2017-12251 (A vulnerability in the web console of the Cisco Cloud Services Platform ...) + TODO: check CVE-2017-12250 (A vulnerability in the HTTP web interface for Cisco Wide Area ...) NOT-FOR-US: Cisco CVE-2017-12249 (A vulnerability in the Traversal Using Relay NAT (TURN) server included ...) @@ -22322,7 +22403,7 @@ - firefox 55.0-1 CVE-2017-7805 RESERVED - {DSA-3998-1 DSA-3987-1 DLA-1118-1} + {DSA-3998-1 DSA-3987-1 DLA-1138-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - icedove <unfixed> @@ -34607,8 +34688,8 @@ NOT-FOR-US: Cisco CVE-2017-3884 (A vulnerability in the web interface of Cisco Prime Infrastructure and ...) NOT-FOR-US: Cisco -CVE-2017-3883 - RESERVED +CVE-2017-3883 (A vulnerability in the authentication, authorization, and accounting ...) + TODO: check CVE-2017-3882 (A vulnerability in the Universal Plug-and-Play (UPnP) implementation in ...) NOT-FOR-US: Cisco CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP) ...) @@ -80580,8 +80661,8 @@ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=946204 NOTE: http://www.spinics.net/lists/linux-nfs/msg53045.html NOTE: http://www.openwall.com/lists/oss-security/2015/09/17/1 -CVE-2015-6961 - RESERVED +CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows ...) + TODO: check CVE-2015-6960 RESERVED CVE-2015-6959 (Cross-site scripting (XSS) vulnerability in Vindula 1.9. ...) @@ -83664,15 +83745,13 @@ [wheezy] - golang <no-dsa> (Minor issue) NOTE: https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f NOTE: https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e -CVE-2015-5740 [RFC 7230 3.3.3 4 violation] - RESERVED +CVE-2015-5740 (The net/http library in net/http/transfer.go in Go before 1.4.3 does ...) - golang 2:1.4.2-4 (bug #795106) [jessie] - golang <no-dsa> (Minor issue) [wheezy] - golang <no-dsa> (Minor issue) NOTE: https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f NOTE: https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e -CVE-2015-5739 [Invalid headers are parsed as valid headers] - RESERVED +CVE-2015-5739 (The net/http library in net/textproto/reader.go in Go before 1.4.3 ...) - golang 2:1.4.2-4 (bug #795106) [jessie] - golang <no-dsa> (Minor issue) [wheezy] - golang <no-dsa> (Minor issue) @@ -84736,8 +84815,8 @@ - elasticsearch 1.6.1+dfsg-1 (bug #792617) [jessie] - elasticsearch <end-of-life> (No longer supported, see DSA 3389) NOTE: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security -CVE-2015-5376 - RESERVED +CVE-2015-5376 (SQL injection vulnerability in the login form in GSI WiNPAT Portal ...) + TODO: check CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs for ...) NOT-FOR-US: Open-Xchange CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and ...) @@ -85401,8 +85480,8 @@ CVE-2015-5228 (The service daemon in CRIU creates log and dump files insecurely, ...) - criu 1.8-2 (bug #797111) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1255782 -CVE-2015-5227 - RESERVED +CVE-2015-5227 (The Landing Pages plugin before 1.9.2 for WordPress allows remote ...) + TODO: check CVE-2015-5226 REJECTED CVE-2015-5225 (Buffer overflow in the vnc_refresh_server_surface function in the VNC ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits