Author: sectracker Date: 2017-10-27 09:10:35 +0000 (Fri, 27 Oct 2017) New Revision: 57009
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-26 21:47:25 UTC (rev 57008) +++ data/CVE/list 2017-10-27 09:10:35 UTC (rev 57009) @@ -1,3 +1,5 @@ +CVE-2017-15923 + RESERVED CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...) - libextractor <unfixed> (low) NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html @@ -32392,335 +32394,265 @@ [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/96ca579a1ecc943b75beba58bebb0356f6cc4b51 -CVE-2017-5122 - RESERVED +CVE-2017-5122 (Inappropriate use of table size handling in V8 in Google Chrome prior ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5121 - RESERVED +CVE-2017-5121 (Inappropriate use of JIT optimisation in V8 in Google Chrome prior to ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5120 - RESERVED +CVE-2017-5120 (Inappropriate use of www mismatch redirects in browser navigation in ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5119 - RESERVED +CVE-2017-5119 (Use of an uninitialized value in Skia in Google Chrome prior to ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5118 - RESERVED +CVE-2017-5118 (Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5117 - RESERVED +CVE-2017-5117 (Use of an uninitialized value in Skia in Google Chrome prior to ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5116 - RESERVED +CVE-2017-5116 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5115 - RESERVED +CVE-2017-5115 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5114 - RESERVED +CVE-2017-5114 (Inappropriate use of partition alloc in PDFium in Google Chrome prior ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5113 - RESERVED +CVE-2017-5113 (Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5112 - RESERVED +CVE-2017-5112 (Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5111 - RESERVED +CVE-2017-5111 (A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5110 - RESERVED +CVE-2017-5110 (Inappropriate implementation of the web payments API on blob: and data: ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5109 - RESERVED +CVE-2017-5109 (Inappropriate implementation of unload handler handling in permission ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5108 - RESERVED +CVE-2017-5108 (Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5107 - RESERVED +CVE-2017-5107 (A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5106 - RESERVED +CVE-2017-5106 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5105 - RESERVED +CVE-2017-5105 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5104 - RESERVED +CVE-2017-5104 (Inappropriate implementation in interstitials in Google Chrome prior to ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5103 - RESERVED +CVE-2017-5103 (Use of an uninitialized value in Skia in Google Chrome prior to ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5102 - RESERVED +CVE-2017-5102 (Use of an uninitialized value in Skia in Google Chrome prior to ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5101 - RESERVED +CVE-2017-5101 (Inappropriate implementation in Omnibox in Google Chrome prior to ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5100 - RESERVED +CVE-2017-5100 (A use after free in Apps in Google Chrome prior to 60.0.3112.78 for ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5099 - RESERVED +CVE-2017-5099 (Insufficient validation of untrusted input in PPAPI Plugins in Google ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5098 - RESERVED +CVE-2017-5098 (A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5097 - RESERVED +CVE-2017-5097 (Insufficient validation of untrusted input in Skia in Google Chrome ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5096 - RESERVED +CVE-2017-5096 (Insufficient policy enforcement during navigation between different ...) - chromium-browser <not-affected> (Android-specific) -CVE-2017-5095 - RESERVED +CVE-2017-5095 (Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5094 - RESERVED +CVE-2017-5094 (Type confusion in extensions JavaScript bindings in Google Chrome prior ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5093 - RESERVED +CVE-2017-5093 (Inappropriate implementation in modal dialog handling in Blink in ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5092 - RESERVED +CVE-2017-5092 (Insufficient validation of untrusted input in PPAPI Plugins in Google ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5091 - RESERVED +CVE-2017-5091 (A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5090 - RESERVED -CVE-2017-5089 - RESERVED +CVE-2017-5090 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...) + TODO: check +CVE-2017-5089 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...) {DSA-3926-1} - chromium-browser 59.0.3071.104-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5088 - RESERVED +CVE-2017-5088 (Insufficient validation of untrusted input in V8 in Google Chrome prior ...) {DSA-3926-1} - chromium-browser 59.0.3071.104-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5087 - RESERVED +CVE-2017-5087 (A use after free in Blink in Google Chrome prior to 59.0.3071.104 for ...) {DSA-3926-1} - chromium-browser 59.0.3071.104-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5086 - RESERVED +CVE-2017-5086 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5085 - RESERVED +CVE-2017-5085 (Inappropriate implementation in Bookmarks in Google Chrome prior to 59 ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5084 - RESERVED +CVE-2017-5084 (Inappropriate implementation in image-burner in Google Chrome OS prior ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5083 - RESERVED +CVE-2017-5083 (Inappropriate implementation in Blink in Google Chrome prior to ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5082 - RESERVED +CVE-2017-5082 (Failure to take advantage of available mitigations in credit card ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5081 - RESERVED +CVE-2017-5081 (Lack of verification of an extension's locale folder in Google Chrome ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5080 - RESERVED +CVE-2017-5080 (A use after free in credit card autofill in Google Chrome prior to ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5079 - RESERVED +CVE-2017-5079 (Inappropriate implementation in Blink in Google Chrome prior to ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5078 - RESERVED +CVE-2017-5078 (Insufficient validation of untrusted input in Blink's mailto: handling ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5077 - RESERVED +CVE-2017-5077 (Insufficient validation of untrusted input in Skia in Google Chrome ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5076 - RESERVED +CVE-2017-5076 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5075 - RESERVED +CVE-2017-5075 (Inappropriate implementation in CSP reporting in Blink in Google Chrome ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5074 - RESERVED +CVE-2017-5074 (A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5073 - RESERVED +CVE-2017-5073 (Use after free in print preview in Blink in Google Chrome prior to ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5072 - RESERVED +CVE-2017-5072 (Inappropriate implementation in Omnibox in Google Chrome prior to ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5071 - RESERVED +CVE-2017-5071 (Insufficient validation of untrusted input in V8 in Google Chrome prior ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5070 - RESERVED +CVE-2017-5070 (Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, ...) - chromium-browser 59.0.3071.86-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5069 - RESERVED +CVE-2017-5069 (Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5068 - RESERVED +CVE-2017-5068 (Incorrect handling of picture ID in WebRTC in Google Chrome prior to ...) - chromium-browser 58.0.3029.96-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5067 - RESERVED +CVE-2017-5067 (An insufficient watchdog timer in navigation in Google Chrome prior to ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5066 - RESERVED +CVE-2017-5066 (Insufficient consistency checks in signature handling in the networking ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5065 - RESERVED +CVE-2017-5065 (Lack of an appropriate action on page navigation in Blink in Google ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5064 - RESERVED +CVE-2017-5064 (Incorrect handling of DOM changes in Blink in Google Chrome prior to ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5063 - RESERVED +CVE-2017-5063 (A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5062 - RESERVED +CVE-2017-5062 (A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5061 - RESERVED +CVE-2017-5061 (A race condition in navigation in Google Chrome prior to 58.0.3029.81 ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5060 - RESERVED +CVE-2017-5060 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5059 - RESERVED +CVE-2017-5059 (Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5058 - RESERVED +CVE-2017-5058 (A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5057 - RESERVED +CVE-2017-5057 (Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for ...) - chromium-browser 58.0.3029.81-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5056 - RESERVED +CVE-2017-5056 (A use after free in Blink in Google Chrome prior to 57.0.2987.133 for ...) - chromium-browser 57.0.2987.133-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5055 - RESERVED +CVE-2017-5055 (A use after free in printing in Google Chrome prior to 57.0.2987.133 ...) - chromium-browser 57.0.2987.133-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5054 - RESERVED +CVE-2017-5054 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for ...) - chromium-browser 57.0.2987.133-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5053 - RESERVED +CVE-2017-5053 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for ...) - chromium-browser 57.0.2987.133-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5052 - RESERVED +CVE-2017-5052 (An incorrect assumption about block structure in Blink in Google Chrome ...) - chromium-browser 57.0.2987.133-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5051 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...) @@ -41853,8 +41785,8 @@ NOT-FOR-US: IBM CVE-2017-1522 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...) NOT-FOR-US: IBM -CVE-2017-1521 - RESERVED +CVE-2017-1521 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and ...) + TODO: check CVE-2017-1520 (IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized ...) NOT-FOR-US: IBM CVE-2017-1519 (IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A ...) @@ -42431,32 +42363,32 @@ NOT-FOR-US: IBM CVE-2017-1233 RESERVED -CVE-2017-1232 - RESERVED +CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...) + TODO: check CVE-2017-1231 RESERVED -CVE-2017-1230 - RESERVED +CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses ...) + TODO: check CVE-2017-1229 RESERVED -CVE-2017-1228 - RESERVED +CVE-2017-1228 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could ...) + TODO: check CVE-2017-1227 (IBM Tivoli Endpoint Manager could allow a unauthorized user to consume ...) NOT-FOR-US: IBM -CVE-2017-1226 - RESERVED -CVE-2017-1225 - RESERVED +CVE-2017-1226 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...) + TODO: check +CVE-2017-1225 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores ...) + TODO: check CVE-2017-1224 (IBM Tivoli Endpoint Manager uses weaker than expected cryptographic ...) NOT-FOR-US: IBM CVE-2017-1223 (IBM Tivoli Endpoint Manager could allow a remote attacker to conduct ...) NOT-FOR-US: IBM -CVE-2017-1222 - RESERVED +CVE-2017-1222 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not ...) + TODO: check CVE-2017-1221 RESERVED -CVE-2017-1220 - RESERVED +CVE-2017-1220 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...) + TODO: check CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity ...) NOT-FOR-US: IBM CVE-2017-1218 (IBM Tivoli Endpoint Manager is vulnerable to cross-site request ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits