Author: sectracker Date: 2017-11-01 09:10:18 +0000 (Wed, 01 Nov 2017) New Revision: 57198
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-01 07:52:47 UTC (rev 57197) +++ data/CVE/list 2017-11-01 09:10:18 UTC (rev 57198) @@ -1,3 +1,219 @@ +CVE-2017-16351 + RESERVED +CVE-2017-16350 + RESERVED +CVE-2017-16349 + RESERVED +CVE-2017-16348 + RESERVED +CVE-2017-16347 + RESERVED +CVE-2017-16346 + RESERVED +CVE-2017-16345 + RESERVED +CVE-2017-16344 + RESERVED +CVE-2017-16343 + RESERVED +CVE-2017-16342 + RESERVED +CVE-2017-16341 + RESERVED +CVE-2017-16340 + RESERVED +CVE-2017-16339 + RESERVED +CVE-2017-16338 + RESERVED +CVE-2017-16337 + RESERVED +CVE-2017-16336 + RESERVED +CVE-2017-16335 + RESERVED +CVE-2017-16334 + RESERVED +CVE-2017-16333 + RESERVED +CVE-2017-16332 + RESERVED +CVE-2017-16331 + RESERVED +CVE-2017-16330 + RESERVED +CVE-2017-16329 + RESERVED +CVE-2017-16328 + RESERVED +CVE-2017-16327 + RESERVED +CVE-2017-16326 + RESERVED +CVE-2017-16325 + RESERVED +CVE-2017-16324 + RESERVED +CVE-2017-16323 + RESERVED +CVE-2017-16322 + RESERVED +CVE-2017-16321 + RESERVED +CVE-2017-16320 + RESERVED +CVE-2017-16319 + RESERVED +CVE-2017-16318 + RESERVED +CVE-2017-16317 + RESERVED +CVE-2017-16316 + RESERVED +CVE-2017-16315 + RESERVED +CVE-2017-16314 + RESERVED +CVE-2017-16313 + RESERVED +CVE-2017-16312 + RESERVED +CVE-2017-16311 + RESERVED +CVE-2017-16310 + RESERVED +CVE-2017-16309 + RESERVED +CVE-2017-16308 + RESERVED +CVE-2017-16307 + RESERVED +CVE-2017-16306 + RESERVED +CVE-2017-16305 + RESERVED +CVE-2017-16304 + RESERVED +CVE-2017-16303 + RESERVED +CVE-2017-16302 + RESERVED +CVE-2017-16301 + RESERVED +CVE-2017-16300 + RESERVED +CVE-2017-16299 + RESERVED +CVE-2017-16298 + RESERVED +CVE-2017-16297 + RESERVED +CVE-2017-16296 + RESERVED +CVE-2017-16295 + RESERVED +CVE-2017-16294 + RESERVED +CVE-2017-16293 + RESERVED +CVE-2017-16292 + RESERVED +CVE-2017-16291 + RESERVED +CVE-2017-16290 + RESERVED +CVE-2017-16289 + RESERVED +CVE-2017-16288 + RESERVED +CVE-2017-16287 + RESERVED +CVE-2017-16286 + RESERVED +CVE-2017-16285 + RESERVED +CVE-2017-16284 + RESERVED +CVE-2017-16283 + RESERVED +CVE-2017-16282 + RESERVED +CVE-2017-16281 + RESERVED +CVE-2017-16280 + RESERVED +CVE-2017-16279 + RESERVED +CVE-2017-16278 + RESERVED +CVE-2017-16277 + RESERVED +CVE-2017-16276 + RESERVED +CVE-2017-16275 + RESERVED +CVE-2017-16274 + RESERVED +CVE-2017-16273 + RESERVED +CVE-2017-16272 + RESERVED +CVE-2017-16271 + RESERVED +CVE-2017-16270 + RESERVED +CVE-2017-16269 + RESERVED +CVE-2017-16268 + RESERVED +CVE-2017-16267 + RESERVED +CVE-2017-16266 + RESERVED +CVE-2017-16265 + RESERVED +CVE-2017-16264 + RESERVED +CVE-2017-16263 + RESERVED +CVE-2017-16262 + RESERVED +CVE-2017-16261 + RESERVED +CVE-2017-16260 + RESERVED +CVE-2017-16259 + RESERVED +CVE-2017-16258 + RESERVED +CVE-2017-16257 + RESERVED +CVE-2017-16256 + RESERVED +CVE-2017-16255 + RESERVED +CVE-2017-16254 + RESERVED +CVE-2017-16253 + RESERVED +CVE-2017-16252 + RESERVED +CVE-2017-16251 + RESERVED +CVE-2017-16250 + RESERVED +CVE-2017-16249 + RESERVED +CVE-2017-16247 + RESERVED +CVE-2017-16246 + RESERVED +CVE-2017-16245 + RESERVED +CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) ...) + TODO: check +CVE-2017-16243 + RESERVED CVE-2017-16242 RESERVED CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) @@ -8,7 +224,7 @@ CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) - vim <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 -CVE-2017-16248 [leaks files without extention, inadvertently] +CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows ...) - libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 CVE-2017-16241 @@ -1904,8 +2120,8 @@ NOT-FOR-US: ILIAS CVE-2017-15536 RESERVED -CVE-2017-15535 - RESERVED +CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...) + TODO: check CVE-2017-15534 RESERVED CVE-2017-15533 @@ -3127,7 +3343,7 @@ - koji <unfixed> (bug #877921) NOTE: https://pagure.io/koji/issue/563 NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3 -CVE-2017-1000257 [curl: IMAP FETCH response out of bounds read] +CVE-2017-1000257 (An IMAP FETCH response line indicates the size of the returned data, ...) {DSA-4007-1 DLA-1143-1} - curl 7.56.1-1 NOTE: https://curl.haxx.se/docs/adv_20171023.html @@ -5202,10 +5418,10 @@ RESERVED CVE-2017-14377 RESERVED -CVE-2017-14376 - RESERVED -CVE-2017-14375 - RESERVED +CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ...) + TODO: check +CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...) + TODO: check CVE-2017-14374 RESERVED CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a ...) @@ -5848,6 +6064,7 @@ CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in ...) - openjpeg2 <not-affected> (Incomplete fix for CVE-2017-14152 not applied) CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...) + {DSA-4013-1} - openjpeg2 2.3.0-1 (bug #874431) NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/ NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154 @@ -6275,8 +6492,8 @@ RESERVED CVE-2017-14028 RESERVED -CVE-2017-14027 - RESERVED +CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...) + TODO: check CVE-2017-14026 RESERVED CVE-2017-14025 @@ -6287,8 +6504,8 @@ RESERVED CVE-2017-14022 RESERVED -CVE-2017-14021 - RESERVED +CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...) + TODO: check CVE-2017-14020 RESERVED CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...) @@ -7124,16 +7341,19 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400 CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage function ...) + {DSA-4013-1} - openjpeg2 2.3.0-1 (bug #874115) NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/ NOTE: https://github.com/uclouvain/openjpeg/issues/997 CVE-2017-14040 (An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG ...) + {DSA-4013-1} - openjpeg2 2.3.0-1 (bug #874117) NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281 NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/ NOTE: https://github.com/uclouvain/openjpeg/issues/995 CVE-2017-14039 (A heap-based buffer overflow was discovered in the opj_t2_encode_packet ...) + {DSA-4013-1} - openjpeg2 2.3.0-1 (bug #874118) NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/ @@ -47996,6 +48216,7 @@ - moin 1.9.9-1 (bug #844338) NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of ...) + {DSA-4013-1} - openjpeg2 2.1.2-1.2 (bug #844557) NOTE: https://github.com/uclouvain/openjpeg/issues/861 NOTE: https://github.com/uclouvain/openjpeg/commit/c22cbd8bdf8ff2ae372f94391a4be2d322b36b41 @@ -61449,7 +61670,7 @@ - chromium-browser 53.0.2785.89-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2016-5152 (Integer overflow in the opj_tcd_get_decoded_tile_size function in ...) - {DSA-3660-1} + {DSA-4013-1 DSA-3660-1} - openjpeg2 2.1.2-1.2 - chromium-browser 53.0.2785.89-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) @@ -72770,7 +72991,7 @@ [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) [squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS) CVE-2016-1628 (pi.c in OpenJPEG, as used in PDFium in Google Chrome before ...) - {DSA-3486-1} + {DSA-4013-1 DSA-3486-1} - openjpeg <removed> [jessie] - openjpeg <not-affected> (Vulnerable code introduced later) [wheezy] - openjpeg <not-affected> (Vulnerable code introduced later) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits