Author: sectracker Date: 2017-04-24 09:10:12 +0000 (Mon, 24 Apr 2017) New Revision: 50983
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-24 08:26:34 UTC (rev 50982) +++ data/CVE/list 2017-04-24 09:10:12 UTC (rev 50983) @@ -1,3 +1,17 @@ +CVE-2017-8084 + RESERVED +CVE-2017-8083 + RESERVED +CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which ...) + TODO: check +CVE-2017-8081 + RESERVED +CVE-2017-8080 + RESERVED +CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) + TODO: check +CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before ...) + TODO: check CVE-2017-8079 RESERVED CVE-2017-8078 (On the TP-Link TL-SG108E 1.0, the upgrade process can be requested ...) @@ -347,8 +361,8 @@ NOTE: https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92 CVE-2017-7945 RESERVED -CVE-2017-7944 - RESERVED +CVE-2017-7944 (XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install ...) + TODO: check CVE-2017-7943 (The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote ...) - imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860736) [jessie] - imagemagick <no-dsa> (Minor issue) @@ -645,6 +659,7 @@ CVE-2016-1000258 REJECTED CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a ...) + {DLA-910-1} - libreoffice 1:5.2.5-1 NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722 CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an ...) @@ -723,8 +738,8 @@ - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109265 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 -CVE-2017-7852 - RESERVED +CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file that ...) + TODO: check CVE-2017-7851 RESERVED CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...) @@ -1343,42 +1358,50 @@ CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed ...) NOT-FOR-US: libaacplus CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...) + {DLA-911-1} - tiff 4.0.7-6 (low) [jessie] - tiff <no-dsa> (Minor issue) - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...) + {DLA-911-1} - tiff 4.0.7-6 (low; bug #860003) [jessie] - tiff <no-dsa> (Minor issue) - tiff3 <removed> @@ -1386,15 +1409,18 @@ NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122 CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...) + {DLA-911-1} - tiff 4.0.7-6 (low; bug #860001) [jessie] - tiff <no-dsa> (Minor issue) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659 CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...) + {DLA-911-1} - tiff 4.0.7-6 (bug #860000) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651 CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a ...) + {DLA-911-1} - tiff 4.0.7-6 (bug #859998) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658 @@ -14358,7 +14384,7 @@ RESERVED CVE-2017-3157 RESERVED - {DSA-3792-1} + {DSA-3792-1 DLA-910-1} - libreoffice 1:5.2.3-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ CVE-2017-3156 @@ -54269,10 +54295,10 @@ RESERVED CVE-2015-8111 RESERVED -CVE-2015-8110 - RESERVED -CVE-2015-8109 - RESERVED +CVE-2015-8110 (Lenovo System Update (formerly ThinkVantage System Update) before ...) + TODO: check +CVE-2015-8109 (Lenovo System Update (formerly ThinkVantage System Update) before ...) + TODO: check CVE-2015-8108 (The management interface in LenovoEMC EZ Media & Backup (hm3), ...) NOT-FOR-US: LenovoEMC CVE-2015-8107 (Format string vulnerability in GNU a2ps 4.14 allows remote attackers ...) @@ -73451,10 +73477,10 @@ RESERVED CVE-2015-1523 RESERVED -CVE-2015-1522 - RESERVED -CVE-2015-1521 - RESERVED +CVE-2015-1522 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject ...) + TODO: check +CVE-2015-1521 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly ...) + TODO: check CVE-2015-1520 RESERVED CVE-2015-1519 @@ -73687,12 +73713,11 @@ [wheezy] - libhtp <no-dsa> (Minor issue) NOTE: https://github.com/inliniac/libhtp/commit/c7c03843cd6b1cbf44eb435d160ba53aec948828 CVE-2014-9681 [preserves TZ by default] - RESERVED + REJECTED - procmail <unfixed> (unimportant; bug #778341; bug #772706) NOTE: No security boundaries are crossed here NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24 -CVE-2014-9680 [preserves TZ by default] - RESERVED +CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment variable is ...) {DSA-3167-1 DLA-160-1} - sudo 1.8.12-1 (bug #772707) [jessie] - sudo 1.8.10p3-1+deb8u2 @@ -73927,8 +73952,7 @@ - tiff3 <removed> NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif -CVE-2014-9654 - RESERVED +CVE-2014-9654 (The Regular Expressions package in International Components for ...) {DSA-3187-1 DLA-219-1} - icu 52.1-7.1 (bug #776719) NOTE: https://ssl.icu-project.org/trac/changeset/36801 @@ -77415,8 +77439,7 @@ NOT-FOR-US: Smoothwall CVE-2011-5283 (Cross-site scripting (XSS) vulnerability in the web management ...) NOT-FOR-US: Smoothwall -CVE-2010-5321 [v4l: videobuf: hotfix a bug on multiple calls to mmap()] - RESERVED +CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf ...) - linux <unfixed> (unimportant; bug #827340) - linux-2.6 <removed> (unimportant) NOTE: Unclear, old report for Linux @@ -80126,14 +80149,14 @@ NOT-FOR-US: IBM CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM -CVE-2015-0107 - RESERVED +CVE-2015-0107 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...) + TODO: check CVE-2015-0106 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...) NOT-FOR-US: IBM Business Process Manager CVE-2015-0105 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...) NOT-FOR-US: IBM Business Process Manager -CVE-2015-0104 - RESERVED +CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...) + TODO: check CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process ...) NOT-FOR-US: IBM Business Process Manager CVE-2015-0102 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits