Author: sectracker
Date: 2017-04-24 09:10:12 +0000 (Mon, 24 Apr 2017)
New Revision: 50983
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-24 08:26:34 UTC (rev 50982)
+++ data/CVE/list 2017-04-24 09:10:12 UTC (rev 50983)
@@ -1,3 +1,17 @@
+CVE-2017-8084
+ RESERVED
+CVE-2017-8083
+ RESERVED
+CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File
Manager, which ...)
+ TODO: check
+CVE-2017-8081
+ RESERVED
+CVE-2017-8080
+ RESERVED
+CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c
in the ...)
+ TODO: check
+CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel
before ...)
+ TODO: check
CVE-2017-8079
RESERVED
CVE-2017-8078 (On the TP-Link TL-SG108E 1.0, the upgrade process can be
requested ...)
@@ -347,8 +361,8 @@
NOTE:
https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92
CVE-2017-7945
RESERVED
-CVE-2017-7944
- RESERVED
+CVE-2017-7944 (XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an
Install ...)
+ TODO: check
CVE-2017-7943 (The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4
allows remote ...)
- imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860736)
[jessie] - imagemagick <no-dsa> (Minor issue)
@@ -645,6 +659,7 @@
CVE-2016-1000258
REJECTED
CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused
by a ...)
+ {DLA-910-1}
- libreoffice 1:5.2.5-1
NOTE: Fixed by:
https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by
an ...)
@@ -723,8 +738,8 @@
- libosip2 4.1.0-2.1 (bug #860287)
NOTE: https://savannah.gnu.org/support/index.php?109265
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
-CVE-2017-7852
- RESERVED
+CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file
that ...)
+ TODO: check
CVE-2017-7851
RESERVED
CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can
lead to a ...)
@@ -1343,42 +1358,50 @@
CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a
signed ...)
NOT-FOR-US: libaacplus
CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow
remote ...)
+ {DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE:
https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" ...)
+ {DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE:
https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable
values of type ...)
+ {DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE:
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable
values of type ...)
+ {DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE:
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to
cause a ...)
+ {DLA-911-1}
- tiff 4.0.7-6 (low)
[jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
NOTE:
https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range
of ...)
+ {DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE:
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable
values of type ...)
+ {DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
NOTE:
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows ...)
+ {DLA-911-1}
- tiff 4.0.7-6 (low; bug #860003)
[jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
@@ -1386,15 +1409,18 @@
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c
NOTE:
https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c
in ...)
+ {DLA-911-1}
- tiff 4.0.7-6 (low; bug #860001)
[jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659
CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is
...)
+ {DLA-911-1}
- tiff 4.0.7-6 (bug #860000)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651
CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a ...)
+ {DLA-911-1}
- tiff 4.0.7-6 (bug #859998)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658
@@ -14358,7 +14384,7 @@
RESERVED
CVE-2017-3157
RESERVED
- {DSA-3792-1}
+ {DSA-3792-1 DLA-910-1}
- libreoffice 1:5.2.3-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
CVE-2017-3156
@@ -54269,10 +54295,10 @@
RESERVED
CVE-2015-8111
RESERVED
-CVE-2015-8110
- RESERVED
-CVE-2015-8109
- RESERVED
+CVE-2015-8110 (Lenovo System Update (formerly ThinkVantage System Update)
before ...)
+ TODO: check
+CVE-2015-8109 (Lenovo System Update (formerly ThinkVantage System Update)
before ...)
+ TODO: check
CVE-2015-8108 (The management interface in LenovoEMC EZ Media & Backup
(hm3), ...)
NOT-FOR-US: LenovoEMC
CVE-2015-8107 (Format string vulnerability in GNU a2ps 4.14 allows remote
attackers ...)
@@ -73451,10 +73477,10 @@
RESERVED
CVE-2015-1523
RESERVED
-CVE-2015-1522
- RESERVED
-CVE-2015-1521
- RESERVED
+CVE-2015-1522 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not
reject ...)
+ TODO: check
+CVE-2015-1521 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not
properly ...)
+ TODO: check
CVE-2015-1520
RESERVED
CVE-2015-1519
@@ -73687,12 +73713,11 @@
[wheezy] - libhtp <no-dsa> (Minor issue)
NOTE:
https://github.com/inliniac/libhtp/commit/c7c03843cd6b1cbf44eb435d160ba53aec948828
CVE-2014-9681 [preserves TZ by default]
- RESERVED
+ REJECTED
- procmail <unfixed> (unimportant; bug #778341; bug #772706)
NOTE: No security boundaries are crossed here
NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
-CVE-2014-9680 [preserves TZ by default]
- RESERVED
+CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment
variable is ...)
{DSA-3167-1 DLA-160-1}
- sudo 1.8.12-1 (bug #772707)
[jessie] - sudo 1.8.10p3-1+deb8u2
@@ -73927,8 +73952,7 @@
- tiff3 <removed>
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif
-CVE-2014-9654
- RESERVED
+CVE-2014-9654 (The Regular Expressions package in International Components for
...)
{DSA-3187-1 DLA-219-1}
- icu 52.1-7.1 (bug #776719)
NOTE: https://ssl.icu-project.org/trac/changeset/36801
@@ -77415,8 +77439,7 @@
NOT-FOR-US: Smoothwall
CVE-2011-5283 (Cross-site scripting (XSS) vulnerability in the web management
...)
NOT-FOR-US: Smoothwall
-CVE-2010-5321 [v4l: videobuf: hotfix a bug on multiple calls to mmap()]
- RESERVED
+CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the
videobuf ...)
- linux <unfixed> (unimportant; bug #827340)
- linux-2.6 <removed> (unimportant)
NOTE: Unclear, old report for Linux
@@ -80126,14 +80149,14 @@
NOT-FOR-US: IBM
CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
NOT-FOR-US: IBM
-CVE-2015-0107
- RESERVED
+CVE-2015-0107 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request
Manager, ...)
+ TODO: check
CVE-2015-0106 (Cross-site scripting (XSS) vulnerability in IBM Business
Process ...)
NOT-FOR-US: IBM Business Process Manager
CVE-2015-0105 (Cross-site scripting (XSS) vulnerability in the Process Portal
in IBM ...)
NOT-FOR-US: IBM Business Process Manager
-CVE-2015-0104
- RESERVED
+CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request
Manager, ...)
+ TODO: check
CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the
Process ...)
NOT-FOR-US: IBM Business Process Manager
CVE-2015-0102
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
