Author: sectracker Date: 2017-04-25 09:10:12 +0000 (Tue, 25 Apr 2017) New Revision: 51024
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-25 09:01:32 UTC (rev 51023) +++ data/CVE/list 2017-04-25 09:10:12 UTC (rev 51024) @@ -1,4 +1,6 @@ -CVE-2017-8106 [nVMX: Check current_vmcs12 before accessing in handle_invept()] +CVE-2017-8107 + RESERVED +CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel ...) - linux 3.16.2-1 NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1) NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4) @@ -9387,107 +9389,89 @@ RESERVED - chromium-browser 57.0.2987.133-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5051 - RESERVED -CVE-2017-5050 - RESERVED -CVE-2017-5049 - RESERVED -CVE-2017-5048 - RESERVED -CVE-2017-5047 - RESERVED -CVE-2017-5046 - RESERVED +CVE-2017-5051 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...) + TODO: check +CVE-2017-5050 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...) + TODO: check +CVE-2017-5049 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...) + TODO: check +CVE-2017-5048 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...) + TODO: check +CVE-2017-5047 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...) + TODO: check +CVE-2017-5046 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5045 - RESERVED +CVE-2017-5045 (XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5044 - RESERVED +CVE-2017-5044 (Heap buffer overflow in filter processing in Skia in Google Chrome ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5043 - RESERVED +CVE-2017-5043 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5042 - RESERVED +CVE-2017-5042 (Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5041 - RESERVED +CVE-2017-5041 (Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5040 - RESERVED +CVE-2017-5040 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5039 - RESERVED +CVE-2017-5039 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5038 - RESERVED +CVE-2017-5038 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5037 - RESERVED +CVE-2017-5037 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5036 - RESERVED +CVE-2017-5036 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5035 - RESERVED +CVE-2017-5035 (Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5034 - RESERVED +CVE-2017-5034 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5033 - RESERVED +CVE-2017-5033 (Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5032 - RESERVED +CVE-2017-5032 (PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5031 - RESERVED +CVE-2017-5031 (A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5030 - RESERVED +CVE-2017-5030 (Incorrect handling of complex species in V8 in Google Chrome prior to ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-5029 - RESERVED +CVE-2017-5029 (The xsltAddTextString function in transform.c in libxslt 1.1.29, as ...) {DSA-3810-1 DLA-866-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) @@ -15092,7 +15076,7 @@ NOTE: https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo NOTE: https://bugzilla.libav.org/show_bug.cgi?id=982 CVE-2016-9822 (Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote ...) - {DLA-791-1} + {DSA-3833-1 DLA-791-1} - libav <removed> NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser @@ -15100,7 +15084,7 @@ NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9) CVE-2016-9821 (Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows ...) - {DLA-791-1} + {DSA-3833-1 DLA-791-1} - libav <removed> NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits