Author: sectracker
Date: 2017-04-25 09:10:12 +0000 (Tue, 25 Apr 2017)
New Revision: 51024
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-25 09:01:32 UTC (rev 51023)
+++ data/CVE/list 2017-04-25 09:10:12 UTC (rev 51024)
@@ -1,4 +1,6 @@
-CVE-2017-8106 [nVMX: Check current_vmcs12 before accessing in handle_invept()]
+CVE-2017-8107
+ RESERVED
+CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux
kernel ...)
- linux 3.16.2-1
NOTE: Introduced by:
https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4)
@@ -9387,107 +9389,89 @@
RESERVED
- chromium-browser 57.0.2987.133-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5051
- RESERVED
-CVE-2017-5050
- RESERVED
-CVE-2017-5049
- RESERVED
-CVE-2017-5048
- RESERVED
-CVE-2017-5047
- RESERVED
-CVE-2017-5046
- RESERVED
+CVE-2017-5051 (An integer overflow in FFmpeg in Google Chrome prior to
57.0.2987.98 ...)
+ TODO: check
+CVE-2017-5050 (An integer overflow in FFmpeg in Google Chrome prior to
57.0.2987.98 ...)
+ TODO: check
+CVE-2017-5049 (An integer overflow in FFmpeg in Google Chrome prior to
57.0.2987.98 ...)
+ TODO: check
+CVE-2017-5048 (An integer overflow in FFmpeg in Google Chrome prior to
57.0.2987.98 ...)
+ TODO: check
+CVE-2017-5047 (An integer overflow in FFmpeg in Google Chrome prior to
57.0.2987.98 ...)
+ TODO: check
+CVE-2017-5046 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and
Linux ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5045
- RESERVED
+CVE-2017-5045 (XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac,
Windows, ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5044
- RESERVED
+CVE-2017-5044 (Heap buffer overflow in filter processing in Skia in Google
Chrome ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5043
- RESERVED
+CVE-2017-5043 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux,
Windows, ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5042
- RESERVED
+CVE-2017-5042 (Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows,
and Linux ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5041
- RESERVED
+CVE-2017-5041 (Google Chrome prior to 57.0.2987.100 incorrectly handled
back-forward ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5040
- RESERVED
+CVE-2017-5040 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and
Linux ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2017-5039
- RESERVED
+CVE-2017-5039 (A use after free in PDFium in Google Chrome prior to
57.0.2987.98 for ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5038
- RESERVED
+CVE-2017-5038 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux,
Windows, ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5037
- RESERVED
+CVE-2017-5037 (An integer overflow in FFmpeg in Google Chrome prior to
57.0.2987.98 ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5036
- RESERVED
+CVE-2017-5036 (A use after free in PDFium in Google Chrome prior to
57.0.2987.98 for ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5035
- RESERVED
+CVE-2017-5035 (Google Chrome prior to 57.0.2987.98 for Windows and Mac had a
race ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5034
- RESERVED
+CVE-2017-5034 (A use after free in PDFium in Google Chrome prior to
57.0.2987.98 for ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5033
- RESERVED
+CVE-2017-5033 (Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows,
and ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5032
- RESERVED
+CVE-2017-5032 (PDFium in Google Chrome prior to 57.0.2987.98 for Windows could
be made ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5031
- RESERVED
+CVE-2017-5031 (A use after free in ANGLE in Google Chrome prior to
57.0.2987.98 for ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5030
- RESERVED
+CVE-2017-5030 (Incorrect handling of complex species in V8 in Google Chrome
prior to ...)
{DSA-3810-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2017-5029
- RESERVED
+CVE-2017-5029 (The xsltAddTextString function in transform.c in libxslt
1.1.29, as ...)
{DSA-3810-1 DLA-866-1}
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -15092,7 +15076,7 @@
NOTE:
https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=982
CVE-2016-9822 (Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows
remote ...)
- {DLA-791-1}
+ {DSA-3833-1 DLA-791-1}
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
@@ -15100,7 +15084,7 @@
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33
(pre 11.9)
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0
(pre 11.9)
CVE-2016-9821 (Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8
allows ...)
- {DLA-791-1}
+ {DSA-3833-1 DLA-791-1}
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
