Author: sectracker Date: 2017-04-26 21:10:14 +0000 (Wed, 26 Apr 2017) New Revision: 51086
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-26 20:54:29 UTC (rev 51085) +++ data/CVE/list 2017-04-26 21:10:14 UTC (rev 51086) @@ -1,3 +1,9 @@ +CVE-2017-8286 + RESERVED +CVE-2017-8285 + RESERVED +CVE-2017-8284 (** DISPUTED ** The disas_insn function in target/i386/translate.c in ...) + TODO: check CVE-2017-8282 RESERVED CVE-2017-8281 @@ -365,6 +371,7 @@ NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1) NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4) CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a ...) + {DLA-918-1} - freetype <unfixed> (bug #861220) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 @@ -450,6 +457,7 @@ CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve ...) NOT-FOR-US: TP-Link CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a filename via ...) + {DLA-919-1} - weechat 1.7-3 (bug #861121) NOTE: https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b CVE-2017-8072 (The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c ...) @@ -1471,8 +1479,8 @@ NOT-FOR-US: SolarWinds CVE-2017-7721 RESERVED -CVE-2017-7720 - RESERVED +CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to ...) + TODO: check CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...) NOT-FOR-US: Spider Event Calendar CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local ...) @@ -3046,12 +3054,12 @@ CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...) NOT-FOR-US: cloudflare-scrape CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...) - {DLA-885-1} + {DSA-3835-1 DLA-885-1} - python-django 1:1.10.7-1 (bug #859516) NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753 CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 ...) - {DLA-885-1} + {DSA-3835-1 DLA-885-1} - python-django 1:1.10.7-1 (bug #859515) NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a @@ -4042,7 +4050,7 @@ [wheezy] - imagemagick <not-affected> (vulnerable code not present) NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in ...) - {DSA-3827-1} + {DSA-3827-1 DLA-920-1} - jasper <removed> NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/11 NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387 @@ -6196,12 +6204,12 @@ RESERVED CVE-2017-6055 (XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 ...) NOT-FOR-US: eParakstitajs and eParaksts Java lib -CVE-2017-6054 - RESERVED +CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai ...) + TODO: check CVE-2017-6053 RESERVED -CVE-2017-6052 - RESERVED +CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...) + TODO: check CVE-2017-6051 RESERVED CVE-2017-6050 @@ -14775,11 +14783,9 @@ RESERVED CVE-2017-3163 RESERVED -CVE-2017-3162 - RESERVED +CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse the ...) - hadoop <itp> (bug #793644) -CVE-2017-3161 - RESERVED +CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a ...) - hadoop <itp> (bug #793644) CVE-2017-3160 RESERVED @@ -19301,8 +19307,8 @@ RESERVED CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a ...) NOT-FOR-US: IBM -CVE-2017-1170 - RESERVED +CVE-2017-1170 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...) + TODO: check CVE-2017-1169 RESERVED CVE-2017-1168 @@ -21597,7 +21603,7 @@ NOT-FOR-US: OpenShift CVE-2016-9591 [Use-after-free on heap in jas_matrix_destroy] RESERVED - {DSA-3827-1} + {DSA-3827-1 DLA-920-1} - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/105 NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c @@ -23847,11 +23853,12 @@ CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer from a ...) - python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases) CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x ...) - {DLA-706-1} + {DSA-3835-1 DLA-706-1} - python-django 1:1.10.3-1 (bug #842856) NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/ NOTE: https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9 CVE-2016-9013 (Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before ...) + {DSA-3835-1} - python-django 1:1.10.3-1 (bug #842856) [wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle) NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/ @@ -23954,8 +23961,8 @@ RESERVED CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in ...) NOT-FOR-US: IBM -CVE-2016-8962 - RESERVED +CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have ...) + TODO: check CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to conduct ...) NOT-FOR-US: IBM CVE-2016-8960 (IBM Cognos Business Intelligence 10.2 could allow a user with lower ...) @@ -24030,8 +24037,8 @@ NOT-FOR-US: IBM CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...) NOT-FOR-US: IBM -CVE-2016-8924 - RESERVED +CVE-2016-8924 (IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote ...) + TODO: check CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a ...) NOT-FOR-US: IBM CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits