[Secure-testing-commits] r51086 - data/CVE

security tracker role Wed, 26 Apr 2017 14:10:40 -0700

Author: sectracker
Date: 2017-04-26 21:10:14 +0000 (Wed, 26 Apr 2017)
New Revision: 51086


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-04-26 20:54:29 UTC (rev 51085)
+++ data/CVE/list       2017-04-26 21:10:14 UTC (rev 51086)
@@ -1,3 +1,9 @@
+CVE-2017-8286
+       RESERVED
+CVE-2017-8285
+       RESERVED
+CVE-2017-8284 (** DISPUTED ** The disas_insn function in 
target/i386/translate.c in ...)
+       TODO: check
 CVE-2017-8282
        RESERVED
 CVE-2017-8281
@@ -365,6 +371,7 @@
        NOTE: Introduced by: 
https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1)
        NOTE: Fixed by: 
https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4)
 CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused 
by a ...)
+       {DLA-918-1}
        - freetype <unfixed> (bug #861220)
        NOTE: Fixed by: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
@@ -450,6 +457,7 @@
 CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve 
...)
        NOT-FOR-US: TP-Link
 CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a 
filename via ...)
+       {DLA-919-1}
        - weechat 1.7-3 (bug #861121)
        NOTE: 
https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
 CVE-2017-8072 (The cp2112_gpio_direction_input function in 
drivers/hid/hid-cp2112.c ...)
@@ -1471,8 +1479,8 @@
        NOT-FOR-US: SolarWinds
 CVE-2017-7721
        RESERVED
-CVE-2017-7720
-       RESERVED
+CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local 
attackers to ...)
+       TODO: check
 CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka 
spider-event-calendar) ...)
        NOT-FOR-US: Spider Event Calendar
 CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow 
local ...)
@@ -3046,12 +3054,12 @@
 CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 
1.7.1. A ...)
        NOT-FOR-US: cloudflare-scrape
 CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 
before ...)
-       {DLA-885-1}
+       {DSA-3835-1 DLA-885-1}
        - python-django 1:1.10.7-1 (bug #859516)
        NOTE: 
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
        NOTE: Fixed by (master): 
https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753
 CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 
1.8.18 ...)
-       {DLA-885-1}
+       {DSA-3835-1 DLA-885-1}
        - python-django 1:1.10.7-1 (bug #859515)
        NOTE: 
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
        NOTE: Fixed by (master): 
https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a
@@ -4042,7 +4050,7 @@
        [wheezy] - imagemagick <not-affected> (vulnerable code not present)
        NOTE: Fixed by: 
http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b
 CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in 
jpc_t2cod.c in ...)
-       {DSA-3827-1}
+       {DSA-3827-1 DLA-920-1}
        - jasper <removed>
        NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/11
        NOTE: 
https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
@@ -6196,12 +6204,12 @@
        RESERVED
 CVE-2017-6055 (XML external entity (XXE) vulnerability in eParakstitajs 3 
before 1.3.9 ...)
        NOT-FOR-US: eParakstitajs and eParaksts Java lib
-CVE-2017-6054
-       RESERVED
+CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in 
Hyundai ...)
+       TODO: check
 CVE-2017-6053
        RESERVED
-CVE-2017-6052
-       RESERVED
+CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor 
America Blue ...)
+       TODO: check
 CVE-2017-6051
        RESERVED
 CVE-2017-6050
@@ -14775,11 +14783,9 @@
        RESERVED
 CVE-2017-3163
        RESERVED
-CVE-2017-3162
-       RESERVED
+CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse 
the ...)
        - hadoop <itp> (bug #793644)
-CVE-2017-3161
-       RESERVED
+CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to 
a ...)
        - hadoop <itp> (bug #793644)
 CVE-2017-3160
        RESERVED
@@ -19301,8 +19307,8 @@
        RESERVED
 CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain 
a ...)
        NOT-FOR-US: IBM
-CVE-2017-1170
-       RESERVED
+CVE-2017-1170 (IBM WebSphere Commerce Enterprise, Professional, Express, and 
...)
+       TODO: check
 CVE-2017-1169
        RESERVED
 CVE-2017-1168
@@ -21597,7 +21603,7 @@
        NOT-FOR-US: OpenShift
 CVE-2016-9591 [Use-after-free on heap in jas_matrix_destroy]
        RESERVED
-       {DSA-3827-1}
+       {DSA-3827-1 DLA-920-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/105
        NOTE: Fixed by: 
https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
@@ -23847,11 +23853,12 @@
 CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer 
from a ...)
        - python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 
releases)
 CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 
1.10.x ...)
-       {DLA-706-1}
+       {DSA-3835-1 DLA-706-1}
        - python-django 1:1.10.3-1 (bug #842856)
        NOTE: 
https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
        NOTE: 
https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
 CVE-2016-9013 (Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x 
before ...)
+       {DSA-3835-1}
        - python-django 1:1.10.3-1 (bug #842856)
        [wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
        NOTE: 
https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
@@ -23954,8 +23961,8 @@
        RESERVED
 CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive 
information in ...)
        NOT-FOR-US: IBM
-CVE-2016-8962
-       RESERVED
+CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should 
have ...)
+       TODO: check
 CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to 
conduct ...)
        NOT-FOR-US: IBM
 CVE-2016-8960 (IBM Cognos Business Intelligence 10.2 could allow a user with 
lower ...)
@@ -24030,8 +24037,8 @@
        NOT-FOR-US: IBM
 CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 
7.3 ...)
        NOT-FOR-US: IBM
-CVE-2016-8924
-       RESERVED
+CVE-2016-8924 (IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a 
remote ...)
+       TODO: check
 CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains 
a ...)
        NOT-FOR-US: IBM
 CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51086 - data/CVE

Reply via email to