Author: sectracker
Date: 2017-05-09 21:10:11 +0000 (Tue, 09 May 2017)
New Revision: 51460
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-09 20:53:50 UTC (rev 51459)
+++ data/CVE/list 2017-05-09 21:10:11 UTC (rev 51460)
@@ -1,3 +1,9 @@
+CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from
accepting a ...)
+ TODO: check
+CVE-2017-8854 (wolfSSL before 3.10.2 has an out-of-bounds memory access with
loading ...)
+ TODO: check
+CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in
...)
+ TODO: check
CVE-2017-8852
RESERVED
CVE-2017-8851
@@ -1287,6 +1293,7 @@
NOTE: https://github.com/libarchive/libarchive/issues/834
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3
CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to
timing ...)
+ {DLA-934-1}
- radicale 1.1.1+20160115-4 (bug #861514)
[jessie] - radicale <no-dsa> (Minor issue)
NOTE:
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
(1.1.x)
@@ -2156,8 +2163,8 @@
RESERVED
CVE-2017-7968
RESERVED
-CVE-2017-7967
- RESERVED
+CVE-2017-7967 (All versions of VAMPSET software produced by Schneider
Electric, prior ...)
+ TODO: check
CVE-2017-7966
RESERVED
CVE-2017-7965
@@ -4606,7 +4613,7 @@
CVE-2017-7229 (PGP/MIME encrypted messages injected into a Vaultive O365
(before ...)
NOT-FOR-US: Vaultive O365
CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes
available ...)
- {DLA-907-1}
+ {DSA-3847-1 DLA-907-1}
- xen 4.8.1-1 (bug #859560)
NOTE: https://xenbits.xen.org/xsa/advisory-212.html
CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a
heap-based ...)
@@ -5661,14 +5668,15 @@
CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL
hijacking ...)
NOT-FOR-US: Trend Micro Endpoint Sensor
CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a
potential ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.2-1
NOTE: Fixed by:
https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc
CVE-2017-6801 (An issue was discovered in ytnef before 1.9.2. There is a
potential ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.2-1
NOTE: Fixed by:
https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7
CVE-2017-6800 (An issue was discovered in ytnef before 1.9.2. An invalid
memory access ...)
+ {DSA-3846-1}
- libytnef 1.9.2-1
[wheezy] - libytnef <not-affected> (vulnerable code not present)
NOTE: Fixed by:
https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89
@@ -7206,55 +7214,56 @@
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
NOTE: Fixed by:
https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a
CVE-2017-6306 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
+ {DSA-3846-1}
- libytnef 1.9.1-1
[wheezy] - libytnef <not-affected> (vulnerable code not present)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related
to a ...)
- {DLA-878-1}
+ {DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
@@ -7601,8 +7610,8 @@
RESERVED
CVE-2017-6138
RESERVED
-CVE-2017-6137
- RESERVED
+CVE-2017-6137 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge
Gateway, ...)
+ TODO: check
CVE-2017-6136
RESERVED
CVE-2017-6135
@@ -9586,8 +9595,8 @@
RESERVED
CVE-2017-5528
RESERVED
-CVE-2017-5527
- RESERVED
+CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1,
7.6.x ...)
+ TODO: check
CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP
7.0.x ...)
- php7.1 7.1.1-1
- php7.0 7.0.15-1
@@ -14262,7 +14271,7 @@
[wheezy] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-203.html
CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel
administrators ...)
- {DLA-783-1}
+ {DSA-3847-1 DLA-783-1}
- xen 4.8.0-1
NOTE: https://xenbits.xen.org/xsa/advisory-202.html
CVE-2016-10028 (The virgl_cmd_get_capset function in
hw/display/virtio-gpu-3d.c in ...)
@@ -14520,7 +14529,7 @@
CVE-2016-10000
RESERVED
CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users
to gain ...)
- {DLA-783-1}
+ {DSA-3847-1 DLA-783-1}
- xen 4.8.0-1 (bug #848713)
NOTE: https://xenbits.xen.org/xsa/advisory-204.html
CVE-2016-10012 (The shared memory manager (associated with pre-authentication
...)
@@ -14701,6 +14710,7 @@
- libcrypto++ 5.6.4-5 (bug #848009)
NOTE: https://github.com/weidai11/cryptopp/issues/346
CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems
allows ...)
+ {DSA-3847-1}
- xen 4.8.0~rc3-1 (bug #848081)
NOTE: https://xenbits.xen.org/xsa/advisory-200.html
CVE-2016-9931
@@ -16618,22 +16628,22 @@
RESERVED
CVE-2017-3075
RESERVED
-CVE-2017-3074
- RESERVED
-CVE-2017-3073
- RESERVED
-CVE-2017-3072
- RESERVED
-CVE-2017-3071
- RESERVED
-CVE-2017-3070
- RESERVED
-CVE-2017-3069
- RESERVED
-CVE-2017-3068
- RESERVED
-CVE-2017-3067
- RESERVED
+CVE-2017-3074 (Adobe Flash Player versions 25.0.0.148 and earlier have an
exploitable ...)
+ TODO: check
+CVE-2017-3073 (Adobe Flash Player versions 25.0.0.148 and earlier have an
exploitable ...)
+ TODO: check
+CVE-2017-3072 (Adobe Flash Player versions 25.0.0.148 and earlier have an
exploitable ...)
+ TODO: check
+CVE-2017-3071 (Adobe Flash Player versions 25.0.0.148 and earlier have an
exploitable ...)
+ TODO: check
+CVE-2017-3070 (Adobe Flash Player versions 25.0.0.148 and earlier have an
exploitable ...)
+ TODO: check
+CVE-2017-3069 (Adobe Flash Player versions 25.0.0.148 and earlier have an
exploitable ...)
+ TODO: check
+CVE-2017-3068 (Adobe Flash Player versions 25.0.0.148 and earlier have an
exploitable ...)
+ TODO: check
+CVE-2017-3067 (Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an
...)
+ TODO: check
CVE-2017-3066 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11
update 11 and ...)
NOT-FOR-US: Adobe
CVE-2017-3065 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280
and ...)
@@ -24752,8 +24762,8 @@
RESERVED
CVE-2017-0303
RESERVED
-CVE-2017-0302
- RESERVED
+CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an
authenticated ...)
+ TODO: check
CVE-2017-0301
RESERVED
CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to
unspecified ...)
@@ -24782,20 +24792,20 @@
NOTE:
https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
CVE-2016-9258
RESERVED
-CVE-2016-9257
- RESERVED
-CVE-2016-9256
- RESERVED
+CVE-2016-9257 (In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users
may be ...)
+ TODO: check
+CVE-2016-9256 (In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by
iControl ...)
+ TODO: check
CVE-2016-9255
RESERVED
CVE-2016-9254
RESERVED
-CVE-2016-9253
- RESERVED
+CVE-2016-9253 (In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic
...)
+ TODO: check
CVE-2016-9252 (The Traffic Management Microkernel (TMM) in F5 BIG-IP before
11.5.4 ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2016-9251
- RESERVED
+CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker
may be ...)
+ TODO: check
CVE-2016-9250
RESERVED
CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual
Server ...)
@@ -32404,8 +32414,7 @@
NOTE: http://svn.apache.org/r1758764 (2.8.x)
CVE-2016-6800
RESERVED
-CVE-2016-6799
- RESERVED
+CVE-2016-6799 (Product: Apache Cordova Android 5.2.2 and earlier. The
application ...)
NOT-FOR-US: Apache Cordova
CVE-2016-6798
RESERVED
@@ -52902,7 +52911,7 @@
- openssh 1:7.1p2-1 (bug #810984)
NOTE:
https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
CVE-2016-0776
- RESERVED
+ REJECTED
CVE-2016-0775 (Buffer overflow in the ImagingFliDecode function in ...)
{DSA-3499-1 DLA-422-1}
- pillow 3.1.1-1 (bug #813909)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
