Author: sectracker Date: 2017-05-09 21:10:11 +0000 (Tue, 09 May 2017) New Revision: 51460
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-09 20:53:50 UTC (rev 51459) +++ data/CVE/list 2017-05-09 21:10:11 UTC (rev 51460) @@ -1,3 +1,9 @@ +CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a ...) + TODO: check +CVE-2017-8854 (wolfSSL before 3.10.2 has an out-of-bounds memory access with loading ...) + TODO: check +CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in ...) + TODO: check CVE-2017-8852 RESERVED CVE-2017-8851 @@ -1287,6 +1293,7 @@ NOTE: https://github.com/libarchive/libarchive/issues/834 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing ...) + {DLA-934-1} - radicale 1.1.1+20160115-4 (bug #861514) [jessie] - radicale <no-dsa> (Minor issue) NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x) @@ -2156,8 +2163,8 @@ RESERVED CVE-2017-7968 RESERVED -CVE-2017-7967 - RESERVED +CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...) + TODO: check CVE-2017-7966 RESERVED CVE-2017-7965 @@ -4606,7 +4613,7 @@ CVE-2017-7229 (PGP/MIME encrypted messages injected into a Vaultive O365 (before ...) NOT-FOR-US: Vaultive O365 CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes available ...) - {DLA-907-1} + {DSA-3847-1 DLA-907-1} - xen 4.8.1-1 (bug #859560) NOTE: https://xenbits.xen.org/xsa/advisory-212.html CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based ...) @@ -5661,14 +5668,15 @@ CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking ...) NOT-FOR-US: Trend Micro Endpoint Sensor CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a potential ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.2-1 NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc CVE-2017-6801 (An issue was discovered in ytnef before 1.9.2. There is a potential ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.2-1 NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7 CVE-2017-6800 (An issue was discovered in ytnef before 1.9.2. An invalid memory access ...) + {DSA-3846-1} - libytnef 1.9.2-1 [wheezy] - libytnef <not-affected> (vulnerable code not present) NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89 @@ -7206,55 +7214,56 @@ NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a CVE-2017-6306 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) + {DSA-3846-1} - libytnef 1.9.1-1 [wheezy] - libytnef <not-affected> (vulnerable code not present) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - {DLA-878-1} + {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 @@ -7601,8 +7610,8 @@ RESERVED CVE-2017-6138 RESERVED -CVE-2017-6137 - RESERVED +CVE-2017-6137 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...) + TODO: check CVE-2017-6136 RESERVED CVE-2017-6135 @@ -9586,8 +9595,8 @@ RESERVED CVE-2017-5528 RESERVED -CVE-2017-5527 - RESERVED +CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x ...) + TODO: check CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x ...) - php7.1 7.1.1-1 - php7.0 7.0.15-1 @@ -14262,7 +14271,7 @@ [wheezy] - xen <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-203.html CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel administrators ...) - {DLA-783-1} + {DSA-3847-1 DLA-783-1} - xen 4.8.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-202.html CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in ...) @@ -14520,7 +14529,7 @@ CVE-2016-10000 RESERVED CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain ...) - {DLA-783-1} + {DSA-3847-1 DLA-783-1} - xen 4.8.0-1 (bug #848713) NOTE: https://xenbits.xen.org/xsa/advisory-204.html CVE-2016-10012 (The shared memory manager (associated with pre-authentication ...) @@ -14701,6 +14710,7 @@ - libcrypto++ 5.6.4-5 (bug #848009) NOTE: https://github.com/weidai11/cryptopp/issues/346 CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows ...) + {DSA-3847-1} - xen 4.8.0~rc3-1 (bug #848081) NOTE: https://xenbits.xen.org/xsa/advisory-200.html CVE-2016-9931 @@ -16618,22 +16628,22 @@ RESERVED CVE-2017-3075 RESERVED -CVE-2017-3074 - RESERVED -CVE-2017-3073 - RESERVED -CVE-2017-3072 - RESERVED -CVE-2017-3071 - RESERVED -CVE-2017-3070 - RESERVED -CVE-2017-3069 - RESERVED -CVE-2017-3068 - RESERVED -CVE-2017-3067 - RESERVED +CVE-2017-3074 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + TODO: check +CVE-2017-3073 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + TODO: check +CVE-2017-3072 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + TODO: check +CVE-2017-3071 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + TODO: check +CVE-2017-3070 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + TODO: check +CVE-2017-3069 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + TODO: check +CVE-2017-3068 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + TODO: check +CVE-2017-3067 (Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an ...) + TODO: check CVE-2017-3066 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and ...) NOT-FOR-US: Adobe CVE-2017-3065 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...) @@ -24752,8 +24762,8 @@ RESERVED CVE-2017-0303 RESERVED -CVE-2017-0302 - RESERVED +CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated ...) + TODO: check CVE-2017-0301 RESERVED CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to unspecified ...) @@ -24782,20 +24792,20 @@ NOTE: https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c CVE-2016-9258 RESERVED -CVE-2016-9257 - RESERVED -CVE-2016-9256 - RESERVED +CVE-2016-9257 (In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be ...) + TODO: check +CVE-2016-9256 (In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl ...) + TODO: check CVE-2016-9255 RESERVED CVE-2016-9254 RESERVED -CVE-2016-9253 - RESERVED +CVE-2016-9253 (In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic ...) + TODO: check CVE-2016-9252 (The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 ...) NOT-FOR-US: F5 BIG-IP -CVE-2016-9251 - RESERVED +CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be ...) + TODO: check CVE-2016-9250 RESERVED CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server ...) @@ -32404,8 +32414,7 @@ NOTE: http://svn.apache.org/r1758764 (2.8.x) CVE-2016-6800 RESERVED -CVE-2016-6799 - RESERVED +CVE-2016-6799 (Product: Apache Cordova Android 5.2.2 and earlier. The application ...) NOT-FOR-US: Apache Cordova CVE-2016-6798 RESERVED @@ -52902,7 +52911,7 @@ - openssh 1:7.1p2-1 (bug #810984) NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt CVE-2016-0776 - RESERVED + REJECTED CVE-2016-0775 (Buffer overflow in the ImagingFliDecode function in ...) {DSA-3499-1 DLA-422-1} - pillow 3.1.1-1 (bug #813909) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits