Author: sectracker Date: 2017-05-11 09:10:11 +0000 (Thu, 11 May 2017) New Revision: 51533
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-11 09:02:57 UTC (rev 51532) +++ data/CVE/list 2017-05-11 09:10:11 UTC (rev 51533) @@ -1,3 +1,5 @@ +CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...) + TODO: check CVE-2017-8894 RESERVED CVE-2017-8893 @@ -272,8 +274,7 @@ RESERVED CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before ...) NOT-FOR-US: iRODS -CVE-2017-8798 [miniupnp integer signedness error] - RESERVED +CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through ...) - miniupnpc <unfixed> (bug #862273) NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229 @@ -2250,6 +2251,7 @@ NOT-FOR-US: Enalean Tuleap CVE-2017-7980 RESERVED + {DLA-939-1} - qemu 1:2.8+dfsg-4 - qemu-kvm <removed> NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=026aeffcb4752054830ba203020ed6eb05bcaba8 @@ -3055,6 +3057,7 @@ CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...) NOT-FOR-US: Spider Event Calendar CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ...) + {DLA-939-1} - qemu 1:2.8+dfsg-4 - qemu-kvm <removed> NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904 @@ -5620,12 +5623,12 @@ RESERVED CVE-2017-6868 RESERVED -CVE-2017-6867 - RESERVED +CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before ...) + TODO: check CVE-2017-6866 RESERVED -CVE-2017-6865 - RESERVED +CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and V14 ...) + TODO: check CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...) NOT-FOR-US: Siemens CVE-2017-6863 @@ -10037,8 +10040,7 @@ - nss <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462 NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5 -CVE-2017-5461 - RESERVED +CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 [experimental] - nss 2:3.30.1-1 @@ -17833,10 +17835,10 @@ NOT-FOR-US: Siemens CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...) NOT-FOR-US: Siemens -CVE-2017-2681 - RESERVED -CVE-2017-2680 - RESERVED +CVE-2017-2681 (Siemens SIMATIC S7-300 incl. F and T (All versions before V3.X.14), ...) + TODO: check +CVE-2017-2680 (Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...) + TODO: check CVE-2017-2679 RESERVED CVE-2017-2678 @@ -23382,6 +23384,7 @@ NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection] RESERVED + {DLA-939-1} - qemu 1:2.8+dfsg-4 (bug #857744) - qemu-kvm <removed> - xen 4.4.0-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits