Author: sectracker Date: 2017-05-26 21:10:12 +0000 (Fri, 26 May 2017) New Revision: 51981
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-26 18:31:06 UTC (rev 51980) +++ data/CVE/list 2017-05-26 21:10:12 UTC (rev 51981) @@ -1,3 +1,7 @@ +CVE-2017-9240 + RESERVED +CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function ...) + TODO: check CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the ...) - exiv2 <unfixed> (bug #863410) [jessie] - exiv2 <no-dsa> (Minor issue) @@ -362,7 +366,7 @@ CVE-2017-9099 RESERVED CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use ...) - {DSA-3863-1} + {DSA-3863-1 DLA-953-1} - imagemagick <unfixed> (bug #862967) - graphicsmagick 1.3.24-1 NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b @@ -601,8 +605,8 @@ RESERVED CVE-2017-9022 RESERVED -CVE-2017-9021 - RESERVED +CVE-2017-9021 (The vrend_clear dispatch function in vrend_renderer.c in virglrenderer ...) + TODO: check CVE-2017-9020 RESERVED CVE-2016-10373 @@ -1715,22 +1719,22 @@ RESERVED CVE-2017-8543 RESERVED -CVE-2017-8542 - RESERVED -CVE-2017-8541 - RESERVED -CVE-2017-8540 - RESERVED -CVE-2017-8539 - RESERVED -CVE-2017-8538 - RESERVED -CVE-2017-8537 - RESERVED -CVE-2017-8536 - RESERVED -CVE-2017-8535 - RESERVED +CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check +CVE-2017-8541 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check +CVE-2017-8540 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check +CVE-2017-8539 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check +CVE-2017-8538 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check +CVE-2017-8537 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check +CVE-2017-8536 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check +CVE-2017-8535 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check CVE-2017-8534 RESERVED CVE-2017-8533 @@ -2197,6 +2201,7 @@ NOTE: https://github.com/erikd/libsndfile/issues/230 NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers ...) + {DLA-955-1} - rzip <unfixed> (bug #861614) [jessie] - rzip <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/ @@ -4603,8 +4608,7 @@ RESERVED CVE-2017-7506 RESERVED -CVE-2017-7505 - RESERVED +CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...) - foreman <itp> (bug #663101) CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the ...) NOT-FOR-US: Red Hat JBoss @@ -6599,8 +6603,8 @@ NOT-FOR-US: Siemens CVE-2017-6863 RESERVED -CVE-2017-6862 - RESERVED +CVE-2017-6862 (NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before ...) + TODO: check CVE-2017-6861 RESERVED CVE-2017-6860 @@ -16409,7 +16413,7 @@ CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-3858-1} + {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -16423,7 +16427,7 @@ CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-3858-1} + {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -16441,7 +16445,7 @@ CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-3858-1} + {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -16459,7 +16463,7 @@ CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-3858-1} + {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -16501,7 +16505,7 @@ - openjdk-7 <not-affected> (MacOSX builds only) NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-3858-1} + {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -16509,7 +16513,7 @@ CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-3858-1} + {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -21768,8 +21772,8 @@ RESERVED CVE-2017-1326 RESERVED -CVE-2017-1325 - RESERVED +CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2017-1324 RESERVED CVE-2017-1323 @@ -21834,10 +21838,10 @@ RESERVED CVE-2017-1293 RESERVED -CVE-2017-1292 - RESERVED -CVE-2017-1291 - RESERVED +CVE-2017-1292 (IBM Maximo Asset Management 7.5 and 7.6 generates error messages that ...) + TODO: check +CVE-2017-1291 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response ...) + TODO: check CVE-2017-1290 RESERVED CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External Entity ...) @@ -79004,7 +79008,7 @@ NOT-FOR-US: Labtech CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows remote ...) NOT-FOR-US: iPass Open Mobile -CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the root ...) +CVE-2015-0924 (Ceragon FibeAir IP-10 bridges have a default password for the root ...) NOT-FOR-US: Ceragon FiberAir IP-10 bridges CVE-2015-0923 (The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron ...) NOT-FOR-US: Ektron CMS @@ -82917,8 +82921,8 @@ - zendframework <not-affected> (the vulnerability was introduced in the 2 series) - php-zend-db <not-affected> (Fixed before initial upload to the archive) NOTE: http://framework.zend.com/security/advisory/ZF2015-02 -CVE-2015-0269 - RESERVED +CVE-2015-0269 (Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x ...) + TODO: check CVE-2015-0268 (The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when ...) - xen <not-affected> (Only affects 4.5) NOTE: http://xenbits.xen.org/xsa/advisory-117.html _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits