Author: sectracker
Date: 2017-05-26 21:10:12 +0000 (Fri, 26 May 2017)
New Revision: 51981
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-26 18:31:06 UTC (rev 51980)
+++ data/CVE/list 2017-05-26 21:10:12 UTC (rev 51981)
@@ -1,3 +1,7 @@
+CVE-2017-9240
+ RESERVED
+CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push
function ...)
+ TODO: check
CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure
of the ...)
- exiv2 <unfixed> (bug #863410)
[jessie] - exiv2 <no-dsa> (Minor issue)
@@ -362,7 +366,7 @@
CVE-2017-9099
RESERVED
CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use
...)
- {DSA-3863-1}
+ {DSA-3863-1 DLA-953-1}
- imagemagick <unfixed> (bug #862967)
- graphicsmagick 1.3.24-1
NOTE: ImageMagick fix:
https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
@@ -601,8 +605,8 @@
RESERVED
CVE-2017-9022
RESERVED
-CVE-2017-9021
- RESERVED
+CVE-2017-9021 (The vrend_clear dispatch function in vrend_renderer.c in
virglrenderer ...)
+ TODO: check
CVE-2017-9020
RESERVED
CVE-2016-10373
@@ -1715,22 +1719,22 @@
RESERVED
CVE-2017-8543
RESERVED
-CVE-2017-8542
- RESERVED
-CVE-2017-8541
- RESERVED
-CVE-2017-8540
- RESERVED
-CVE-2017-8539
- RESERVED
-CVE-2017-8538
- RESERVED
-CVE-2017-8537
- RESERVED
-CVE-2017-8536
- RESERVED
-CVE-2017-8535
- RESERVED
+CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
+CVE-2017-8541 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
+CVE-2017-8540 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
+CVE-2017-8539 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
+CVE-2017-8538 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
+CVE-2017-8537 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
+CVE-2017-8536 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
+CVE-2017-8535 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
CVE-2017-8534
RESERVED
CVE-2017-8533
@@ -2197,6 +2201,7 @@
NOTE: https://github.com/erikd/libsndfile/issues/230
NOTE: Fixed by:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote
attackers ...)
+ {DLA-955-1}
- rzip <unfixed> (bug #861614)
[jessie] - rzip <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
@@ -4603,8 +4608,7 @@
RESERVED
CVE-2017-7506
RESERVED
-CVE-2017-7505
- RESERVED
+CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect
authorization ...)
- foreman <itp> (bug #663101)
CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of
the ...)
NOT-FOR-US: Red Hat JBoss
@@ -6599,8 +6603,8 @@
NOT-FOR-US: Siemens
CVE-2017-6863
RESERVED
-CVE-2017-6862
- RESERVED
+CVE-2017-6862 (NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices
before ...)
+ TODO: check
CVE-2017-6861
RESERVED
CVE-2017-6860
@@ -16409,7 +16413,7 @@
CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle
Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- {DSA-3858-1}
+ {DSA-3858-1 DLA-954-1}
- openjdk-8 8u131-b11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -16423,7 +16427,7 @@
CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle
Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- {DSA-3858-1}
+ {DSA-3858-1 DLA-954-1}
- openjdk-8 8u131-b11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -16441,7 +16445,7 @@
CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle
CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- {DSA-3858-1}
+ {DSA-3858-1 DLA-954-1}
- openjdk-8 8u131-b11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -16459,7 +16463,7 @@
CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- {DSA-3858-1}
+ {DSA-3858-1 DLA-954-1}
- openjdk-8 8u131-b11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -16501,7 +16505,7 @@
- openjdk-7 <not-affected> (MacOSX builds only)
NOTE: Upstream commit:
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a
CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- {DSA-3858-1}
+ {DSA-3858-1 DLA-954-1}
- openjdk-8 8u131-b11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -16509,7 +16513,7 @@
CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems
Products ...)
NOT-FOR-US: Solaris
CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- {DSA-3858-1}
+ {DSA-3858-1 DLA-954-1}
- openjdk-8 8u131-b11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -21768,8 +21772,8 @@
RESERVED
CVE-2017-1326
RESERVED
-CVE-2017-1325
- RESERVED
+CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
This ...)
+ TODO: check
CVE-2017-1324
RESERVED
CVE-2017-1323
@@ -21834,10 +21838,10 @@
RESERVED
CVE-2017-1293
RESERVED
-CVE-2017-1292
- RESERVED
-CVE-2017-1291
- RESERVED
+CVE-2017-1292 (IBM Maximo Asset Management 7.5 and 7.6 generates error
messages that ...)
+ TODO: check
+CVE-2017-1291 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP
response ...)
+ TODO: check
CVE-2017-1290
RESERVED
CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External
Entity ...)
@@ -79004,7 +79008,7 @@
NOT-FOR-US: Labtech
CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows
remote ...)
NOT-FOR-US: iPass Open Mobile
-CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the
root ...)
+CVE-2015-0924 (Ceragon FibeAir IP-10 bridges have a default password for the
root ...)
NOT-FOR-US: Ceragon FiberAir IP-10 bridges
CVE-2015-0923 (The ContentBlockEx method in Workarea/ServerControlWS.asmx in
Ektron ...)
NOT-FOR-US: Ektron CMS
@@ -82917,8 +82921,8 @@
- zendframework <not-affected> (the vulnerability was introduced in the
2 series)
- php-zend-db <not-affected> (Fixed before initial upload to the
archive)
NOTE: http://framework.zend.com/security/advisory/ZF2015-02
-CVE-2015-0269
- RESERVED
+CVE-2015-0269 (Directory traversal vulnerability in Contao before 3.2.19, and
3.4.x ...)
+ TODO: check
CVE-2015-0268 (The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x,
when ...)
- xen <not-affected> (Only affects 4.5)
NOTE: http://xenbits.xen.org/xsa/advisory-117.html
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
