Author: sectracker
Date: 2017-10-06 21:10:13 +0000 (Fri, 06 Oct 2017)
New Revision: 56464
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-06 21:00:09 UTC (rev 56463)
+++ data/CVE/list 2017-10-06 21:10:13 UTC (rev 56464)
@@ -1,3 +1,47 @@
+CVE-2017-15083
+ RESERVED
+CVE-2017-15082
+ RESERVED
+CVE-2017-15081
+ RESERVED
+CVE-2017-15080
+ RESERVED
+CVE-2017-15079 (The Smush Image Compression and Optimization plugin before
2.7.6 for ...)
+ TODO: check
+CVE-2017-15078 (The Intel Puma 5, 6, and 7 chips, as used on Virgin Media
branded Arris ...)
+ TODO: check
+CVE-2017-15077 (The Intel Puma 5, 6, and 7 chips, as used on UPC branded
Compal ...)
+ TODO: check
+CVE-2017-15076 (** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on
Telstra ...)
+ TODO: check
+CVE-2017-15075 (The Intel Puma 5, 6, and 7 chips, as used on various
Technicolor ...)
+ TODO: check
+CVE-2017-15074 (The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408
devices, allow ...)
+ TODO: check
+CVE-2017-15073 (The Intel Puma 5, 6, and 7 chips, as used on Samsung Home
Media Server ...)
+ TODO: check
+CVE-2017-15072 (The Intel Puma 5, 6, and 7 chips, as used on various Quantenna
devices, ...)
+ TODO: check
+CVE-2017-15071 (The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300,
CM400, ...)
+ TODO: check
+CVE-2017-15070 (The Intel Puma 5, 6, and 7 chips, as used on various Linksys
devices, ...)
+ TODO: check
+CVE-2017-15069 (The Intel Puma 5, 6, and 7 chips, as used on various Hitron
devices, ...)
+ TODO: check
+CVE-2017-15068 (The Intel Puma 5, 6, and 7 chips, as used on various Comcast
branded ...)
+ TODO: check
+CVE-2017-15067 (The Intel Puma 5, 6, and 7 chips, as used on various Compal
devices, ...)
+ TODO: check
+CVE-2017-15066 (The Intel Puma 5, 6, and 7 chips, as used on various AVM
FRITZ!Box ...)
+ TODO: check
+CVE-2017-15065 (The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32
devices, allow ...)
+ TODO: check
+CVE-2017-15064 (The Intel Puma 5, 6, and 7 chips, as used on various Arris
devices, ...)
+ TODO: check
+CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing
an attacker ...)
+ TODO: check
+CVE-2017-1000255
+ RESERVED
CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS before 4.2.0
because of a ...)
NOT-FOR-US: Subrion CMS
CVE-2017-15062
@@ -35,10 +79,10 @@
CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2
allows ...)
- redis <unfixed>
NOTE: https://github.com/antirez/redis/issues/4278
-CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow, a different ...)
+CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in
unpack_read_samples ...)
- lame <unfixed>
NOTE: https://sourceforge.net/p/lame/bugs/479/
-CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read, a different ...)
+CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer
in ...)
- lame <unfixed>
NOTE: https://sourceforge.net/p/lame/bugs/478/
CVE-2017-15044
@@ -1597,7 +1641,7 @@
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45
CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote
...)
- {DSA-3989-1}
+ {DSA-3989-1 DLA-1124-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262
@@ -1608,12 +1652,12 @@
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033
CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows
remote ...)
- {DSA-3989-1}
+ {DSA-3989-1 DLA-1124-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10
CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows
remote ...)
- {DSA-3989-1}
+ {DSA-3989-1 DLA-1124-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
@@ -2559,8 +2603,8 @@
NOTE:
https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
NOTE:
https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
NOTE: https://github.com/uclouvain/openjpeg/issues/982
-CVE-2017-1000254 [FTP PWD response parser out of bounds read]
- {DLA-1121-1}
+CVE-2017-1000254 (libcurl may read outside of a heap allocated buffer when
doing FTP. ...)
+ {DSA-3992-1 DLA-1121-1}
- curl <unfixed> (bug #877671)
NOTE: https://curl.haxx.se/docs/adv_20171004.html
NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
@@ -5157,10 +5201,10 @@
RESERVED
CVE-2017-13070
RESERVED
-CVE-2017-13069
- RESERVED
-CVE-2017-13068
- RESERVED
+CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities
found in ...)
+ TODO: check
+CVE-2017-13068 (QNAP has already patched this vulnerability. This security
concern ...)
+ TODO: check
CVE-2017-13067 (QNAP has patched a remote code execution vulnerability
affecting the ...)
NOT-FOR-US: QNAP
CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the
function ...)
@@ -6817,12 +6861,13 @@
CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl
SCADA Web ...)
NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user
can pass a numerical ...)
+ {DSA-3992-1}
- curl 7.55.0-1 (bug #871554)
[wheezy] - curl <not-affected> (Vulnerable code not present, introduced
later in 7.34.0)
NOTE: https://curl.haxx.se/docs/adv_20170809A.html
NOTE: https://curl.haxx.se/CVE-2017-1000101.patch
CVE-2017-1000100 (When doing a TFTP transfer and curl/libcurl is given a URL
that ...)
- {DLA-1062-1}
+ {DSA-3992-1 DLA-1062-1}
- curl 7.55.0-1 (bug #871555)
NOTE: https://curl.haxx.se/docs/adv_20170809B.html
NOTE: https://curl.haxx.se/CVE-2017-1000100.patch
@@ -10844,7 +10889,7 @@
NOT-FOR-US: Pulse Connect Secure
CVE-2017-11192
RESERVED
-CVE-2017-11191 (FreeIPA 4.x with API version 2.213 allows a remote
authenticated users ...)
+CVE-2017-11191 (** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a
remote ...)
- freeipa <unfixed>
CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is
enabled, might ...)
- unrar-free <unfixed> (unimportant)
@@ -16383,10 +16428,10 @@
RESERVED
CVE-2017-9274
RESERVED
-CVE-2017-9273
- RESERVED
-CVE-2017-9272
- RESERVED
+CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be
...)
+ TODO: check
+CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be
...)
+ TODO: check
CVE-2017-9271
RESERVED
CVE-2017-9270
@@ -83552,8 +83597,7 @@
NOTE: http://security.libvirt.org/2015/0003.html
NOTE: Broken by
https://libvirt.org/git/?p=libvirt.git;a=commit;h=155ca616eb231181f6978efc9e3a1eb0eb60af8a
(v1.2.14-rc1)
NOTE: and by
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7c2d65dde2595c07d56aad1e043f7b1836592d89
(v1.2.16-rc1)
-CVE-2015-5246
- RESERVED
+CVE-2015-5246 (The LDAP Authentication functionality in Foreman might allow
remote ...)
- foreman <itp> (bug #663101)
CVE-2015-5245 (CRLF injection vulnerability in the Ceph Object Gateway (aka
radosgw ...)
[experimental] - ceph 0.94.3-1
@@ -92918,8 +92962,7 @@
NOTE: present since release_candidate_2013-10-28
NOTE: https://github.com/splitbrain/dokuwiki/issues/1056
NOTE:
https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
-CVE-2015-2158 [pngcrush_measure_idat() off-by-one error]
- RESERVED
+CVE-2015-2158 (Off-by-one error in the pngcrush_measure_idat function in
pngcrush.c ...)
- pngcrush <not-affected> (Vulnerable code not present)
NOTE: Introduced by
http://sourceforge.net/p/pmt/code/ci/e1a36a9639e2db16494d90459c7c2b78677a20bf/
(1.7.83)
NOTE: Fixed by:
http://sourceforge.net/p/pmt/code/ci/a1ce646d00a400fd9ec321ab5cb522f40b7bdfe6/
(1.7.84)
@@ -94229,8 +94272,7 @@
NOTE: code does neither of the following: 1) checking for slashes after
decoding
NOTE: 2) checking for ordinary slashes before decoding and prohibiting
overlong
NOTE: encodings
-CVE-2015-2297 [Remote null pointer dereference]
- RESERVED
+CVE-2015-2297 (nanohttp in libcsoap allows remote attackers to cause a denial
of ...)
- libcsoap <removed> (bug #778599)
[squeeze] - libcsoap <no-dsa> (Minor issue)
[wheezy] - libcsoap <no-dsa> (Minor issue)
@@ -95950,8 +95992,8 @@
- ffmpeg 7:2.6.1-1
- libav <removed>
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
-CVE-2015-1206
- RESERVED
+CVE-2015-1206 (Heap-based buffer overflow in Google Chrome before M40 allows
remote ...)
+ TODO: check
CVE-2015-1204 (Cross-site scripting (XSS) vulnerability in the Save Filters
...)
NOT-FOR-US: Save Filters functionality in the WP Slimstat plugin for
WordPress
CVE-2015-1190
@@ -102593,8 +102635,8 @@
NOT-FOR-US: ESTsoft ALUpdate
CVE-2014-8493 (ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote
attackers to ...)
NOT-FOR-US: ZTE ZXHN H108L
-CVE-2014-8492
- RESERVED
+CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2014-8491
RESERVED
CVE-2014-8490
@@ -103189,8 +103231,8 @@
NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b
CVE-2014-8759
RESERVED
-CVE-2014-8758
- RESERVED
+CVE-2014-8758 (Cross-site scripting (XSS) vulnerability in Best Gallery Albums
Plugin ...)
+ TODO: check
CVE-2014-8757 (LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers
to ...)
NOT-FOR-US: LG On-Screen Phone
CVE-2014-8756 (The NcrCtl4.NcrNet.1 control in Panasonic Network Camera
Recorder ...)
@@ -105879,8 +105921,8 @@
RESERVED
CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows
remote ...)
NOT-FOR-US: TSUTAYA application for Android
-CVE-2014-7240
- RESERVED
+CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact
Form ...)
+ TODO: check
CVE-2014-7239
RESERVED
CVE-2014-7238
@@ -116949,8 +116991,7 @@
- wolfssl 3.4.8+dfsg-1 (bug #792646)
NOTE: wolfssl actually fixed with the initial upload to unstable after
the rename
NOTE: according to maintainer addressed in 3.2.0 upstream
-CVE-2014-2903
- RESERVED
+CVE-2014-2903 (CyaSSL does not check the key usage extension in leaf
certificates, ...)
- cyassl <removed> (bug #770229)
- wolfssl 3.4.8+dfsg-1 (bug #792646)
NOTE: wolfssl actually fixed with the initial upload to unstable after
the rename
@@ -125497,8 +125538,7 @@
RESERVED
- docker.io 1.6.0+dfsg1-1
NOTE: According to Red Hat bug no longer present in 1.5
-CVE-2014-0047 [multiple temporary file creation vulnerabilities]
- RESERVED
+CVE-2014-0047 (Docker before 1.5 allows local users to have unspecified impact
via ...)
- docker.io 1.6.0+dfsg1-1
NOTE: According to Red Hat bug no longer present in 1.5
CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper
in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
