Author: sectracker Date: 2017-10-10 21:10:16 +0000 (Tue, 10 Oct 2017) New Revision: 56588
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-10 20:29:04 UTC (rev 56587) +++ data/CVE/list 2017-10-10 21:10:16 UTC (rev 56588) @@ -284,35 +284,50 @@ RESERVED CVE-2017-15079 (The Smush Image Compression and Optimization plugin before 2.7.6 for ...) NOT-FOR-US: Smush Image Compression and Optimization plugin for WordPress -CVE-2017-15078 (The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris ...) +CVE-2017-15078 + REJECTED NOT-FOR-US: Intel -CVE-2017-15077 (The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal ...) +CVE-2017-15077 + REJECTED NOT-FOR-US: Intel -CVE-2017-15076 (** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra ...) +CVE-2017-15076 + REJECTED NOT-FOR-US: Intel -CVE-2017-15075 (The Intel Puma 5, 6, and 7 chips, as used on various Technicolor ...) +CVE-2017-15075 + REJECTED NOT-FOR-US: Intel -CVE-2017-15074 (The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow ...) +CVE-2017-15074 + REJECTED NOT-FOR-US: Intel -CVE-2017-15073 (The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server ...) +CVE-2017-15073 + REJECTED NOT-FOR-US: Intel -CVE-2017-15072 (The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, ...) +CVE-2017-15072 + REJECTED NOT-FOR-US: Intel -CVE-2017-15071 (The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, ...) +CVE-2017-15071 + REJECTED NOT-FOR-US: Intel -CVE-2017-15070 (The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, ...) +CVE-2017-15070 + REJECTED NOT-FOR-US: Intel -CVE-2017-15069 (The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, ...) +CVE-2017-15069 + REJECTED NOT-FOR-US: Intel -CVE-2017-15068 (The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded ...) +CVE-2017-15068 + REJECTED NOT-FOR-US: Intel -CVE-2017-15067 (The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, ...) +CVE-2017-15067 + REJECTED NOT-FOR-US: Intel -CVE-2017-15066 (The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box ...) +CVE-2017-15066 + REJECTED NOT-FOR-US: Intel -CVE-2017-15065 (The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow ...) +CVE-2017-15065 + REJECTED NOT-FOR-US: Intel -CVE-2017-15064 (The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, ...) +CVE-2017-15064 + REJECTED NOT-FOR-US: Intel CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing an attacker ...) - koji <unfixed> (bug #877921) @@ -1172,6 +1187,7 @@ CVE-2017-14768 RESERVED CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d @@ -2700,6 +2716,7 @@ NOTE: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/ NOTE: https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/ CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2 @@ -2709,10 +2726,12 @@ NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97 CVE-2017-14222 (In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382 @@ -2824,14 +2843,17 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/715 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7 CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2 CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad @@ -3224,26 +3246,32 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48 CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6 CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329 CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...) + {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49 @@ -4097,7 +4125,7 @@ NOTE: This is in libxkbfile in wheezy CVE-2017-13722 [pcfGetProperties: Check string boundaries] RESERVED - {DLA-1126-1} + {DSA-3995-1 DLA-1126-1} - libxfont 1:2.0.1-4 - libxfont1 <unfixed> (unimportant) NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd @@ -4108,7 +4136,7 @@ NOTE: In wheezy this is possibly libxext, src/XShm.c? CVE-2017-13720 [Check for end of string in PatternMatch] RESERVED - {DLA-1126-1} + {DSA-3995-1 DLA-1126-1} - libxfont 1:2.0.1-4 - libxfont1 <unfixed> (unimportant) NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608 @@ -4275,16 +4303,16 @@ RESERVED CVE-2017-13680 RESERVED -CVE-2017-13679 - RESERVED +CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...) + TODO: check CVE-2017-13678 RESERVED CVE-2017-13677 RESERVED CVE-2017-13676 (Norton Remove & Reinstall can be susceptible to a DLL preloading ...) NOT-FOR-US: Symantec -CVE-2017-13675 - RESERVED +CVE-2017-13675 (A denial of service (DoS) attack in Symantec Endpoint Encryption ...) + TODO: check CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...) NOT-FOR-US: Symantec ProxyClient CVE-2017-13673 (The vga display update in mis-calculated the region for the dirty ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits