[Secure-testing-commits] r50428 - data/CVE
Author: carnil Date: 2017-04-07 06:09:15 + (Fri, 07 Apr 2017) New Revision: 50428 Modified: data/CVE/list Log: Process two NFUs from external-check Modified: data/CVE/list === --- data/CVE/list 2017-04-07 05:43:12 UTC (rev 50427) +++ data/CVE/list 2017-04-07 06:09:15 UTC (rev 50428) @@ -198,6 +198,7 @@ RESERVED CVE-2017-7463 RESERVED + NOT-FOR-US: Red Hat business central CVE-2017-7462 RESERVED CVE-2017-7461 @@ -13749,6 +13750,7 @@ RESERVED CVE-2017-2674 RESERVED + NOT-FOR-US: Red Hat business central CVE-2017-2673 RESERVED CVE-2017-2672 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50427 - data/CVE
Author: thijs Date: 2017-04-07 05:43:12 + (Fri, 07 Apr 2017) New Revision: 50427 Modified: data/CVE/list Log: CVE-2017-0367 wheezy not-affected Modified: data/CVE/list === --- data/CVE/list 2017-04-07 04:54:23 UTC (rev 50426) +++ data/CVE/list 2017-04-07 05:43:12 UTC (rev 50427) @@ -18965,6 +18965,7 @@ CVE-2017-0367 RESERVED - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T161453 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0366 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50426 - data/CVE
Author: carnil Date: 2017-04-07 04:54:23 + (Fri, 07 Apr 2017) New Revision: 50426 Modified: data/CVE/list Log: Add fixing version for CVE-2017-6596/partclone in unstable I kept the experimental tagged entry to still keep the record of the fix in experimental. Strictly spaeking I should have dropped that since we track first version in unstable containing the fix and 0.2.90-1 will come in any case later than 0.2.89-3 version-wise and we do not have version-tracking like BTS. Modified: data/CVE/list === --- data/CVE/list 2017-04-07 04:54:13 UTC (rev 50425) +++ data/CVE/list 2017-04-07 04:54:23 UTC (rev 50426) @@ -2514,7 +2514,7 @@ RESERVED CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer ...) [experimental] - partclone 0.2.90-1 - - partclone (bug #857966) + - partclone 0.2.89-3 (bug #857966) [jessie] - partclone (Minor issue) NOTE: https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md NOTE: https://github.com/Thomas-Tsai/partclone/issues/91 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50425 - data/CVE
Author: carnil Date: 2017-04-07 04:54:13 + (Fri, 07 Apr 2017) New Revision: 50425 Modified: data/CVE/list Log: Reference fix for CVE-2016-4806/web2py Modified: data/CVE/list === --- data/CVE/list 2017-04-07 04:54:03 UTC (rev 50424) +++ data/CVE/list 2017-04-07 04:54:13 UTC (rev 50425) @@ -35883,6 +35883,7 @@ CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion ...) - web2py (bug #856127) NOTE: https://github.com/web2py/web2py/issues/1585 + NOTE: https://github.com/web2py/web2py/commit/1b42fe65472930668435007cfcb077207051ba34 CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...) NOT-FOR-US: dotCMS CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50424 - data/CVE
Author: carnil Date: 2017-04-07 04:54:03 + (Fri, 07 Apr 2017) New Revision: 50424 Modified: data/CVE/list Log: Cleanup comment, further sid status in bug, jessie and wheezy tracked Modified: data/CVE/list === --- data/CVE/list 2017-04-07 04:53:49 UTC (rev 50423) +++ data/CVE/list 2017-04-07 04:54:03 UTC (rev 50424) @@ -4525,7 +4525,6 @@ [wheezy] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456 - NOTE: I can reproduce the issue in stretch/sid with valgrind (ghostscript 9.20~dfsg-3) but not in wheezy and not in jessie -- Raphael Hertzog CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...) NOT-FOR-US: IT ITems DataBase CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder before ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50423 - data/CVE
Author: carnil
Date: 2017-04-07 04:53:49 + (Fri, 07 Apr 2017)
New Revision: 50423
Modified:
data/CVE/list
Log:
Add references for mediawiki
Modified: data/CVE/list
===
--- data/CVE/list 2017-04-06 22:49:23 UTC (rev 50422)
+++ data/CVE/list 2017-04-07 04:53:49 UTC (rev 50423)
@@ -18942,48 +18942,61 @@
CVE-2017-0372
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T158689
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0371
RESERVED
+ - mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T68404
CVE-2017-0370
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T48143
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0369
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T108138
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0368
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T156184
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0367
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T161453
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0366
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T151735
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0365
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T144845
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0364
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T122209
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0363
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T109140
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0362
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T150044
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0361
RESERVED
- mediawiki 1:1.27.2-1
+ NOTE: https://phabricator.wikimedia.org/T125177
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0360 (file_open in Tryton 3.x and 4.x through 4.2.2 allows remote ...)
{DSA-3826-1 DLA-882-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50422 - data/CVE
Author: pabs
Date: 2017-04-06 22:49:23 + (Thu, 06 Apr 2017)
New Revision: 50422
Modified:
data/CVE/list
Log:
New mediawiki issues fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2017-04-06 22:45:15 UTC (rev 50421)
+++ data/CVE/list 2017-04-06 22:49:23 UTC (rev 50422)
@@ -18941,48 +18941,49 @@
RESERVED
CVE-2017-0372
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0371
RESERVED
CVE-2017-0370
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0369
RESERVED
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0368
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0367
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0366
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0365
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0364
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0363
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0362
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0361
RESERVED
- - mediawiki
+ - mediawiki 1:1.27.2-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0360 (file_open in Tryton 3.x and 4.x through 4.2.2 allows remote ...)
{DSA-3826-1 DLA-882-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50421 - data/CVE
Author: pabs
Date: 2017-04-06 22:45:15 + (Thu, 06 Apr 2017)
New Revision: 50421
Modified:
data/CVE/list
Log:
New mediawiki issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-04-06 21:03:43 UTC (rev 50420)
+++ data/CVE/list 2017-04-06 22:45:15 UTC (rev 50421)
@@ -18941,28 +18941,49 @@
RESERVED
CVE-2017-0372
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0371
RESERVED
CVE-2017-0370
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0369
RESERVED
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0368
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0367
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0366
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0365
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0364
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0363
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0362
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0361
RESERVED
+ - mediawiki
+ NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0360 (file_open in Tryton 3.x and 4.x through 4.2.2 allows remote ...)
{DSA-3826-1 DLA-882-1}
- tryton-server 4.2.1-2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50420 - data
Author: lamby Date: 2017-04-06 21:03:43 + (Thu, 06 Apr 2017) New Revision: 50420 Modified: data/dla-needed.txt Log: Triage libxslt for LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-06 20:27:24 UTC (rev 50419) +++ data/dla-needed.txt 2017-04-06 21:03:43 UTC (rev 50420) @@ -66,6 +66,8 @@ NOTE: 2016-12-13: Upstream ping here: https://rt.cpan.org/Public/Bug/Display.html?id=118097#txn-1690223 NOTE: 2017-01-20 and 2017-03-09: Ping upstream by private email -- Raphael Hertzog -- +libxslt +-- linux -- logback (Markus Koschany) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50418 - data/CVE
Author: jmm Date: 2017-04-06 20:26:56 + (Thu, 06 Apr 2017) New Revision: 50418 Modified: data/CVE/list Log: new webkitgtk issues Modified: data/CVE/list === --- data/CVE/list 2017-04-06 19:06:16 UTC (rev 50417) +++ data/CVE/list 2017-04-06 20:26:56 UTC (rev 50418) @@ -14308,7 +14308,8 @@ CVE-2017-2482 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2481 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2480 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix CVE-2017-2479 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) @@ -14319,9 +14320,11 @@ - libxslt NOTE: contacted Apple for more information, but no reply for quite a while CVE-2017-2476 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2475 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2474 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2473 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) @@ -14329,21 +14332,28 @@ CVE-2017-2472 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2471 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2470 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2469 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2468 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2467 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving ImageIO component CVE-2017-2466 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2465 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2464 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix + - webkit2gtk (unimportant) + NOTE: Not covered by security support CVE-2017-2463 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix CVE-2017-2462 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) @@ -14351,19 +14361,24 @@ CVE-2017-2461 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving CoreText component CVE-2017-2460 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - NOT-FOR-US: Webkit / if
[Secure-testing-commits] r50419 - data
Author: jmm Date: 2017-04-06 20:27:24 + (Thu, 06 Apr 2017) New Revision: 50419 Modified: data/dsa-needed.txt Log: add libav and django to dsa-needed Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-04-06 20:26:56 UTC (rev 50418) +++ data/dsa-needed.txt 2017-04-06 20:27:24 UTC (rev 50419) @@ -20,6 +20,9 @@ -- icedove -- +libav + wait until the next 11.9 release +-- libical -- libytnef (seb) @@ -33,6 +36,8 @@ -- phpmyadmin -- +python-django +-- qemu Maintainer asked to prepare updates -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50417 - data/CVE
Author: jmm Date: 2017-04-06 19:06:16 + (Thu, 06 Apr 2017) New Revision: 50417 Modified: data/CVE/list Log: ntp n/a ghostscript n/a mupdf n/a yara no-dsa radare2 no-dsa or n/a foreman ITP Modified: data/CVE/list === --- data/CVE/list 2017-04-06 18:37:46 UTC (rev 50416) +++ data/CVE/list 2017-04-06 19:06:16 UTC (rev 50417) @@ -2968,6 +2968,7 @@ CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...) [experimental] - radare2 1.3.0+dfsg-1 - radare2 (bug #859447) + [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257 (1.3.0-git) NOTE: https://github.com/radare/radare2/issues/6885 CVE-2017-6447 @@ -3849,6 +3850,7 @@ CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows ...) [experimental] - radare2 1.3.0+dfsg-1 - radare2 (bug #859448) + [jessie] - radare2 (Vulnerable code not present) [wheezy] - radare2 (Vulnerable code not present) NOTE: https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18 (1.3.0-git) NOTE: https://github.com/radare/radare2/issues/6829 @@ -4500,9 +4502,8 @@ - webkitgtk (unimportant) NOTE: Not covered by security support CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, Inc. ...) - - mupdf + - mupdf (Vulnerable code not yet present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400 - TODO: check CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...) - ghostscript (bug #859694) [jessie] - ghostscript (Minor issue) @@ -4520,7 +4521,8 @@ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444 CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. ...) - ghostscript (bug #859662) - [wheezy] - ghostscript (Unreproducible in wheezy) + [jessie] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) + [wheezy] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456 NOTE: I can reproduce the issue in stretch/sid with valgrind (ghostscript 9.20~dfsg-3) but not in wheezy and not in jessie -- Raphael Hertzog @@ -4589,8 +4591,10 @@ NOT-FOR-US: Hardware issue in some Intel CPUs CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...) - yara + [jessie] - yara (Minor issue) CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...) - yara + [jessie] - yara (Minor issue) CVE-2017-5922 RESERVED CVE-2017-5921 @@ -4599,8 +4603,10 @@ RESERVED CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...) - yara + [jessie] - yara (Minor issue) CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial ...) - yara + [jessie] - yara (Minor issue) CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...) - libarchive (bug #859456) [jessie] - libarchive (Minor issue) @@ -21364,7 +21370,13 @@ CVE-2016-9042 RESERVED - ntp 1:4.2.8p10+dfsg-1 + [jessie] - ntp (Doesn't use the affected upstream patch) + NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0260/ NOTE: http://support.ntp.org/bin/view/Main/NtpBug3361 + NOTE: This vulnerability affects the upstream fix for CVE-2015-8138, but Debian + NOTE: jessie (and probably also wheezy) use a less invasive patch by Miroslav Lichvar + NOTE: of Red Hat, as available here: + NOTE: http://pkgs.fedoraproject.org/cgit/rpms/ntp.git/tree/ntp-4.2.6p5-cve-2015-8138.patch?h=f24 CVE-2016-9041 REJECTED CVE-2016-9040 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50416 - data/CVE
Author: carnil Date: 2017-04-06 18:37:46 + (Thu, 06 Apr 2017) New Revision: 50416 Modified: data/CVE/list Log: Add fixed version for CVE-2017-7448/lepton, #859714 Modified: data/CVE/list === --- data/CVE/list 2017-04-06 18:34:51 UTC (rev 50415) +++ data/CVE/list 2017-04-06 18:37:46 UTC (rev 50416) @@ -227,7 +227,7 @@ CVE-2017-7449 RESERVED CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.hh ...) - - lepton (bug #859714) + - lepton 1.2.1-3 (bug #859714) NOTE: https://github.com/dropbox/lepton/issues/86 NOTE: https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7 CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50415 - data/CVE
Author: carnil Date: 2017-04-06 18:34:51 + (Thu, 06 Apr 2017) New Revision: 50415 Modified: data/CVE/list Log: Add CVE-2017-2672 Modified: data/CVE/list === --- data/CVE/list 2017-04-06 17:44:17 UTC (rev 50414) +++ data/CVE/list 2017-04-06 18:34:51 UTC (rev 50415) @@ -13748,6 +13748,7 @@ RESERVED CVE-2017-2672 RESERVED + - foreman (bug #663101) CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel ...) - linux NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50414 - data/CVE
Author: carnil Date: 2017-04-06 17:44:17 + (Thu, 06 Apr 2017) New Revision: 50414 Modified: data/CVE/list Log: Add upstream commit for CVE-2017-5951 and mark no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-04-06 17:44:07 UTC (rev 50413) +++ data/CVE/list 2017-04-06 17:44:17 UTC (rev 50414) @@ -4469,7 +4469,9 @@ RESERVED CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex ...) - ghostscript (bug #859696) + [jessie] - ghostscript (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548 + NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...) - yaml-cpp - yaml-cpp0.3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50413 - data/CVE
Author: carnil Date: 2017-04-06 17:44:07 + (Thu, 06 Apr 2017) New Revision: 50413 Modified: data/CVE/list Log: Mark CVE-2016-10220 as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-04-06 17:43:53 UTC (rev 50412) +++ data/CVE/list 2017-04-06 17:44:07 UTC (rev 50413) @@ -4503,6 +4503,7 @@ TODO: check CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...) - ghostscript (bug #859694) + [jessie] - ghostscript (Minor issue) NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450 CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50412 - data/CVE
Author: carnil Date: 2017-04-06 17:43:53 + (Thu, 06 Apr 2017) New Revision: 50412 Modified: data/CVE/list Log: CVE-2016-10219/ghostscript no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-04-06 15:22:08 UTC (rev 50411) +++ data/CVE/list 2017-04-06 17:43:53 UTC (rev 50412) @@ -4507,6 +4507,7 @@ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450 CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...) - ghostscript (bug #859666) + [jessie] - ghostscript (Minor issue) NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453 CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50411 - data/CVE
Author: jmm Date: 2017-04-06 15:22:08 + (Thu, 06 Apr 2017) New Revision: 50411 Modified: data/CVE/list Log: remove jessie status for ghostscript for, unreproducibility isn't sufficient for n/a, needs a closer look Modified: data/CVE/list === --- data/CVE/list 2017-04-06 15:13:32 UTC (rev 50410) +++ data/CVE/list 2017-04-06 15:22:08 UTC (rev 50411) @@ -4516,7 +4516,6 @@ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444 CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. ...) - ghostscript (bug #859662) - [jessie] - ghostscript (Unreproducible in jessie) [wheezy] - ghostscript (Unreproducible in wheezy) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50410 - data
Author: hertzog Date: 2017-04-06 15:13:32 + (Thu, 06 Apr 2017) New Revision: 50410 Modified: data/dla-needed.txt Log: Take libarchive in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-06 14:58:42 UTC (rev 50409) +++ data/dla-needed.txt 2017-04-06 15:13:32 UTC (rev 50410) @@ -34,7 +34,7 @@ -- jasper (Thorsten Alteholz) -- -libarchive +libarchive (Raphaël Hertzog) -- libav (Hugo Lefeuvre) NOTE: Upstream should provide new point-releases fixing open security issues in the next months. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50409 - data
Author: hertzog Date: 2017-04-06 14:58:42 + (Thu, 06 Apr 2017) New Revision: 50409 Modified: data/dla-needed.txt Log: Update status of ghostscript. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-06 14:58:35 UTC (rev 50408) +++ data/dla-needed.txt 2017-04-06 14:58:42 UTC (rev 50409) @@ -25,6 +25,8 @@ NOTE: EOL. I have already started to look at ESR 52 to anticipate any problems -- ghostscript (Raphaël Hertzog) + NOTE: 20170406: Have fixed package for CVE-2016-10219 CVE-2016-10220. + NOTE: I'm waiting upstream's fix for CVE-2017-5951. -- icedove NOTE: maintainer currenlty planx to rename to thunderbird with the next ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50408 - data/CVE
Author: hertzog Date: 2017-04-06 14:58:35 + (Thu, 06 Apr 2017) New Revision: 50408 Modified: data/CVE/list Log: Mark CVE-2016-10217 as not affecting jessie and wheezy Modified: data/CVE/list === --- data/CVE/list 2017-04-06 12:45:57 UTC (rev 50407) +++ data/CVE/list 2017-04-06 14:58:35 UTC (rev 50408) @@ -4516,8 +4516,11 @@ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444 CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. ...) - ghostscript (bug #859662) + [jessie] - ghostscript (Unreproducible in jessie) + [wheezy] - ghostscript (Unreproducible in wheezy) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456 + NOTE: I can reproduce the issue in stretch/sid with valgrind (ghostscript 9.20~dfsg-3) but not in wheezy and not in jessie -- Raphael Hertzog CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...) NOT-FOR-US: IT ITems DataBase CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder before ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50407 - data
Author: hertzog Date: 2017-04-06 12:45:57 + (Thu, 06 Apr 2017) New Revision: 50407 Modified: data/dla-needed.txt Log: Take ghostscript in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-06 11:24:34 UTC (rev 50406) +++ data/dla-needed.txt 2017-04-06 12:45:57 UTC (rev 50407) @@ -24,7 +24,7 @@ NOTE: no update needed yet, but next update will be for ESR 52 as ESR 45 is now NOTE: EOL. I have already started to look at ESR 52 to anticipate any problems -- -ghostscript +ghostscript (Raphaël Hertzog) -- icedove NOTE: maintainer currenlty planx to rename to thunderbird with the next ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50406 - data/CVE
Author: carnil Date: 2017-04-06 11:24:34 + (Thu, 06 Apr 2017) New Revision: 50406 Modified: data/CVE/list Log: Add bug reference for CVE-2017-7448/lepton Modified: data/CVE/list === --- data/CVE/list 2017-04-06 11:13:05 UTC (rev 50405) +++ data/CVE/list 2017-04-06 11:24:34 UTC (rev 50406) @@ -227,7 +227,9 @@ CVE-2017-7449 RESERVED CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.hh ...) - - lepton + - lepton (bug #859714) + NOTE: https://github.com/dropbox/lepton/issues/86 + NOTE: https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7 CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...) NOT-FOR-US: HelpDEZk CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50405 - data/CVE
Author: carnil Date: 2017-04-06 11:13:05 + (Thu, 06 Apr 2017) New Revision: 50405 Modified: data/CVE/list Log: proftpd-dfsg fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2017-04-06 09:44:27 UTC (rev 50404) +++ data/CVE/list 2017-04-06 11:13:05 UTC (rev 50405) @@ -294,7 +294,7 @@ CVE-2017-7419 RESERVED CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the ...) - - proftpd-dfsg (low; bug #859592) + - proftpd-dfsg 1.3.5b-4 (low; bug #859592) [jessie] - proftpd-dfsg (Minor issue) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4295 NOTE: https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50404 - data/CVE
Author: jmm Date: 2017-04-06 09:44:27 + (Thu, 06 Apr 2017) New Revision: 50404 Modified: data/CVE/list Log: libxslt no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-04-06 09:21:59 UTC (rev 50403) +++ data/CVE/list 2017-04-06 09:44:27 UTC (rev 50404) @@ -239,7 +239,8 @@ CVE-2016-7443 RESERVED CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...) - - libxslt + - libxslt (low) + [jessie] - libxslt (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=934119 CVE-2017-7444 (In Veritas System Recovery before 16 SP1, there is a DLL hijacking ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50403 - data/CVE
Author: jmm Date: 2017-04-06 09:21:59 + (Thu, 06 Apr 2017) New Revision: 50403 Modified: data/CVE/list Log: NFUs one more issue in nextcloud Modified: data/CVE/list === --- data/CVE/list 2017-04-06 09:20:31 UTC (rev 50402) +++ data/CVE/list 2017-04-06 09:21:59 UTC (rev 50403) @@ -229,13 +229,13 @@ CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.hh ...) - lepton CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...) - TODO: check + NOT-FOR-US: HelpDEZk CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of ...) - TODO: check + NOT-FOR-US: HelpDEZk CVE-2017-7445 RESERVED CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...) - TODO: check + - nextcloud (bug #835086) CVE-2016-7443 RESERVED CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...) @@ -1710,7 +1710,7 @@ CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...) NOT-FOR-US: Firmware on some Broadcom SoCs CVE-2017-6956 (On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer ...) - TODO: check + NOT-FOR-US: Firmware on some Broadcom SoCs CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone ...) NOT-FOR-US: wordpress Anyone plugin CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress ...) @@ -14493,7 +14493,7 @@ CVE-2017-2382 (An issue was discovered in certain Apple products. macOS Server before ...) NOT-FOR-US: Apple CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before ...) - TODO: check, might affect sudo + NOT-FOR-US: Apple, that's likely just a broken sudo config CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50402 - data/CVE
Author: jmm Date: 2017-04-06 09:20:31 + (Thu, 06 Apr 2017) New Revision: 50402 Modified: data/CVE/list Log: new lepton issue NFUs Modified: data/CVE/list === --- data/CVE/list 2017-04-06 09:17:11 UTC (rev 50401) +++ data/CVE/list 2017-04-06 09:20:31 UTC (rev 50402) @@ -215,19 +215,19 @@ CVE-2017-7455 RESERVED CVE-2017-7454 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...) - TODO: check + NOT-FOR-US: ImageWorsener CVE-2017-7453 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...) - TODO: check + NOT-FOR-US: ImageWorsener CVE-2017-7452 (The iwbmp_read_info_header function in imagew-bmp.c in ...) - TODO: check + NOT-FOR-US: ImageWorsener CVE-2017-7451 RESERVED CVE-2017-7450 (AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated ...) - TODO: check + NOT-FOR-US: AIRTAME HDMI dongle CVE-2017-7449 RESERVED CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.hh ...) - TODO: check + - lepton CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...) TODO: check CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50401 - data/CVE
Author: carnil Date: 2017-04-06 09:17:11 + (Thu, 06 Apr 2017) New Revision: 50401 Modified: data/CVE/list Log: Add new libxslt issue Modified: data/CVE/list === --- data/CVE/list 2017-04-06 09:10:17 UTC (rev 50400) +++ data/CVE/list 2017-04-06 09:17:11 UTC (rev 50401) @@ -239,7 +239,9 @@ CVE-2016-7443 RESERVED CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...) - TODO: check + - libxslt + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=934119 CVE-2017-7444 (In Veritas System Recovery before 16 SP1, there is a DLL hijacking ...) NOT-FOR-US: Veritas System Recovery CVE-2017-7442 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r50400 - data/CVE
Author: sectracker Date: 2017-04-06 09:10:17 + (Thu, 06 Apr 2017) New Revision: 50400 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-04-06 06:29:25 UTC (rev 50399) +++ data/CVE/list 2017-04-06 09:10:17 UTC (rev 50400) @@ -1,3 +1,245 @@ +CVE-2017-7562 + RESERVED +CVE-2017-7561 + RESERVED +CVE-2017-7560 + RESERVED +CVE-2017-7559 + RESERVED +CVE-2017-7558 + RESERVED +CVE-2017-7557 + RESERVED +CVE-2017-7556 + RESERVED +CVE-2017-7555 + RESERVED +CVE-2017-7554 + RESERVED +CVE-2017-7553 + RESERVED +CVE-2017-7552 + RESERVED +CVE-2017-7551 + RESERVED +CVE-2017-7550 + RESERVED +CVE-2017-7549 + RESERVED +CVE-2017-7548 + RESERVED +CVE-2017-7547 + RESERVED +CVE-2017-7546 + RESERVED +CVE-2017-7545 + RESERVED +CVE-2017-7544 + RESERVED +CVE-2017-7543 + RESERVED +CVE-2017-7542 + RESERVED +CVE-2017-7541 + RESERVED +CVE-2017-7540 + RESERVED +CVE-2017-7539 + RESERVED +CVE-2017-7538 + RESERVED +CVE-2017-7537 + RESERVED +CVE-2017-7536 + RESERVED +CVE-2017-7535 + RESERVED +CVE-2017-7534 + RESERVED +CVE-2017-7533 + RESERVED +CVE-2017-7532 + RESERVED +CVE-2017-7531 + RESERVED +CVE-2017-7530 + RESERVED +CVE-2017-7529 + RESERVED +CVE-2017-7528 + RESERVED +CVE-2017-7527 + RESERVED +CVE-2017-7526 + RESERVED +CVE-2017-7525 + RESERVED +CVE-2017-7524 + RESERVED +CVE-2017-7523 + RESERVED +CVE-2017-7522 + RESERVED +CVE-2017-7521 + RESERVED +CVE-2017-7520 + RESERVED +CVE-2017-7519 + RESERVED +CVE-2017-7518 + RESERVED +CVE-2017-7517 + RESERVED +CVE-2017-7516 + RESERVED +CVE-2017-7515 + RESERVED +CVE-2017-7514 + RESERVED +CVE-2017-7513 + RESERVED +CVE-2017-7512 + RESERVED +CVE-2017-7511 + RESERVED +CVE-2017-7510 + RESERVED +CVE-2017-7509 + RESERVED +CVE-2017-7508 + RESERVED +CVE-2017-7507 + RESERVED +CVE-2017-7506 + RESERVED +CVE-2017-7505 + RESERVED +CVE-2017-7504 + RESERVED +CVE-2017-7503 + RESERVED +CVE-2017-7502 + RESERVED +CVE-2017-7501 + RESERVED +CVE-2017-7500 + RESERVED +CVE-2017-7499 + RESERVED +CVE-2017-7498 + RESERVED +CVE-2017-7497 + RESERVED +CVE-2017-7496 + RESERVED +CVE-2017-7495 + RESERVED +CVE-2017-7494 + RESERVED +CVE-2017-7493 + RESERVED +CVE-2017-7492 + RESERVED +CVE-2017-7491 + RESERVED +CVE-2017-7490 + RESERVED +CVE-2017-7489 + RESERVED +CVE-2017-7488 + RESERVED +CVE-2017-7487 + RESERVED +CVE-2017-7486 + RESERVED +CVE-2017-7485 + RESERVED +CVE-2017-7484 + RESERVED +CVE-2017-7483 + RESERVED +CVE-2017-7482 + RESERVED +CVE-2017-7481 + RESERVED +CVE-2017-7480 + RESERVED +CVE-2017-7479 + RESERVED +CVE-2017-7478 + RESERVED +CVE-2017-7477 + RESERVED +CVE-2017-7476 + RESERVED +CVE-2017-7475 + RESERVED +CVE-2017-7474 + RESERVED +CVE-2017-7473 + RESERVED +CVE-2017-7472 + RESERVED +CVE-2017-7471 + RESERVED +CVE-2017-7470 + RESERVED +CVE-2017-7469 + RESERVED +CVE-2017-7468 + RESERVED +CVE-2017-7467 + RESERVED +CVE-2017-7466 + RESERVED +CVE-2017-7465 + RESERVED +CVE-2017-7464 + RESERVED +CVE-2017-7463 + RESERVED +CVE-2017-7462 + RESERVED +CVE-2017-7461 + RESERVED +CVE-2017-7460 + RESERVED +CVE-2017-7459 + RESERVED +CVE-2017-7458 + RESERVED +CVE-2017-7457 + RESERVED +CVE-2017-7456 + RESERVED +CVE-2017-7455 + RESERVED +CVE-2017-7454 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...) + TODO: check +CVE-2017-7453 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...) + TODO: check +CVE-2017-7452 (The iwbmp_read_info_header function in imagew-bmp.c in ...) + TODO: check +CVE-2017-7451 + RESERVED +CVE-2017-7450 (AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated ...) + TODO: check +CVE-2017-7449 + RESERVED +CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.hh ...) + TODO: check +CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...) + TODO: check +CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of ...) + TODO: check +CVE-2017-7445 + RESERVED +CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...) + TODO: check +CVE-2016-7443 + RESERVED +CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...) + TODO: check CVE-2017-7444 (In Veritas System Recovery before 16
