[Secure-testing-commits] r51357 - data/CVE
Author: jmm Date: 2017-05-05 21:36:11 + (Fri, 05 May 2017) New Revision: 51357 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2017-05-05 21:10:16 UTC (rev 51356) +++ data/CVE/list 2017-05-05 21:36:11 UTC (rev 51357) @@ -1,31 +1,31 @@ CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2017-8800 RESERVED CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before ...) - TODO: check + NOT-FOR-US: iRODS CVE-2017-8798 RESERVED CVE-2017-8797 RESERVED CVE-2017-8796 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8795 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8794 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8793 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8792 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8791 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8790 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8789 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. A ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8788 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) - libpodofo (bug #861738) CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...) @@ -91,7 +91,7 @@ CVE-2017-8761 RESERVED CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8759 RESERVED CVE-2017-8758 @@ -1153,9 +1153,9 @@ CVE-2017-8306 RESERVED CVE-2017-8304 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8303 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) - TODO: check + NOT-FOR-US: Accellion FTA devices CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to ...) NOT-FOR-US: Mura CMS CVE-2017-8300 @@ -1667,7 +1667,7 @@ CVE-2017-8081 (Poor cryptographic salt initialization in ...) NOT-FOR-US: GetSimple CMS CVE-2017-8080 (Atlassian Hipchat Server before 2.2.4 allows remote authenticated ...) - TODO: check + NOT-FOR-US: HipChat CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2) @@ -20691,7 +20691,7 @@ CVE-2017-1157 RESERVED CVE-2017-1156 (IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) NOT-FOR-US: IBM CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) @@ -21372,9 +21372,9 @@ CVE-2016-9693 (IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download ...) NOT-FOR-US: IBM CVE-2016-9692 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-9691 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-9690 RESERVED CVE-2016-9689 @@ -25454,7 +25454,7 @@ CVE-2016-8917 (IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2016-8916 (IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...) NOT-FOR-US: IBM CVE-2016-8914 @@ -31902,7 +31902,7 @@ - botan1.10 (Introduced in 1.11.12) NOTE: Introduced in 1.11.12, fixed in 1.11.31
[Secure-testing-commits] r51356 - data/CVE
Author: sectracker Date: 2017-05-05 21:10:16 + (Fri, 05 May 2017) New Revision: 51356 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-05-05 17:59:44 UTC (rev 51355) +++ data/CVE/list 2017-05-05 21:10:16 UTC (rev 51356) @@ -1,21 +1,31 @@ -CVE-2017-8796 +CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build ...) + TODO: check +CVE-2017-8800 RESERVED -CVE-2017-8795 +CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before ...) + TODO: check +CVE-2017-8798 RESERVED -CVE-2017-8794 +CVE-2017-8797 RESERVED -CVE-2017-8793 - RESERVED -CVE-2017-8792 - RESERVED -CVE-2017-8791 - RESERVED -CVE-2017-8790 - RESERVED -CVE-2017-8789 - RESERVED -CVE-2017-8788 - RESERVED +CVE-2017-8796 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check +CVE-2017-8795 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check +CVE-2017-8794 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check +CVE-2017-8793 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check +CVE-2017-8792 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check +CVE-2017-8791 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check +CVE-2017-8790 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check +CVE-2017-8789 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. A ...) + TODO: check +CVE-2017-8788 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) - libpodofo (bug #861738) CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...) @@ -80,8 +90,8 @@ NOT-FOR-US: GenixCMS CVE-2017-8761 RESERVED -CVE-2017-8760 - RESERVED +CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check CVE-2017-8759 RESERVED CVE-2017-8758 @@ -1142,10 +1152,10 @@ NOT-FOR-US: Avast Antivirus CVE-2017-8306 RESERVED -CVE-2017-8304 - RESERVED -CVE-2017-8303 - RESERVED +CVE-2017-8304 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check +CVE-2017-8303 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + TODO: check CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to ...) NOT-FOR-US: Mura CMS CVE-2017-8300 @@ -1656,8 +1666,8 @@ NOT-FOR-US: concrete5 CVE-2017-8081 (Poor cryptographic salt initialization in ...) NOT-FOR-US: GetSimple CMS -CVE-2017-8080 - RESERVED +CVE-2017-8080 (Atlassian Hipchat Server before 2.2.4 allows remote authenticated ...) + TODO: check CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2) @@ -20680,8 +20690,8 @@ RESERVED CVE-2017-1157 RESERVED -CVE-2017-1156 - RESERVED +CVE-2017-1156 (IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to ...) + TODO: check CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) NOT-FOR-US: IBM CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) @@ -21361,10 +21371,10 @@ NOT-FOR-US: IBM CVE-2016-9693 (IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download ...) NOT-FOR-US: IBM -CVE-2016-9692 - RESERVED -CVE-2016-9691 - RESERVED +CVE-2016-9692 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to ...) + TODO: check +CVE-2016-9691 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a ...) + TODO: check CVE-2016-9690 RESERVED CVE-2016-9689 @@ -25443,8 +25453,8 @@ NOT-FOR-US: IBM CVE-2016-8917 (IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site ...) NOT-FOR-US: IBM -CVE-2016-8916 - RESERVED +CVE-2016-8916 (IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password ...) + TODO: check CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...) NOT-FOR-US: IBM CVE-2016-8914 @@ -31891,8 +31901,8 @@ CVE-2016-6878 (The Curve25519 code in botan before 1.11.31, on systems without a ...) - botan1.10 (Introduced
[Secure-testing-commits] r51355 - data/CVE
Author: carnil Date: 2017-05-05 17:59:44 + (Fri, 05 May 2017) New Revision: 51355 Modified: data/CVE/list Log: Add fixing versions for rpcbind and libtirpc Modified: data/CVE/list === --- data/CVE/list 2017-05-05 11:24:46 UTC (rev 51354) +++ data/CVE/list 2017-05-05 17:59:44 UTC (rev 51355) @@ -41,8 +41,8 @@ CVE-2017-8777 RESERVED CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through ...) - - rpcbind (bug #861835) - - libtirpc (bug #861834) + - rpcbind 0.2.3-0.6 (bug #861835) + - libtirpc 0.2.5-1.2 (bug #861834) - ntirpc (bug #861836) NOTE: http://www.openwall.com/lists/oss-security/2017/05/04/1 NOTE: https://github.com/guidovranken/rpcbomb/ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51354 - data/CVE
Author: jmm Date: 2017-05-05 11:24:46 + (Fri, 05 May 2017) New Revision: 51354 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2017-05-05 09:25:57 UTC (rev 51353) +++ data/CVE/list 2017-05-05 11:24:46 UTC (rev 51354) @@ -63,7 +63,7 @@ CVE-2017-8769 RESERVED CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command ...) - TODO: check + NOT-FOR-US: Atlassian SourceTree CVE-2017-8767 RESERVED CVE-2017-8766 @@ -1739,11 +1739,11 @@ [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef CVE-2017-8060 (Acceptance of invalid/self-signed TLS certificates in Panda Mobile ...) - TODO: check + NOT-FOR-US: Panda CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in Foxit PDF - PDF ...) - TODO: check + NOT-FOR-US: Foxit CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat ...) - TODO: check + NOT-FOR-US: HipChat CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...) NOT-FOR-US: Joomla CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...) @@ -5942,7 +5942,7 @@ CVE-2017-6558 (iball Baton 150M iB-WRA150N v1 0001 1.2.6 build 110401 Rel.47776n ...) NOT-FOR-US: iball Baton CVE-2017-6557 (SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the ...) - TODO: check + NOT-FOR-US: ArrayOS CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) ...) NOT-FOR-US: CMS Made Simple CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51353 - data/CVE
Author: carnil Date: 2017-05-05 09:25:57 + (Fri, 05 May 2017) New Revision: 51353 Modified: data/CVE/list Log: New libpodofo issue, #861738 Modified: data/CVE/list === --- data/CVE/list 2017-05-05 09:25:47 UTC (rev 51352) +++ data/CVE/list 2017-05-05 09:25:57 UTC (rev 51353) @@ -17,7 +17,7 @@ CVE-2017-8788 RESERVED CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) - TODO: check + - libpodofo (bug #861738) CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...) - pcre2 (unimportant; bug #861873) NOTE: https://bugs.exim.org/show_bug.cgi?id=2079 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51352 - data/CVE
Author: carnil Date: 2017-05-05 09:25:47 + (Fri, 05 May 2017) New Revision: 51352 Modified: data/CVE/list Log: Add pcre2 bug number Modified: data/CVE/list === --- data/CVE/list 2017-05-05 09:11:41 UTC (rev 51351) +++ data/CVE/list 2017-05-05 09:25:47 UTC (rev 51352) @@ -19,7 +19,7 @@ CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) TODO: check CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...) - - pcre2 (unimportant) + - pcre2 (unimportant; bug #861873) NOTE: https://bugs.exim.org/show_bug.cgi?id=2079 NOTE: https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/ NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692=697 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51351 - data/CVE
Author: carnil Date: 2017-05-05 09:11:41 + (Fri, 05 May 2017) New Revision: 51351 Modified: data/CVE/list Log: Add pcre2 issue Modified: data/CVE/list === --- data/CVE/list 2017-05-05 09:10:17 UTC (rev 51350) +++ data/CVE/list 2017-05-05 09:11:41 UTC (rev 51351) @@ -19,7 +19,10 @@ CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) TODO: check CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...) - TODO: check + - pcre2 (unimportant) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2079 + NOTE: https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/ + NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692=697 CVE-2017-8785 RESERVED CVE-2017-8784 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51350 - data/CVE
Author: sectracker Date: 2017-05-05 09:10:17 + (Fri, 05 May 2017) New Revision: 51350 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-05-05 07:31:27 UTC (rev 51349) +++ data/CVE/list 2017-05-05 09:10:17 UTC (rev 51350) @@ -1,3 +1,31 @@ +CVE-2017-8796 + RESERVED +CVE-2017-8795 + RESERVED +CVE-2017-8794 + RESERVED +CVE-2017-8793 + RESERVED +CVE-2017-8792 + RESERVED +CVE-2017-8791 + RESERVED +CVE-2017-8790 + RESERVED +CVE-2017-8789 + RESERVED +CVE-2017-8788 + RESERVED +CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) + TODO: check +CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2017-8785 + RESERVED +CVE-2017-8784 + RESERVED +CVE-2017-8783 + RESERVED CVE-2017-8782 RESERVED CVE-2017-8781 @@ -31,8 +59,8 @@ RESERVED CVE-2017-8769 RESERVED -CVE-2017-8768 - RESERVED +CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command ...) + TODO: check CVE-2017-8767 RESERVED CVE-2017-8766 @@ -1707,12 +1735,12 @@ [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef -CVE-2017-8060 - RESERVED -CVE-2017-8059 - RESERVED -CVE-2017-8058 - RESERVED +CVE-2017-8060 (Acceptance of invalid/self-signed TLS certificates in Panda Mobile ...) + TODO: check +CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in Foxit PDF - PDF ...) + TODO: check +CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat ...) + TODO: check CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...) NOT-FOR-US: Joomla CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...) @@ -5910,8 +5938,8 @@ NOT-FOR-US: Agora-Project CVE-2017-6558 (iball Baton 150M iB-WRA150N v1 0001 1.2.6 build 110401 Rel.47776n ...) NOT-FOR-US: iball Baton -CVE-2017-6557 - RESERVED +CVE-2017-6557 (SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the ...) + TODO: check CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) ...) NOT-FOR-US: CMS Made Simple CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...) @@ -7959,44 +7987,44 @@ [wheezy] - libarchive (Minor issue, not reproducible in Debian) NOTE: https://github.com/libarchive/libarchive/issues/842 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0) -CVE-2017-5919 - RESERVED -CVE-2017-5918 - RESERVED +CVE-2017-5919 (The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 ...) + TODO: check +CVE-2017-5918 (The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 ...) + TODO: check CVE-2017-5917 - RESERVED -CVE-2017-5916 - RESERVED -CVE-2017-5915 - RESERVED -CVE-2017-5914 - RESERVED -CVE-2017-5913 - RESERVED -CVE-2017-5912 - RESERVED -CVE-2017-5911 - RESERVED + REJECTED +CVE-2017-5916 (The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 ...) + TODO: check +CVE-2017-5915 (The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through ...) + TODO: check +CVE-2017-5914 (The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 ...) + TODO: check +CVE-2017-5913 (The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 ...) + TODO: check +CVE-2017-5912 (The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS ...) + TODO: check +CVE-2017-5911 (The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS ...) + TODO: check CVE-2017-5910 RESERVED -CVE-2017-5909 - RESERVED +CVE-2017-5909 (The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS ...) + TODO: check CVE-2017-5908 - RESERVED -CVE-2017-5907 - RESERVED -CVE-2017-5906 - RESERVED -CVE-2017-5905 - RESERVED + REJECTED +CVE-2017-5907 (The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 ...) + TODO: check +CVE-2017-5906 (The Everyday Health Diabetes in Check: Blood Glucose Carb Tracker app ...) + TODO: check +CVE-2017-5905 (The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 ...) + TODO: check CVE-2017-5904 RESERVED CVE-2017-5903 RESERVED -CVE-2017-5902 - RESERVED -CVE-2017-5901 -
[Secure-testing-commits] r51349 - data
Author: bam Date: 2017-05-05 07:31:27 + (Fri, 05 May 2017) New Revision: 51349 Modified: data/dla-needed.txt Log: Remove Heimdal from dla-needed.txt Since I marked it no-dsa. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-05-05 07:30:11 UTC (rev 51348) +++ data/dla-needed.txt 2017-05-05 07:31:27 UTC (rev 51349) @@ -31,9 +31,6 @@ gnome-shell (Emilio Pozuelo) NOTE: Emilio Pozuelo is one of the uploaders -- -heimdal - NOTE: Brian May is the maintainer --- icu (Thorsten Alteholz) -- jasper (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51348 - data/CVE
Author: bam Date: 2017-05-05 07:30:11 + (Fri, 05 May 2017) New Revision: 51348 Modified: data/CVE/list Log: Attempts to fix Heimdal in wheezy/Jessie unsuccessful Modified: data/CVE/list === --- data/CVE/list 2017-05-05 06:21:06 UTC (rev 51347) +++ data/CVE/list 2017-05-05 07:30:11 UTC (rev 51348) @@ -5831,8 +5831,10 @@ CVE-2017-6594 [transit path validation] RESERVED - heimdal 7.1.0+dfsg-12 - [jessie] - heimdal (Minor issue, can be fixed via point release) + [jessie] - heimdal (Minor issue) + [wheezy] - heimdal (Minor issue) NOTE: https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 + NOTE: See https://lists.debian.org/debian-lts/2017/05/msg00010.html CVE-2017-6593 RESERVED CVE-2017-6592 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51347 - data/CVE
Author: fgeek-guest Date: 2017-05-05 06:21:06 + (Fri, 05 May 2017) New Revision: 51347 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2017-05-05 05:16:00 UTC (rev 51346) +++ data/CVE/list 2017-05-05 06:21:06 UTC (rev 51347) @@ -13728,6 +13728,7 @@ RESERVED CVE-2017-3882 RESERVED + NOT-FOR-US: Cisco CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP) ...) NOT-FOR-US: Cisco CVE-2017-3880 (An Authentication Bypass vulnerability in Cisco WebEx Meetings Server ...) @@ -13740,12 +13741,14 @@ NOT-FOR-US: Cisco CVE-2017-3876 RESERVED + NOT-FOR-US: Cisco CVE-2017-3875 (An Access-Control Filtering Mechanisms Bypass vulnerability in certain ...) NOT-FOR-US: Cisco CVE-2017-3874 (A vulnerability in the web framework of Cisco Unified Communications ...) NOT-FOR-US: Cisco CVE-2017-3873 RESERVED + NOT-FOR-US: Cisco CVE-2017-3872 (A cross-site scripting (XSS) filter bypass vulnerability in the ...) NOT-FOR-US: Cisco CVE-2017-3871 (A RADIUS Secret Disclosure vulnerability in the web network management ...) @@ -13842,6 +13845,7 @@ NOT-FOR-US: Cisco CVE-2017-3825 RESERVED + NOT-FOR-US: Cisco CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR Series ...) NOT-FOR-US: Cisco CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 1.0.7 on ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits