[Secure-testing-commits] r52442 - data/CVE
Author: fgeek-guest Date: 2017-06-09 07:00:06 + (Fri, 09 Jun 2017) New Revision: 52442 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2017-06-09 06:55:38 UTC (rev 52441) +++ data/CVE/list 2017-06-09 07:00:06 UTC (rev 52442) @@ -13839,8 +13839,10 @@ NOT-FOR-US: CA Service Desk Manager CVE-2017-5004 RESERVED + NOT-FOR-US: RSA Identity Governance and Lifecycle CVE-2017-5003 RESERVED + NOT-FOR-US: RSA Identity Governance and Lifecycle CVE-2017-5002 RESERVED CVE-2017-5001 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52443 - data/CVE
Author: sectracker
Date: 2017-06-09 09:10:12 + (Fri, 09 Jun 2017)
New Revision: 52443
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-09 07:00:06 UTC (rev 52442)
+++ data/CVE/list 2017-06-09 09:10:12 UTC (rev 52443)
@@ -1,3 +1,9 @@
+CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP
redirect page, ...)
+ TODO: check
+CVE-2017-9522
+ RESERVED
+CVE-2017-9521
+ RESERVED
CVE-2017-9520 (The r_config_set function in libr/config/config.c in radare2
1.5.0 ...)
- radare2
NOTE:
https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005
@@ -3214,6 +3220,7 @@
CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24,
Easy DVD ...)
NOT-FOR-US: Ether Software
CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows
remote ...)
+ {DSA-3874-1}
- ettercap 1:0.8.2-5 (bug #861604)
NOTE: https://github.com/Ettercap/ettercap/issues/792
NOTE: Fixed by:
https://github.com/Ettercap/ettercap/commit/1083d604930ebb9f350126b83802ecd2cbc17f90
@@ -8781,6 +8788,7 @@
CVE-2017-6431
RESERVED
CVE-2017-6430 (The compile_tree function in ef_compiler.c in the Etterfilter
utility ...)
+ {DSA-3874-1}
- ettercap 1:0.8.2-4 (bug #857035)
NOTE: https://github.com/Ettercap/ettercap/issues/782
NOTE: Patch:
https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506
@@ -16641,8 +16649,8 @@
NOT-FOR-US: IBM
CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable
to SQL ...)
NOT-FOR-US: IBM
-CVE-2016-9991
- RESERVED
+CVE-2016-9991 (IBM Sterling Order Management 9.2 through 9.5 is vulnerable to
...)
+ TODO: check
CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
This ...)
NOT-FOR-US: IBM
CVE-2016-9989
@@ -22897,8 +22905,8 @@
RESERVED
CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
-CVE-2017-1319
- RESERVED
+CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
+ TODO: check
CVE-2017-1318
RESERVED
CVE-2017-1317
@@ -23178,8 +23186,8 @@
RESERVED
CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that
could ...)
NOT-FOR-US: IBM TRIRIGA Document Manager
-CVE-2017-1179
- RESERVED
+CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than
expected ...)
+ TODO: check
CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is
vulnerable ...)
NOT-FOR-US: IBM
CVE-2017-1177
@@ -23256,8 +23264,8 @@
NOT-FOR-US: IBM
CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could
allow an ...)
NOT-FOR-US: IBM
-CVE-2017-1140
- RESERVED
+CVE-2017-1140 (IBM Business Process Manager 8.0 and 8.5 are vulnerable to
cross-site ...)
+ TODO: check
CVE-2017-1139
RESERVED
CVE-2017-1138
@@ -23817,8 +23825,8 @@
RESERVED
CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site
scripting. ...)
NOT-FOR-US: IBM
-CVE-2016-9736
- RESERVED
+CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests
could ...)
+ TODO: check
CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain
...)
NOT-FOR-US: IBM
CVE-2016-9734
@@ -23893,8 +23901,8 @@
RESERVED
CVE-2016-9699
RESERVED
-CVE-2016-9698
- RESERVED
+CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of
...)
+ TODO: check
CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and
6.0 ...)
NOT-FOR-US: IBM
CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML
injection. A ...)
@@ -27850,8 +27858,8 @@
RESERVED
CVE-2016-8988
RESERVED
-CVE-2016-8987
- RESERVED
+CVE-2016-8987 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an
...)
+ TODO: check
CVE-2016-8986 (IBM WebSphere MQ 8.0 could allow an authenticated user with
access to ...)
NOT-FOR-US: IBM
CVE-2016-8985
@@ -37434,8 +37442,8 @@
NOT-FOR-US: IBM
CVE-2016-6099 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses
sensitive ...)
NOT-FOR-US: IBM
-CVE-2016-6098
- RESERVED
+CVE-2016-6098 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies
...)
+ TODO: check
CVE-2016-6097 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web
pages ...)
NOT-FOR-US: IBM
CVE-2016-6096 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is
vulnerable to ...)
@@ -37444,8 +37452,8 @@
NOT-FOR-US: IBM
CVE-2016-6094 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates
an ...)
[Secure-testing-commits] r52444 - data/CVE
Author: carnil Date: 2017-06-09 10:39:08 + (Fri, 09 Jun 2017) New Revision: 52444 Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list === --- data/CVE/list 2017-06-09 09:10:12 UTC (rev 52443) +++ data/CVE/list 2017-06-09 10:39:08 UTC (rev 52444) @@ -1,5 +1,5 @@ CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, ...) - TODO: check + NOT-FOR-US: Sophos CVE-2017-9522 RESERVED CVE-2017-9521 @@ -16650,7 +16650,7 @@ CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2016-9991 (IBM Sterling Order Management 9.2 through 9.5 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2016-9989 @@ -22906,7 +22906,7 @@ CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1318 RESERVED CVE-2017-1317 @@ -23187,7 +23187,7 @@ CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that could ...) NOT-FOR-US: IBM TRIRIGA Document Manager CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable ...) NOT-FOR-US: IBM CVE-2017-1177 @@ -23265,7 +23265,7 @@ CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an ...) NOT-FOR-US: IBM CVE-2017-1140 (IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1139 RESERVED CVE-2017-1138 @@ -23826,7 +23826,7 @@ CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests could ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain ...) NOT-FOR-US: IBM CVE-2016-9734 @@ -23902,7 +23902,7 @@ CVE-2016-9699 RESERVED CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 ...) NOT-FOR-US: IBM CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A ...) @@ -27859,7 +27859,7 @@ CVE-2016-8988 RESERVED CVE-2016-8987 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-8986 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...) NOT-FOR-US: IBM CVE-2016-8985 @@ -37443,7 +37443,7 @@ CVE-2016-6099 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive ...) NOT-FOR-US: IBM CVE-2016-6098 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-6097 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages ...) NOT-FOR-US: IBM CVE-2016-6096 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to ...) @@ -37453,7 +37453,7 @@ CVE-2016-6094 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an ...) NOT-FOR-US: IBM CVE-2016-6093 (IBM Tivoli Key Lifecycle Manager does not require that users should ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-6092 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user ...) NOT-FOR-US: IBM CVE-2016-6091 @@ -70509,7 +70509,7 @@ CVE-2015-3914 RESERVED CVE-2015-3913 (The IP stack in multiple Huawei Campus series switch models allows ...) - TODO: check + NOT-FOR-US: Huawei CVE-2015-3912 (Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and ...) NOT-FOR-US: Huawei CVE-2015-3911 (Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52445 - data/CVE
Author: carnil Date: 2017-06-09 13:31:12 + (Fri, 09 Jun 2017) New Revision: 52445 Modified: data/CVE/list Log: Add CVE-2017-7507, thanks raphael Modified: data/CVE/list === --- data/CVE/list 2017-06-09 10:39:08 UTC (rev 52444) +++ data/CVE/list 2017-06-09 13:31:12 UTC (rev 52445) @@ -5650,6 +5650,9 @@ RESERVED CVE-2017-7507 RESERVED + - gnutls28 + - gnutls26 + NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-4 CVE-2017-7506 RESERVED CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52446 - data/CVE
Author: carnil Date: 2017-06-09 13:33:26 + (Fri, 09 Jun 2017) New Revision: 52446 Modified: data/CVE/list Log: Reference commits for CVE-2017-7507 Modified: data/CVE/list === --- data/CVE/list 2017-06-09 13:31:12 UTC (rev 52445) +++ data/CVE/list 2017-06-09 13:33:26 UTC (rev 52446) @@ -5648,11 +5648,14 @@ NOT-FOR-US: Red Hat Certificate System CVE-2017-7508 RESERVED -CVE-2017-7507 +CVE-2017-7507 [Crash upon receiving well-formed status_request extension] RESERVED - gnutls28 - gnutls26 NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-4 + NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b + NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03 + NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9 CVE-2017-7506 RESERVED CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52447 - data/CVE
Author: carnil Date: 2017-06-09 18:22:50 + (Fri, 09 Jun 2017) New Revision: 52447 Modified: data/CVE/list Log: Add CVE-2017-9525/cron Modified: data/CVE/list === --- data/CVE/list 2017-06-09 13:33:26 UTC (rev 52446) +++ data/CVE/list 2017-06-09 18:22:50 UTC (rev 52447) @@ -1,3 +1,8 @@ +CVE-2017-9525 [group crontab to root escalation via postinst] + - cron (bug #864466) + [stretch] - cron (Minor issue) + [jessie] - cron (Minor issue) + NOTE: http://www.openwall.com/lists/oss-security/2017/06/08/3 CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, ...) NOT-FOR-US: Sophos CVE-2017-9522 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52448 - data
Author: carnil Date: 2017-06-09 18:37:11 + (Fri, 09 Jun 2017) New Revision: 52448 Modified: data/dsa-needed.txt Log: Add note for one item Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-06-09 18:22:50 UTC (rev 52447) +++ data/dsa-needed.txt 2017-06-09 18:37:11 UTC (rev 52448) @@ -39,6 +39,7 @@ wait until more issues have piled up -- tor (carnil) + Waiting for decision about stretch or stretch-security upload of src:tor, cf #864488 -- vlc Maintainer proposed debdiff, needs review and ack ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52449 - in data: . DSA
Author: jmm
Date: 2017-06-09 18:39:15 + (Fri, 09 Jun 2017)
New Revision: 52449
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
libmwaw security update
Modified: data/DSA/list
===
--- data/DSA/list 2017-06-09 18:37:11 UTC (rev 52448)
+++ data/DSA/list 2017-06-09 18:39:15 UTC (rev 52449)
@@ -1,3 +1,6 @@
+[09 Jun 2017] DSA-3875-1 libmwaw - security update
+ {CVE-2017-9433}
+ [jessie] - libmwaw 0.3.1-2+deb8u1
[09 Jun 2017] DSA-3874-1 ettercap - security update
{CVE-2017-6430 CVE-2017-8366}
[jessie] - ettercap 1:0.8.1-3+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-06-09 18:37:11 UTC (rev 52448)
+++ data/dsa-needed.txt 2017-06-09 18:39:15 UTC (rev 52449)
@@ -18,8 +18,6 @@
--
graphicsmagick
--
-libmwaw
---
libytnef
--
linux
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52450 - data/DSA
Author: jmm
Date: 2017-06-09 18:51:42 + (Fri, 09 Jun 2017)
New Revision: 52450
Modified:
data/DSA/list
Log:
otrs DSA
Modified: data/DSA/list
===
--- data/DSA/list 2017-06-09 18:39:15 UTC (rev 52449)
+++ data/DSA/list 2017-06-09 18:51:42 UTC (rev 52450)
@@ -1,3 +1,6 @@
+[09 Jun 2017] DSA-3876-1 otrs2 - security update
+ {CVE-2017-9324}
+ [jessie] - otrs2 3.3.9-3+deb8u1
[09 Jun 2017] DSA-3875-1 libmwaw - security update
{CVE-2017-9433}
[jessie] - libmwaw 0.3.1-2+deb8u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52451 - data/CVE
Author: jmm Date: 2017-06-09 18:59:09 + (Fri, 09 Jun 2017) New Revision: 52451 Modified: data/CVE/list Log: openvswitch n/a Modified: data/CVE/list === --- data/CVE/list 2017-06-09 18:51:42 UTC (rev 52450) +++ data/CVE/list 2017-06-09 18:59:09 UTC (rev 52451) @@ -1001,6 +1001,7 @@ RESERVED CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an ...) - openvswitch (bug #863228) + [jessie] - openvswitch (Vulnerable code not present) [wheezy] - openvswitch (Vulnerable code not present) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html CVE-2017-9213 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52452 - data
Author: jmm Date: 2017-06-09 19:19:27 + (Fri, 09 Jun 2017) New Revision: 52452 Modified: data/dsa-needed.txt Log: add and take zziplib Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-06-09 18:59:09 UTC (rev 52451) +++ data/dsa-needed.txt 2017-06-09 19:19:27 UTC (rev 52452) @@ -45,3 +45,5 @@ wireshark (seb) 2017-05-13: asked balint@ if he wants to prepare an update now -- +zziplib (jmm) +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52453 - data/CVE
Author: jmm
Date: 2017-06-09 20:03:38 + (Fri, 09 Jun 2017)
New Revision: 52453
Modified:
data/CVE/list
Log:
yara no-dsa
jessie triage
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-09 19:19:27 UTC (rev 52452)
+++ data/CVE/list 2017-06-09 20:03:38 UTC (rev 52453)
@@ -153,7 +153,9 @@
CVE-2017-9466
RESERVED
CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote
attackers ...)
- - yara
+ - yara (low)
+ [stretch] - yara (Minor issue)
+ [jessie] - yara (Minor issue)
NOTE: https://github.com/VirusTotal/yara/issues/678
NOTE:
https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661
CVE-2017-9464
@@ -221,6 +223,8 @@
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718
CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote
attackers ...)
- yara
+ [stretch] - yara (Minor issue)
+ [jessie] - yara (Minor issue)
NOTE: https://github.com/VirusTotal/yara/issues/674
NOTE: Fixed by:
https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7
CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This
...)
@@ -893,6 +897,7 @@
NOT-FOR-US: Aries QWR-1104 Wireless-N Router
CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the
'send ...)
{DLA-974-1}
+ [jessie] - picocom (Minor issue)
- picocom 1.7-2 (bug #863671)
NOTE:
https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the
Linux ...)
@@ -25872,6 +25877,7 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for
the ...)
{DLA-757-1}
+ [jessie] - phpmyadmin (Minor issue)
- phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request
...)
@@ -25912,6 +25918,7 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in
URL ...)
{DLA-757-1}
+ [jessie] - phpmyadmin (Minor issue)
- phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login
request it ...)
@@ -35320,22 +35327,27 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially
craft a ...)
{DLA-626-1}
+ [jessie] - phpmyadmin (Minor issue)
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the
LOAD ...)
{DLA-626-1}
+ [jessie] - phpmyadmin (Minor issue)
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
{DLA-626-1}
+ [jessie] - phpmyadmin (Minor issue)
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6610 (A full path disclosure vulnerability was discovered in
phpMyAdmin ...)
- - phpmyadmin 4:4.6.4+dfsg1-1
+ - phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
[wheezy] - phpmyadmin (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
+ NOTE: Not relevant to packaged version in Debian
CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
{DLA-626-1}
+ {DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the
database ...)
@@ -35344,10 +35356,12 @@
[wheezy] - phpmyadmin (Only affects 4.6.x)
CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom
search ...)
{DLA-626-1}
+ [jessie] - phpmyadmin (Minor issue)
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The
...)
{DLA-626-1}
+ [jessie] - phpmyadmin (Minor issue)
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote
attackers to ...)
@@ -38484,6 +38498,7 @@
NOT-FOR-US: BIG-IP
CVE-2016-5735 (Integer over
[Secure-testing-commits] Processing r52453 failed
The error message was: data/CVE/list: 35348: error: cross reference to DLA-626-1 appears multiple times Makefile:22: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52454 - data/CVE
Author: jmm Date: 2017-06-09 20:05:09 + (Fri, 09 Jun 2017) New Revision: 52454 Modified: data/CVE/list Log: yara bugs lshell removal Modified: data/CVE/list === --- data/CVE/list 2017-06-09 20:03:38 UTC (rev 52453) +++ data/CVE/list 2017-06-09 20:05:09 UTC (rev 52454) @@ -153,7 +153,7 @@ CVE-2017-9466 RESERVED CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote attackers ...) - - yara (low) + - yara (low; bug #864517) [stretch] - yara (Minor issue) [jessie] - yara (Minor issue) NOTE: https://github.com/VirusTotal/yara/issues/678 @@ -222,7 +222,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/460 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718 CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers ...) - - yara + - yara (low; bug #864518) [stretch] - yara (Minor issue) [jessie] - yara (Minor issue) NOTE: https://github.com/VirusTotal/yara/issues/674 @@ -34433,6 +34433,7 @@ NOTE: Vulnerable code not present in any Libav version. CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a ...) - lshell (bug #834949) + [jessie] - lshell (Scheduled for removal) [wheezy] - lshell (Vulnerable code not present) NOTE: https://github.com/ghantoos/lshell/issues/147 NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15 @@ -34441,6 +34442,7 @@ NOTE: about issues/147" and possibly a new/additional CVE assignment. CVE-2016-6903 (lshell 0.9.16 allows remote authenticated users to break out of a ...) - lshell (bug #834946) + [jessie] - lshell (Scheduled for removal) [wheezy] - lshell (Vulnerable code not present) NOTE: https://github.com/ghantoos/lshell/issues/149 NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r52454 failed
The error message was: data/CVE/list: 35350: error: cross reference to DLA-626-1 appears multiple times Makefile:22: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52455 - data/CVE
Author: jmm
Date: 2017-06-09 20:10:18 + (Fri, 09 Jun 2017)
New Revision: 52455
Modified:
data/CVE/list
Log:
fix copy&paste error
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-09 20:05:09 UTC (rev 52454)
+++ data/CVE/list 2017-06-09 20:10:18 UTC (rev 52455)
@@ -35349,7 +35349,6 @@
NOTE: Not relevant to packaged version in Debian
CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
{DLA-626-1}
- {DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the
database ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52456 - data/CVE
Author: sectracker
Date: 2017-06-09 21:10:12 + (Fri, 09 Jun 2017)
New Revision: 52456
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-09 20:10:18 UTC (rev 52455)
+++ data/CVE/list 2017-06-09 21:10:12 UTC (rev 52456)
@@ -1,4 +1,6 @@
-CVE-2017-9525 [group crontab to root escalation via postinst]
+CVE-2017-9524
+ RESERVED
+CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through
...)
- cron (bug #864466)
[stretch] - cron (Minor issue)
[jessie] - cron (Minor issue)
@@ -240,6 +242,7 @@
NOTE: https://github.com/weidai11/cryptopp/issues/414
NOTE:
https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
CVE-2017-9433 (Document Liberation Project libmwaw before 2017-04-08 has an
...)
+ {DSA-3875-1}
- libmwaw 0.3.9-2 (bug #864366)
NOTE:
https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/
CVE-2017-9432 (Document Liberation Project libstaroffice before 2017-04-07 has
an ...)
@@ -554,6 +557,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d
CVE-2017-9324
RESERVED
+ {DSA-3876-1}
- otrs2 5.0.20-1 (bug #864319)
NOTE:
https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
NOTE:
https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3
@@ -21122,8 +21126,8 @@
RESERVED
CVE-2017-2220
RESERVED
-CVE-2017-2219
- RESERVED
+CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows]
...)
+ TODO: check
CVE-2017-2218
RESERVED
CVE-2017-2217
@@ -21132,24 +21136,24 @@
RESERVED
CVE-2017-2215
RESERVED
-CVE-2017-2214
- RESERVED
-CVE-2017-2213
- RESERVED
-CVE-2017-2212
- RESERVED
-CVE-2017-2211
- RESERVED
-CVE-2017-2210
- RESERVED
-CVE-2017-2209
- RESERVED
+CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck
Pro prior ...)
+ TODO: check
+CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE ...)
+ TODO: check
+CVE-2017-2212 (Untrusted search path vulnerability in TKY2JGD
(TKY2JGD1379.EXE) ver. ...)
+ TODO: check
+CVE-2017-2211 (Untrusted search path vulnerability in PatchJGD (Hyoko) ...)
+ TODO: check
+CVE-2017-2210 (Untrusted search path vulnerability in PatchJGD
(PatchJGD101.EXE) ver. ...)
+ TODO: check
+CVE-2017-2209 (Untrusted search path vulnerability in the installer of
Houkokusyo ...)
+ TODO: check
CVE-2017-2208
RESERVED
-CVE-2017-2207
- RESERVED
-CVE-2017-2206
- RESERVED
+CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT
Personal ...)
+ TODO: check
+CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT
Netizen ...)
+ TODO: check
CVE-2017-2205
RESERVED
CVE-2017-2204
@@ -21170,24 +21174,24 @@
RESERVED
CVE-2017-2196
RESERVED
-CVE-2017-2195
- RESERVED
+CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to
version ...)
+ TODO: check
CVE-2017-2194
RESERVED
-CVE-2017-2193
- RESERVED
-CVE-2017-2192
- RESERVED
-CVE-2017-2191
- RESERVED
-CVE-2017-2190
- RESERVED
-CVE-2017-2189
- RESERVED
+CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera
Term 4.94 ...)
+ TODO: check
+CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify
...)
+ TODO: check
+CVE-2017-2191 (Untrusted search path vulnerability in RW-5100 driver installer
for ...)
+ TODO: check
+CVE-2017-2190 (Untrusted search path vulnerability in RW-4040 tool to verify
...)
+ TODO: check
+CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer
for ...)
+ TODO: check
CVE-2017-2188
RESERVED
-CVE-2017-2187
- RESERVED
+CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support
prior to ...)
+ TODO: check
CVE-2017-2186
RESERVED
CVE-2017-2185
@@ -21196,20 +21200,20 @@
RESERVED
CVE-2017-2183
RESERVED
-CVE-2017-2182
- RESERVED
-CVE-2017-2181
- RESERVED
-CVE-2017-2180
- RESERVED
-CVE-2017-2179
- RESERVED
-CVE-2017-2178
- RESERVED
-CVE-2017-2177
- RESERVED
-CVE-2017-2176
- RESERVED
+CVE-2017-2182 (Hands-on Vulnerability Learning Tool "AppGoat" for
Web Application ...)
+ TODO: check
+CVE-2017-2181 (Hands-on Vulnerability Learning Tool "AppGoat" for
Web Application ...)
+ TODO: check
+CVE-2017-2180 (Hands-on Vulnerability Learning Tool "AppGoat" for
Web Application ...)
+ TODO: check
+CVE-2017-2179 (Hands-on Vulnerability Learning Tool "AppGoat" for
Web Application ...)
+ TO
[Secure-testing-commits] r52457 - data/CVE
Author: jmm Date: 2017-06-09 21:25:15 + (Fri, 09 Jun 2017) New Revision: 52457 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2017-06-09 21:10:12 UTC (rev 52456) +++ data/CVE/list 2017-06-09 21:25:15 UTC (rev 52457) @@ -21179,19 +21179,19 @@ CVE-2017-2194 RESERVED CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...) - TODO: check + NOT-FOR-US: Tera Term CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify ...) - TODO: check + NOT-FOR-US: RW5100 installer CVE-2017-2191 (Untrusted search path vulnerability in RW-5100 driver installer for ...) - TODO: check + NOT-FOR-US: RW5100 installer CVE-2017-2190 (Untrusted search path vulnerability in RW-4040 tool to verify ...) - TODO: check + NOT-FOR-US: RW4040 CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer for ...) - TODO: check + NOT-FOR-US: RW4040 CVE-2017-2188 RESERVED CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support prior to ...) - TODO: check + NOT-FOR-US: WP Live Chat CVE-2017-2186 RESERVED CVE-2017-2185 @@ -21201,19 +21201,19 @@ CVE-2017-2183 RESERVED CVE-2017-2182 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...) - TODO: check + NOT-FOR-US: Hands-on Vulnerability Learning Tool CVE-2017-2181 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...) - TODO: check + NOT-FOR-US: Hands-on Vulnerability Learning Tool CVE-2017-2180 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...) - TODO: check + NOT-FOR-US: Hands-on Vulnerability Learning Tool CVE-2017-2179 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...) - TODO: check + NOT-FOR-US: Hands-on Vulnerability Learning Tool CVE-2017-2178 (Untrusted search path vulnerability in Installer of electronic ...) - TODO: check + NOT-FOR-US: electronic tendering and bid opening system CVE-2017-2177 (Untrusted search path vulnerability in Installer of Shogyo Touki ...) - TODO: check + NOT-FOR-US: Shogyo Touki Denshi Ninsho CVE-2017-2176 (Untrusted search path vulnerability in screensaver installers ...) - TODO: check + NOT-FOR-US: screensaver installers for Windows CVE-2017-2175 (Untrusted search path vulnerability in Empirical Project Monitor - ...) NOT-FOR-US: Empirical Project Monitor - eXtended CVE-2017-2174 (Cross-site scripting vulnerability in Empirical Project Monitor - ...) @@ -21235,7 +21235,7 @@ CVE-2017-2166 RESERVED CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote authenticated ...) - TODO: check + NOT-FOR-US: GroupSession CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 ...) NOT-FOR-US: SOY CMS CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52458 - data/CVE
Author: carnil
Date: 2017-06-10 03:54:58 + (Sat, 10 Jun 2017)
New Revision: 52458
Modified:
data/CVE/list
Log:
Sort tagged entries, add one no-dsa for phpmyadmin for jessie
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-09 21:25:15 UTC (rev 52457)
+++ data/CVE/list 2017-06-10 03:54:58 UTC (rev 52458)
@@ -901,8 +901,8 @@
NOT-FOR-US: Aries QWR-1104 Wireless-N Router
CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the
'send ...)
{DLA-974-1}
+ - picocom 1.7-2 (bug #863671)
[jessie] - picocom (Minor issue)
- - picocom 1.7-2 (bug #863671)
NOTE:
https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the
Linux ...)
- linux 4.9.30-1
@@ -25879,8 +25879,8 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for
the ...)
{DLA-757-1}
+ - phpmyadmin 4:4.6.5.1-1 (low)
[jessie] - phpmyadmin (Minor issue)
- - phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request
...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
@@ -25920,8 +25920,8 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in
URL ...)
{DLA-757-1}
+ - phpmyadmin 4:4.6.5.1-1 (low)
[jessie] - phpmyadmin (Minor issue)
- - phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login
request it ...)
- phpmyadmin 4:4.6.5.1-1
@@ -35330,18 +35330,18 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially
craft a ...)
{DLA-626-1}
+ - phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin (Minor issue)
- - phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the
LOAD ...)
{DLA-626-1}
+ - phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin (Minor issue)
- - phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
{DLA-626-1}
+ - phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin (Minor issue)
- - phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6610 (A full path disclosure vulnerability was discovered in
phpMyAdmin ...)
- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
@@ -35351,6 +35351,7 @@
CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
+ [jessie] - phpmyadmin (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the
database ...)
- phpmyadmin 4:4.6.4+dfsg1-1
@@ -35358,13 +35359,13 @@
[wheezy] - phpmyadmin (Only affects 4.6.x)
CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom
search ...)
{DLA-626-1}
+ - phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin (Minor issue)
- - phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The
...)
{DLA-626-1}
+ - phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin (Minor issue)
- - phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote
attackers to ...)
NOT-FOR-US: Impala
@@ -38500,8 +38501,8 @@
NOT-FOR-US: BIG-IP
CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in
rwpng.c ...)
{DLA-966-1}
+ - pngquant 2.5.0-2 (bug #863469)
[jessie] - pngquant (Minor issue)
- - pngquant 2.5.0-2 (bug #863469)
NOTE:
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and
4.6.x ...)
- phpmyadmin 4:4.6.3-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52459 - data/CVE
Author: carnil
Date: 2017-06-10 03:58:44 + (Sat, 10 Jun 2017)
New Revision: 52459
Modified:
data/CVE/list
Log:
Reinstantiate status for jessie CVE-2016-6609 and phpmyadmin
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-10 03:54:58 UTC (rev 52458)
+++ data/CVE/list 2017-06-10 03:58:44 UTC (rev 52459)
@@ -35351,7 +35351,6 @@
CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the
database ...)
- phpmyadmin 4:4.6.4+dfsg1-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52460 - data/CVE
Author: carnil Date: 2017-06-10 04:10:26 + (Sat, 10 Jun 2017) New Revision: 52460 Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list === --- data/CVE/list 2017-06-10 03:58:44 UTC (rev 52459) +++ data/CVE/list 2017-06-10 04:10:26 UTC (rev 52460) @@ -21127,7 +21127,7 @@ CVE-2017-2220 RESERVED CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows] ...) - TODO: check + NOT-FOR-US: Simeji CVE-2017-2218 RESERVED CVE-2017-2217 @@ -21137,23 +21137,23 @@ CVE-2017-2215 RESERVED CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck Pro prior ...) - TODO: check + NOT-FOR-US: AppCheck CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE ...) - TODO: check + NOT-FOR-US: SemiDynaEXE CVE-2017-2212 (Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. ...) - TODO: check + NOT-FOR-US: TKY2JGD CVE-2017-2211 (Untrusted search path vulnerability in PatchJGD (Hyoko) ...) - TODO: check + NOT-FOR-US: PatchJGD CVE-2017-2210 (Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. ...) - TODO: check + NOT-FOR-US: PatchJGD CVE-2017-2209 (Untrusted search path vulnerability in the installer of Houkokusyo ...) - TODO: check + NOT-FOR-US: Houkokusyo Sakusei Shien Tool CVE-2017-2208 RESERVED CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT Personal ...) - TODO: check + NOT-FOR-US: SaAT Personal CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT Netizen ...) - TODO: check + NOT-FOR-US: SaAT Netizen CVE-2017-2205 RESERVED CVE-2017-2204 @@ -21175,7 +21175,7 @@ CVE-2017-2196 RESERVED CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to version ...) - TODO: check + NOT-FOR-US: Multi Feed Reader plugin for wordpress CVE-2017-2194 RESERVED CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...) @@ -31847,19 +31847,19 @@ [wheezy] - bluez (Minor issue) NOTE: Fixed by: http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 (5.42) CVE-2016-7836 (SKYSEA Client View Ver.11.221.03 and earlier allows remote code ...) - TODO: check + NOT-FOR-US: SKYSEA Client View CVE-2016-7835 (Use-after-free vulnerability in H2O allows remote attackers to cause a ...) TODO: check CVE-2016-7834 (SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, ...) NOT-FOR-US: SONY CVE-2016-7833 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2016-7832 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2016-7831 (Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for ...) - TODO: check + NOT-FOR-US: Sleipnir CVE-2016-7830 (Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C ...) - TODO: check + NOT-FOR-US: Sony CVE-2016-7829 REJECTED CVE-2016-7828 @@ -31867,57 +31867,57 @@ CVE-2016-7827 REJECTED CVE-2016-7826 (Directory traversal vulnerability in Buffalo WNC01WH devices with ...) - TODO: check + NOT-FOR-US: Buffalo CVE-2016-7825 (Directory traversal vulnerability in Buffalo WNC01WH devices with ...) - TODO: check + NOT-FOR-US: Buffalo CVE-2016-7824 (Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier ...) - TODO: check + NOT-FOR-US: Buffalo CVE-2016-7823 (Cross-site scripting vulnerability in Buffalo WNC01WH devices with ...) - TODO: check + NOT-FOR-US: Buffalo CVE-2016-7822 (Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH ...) - TODO: check + NOT-FOR-US: Buffalo CVE-2016-7821 (Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier ...) - TODO: check + NOT-FOR-US: Buffalo CVE-2016-7820 (Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 ...) - TODO: check + NOT-FOR-US: I-O DATA DEVICE CVE-2016-7819 (I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and ...) - TODO: check + NOT-FOR-US: I-O DATA DEVICE CVE-2016-7818 (Untrusted search path vulnerability in Installers for Specification ...) TODO: check CVE-2016-7817 (Cross-site scripting vulnerability in Simple keitai chat 2.0 and ...) - TODO: check + NOT-FOR-US: Simple keitai chat CVE-2016-7816 (The Cybozu kintone mobile for Android 1.0.6 and earlier does not ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client
[Secure-testing-commits] r52461 - data/CVE
Author: carnil Date: 2017-06-10 04:24:02 + (Sat, 10 Jun 2017) New Revision: 52461 Modified: data/CVE/list Log: Add bug reference for CVE-2017-9520/radare2 Modified: data/CVE/list === --- data/CVE/list 2017-06-10 04:10:26 UTC (rev 52460) +++ data/CVE/list 2017-06-10 04:24:02 UTC (rev 52461) @@ -12,10 +12,9 @@ CVE-2017-9521 RESERVED CVE-2017-9520 (The r_config_set function in libr/config/config.c in radare2 1.5.0 ...) - - radare2 + - radare2 (bug #864533) NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005 NOTE: https://github.com/radare/radare2/issues/7698 - TODO: check CVE-2017-9519 (atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user ...) NOT-FOR-US: atmail CVE-2017-9518 (atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52462 - data/CVE
Author: carnil
Date: 2017-06-10 04:33:27 + (Sat, 10 Jun 2017)
New Revision: 52462
Modified:
data/CVE/list
Log:
Reference tor fixes for CVE-2017-037{5,6}
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-10 04:24:02 UTC (rev 52461)
+++ data/CVE/list 2017-06-10 04:33:27 UTC (rev 52462)
@@ -25165,10 +25165,12 @@
CVE-2017-0376 (The hidden-service feature in Tor before 0.3.0.8 allows a
denial of ...)
- tor 0.2.9.11-1 (bug #864424)
NOTE: https://trac.torproject.org/22494
+ NOTE: Fixed by:
https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd
NOTE: Introduced in 0.2.2.1-alpha; fixed in 0.2.4.29, 0.2.5.14,
0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha
CVE-2017-0375 (The hidden-service feature in Tor before 0.3.0.8 allows a
denial of ...)
- tor (Introduced in 0.3.0.1-alpha)
NOTE: https://trac.torproject.org/22493
+ NOTE: Fixed by:
https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7
NOTE: Introduced in 0.3.0.1-alpha; fixed in 0.3.0.8, 0.3.1.3-alpha
CVE-2017-0374 (lib/Config/Model.pm in Config-Model (aka libconfig-model-perl)
before ...)
- libconfig-model-perl 2.097-2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52463 - in data: . DSA
Author: carnil
Date: 2017-06-10 04:40:59 + (Sat, 10 Jun 2017)
New Revision: 52463
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for tor update
Modified: data/DSA/list
===
--- data/DSA/list 2017-06-10 04:33:27 UTC (rev 52462)
+++ data/DSA/list 2017-06-10 04:40:59 UTC (rev 52463)
@@ -1,3 +1,7 @@
+[10 Jun 2017] DSA-3877-1 tor - security update
+ {CVE-2017-0376}
+ [jessie] - tor 0.2.5.14-1
+ [stretch] - tor 0.2.9.11-1~deb9u1
[09 Jun 2017] DSA-3876-1 otrs2 - security update
{CVE-2017-9324}
[jessie] - otrs2 3.3.9-3+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-06-10 04:33:27 UTC (rev 52462)
+++ data/dsa-needed.txt 2017-06-10 04:40:59 UTC (rev 52463)
@@ -36,9 +36,6 @@
tiff
wait until more issues have piled up
--
-tor (carnil)
- Waiting for decision about stretch or stretch-security upload of src:tor, cf
#864488
---
vlc
Maintainer proposed debdiff, needs review and ack
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52464 - data/CVE
Author: carnil Date: 2017-06-10 06:31:54 + (Sat, 10 Jun 2017) New Revision: 52464 Modified: data/CVE/list Log: Add new ceph issue, CVE-2017-7519 Modified: data/CVE/list === --- data/CVE/list 2017-06-10 04:40:59 UTC (rev 52463) +++ data/CVE/list 2017-06-10 06:31:54 UTC (rev 52464) @@ -5631,8 +5631,11 @@ RESERVED CVE-2017-7520 RESERVED -CVE-2017-7519 +CVE-2017-7519 [ibradosstriper processes arbitrary printf placeholders in user input] RESERVED + - ceph + [jessie] - ceph (Vulnerable code not present) + NOTE: http://tracker.ceph.com/issues/20240 CVE-2017-7518 RESERVED CVE-2017-7517 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r52465 - data/CVE
Author: carnil Date: 2017-06-10 06:52:01 + (Sat, 10 Jun 2017) New Revision: 52465 Modified: data/CVE/list Log: Add bug reference for CVE-2017-7519, #864535 Modified: data/CVE/list === --- data/CVE/list 2017-06-10 06:31:54 UTC (rev 52464) +++ data/CVE/list 2017-06-10 06:52:01 UTC (rev 52465) @@ -5631,9 +5631,10 @@ RESERVED CVE-2017-7520 RESERVED -CVE-2017-7519 [ibradosstriper processes arbitrary printf placeholders in user input] +CVE-2017-7519 [libradosstriper processes arbitrary printf placeholders in user input] RESERVED - - ceph + - ceph (bug #864535) + [stretch] - ceph (Minor issue) [jessie] - ceph (Vulnerable code not present) NOTE: http://tracker.ceph.com/issues/20240 CVE-2017-7518 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
