[Secure-testing-commits] r57191 - data/CVE
Author: carnil Date: 2017-11-01 05:34:38 + (Wed, 01 Nov 2017) New Revision: 57191 Modified: data/CVE/list Log: CVE assigned for libcatalyst-plugin-static-simple-perl Modified: data/CVE/list === --- data/CVE/list 2017-11-01 05:27:13 UTC (rev 57190) +++ data/CVE/list 2017-11-01 05:34:38 UTC (rev 57191) @@ -8,7 +8,7 @@ CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) - vim NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 -CVE-2017- [leaks files without extention, inadvertently] +CVE-2017-16248 [leaks files without extention, inadvertently] - libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 CVE-2017-16241 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57190 - data/CVE
Author: carnil Date: 2017-11-01 05:27:13 + (Wed, 01 Nov 2017) New Revision: 57190 Modified: data/CVE/list Log: CVE-2014-8184 reported upstream Modified: data/CVE/list === --- data/CVE/list 2017-10-31 23:28:50 UTC (rev 57189) +++ data/CVE/list 2017-11-01 05:27:13 UTC (rev 57190) @@ -107105,6 +107105,7 @@ CVE-2014-8184 [stack-based buffer overflow in findTable()] RESERVED - liblouis + NOTE: https://github.com/liblouis/liblouis/issues/425 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701 CVE-2014-8183 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57188 - data/CVE
Author: apo
Date: 2017-10-31 23:22:43 + (Tue, 31 Oct 2017)
New Revision: 57188
Modified:
data/CVE/list
Log:
CVE-2013-4366,httpcomponents-client: Wheezy is not affected
The vulnerable code is not present in 4.1.x.
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-31 23:07:08 UTC (rev 57187)
+++ data/CVE/list 2017-10-31 23:22:43 UTC (rev 57188)
@@ -135999,6 +135999,7 @@
NOT-FOR-US: ovirt
CVE-2013-4366 (http/impl/client/HttpClientBuilder.java in Apache HttpClient
4.3.x ...)
- httpcomponents-client 4.3.2-1
+ [wheezy] - httpcomponents-client (vulnerable code not
present)
NOTE: http://svn.apache.org/r1528614
CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read
function in ...)
{DSA-2778-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57186 - in data: . CVE
Author: apo
Date: 2017-10-31 23:01:41 + (Tue, 31 Oct 2017)
New Revision: 57186
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark jbossas4 as end-of-life for Wheezy.
Remove the package from dla-needed.txt. It is obsolete. The JBoss Application
Server was also never completely packaged.
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-31 22:09:06 UTC (rev 57185)
+++ data/CVE/list 2017-10-31 23:01:41 UTC (rev 57186)
@@ -11640,6 +11640,7 @@
NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html
CVE-2017-12149 (In Jboss Application Server as shipped with Red Hat Enterprise
...)
- jbossas4
+ [wheezy] - jbossas4 (incomplete packaging, 4.x series
released more than nine years ago.)
CVE-2017-12148
RESERVED
NOT-FOR-US: Ansible Tower
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-10-31 22:09:06 UTC (rev 57185)
+++ data/dla-needed.txt 2017-10-31 23:01:41 UTC (rev 57186)
@@ -21,8 +21,6 @@
jasperreports
NOTE: 20171031: No details available. Asked upstream for clarification.
--
-jbossas4
---
lame (Hugo Lefeuvre)
NOTE: Couldn't reproduce CVE-2017-{69-72}. Wait for next upstream release
3.100 ?
NOTE: https://lists.debian.org/debian-lts/2017/09/msg00082.html
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57183 - data/CVE
Author: apo Date: 2017-10-31 21:54:23 + (Tue, 31 Oct 2017) New Revision: 57183 Modified: data/CVE/list Log: Add bug number for jasperreports issues. Modified: data/CVE/list === --- data/CVE/list 2017-10-31 21:52:24 UTC (rev 57182) +++ data/CVE/list 2017-10-31 21:54:23 UTC (rev 57183) @@ -3591,7 +3591,7 @@ CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the ...) NOT-FOR-US: Intelbras WRN 150 devices CVE-2017-14941 (Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ...) - - jasperreports + - jasperreports (bug #880467) NOTE: https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941 CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) ...) - binutils @@ -31901,10 +31901,10 @@ CVE-2017-5530 RESERVED CVE-2017-5529 (JasperReports library components contain an information disclosure ...) - - jasperreports + - jasperreports (bug #880467) NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0 CVE-2017-5528 (Multiple JasperReports Server components contain vulnerabilities ...) - - jasperreports + - jasperreports (bug #880467) NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017 CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x ...) NOT-FOR-US: TIBCO Spotfire Server ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57182 - data/CVE
Author: jmm Date: 2017-10-31 21:52:24 + (Tue, 31 Oct 2017) New Revision: 57182 Modified: data/CVE/list Log: two openjpeg issues n/a for jessie Modified: data/CVE/list === --- data/CVE/list 2017-10-31 21:41:42 UTC (rev 57181) +++ data/CVE/list 2017-10-31 21:52:24 UTC (rev 57182) @@ -5858,6 +5858,7 @@ NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164. CVE-2017-14151 (An off-by-one error was discovered in ...) - openjpeg2 2.3.0-1 (bug #874430) + [jessie] - openjpeg2 (Vulnerable code introduced later, see #874430) NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/ NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9 NOTE: https://github.com/uclouvain/openjpeg/issues/982 @@ -6900,6 +6901,7 @@ NOTE: https://github.com/uclouvain/openjpeg/issues/792 CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout ...) - openjpeg2 2.2.0-1 (bug #874113) + [jessie] - openjpeg2 (Vulnerable code introduced later, see #874113) NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04 NOTE: https://github.com/uclouvain/openjpeg/issues/835 CVE-2017-13753 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57181 - data/CVE
Author: jmm
Date: 2017-10-31 21:41:42 + (Tue, 31 Oct 2017)
New Revision: 57181
Modified:
data/CVE/list
Log:
NFU
several im issues unimportant
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-31 21:20:23 UTC (rev 57180)
+++ data/CVE/list 2017-10-31 21:41:42 UTC (rev 57181)
@@ -10277,7 +10277,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/571
CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in
WritePCXImage in ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-16 (bug #870489)
+ - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870489)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/575
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2ba8f335fa06daf1165e0878462686028e633a74
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/560e6e512961008938aa1d1b9aab06347b1c8f9b
@@ -10285,7 +10285,7 @@
- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870015)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/553
CVE-2017-12666 (ImageMagick 7.0.6-2 has a memory leak vulnerability in
WriteINLINEImage ...)
- - imagemagick 8:6.9.7.4+dfsg-16 (bug #870482)
+ - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870482)
[jessie] - imagemagick (Vulnerable code not present)
[wheezy] - imagemagick (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/572
@@ -10293,7 +10293,7 @@
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/45aeda5da9eb328689afc221fa3b7dfa5cdea54d
CVE-2017-12665 (ImageMagick 7.0.6-2 has a memory leak vulnerability in
WritePICTImage ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-16 (bug #870501)
+ - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870501)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/577
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/c1b09bbec148f6ae11d0b686fdb89ac6dc0ab14e
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/859084b4fd966ac007965c3d85caabccd8aee9b4
@@ -10349,11 +10349,11 @@
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0
CVE-2017-12642 (ImageMagick 7.0.6-1 has a memory leak vulnerability in
ReadMPCImage in ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-13 (bug #869796)
+ - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869796)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/552
CVE-2017-12641 (ImageMagick 7.0.6-1 has a memory leak vulnerability in
ReadOneJNGImage ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-15 (bug #870108)
+ - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870108)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/550
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in
...)
@@ -10396,6 +10396,7 @@
RESERVED
CVE-2017-12625
RESERVED
+ NOT-FOR-US: Apache Hive
CVE-2017-12624
RESERVED
CVE-2017-12623 (An authorized user could upload a template which contained
malicious ...)
@@ -10578,19 +10579,19 @@
NOT-FOR-US: Quest KACE Asset Management Appliance
CVE-2017-12566 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found
in the ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-16 (bug #870503)
+ - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870503)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/603
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2477eacf09d3a26efe814590a5dbbe1efd16764f
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/27b3b9ca5cfb7b8935852cf315abc005ea7c1e16
CVE-2017-12565 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found
in the ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-15 (bug #870115)
+ - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870115)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/602
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/e0e544bb173213df00f82a810d66321e1bb4f3c8
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/4d0ac66c9778faebd2d1fac7140462b043626458
CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found
in the ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-14 (bug #870017)
+ - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870017)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/601
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137
NOTE: ImageMagick-6:
[Secure-testing-commits] r57179 - data/CVE
Author: carnil
Date: 2017-10-31 21:20:12 + (Tue, 31 Oct 2017)
New Revision: 57179
Modified:
data/CVE/list
Log:
Process NFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-31 21:14:30 UTC (rev 57178)
+++ data/CVE/list 2017-10-31 21:20:12 UTC (rev 57179)
@@ -30,7 +30,7 @@
CVE-2017-16233
RESERVED
CVE-2016-10699 (D-Link DSL-2740E 1.00_BG_20150720 devices are prone to
persistent XSS ...)
- TODO: check
+ NOT-FOR-US: D-Link devices
CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge
10.2x and ...)
TODO: check
CVE-2017-16232
@@ -1013,7 +1013,7 @@
[wheezy] - linux (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76
(v4.14-rc6)
CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable
to a ...)
- TODO: check
+ NOT-FOR-US: Flexense SyncBreeze
CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the
usertoedit ...)
NOT-FOR-US: Xavier PHP Management Panel
CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file
upload ...)
@@ -5239,11 +5239,11 @@
CVE-2017-14359
RESERVED
CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP
ArcSight ESM ...)
- TODO: check
+ NOT-FOR-US: HP ArcSight
CVE-2017-14357 (A Reflected and Stored Cross-Site Scripting (XSS)
vulnerability in HP ...)
- TODO: check
+ NOT-FOR-US: HP ArcSight
CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP
ArcSight ESM ...)
- TODO: check
+ NOT-FOR-US: HP ArcSight
CVE-2017-14355
RESERVED
CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB
Foundation ...)
@@ -5533,7 +5533,7 @@
- typo3-src
[wheezy] - typo3-src (Not supported in Wheezy LTS)
CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router
with ...)
- TODO: check
+ NOT-FOR-US: TP-LINK Router
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage
in ...)
{DLA-1131-1}
- imagemagick (low; bug #876099)
@@ -15244,7 +15244,7 @@
CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to
execute ...)
NOT-FOR-US: EMC
CVE-2017-10954 (This vulnerability allows remote attackers to execute
arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Internet Security Internet Security 2018
CVE-2017-10953 (This vulnerability allows remote attackers to execute
arbitrary code ...)
TODO: check
CVE-2017-10952 (This vulnerability allows remote attackers to execute
arbitrary code ...)
@@ -36298,9 +36298,9 @@
CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type
sniffing which ...)
TODO: check
CVE-2017-3934 (Missing HTTP Strict Transport Security state information
vulnerability ...)
- TODO: check
+ NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee
Network ...)
- TODO: check
+ NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3932
RESERVED
CVE-2017-3931
@@ -48018,7 +48018,7 @@
CVE-2016-9098
REJECTED
CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to
6.6.5.8, ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-9096
REJECTED
CVE-2016-9095
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57177 - data/CVE
Author: sectracker
Date: 2017-10-31 21:10:19 + (Tue, 31 Oct 2017)
New Revision: 57177
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-31 20:37:37 UTC (rev 57176)
+++ data/CVE/list 2017-10-31 21:10:19 UTC (rev 57177)
@@ -1,9 +1,11 @@
-CVE-2017-1000383
+CVE-2017-16242
+ RESERVED
+CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely)
ignores ...)
- emacs25
- emacs24
- emacs23
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
-CVE-2017-1000382
+CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely)
ignores umask ...)
- vim
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
CVE-2017- [leaks files without extention, inadvertently]
@@ -48,7 +50,7 @@
NOTE: This is similar class of issue as for CVE-2017-1000117/git
NOTE: But needs a separate CVE since different codebasis.
CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before
1.2.2 ...)
- {DSA-4011-1}
+ {DSA-4011-1 DLA-1152-1}
- quagga (bug #879474)
NOTE:
https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
NOTE:
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
@@ -1010,8 +1012,8 @@
[jessie] - linux (Vulnerable code introduced later)
[wheezy] - linux (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76
(v4.14-rc6)
-CVE-2017-15950
- RESERVED
+CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable
to a ...)
+ TODO: check
CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the
usertoedit ...)
NOT-FOR-US: Xavier PHP Management Panel
CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file
upload ...)
@@ -1068,6 +1070,7 @@
NOTE:
https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
NOTE: https://github.com/radare/radare2/issues/8731
CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a
Null ...)
+ {DLA-1154-1}
- graphicsmagick 1.3.26-16 (bug #87)
NOTE:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
NOTE:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
@@ -1174,8 +1177,8 @@
RESERVED
CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis
2100 Network ...)
NOT-FOR-US: Axis
-CVE-2017-15884
- RESERVED
+CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) ...)
+ TODO: check
CVE-2017-15883
RESERVED
CVE-2017-15882 (The London Trust Media Private Internet Access (PIA)
application before ...)
@@ -2594,8 +2597,7 @@
[stretch] - linux 4.9.47-1
[wheezy] - linux 3.2.93-1
NOTE: Fixed by:
https://git.kernel.org/linus/5649645d725c73df4302428ee4e02c869248b4c5 (4.12-rc5)
-CVE-2017-15273
- RESERVED
+CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10
before ...)
- mahara
NOTE: https://mahara.org/interaction/forum/topic.php?id=8081
CVE-2017-15272
@@ -3129,8 +3131,7 @@
{DSA-4007-1 DLA-1143-1}
- curl 7.56.1-1
NOTE: https://curl.haxx.se/docs/adv_20171023.html
-CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for
clients]
- RESERVED
+CVE-2017-1000256 (libvirt version 2.3.0 and later is vulnerable to a bad
default ...)
{DSA-4003-1}
- libvirt 3.8.0-3 (bug #878799)
[jessie] - libvirt (Vulnerable code introduced later)
@@ -3450,7 +3451,7 @@
CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
NOT-FOR-US: EMC
CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key
values (but ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-2 (bug #877629)
NOTE: https://core.trac.wordpress.org/ticket/38474
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in
...)
@@ -4098,8 +4099,7 @@
NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork
web ...)
NOT-FOR-US: EyesOfNetwork (EON)
-CVE-2017-14752
- RESERVED
+CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10
before ...)
- mahara
NOTE: https://mahara.org/interaction/forum/topic.php?id=8083
CVE-2017-14751 (The Intense WP WP Jobs plugin 1.5 for WordPress
has XSS, related to ...)
@@ -4197,7 +4197,7 @@
[wheezy] - wordpress (Vulnerable code not present)
NOTE:
[Secure-testing-commits] r57176 - data/CVE
Author: carnil Date: 2017-10-31 20:37:37 + (Tue, 31 Oct 2017) New Revision: 57176 Modified: data/CVE/list Log: Add vim and emacs entries Modified: data/CVE/list === --- data/CVE/list 2017-10-31 20:25:42 UTC (rev 57175) +++ data/CVE/list 2017-10-31 20:37:37 UTC (rev 57176) @@ -1,3 +1,11 @@ +CVE-2017-1000383 + - emacs25 + - emacs24 + - emacs23 + NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 +CVE-2017-1000382 + - vim + NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 CVE-2017- [leaks files without extention, inadvertently] - libcatalyst-plugin-static-simple-perl (bug #880458) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57171 - in data: . DLA
Author: pochu
Date: 2017-10-31 18:32:58 + (Tue, 31 Oct 2017)
New Revision: 57171
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1155-1 for tzdata
Modified: data/DLA/list
===
--- data/DLA/list 2017-10-31 17:14:39 UTC (rev 57170)
+++ data/DLA/list 2017-10-31 18:32:58 UTC (rev 57171)
@@ -1,3 +1,5 @@
+[31 Oct 2017] DLA-1155-1 tzdata - security update
+ [wheezy] - tzdata 2017c-0+deb7u1
[31 Oct 2017] DLA-1154-1 graphicsmagick - security update
{CVE-2017-15930}
[wheezy] - graphicsmagick 1.3.16-1.1+deb7u12
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-10-31 17:14:39 UTC (rev 57170)
+++ data/dla-needed.txt 2017-10-31 18:32:58 UTC (rev 57171)
@@ -129,8 +129,6 @@
--
tomcat7 (Roberto C. Sánchez)
--
-tzdata (Emilio Pozuelo)
---
wireshark (Thorsten Alteholz)
NOTE: 2017-08-28: Contacted maintainer since most NOTE: issues affect
Jessie/Stretch as well
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57170 - in data: . DLA
Author: anarcat
Date: 2017-10-31 17:14:39 + (Tue, 31 Oct 2017)
New Revision: 57170
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1154-1 for graphicsmagick
Modified: data/DLA/list
===
--- data/DLA/list 2017-10-31 16:48:46 UTC (rev 57169)
+++ data/DLA/list 2017-10-31 17:14:39 UTC (rev 57170)
@@ -1,3 +1,6 @@
+[31 Oct 2017] DLA-1154-1 graphicsmagick - security update
+ {CVE-2017-15930}
+ [wheezy] - graphicsmagick 1.3.16-1.1+deb7u12
[31 Oct 2017] DLA-1153-1 thunderbird - security update
{CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818
CVE-2017-7819 CVE-2017-7823 CVE-2017-7824}
[wheezy] - thunderbird 1:52.4.0-1~deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-10-31 16:48:46 UTC (rev 57169)
+++ data/dla-needed.txt 2017-10-31 17:14:39 UTC (rev 57170)
@@ -14,8 +14,6 @@
NOTE: 20170719: maintainer will handle the upload, see
https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org
NOTE: 20171013: anarcat pinged maintainer:
https://lists.debian.org/87efpuc95w@curie.anarc.at
--
-graphicsmagick (anarcat)
---
icedove (Guido Günther)
--
irssi (Rhonda D'Vine)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57169 - data/CVE
Author: pochu Date: 2017-10-31 16:48:46 + (Tue, 31 Oct 2017) New Revision: 57169 Modified: data/CVE/list Log: dulwich no-dsa on wheezy Modified: data/CVE/list === --- data/CVE/list 2017-10-31 16:42:49 UTC (rev 57168) +++ data/CVE/list 2017-10-31 16:48:46 UTC (rev 57169) @@ -32,6 +32,7 @@ - dulwich 0.18.5-1 [stretch] - dulwich (Minor issue) [jessie] - dulwich (Minor issue) + [wheezy] - dulwich (Minor issue) NOTE: https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/ NOTE: This is similar class of issue as for CVE-2017-1000117/git NOTE: But needs a separate CVE since different codebasis. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57168 - in data: . CVE
Author: pochu Date: 2017-10-31 16:42:49 + (Tue, 31 Oct 2017) New Revision: 57168 Modified: data/CVE/list data/dla-needed.txt Log: ruby-passenger no-dsa on wheezy too, minor issue and risk or regressions Modified: data/CVE/list === --- data/CVE/list 2017-10-31 16:42:11 UTC (rev 57167) +++ data/CVE/list 2017-10-31 16:42:49 UTC (rev 57168) @@ -81053,6 +81053,7 @@ - passenger 5.0.22-1 (bug #807354) - ruby-passenger (bug #864651) [jessie] - ruby-passenger (Minor issue) + [wheezy] - ruby-passenger (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=956281 NOTE: https://github.com/phusion/passenger/commit/c04590871ca0878d4d3ac1220c5a554b049056b4 (4.x) NOTE: https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e (5.x) Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-10-31 16:42:11 UTC (rev 57167) +++ data/dla-needed.txt 2017-10-31 16:42:49 UTC (rev 57168) @@ -103,9 +103,6 @@ rtpproxy NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog -- -ruby-passenger - NOTE: 20170812: I think this is ext/nginx/ContentHandler.c in create_request. (lamby) --- ruby1.9.1 (Lucas Kanashiro) -- rubygems (Lucas Kanashiro) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57166 - data/CVE
Author: pochu Date: 2017-10-31 16:25:15 + (Tue, 31 Oct 2017) New Revision: 57166 Modified: data/CVE/list Log: glibc no-dsa on wheezy Modified: data/CVE/list === --- data/CVE/list 2017-10-31 16:11:44 UTC (rev 57165) +++ data/CVE/list 2017-10-31 16:25:15 UTC (rev 57166) @@ -1345,7 +1345,8 @@ - glibc (low; bug #879955) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) - - eglibc + - eglibc (low; bug #879955) + [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22332 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 CVE-2017-15803 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...) @@ -1626,14 +1627,16 @@ - glibc (low; bug #879500) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) - - eglibc + - eglibc (low; bug #879500) + [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22325 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c66c908230169c1bab1f83b071eb585baa214b9f CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an ...) - glibc (low; bug #879501) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) - - eglibc + - eglibc (low; bug #879501) + [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22320 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c369d66e5426a30e4725b100d5cd28e372754f90 (master) NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a76376df7c07e577a9515c3faa5dbd50bda5da07 (release/2.26/master) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57165 - data/DLA
Author: carnil
Date: 2017-10-31 16:11:44 + (Tue, 31 Oct 2017)
New Revision: 57165
Modified:
data/DLA/list
Log:
Remove CVE-2017-7825, CVE is only Mac OS X specific for thunderbird
Modified: data/DLA/list
===
--- data/DLA/list 2017-10-31 15:59:07 UTC (rev 57164)
+++ data/DLA/list 2017-10-31 16:11:44 UTC (rev 57165)
@@ -1,5 +1,5 @@
[31 Oct 2017] DLA-1153-1 thunderbird - security update
- {CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818
CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825}
+ {CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818
CVE-2017-7819 CVE-2017-7823 CVE-2017-7824}
[wheezy] - thunderbird 1:52.4.0-1~deb7u1
[31 Oct 2017] DLA-1152-1 quagga - security update
{CVE-2017-16227}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57164 - data/DLA
Author: agx
Date: 2017-10-31 15:59:07 + (Tue, 31 Oct 2017)
New Revision: 57164
Modified:
data/DLA/list
Log:
lts: grab DLA for icedove/thunderbird
Modified: data/DLA/list
===
--- data/DLA/list 2017-10-31 14:55:47 UTC (rev 57163)
+++ data/DLA/list 2017-10-31 15:59:07 UTC (rev 57164)
@@ -1,3 +1,6 @@
+[31 Oct 2017] DLA-1153-1 thunderbird - security update
+ {CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818
CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825}
+ [wheezy] - thunderbird 1:52.4.0-1~deb7u1
[31 Oct 2017] DLA-1152-1 quagga - security update
{CVE-2017-16227}
[wheezy] - quagga 0.99.22.4-1+wheezy3+deb7u2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57163 - data/DLA
Author: hle
Date: 2017-10-31 14:55:47 + (Tue, 31 Oct 2017)
New Revision: 57163
Modified:
data/DLA/list
Log:
Fix bad version in DLA 1152-1
Modified: data/DLA/list
===
--- data/DLA/list 2017-10-31 14:46:14 UTC (rev 57162)
+++ data/DLA/list 2017-10-31 14:55:47 UTC (rev 57163)
@@ -1,6 +1,6 @@
[31 Oct 2017] DLA-1152-1 quagga - security update
{CVE-2017-16227}
- [wheezy] - quagga quagga_0.99.22.4-1+wheezy3+deb7u2
+ [wheezy] - quagga 0.99.22.4-1+wheezy3+deb7u2
[31 Oct 2017] DLA-1151-1 wordpress - security update
{CVE-2016-9263 CVE-2017-14718 CVE-2017-14719 CVE-2017-14720
CVE-2017-14721 CVE-2017-14722 CVE-2017-14723 CVE-2017-14725 CVE-2017-14990}
[wheezy] - wordpress 3.6.1+dfsg-1~deb7u17
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r57162 failed
The error message was: data/DLA/list:3: expected package entry, got: '[wheezy] - quagga quagga_0.99.22.4-1+wheezy3+deb7u2' Makefile:21: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r57162 failed
The error message was: data/DLA/list:3: expected package entry, got: '[wheezy] - quagga quagga_0.99.22.4-1+wheezy3+deb7u2' Makefile:21: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57161 - data
Author: apo Date: 2017-10-31 14:36:27 + (Tue, 31 Oct 2017) New Revision: 57161 Modified: data/dla-needed.txt Log: Claim jasperreports in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-10-31 14:09:58 UTC (rev 57160) +++ data/dla-needed.txt 2017-10-31 14:36:27 UTC (rev 57161) @@ -20,7 +20,7 @@ -- irssi (Rhonda D'Vine) -- -jasperreports +jasperreports (Markus Koschany) -- jbossas4 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57159 - in data: . DLA
Author: anarcat
Date: 2017-10-31 13:32:35 + (Tue, 31 Oct 2017)
New Revision: 57159
Modified:
data/DLA/list
data/dla-needed.txt
Log:
reserve DLA-1150-1 for pending wpa KRACK upload
Modified: data/DLA/list
===
--- data/DLA/list 2017-10-31 12:19:59 UTC (rev 57158)
+++ data/DLA/list 2017-10-31 13:32:35 UTC (rev 57159)
@@ -1,3 +1,6 @@
+[31 Oct 2017] DLA-1150-1 wpa - security update
+ {CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088}
+ [wheezy] - wpa 1.0-3+deb7u5
[27 Oct 2017] DLA-1149-1 wget - security update
{CVE-2017-13089 CVE-2017-13090}
[wheezy] - wget 1.13.4-3+deb7u5
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-10-31 12:19:59 UTC (rev 57158)
+++ data/dla-needed.txt 2017-10-31 13:32:35 UTC (rev 57159)
@@ -145,8 +145,6 @@
--
wordpress (Markus Koschany)
--
-wpa (anarcat)
---
xen
--
xorg-server (Emilio Pozuelo)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57157 - data/CVE
Author: geissert Date: 2017-10-31 12:16:28 + (Tue, 31 Oct 2017) New Revision: 57157 Modified: data/CVE/list Log: some NFUs Modified: data/CVE/list === --- data/CVE/list 2017-10-31 12:06:01 UTC (rev 57156) +++ data/CVE/list 2017-10-31 12:16:28 UTC (rev 57157) @@ -907,39 +907,39 @@ NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the restaurant-menu.php ...) - TODO: check + NOT-FOR-US: Zomato Clone Script CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id' ...) - TODO: check + NOT-FOR-US: Website Broker Script CVE-2017-15991 (Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL ...) - TODO: check + NOT-FOR-US: Vastal I-Tech Agent Zone CVE-2017-15990 (Php Inventory Invoice Management System allows Arbitrary File Upload ...) - TODO: check + NOT-FOR-US: Php Inventory & Invoice Management System CVE-2017-15989 (Online Exam Test Application allows SQL Injection via the resources.php ...) - TODO: check + NOT-FOR-US: Online Exam Test Application CVE-2017-15988 (Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme ...) - TODO: check + NOT-FOR-US: PHP FAQ Script CVE-2017-15987 (Fake Magazine Cover Script allows SQL Injection via the rate.php value ...) - TODO: check + NOT-FOR-US: Fake Magazine Cover Script CVE-2017-15986 (CPA Lead Reward Script allows SQL Injection via the username parameter. ...) - TODO: check + NOT-FOR-US: CPA Lead Reward Script CVE-2017-15985 (Basic B2B Script allows SQL Injection via the product_view1.php pid or ...) - TODO: check + NOT-FOR-US: Basic B2B Script CVE-2017-15984 (Creative Management System (CMS) Lite 1.4 allows SQL Injection via the ...) - TODO: check + NOT-FOR-US: Creative Management System (CMS) Lite CVE-2017-15983 (MyMagazine Magazine Blog CMS 1.0 allows SQL Injection via the id ...) - TODO: check + NOT-FOR-US: MyMagazine Magazine & Blog CMS CVE-2017-15982 (Dynamic News Magazine Blog CMS 1.0 allows SQL Injection via the id ...) - TODO: check + NOT-FOR-US: Dynamic News Magazine & Blog CMS CVE-2017-15981 (Responsive Newspaper Magazine Blog CMS 1.0 allows SQL Injection via ...) - TODO: check + NOT-FOR-US: Responsive Newspaper Magazine & Blog CMS CVE-2017-15980 (US Zip Codes Database Script 1.0 allows SQL Injection via the state ...) - TODO: check + NOT-FOR-US: US Zip Codes Database Script CVE-2017-15979 (Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the ...) - TODO: check + NOT-FOR-US: Shareet - Photo Sharing Social Network CVE-2017-15978 (AROX School ERP PHP Script 1.0 allows SQL Injection via the ...) - TODO: check + NOT-FOR-US: AROX School ERP PHP Script CVE-2017-15977 (Protected Links - Expiring Download Links 1.0 allows SQL Injection via ...) - TODO: check + NOT-FOR-US: Protected Links - Expiring Download Links CVE-2017-15976 (ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid ...) NOT-FOR-US: ZeeBuddy CVE-2017-15975 (Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57156 - data
Author: agx Date: 2017-10-31 12:06:01 + (Tue, 31 Oct 2017) New Revision: 57156 Modified: data/dla-needed.txt Log: lts: grab icedove/thunderbird Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-10-31 11:30:35 UTC (rev 57155) +++ data/dla-needed.txt 2017-10-31 12:06:01 UTC (rev 57156) @@ -16,8 +16,7 @@ -- graphicsmagick (anarcat) -- -icedove - NOTE: Guido Gunter has promised to handle this once a version is available for sid. +icedove (Guido Günther) -- irssi (Rhonda D'Vine) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57155 - data/CVE
Author: jmm Date: 2017-10-31 11:30:35 + (Tue, 31 Oct 2017) New Revision: 57155 Modified: data/CVE/list Log: exiv2 n/a revised redis fix Modified: data/CVE/list === --- data/CVE/list 2017-10-31 09:29:05 UTC (rev 57154) +++ data/CVE/list 2017-10-31 11:30:35 UTC (rev 57155) @@ -3165,7 +3165,7 @@ CVE-2017-15048 RESERVED CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...) - - redis 4:4.0.2-4 (bug #878076; unimportant) + - redis 4:4.0.2-5 (bug #878076; unimportant) [jessie] - redis (Vulnerable code introduced later) [wheezy] - redis (Vulnerable code introduced later) NOTE: https://github.com/antirez/redis/issues/4278 @@ -13122,8 +13122,9 @@ CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...) NOT-FOR-US: Chrome extension Markdown Preview Plus CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...) - - exiv2 (low) - [wheezy] - exiv2 (Vulnerable code not present) + [experimental] - exiv2 + - exiv2 (printTiffStructure introduced in 0.26) + TODO: Report against experimental NOTE: https://github.com/Exiv2/exiv2/issues/56 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1). ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57153 - data/CVE
Author: carnil Date: 2017-10-31 09:25:22 + (Tue, 31 Oct 2017) New Revision: 57153 Modified: data/CVE/list Log: Some issues got REJECTED Modified: data/CVE/list === --- data/CVE/list 2017-10-31 09:10:13 UTC (rev 57152) +++ data/CVE/list 2017-10-31 09:25:22 UTC (rev 57153) @@ -14419,16 +14419,12 @@ - jenkins CVE-2017-181 REJECTED - NOT-FOR-US: ONOS CVE-2017-180 REJECTED - NOT-FOR-US: ONOS CVE-2017-179 REJECTED - NOT-FOR-US: ONOS CVE-2017-178 REJECTED - NOT-FOR-US: ONOS CVE-2017-177 REJECTED CVE-2017-176 @@ -14481,7 +14477,6 @@ NOT-FOR-US: chevereto CMS CVE-2017-157 REJECTED - NOT-FOR-US: GetSimple CMS CVE-2017-156 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...) - kubernetes 1.5.5+dfsg-1 NOTE: https://github.com/kubernetes/kubernetes/issues/43459 @@ -14510,7 +14505,6 @@ NOT-FOR-US: Mautic CVE-2017-145 REJECTED - NOT-FOR-US: Mautic CVE-2017-143 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are ...) NOT-FOR-US: Mapbox.js CVE-2017-142 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are ...) @@ -14523,7 +14517,6 @@ NOT-FOR-US: RVM CVE-2017-136 REJECTED - NOT-FOR-US: Candy Chat CVE-2017-135 (Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener ...) - tt-rss 17.1+git20170410+dfsg-1 NOTE: https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 @@ -14577,13 +14570,10 @@ - shotwell 0.25.4+really0.24.5-0.1 (unimportant) CVE-2017-123 REJECTED - NOT-FOR-US: LogicalDoc CVE-2017-122 REJECTED - NOT-FOR-US: LogicalDoc CVE-2017-121 REJECTED - NOT-FOR-US: LogicalDoc CVE-2017-120 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded ...) NOT-FOR-US: ECos CVE-2017-118 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
