[Secure-testing-commits] r57226 - data/CVE
Author: carnil Date: 2017-11-02 05:58:30 + (Thu, 02 Nov 2017) New Revision: 57226 Modified: data/CVE/list Log: Add CVE-2017-12193/linux Modified: data/CVE/list === --- data/CVE/list 2017-11-01 23:49:13 UTC (rev 57225) +++ data/CVE/list 2017-11-02 05:58:30 UTC (rev 57226) @@ -12047,6 +12047,8 @@ RESERVED CVE-2017-12193 RESERVED + - linux + NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7) CVE-2017-12192 (The keyctl_read_key function in security/keys/keyctl.c in the Key ...) - linux 4.13.4-2 [wheezy] - linux (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57225 - data/CVE
Author: apo Date: 2017-11-01 23:49:13 + (Wed, 01 Nov 2017) New Revision: 57225 Modified: data/CVE/list Log: CVE-2017-14063,async-http-client: All versions in Debian are not affected The vulnerable code is not present. Modified: data/CVE/list === --- data/CVE/list 2017-11-01 22:47:26 UTC (rev 57224) +++ data/CVE/list 2017-11-01 23:49:13 UTC (rev 57225) @@ -6794,6 +6794,9 @@ NOT-FOR-US: phpThumb CVE-2017-14063 (Async Http Client (aka async-http-client) before 2.0.35 can be tricked ...) - async-http-client + [stretch] - async-http-client (vulnerable code not present) + [jessie] - async-http-client (vulnerable code not present) + [wheezy] - async-http-client (vulnerable code not present) NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1455 NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/eb9e3347e45319be494db24d285a2aee4396f5d3 CVE-2017-14050 (In BlackCat CMS 1.2, backend/addons/install.php allows remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57224 - data/CVE
Author: jmm Date: 2017-11-01 22:47:26 + (Wed, 01 Nov 2017) New Revision: 57224 Modified: data/CVE/list Log: clean out old thunderbird issues Modified: data/CVE/list === --- data/CVE/list 2017-11-01 22:33:02 UTC (rev 57223) +++ data/CVE/list 2017-11-01 22:47:26 UTC (rev 57224) @@ -248705,7 +248705,7 @@ - xulrunner 1.8.0.5-1 (medium) [sarge] - mozilla-firefox (Only Firefox 1.5 is affected) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - - thunderbird (unimportant) + - thunderbird 1.5.0.5-1 (unimportant) [sarge] - mozilla-thunderbird (unimportant) CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...) {DSA-1161 DSA-1160 DSA-1159} @@ -255853,8 +255853,6 @@ CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) NOT-FOR-US: Tivoli CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an ...) - - thunderbird (bug #370432; unimportant) - [sarge] - mozilla-thunderbird (bug #370432; unimportant) NOTE: Denial of service by tricking someone into importing a manipulated LDIF file NOTE: That's a bug, but calling it a security problem is very far-fetched CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) @@ -261287,8 +261285,6 @@ CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...) NOT-FOR-US: ATutor CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...) - - thunderbird (bug #363714; unimportant) - [sarge] - mozilla-thunderbird (bug #363714; unimportant) NOTE: That's a non-issue; only a feature request for an improvement in a corner case. NOTE: If someone wants to use security-sensitive communication a TLS-secured server NOTE: should be used. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57223 - data/CVE
Author: apo Date: 2017-11-01 22:33:02 + (Wed, 01 Nov 2017) New Revision: 57223 Modified: data/CVE/list Log: CVE-2015-3249,trafficserver: Wheezy is not affected HTTP2 support does not exist. Modified: data/CVE/list === --- data/CVE/list 2017-11-01 22:16:05 UTC (rev 57222) +++ data/CVE/list 2017-11-01 22:33:02 UTC (rev 57223) @@ -93444,6 +93444,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/5 CVE-2015-3249 (The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before ...) - trafficserver 5.3.1-1 + [wheezy] - trafficserver (HTTP2 support does not exist) NOTE: http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3ccabf6jr37mwzdmxdqrqwruxiojbzrhidndnsy1zgmczv-o7-...@mail.gmail.com%3E CVE-2015-3248 (openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable ...) - openhpi (Only affects RPM packaging, in Debian directory is not world-writable, bug #789543) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57222 - in data: . DSA
Author: jmm Date: 2017-11-01 22:16:05 + (Wed, 01 Nov 2017) New Revision: 57222 Modified: data/DSA/list data/dsa-needed.txt Log: thunderbird DSA Modified: data/DSA/list === --- data/DSA/list 2017-11-01 22:13:03 UTC (rev 57221) +++ data/DSA/list 2017-11-01 22:16:05 UTC (rev 57222) @@ -1,3 +1,7 @@ +[01 Nov 2017] DSA-4014-1 thunderbird - security update + {CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824} + [jessie] - thunderbird 1:52.4.0-1~deb8u1 + [stretch] - thunderbird 1:52.4.0-1~deb9u1 [31 Oct 2017] DSA-4013-1 openjpeg2 - security update {CVE-2016-1628 CVE-2016-5152 CVE-2016-9118 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14152} [jessie] - openjpeg2 2.1.0-2+deb8u3 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-01 22:13:03 UTC (rev 57221) +++ data/dsa-needed.txt 2017-11-01 22:16:05 UTC (rev 57222) @@ -59,8 +59,6 @@ -- simplesamlphp -- -thunderbird (jmm) --- tiff wait until more issues are around -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57221 - data/CVE
Author: carnil Date: 2017-11-01 22:13:03 + (Wed, 01 Nov 2017) New Revision: 57221 Modified: data/CVE/list Log: Remove no-dsa entry for two irssi CVEs, included in next DSA Modified: data/CVE/list === --- data/CVE/list 2017-11-01 22:07:09 UTC (rev 57220) +++ data/CVE/list 2017-11-01 22:13:03 UTC (rev 57221) @@ -15800,14 +15800,12 @@ {DLA-1089-1} - irssi 1.0.4-1 (low; bug #867598) [stretch] - irssi 1.0.2-1+deb9u2 - [jessie] - irssi (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2017_07.txt NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...) {DLA-1089-1} - irssi 1.0.4-1 (low; bug #867598) [stretch] - irssi 1.0.2-1+deb9u2 - [jessie] - irssi (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2017_07.txt NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 CVE-2017-10964 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57220 - data/CVE
Author: jmm Date: 2017-11-01 22:07:09 + (Wed, 01 Nov 2017) New Revision: 57220 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-01 21:52:57 UTC (rev 57219) +++ data/CVE/list 2017-11-01 22:07:09 UTC (rev 57220) @@ -331,11 +331,11 @@ NOTE: https://github.com/pluxml/PluXml/issues/253 TODO: check CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2017-1000243 (Jenkins Favorite Plugin 2.1.4 and older does not perform permission ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2017-1000242 (Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2017-16351 RESERVED CVE-2017-16350 @@ -589,7 +589,7 @@ CVE-2016-10699 (D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS ...) NOT-FOR-US: D-Link devices CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge 10.2x and ...) - TODO: check + NOT-FOR-US: Progress Software OpenEdge CVE-2017-16232 [memory-based DoS in tiff2bw] RESERVED - tiff (low) @@ -1654,11 +1654,11 @@ NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg8.html NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117 CVE-2017-15921 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro ...) - TODO: check + NOT-FOR-US: Watchdog Anti-Malware CVE-2017-15920 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro ...) - TODO: check + NOT-FOR-US: Watchdog Anti-Malware CVE-2017-15918 (Sera 1.2 stores the user's login password in plain text in their home ...) - TODO: check + NOT-FOR-US: Sera CVE-2017-15917 (In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create ...) NOT-FOR-US: Paessler PRTG Network Monitor CVE-2017-15908 (In systemd 223 through 235, a remote DNS server can respond with a ...) @@ -1730,7 +1730,7 @@ CVE-2017-15889 RESERVED CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...) - TODO: check + NOT-FOR-US: Synology CVE-2017-15887 RESERVED CVE-2017-15886 @@ -1738,7 +1738,7 @@ CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Network ...) NOT-FOR-US: Axis CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) - TODO: check + NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-15883 RESERVED CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) application before ...) @@ -6847,7 +6847,7 @@ CVE-2017-14028 RESERVED CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...) - TODO: check + NOT-FOR-US: Korenix CVE-2017-14026 RESERVED CVE-2017-14025 @@ -6859,7 +6859,7 @@ CVE-2017-14022 RESERVED CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...) - TODO: check + NOT-FOR-US: Korenix CVE-2017-14020 RESERVED CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...) @@ -15833,7 +15833,7 @@ CVE-2017-10954 (This vulnerability allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Bitdefender Internet Security Internet Security 2018 CVE-2017-10953 (This vulnerability allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2017-10952 (This vulnerability allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Foxit Reader CVE-2017-10951 (This vulnerability allows remote attackers to execute arbitrary code ...) @@ -15843,23 +15843,23 @@ CVE-2017-10949 (Directory Traversal in Dell Storage Manager 2016 R2.1 causes ...) NOT-FOR-US: Dell Storage Manager CVE-2017-10948 (This vulnerability allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2017-10947 (This vulnerability allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2017-10946 (This vulnerability allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2017-10945 (This vulnerability allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2017-10944 (This vulnerability allows remote attackers to disclose sensitive ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2017-10943 (This vulnerability allows remote attackers to disclose sensitive ...) - TODO:
[Secure-testing-commits] r57219 - data/CVE
Author: apo Date: 2017-11-01 21:52:57 + (Wed, 01 Nov 2017) New Revision: 57219 Modified: data/CVE/list Log: CVE-2017-1000382,vim: no-dsa for Wheezy I agree that the umask issue is a minor issue for now. Modified: data/CVE/list === --- data/CVE/list 2017-11-01 21:34:54 UTC (rev 57218) +++ data/CVE/list 2017-11-01 21:52:57 UTC (rev 57219) @@ -563,6 +563,7 @@ - vim [stretch] - vim (Minor issue) [jessie] - vim (Minor issue) + [wheezy] - vim (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows ...) - libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57218 - data/CVE
Author: carnil Date: 2017-11-01 21:34:54 + (Wed, 01 Nov 2017) New Revision: 57218 Modified: data/CVE/list Log: Track three new radare2 issues Modified: data/CVE/list === --- data/CVE/list 2017-11-01 21:28:45 UTC (rev 57217) +++ data/CVE/list 2017-11-01 21:34:54 UTC (rev 57218) @@ -299,11 +299,19 @@ CVE-2017-16360 RESERVED CVE-2017-16359 (In radare 2.0.1, a pointer wraparound vulnerability exists in ...) - TODO: check + - radare2 + NOTE: https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e + NOTE: https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882 + NOTE: https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d + NOTE: https://github.com/radare/radare2/issues/8764 CVE-2017-16358 (In radare 2.0.1, an out-of-bounds read vulnerability exists in ...) - TODO: check + - radare2 + NOTE: https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9 + NOTE: https://github.com/radare/radare2/issues/8748 CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in ...) - TODO: check + - radare2 + NOTE: https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a + NOTE: https://github.com/radare/radare2/issues/8742 CVE-2017-16356 RESERVED CVE-2017-16355 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57217 - data/CVE
Author: carnil Date: 2017-11-01 21:28:45 + (Wed, 01 Nov 2017) New Revision: 57217 Modified: data/CVE/list Log: Add source package for CVE-2017-1001001, keep TODO Modified: data/CVE/list === --- data/CVE/list 2017-11-01 21:20:20 UTC (rev 57216) +++ data/CVE/list 2017-11-01 21:28:45 UTC (rev 57217) @@ -319,6 +319,8 @@ NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185 NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting ...) + - pluxml + NOTE: https://github.com/pluxml/PluXml/issues/253 TODO: check CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF ...) TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57216 - data/CVE
Author: carnil Date: 2017-11-01 21:20:20 + (Wed, 01 Nov 2017) New Revision: 57216 Modified: data/CVE/list Log: Add CVE-2017-16352 Modified: data/CVE/list === --- data/CVE/list 2017-11-01 21:17:29 UTC (rev 57215) +++ data/CVE/list 2017-11-01 21:20:20 UTC (rev 57216) @@ -315,7 +315,9 @@ NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8 NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow ...) - TODO: check + - graphicsmagick + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185 + NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting ...) TODO: check CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57215 - data/CVE
Author: carnil Date: 2017-11-01 21:17:29 + (Wed, 01 Nov 2017) New Revision: 57215 Modified: data/CVE/list Log: Add CVE-2017-16353 Modified: data/CVE/list === --- data/CVE/list 2017-11-01 21:17:17 UTC (rev 57214) +++ data/CVE/list 2017-11-01 21:17:29 UTC (rev 57215) @@ -311,7 +311,9 @@ CVE-2017-16354 RESERVED CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...) - TODO: check + - graphicsmagick + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8 + NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow ...) TODO: check CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57214 - data/CVE
Author: carnil Date: 2017-11-01 21:17:17 + (Wed, 01 Nov 2017) New Revision: 57214 Modified: data/CVE/list Log: Add references for irssi advisory for irssi-sa-2017-10 Modified: data/CVE/list === --- data/CVE/list 2017-11-01 21:10:17 UTC (rev 57213) +++ data/CVE/list 2017-11-01 21:17:17 UTC (rev 57214) @@ -2072,12 +2072,15 @@ RESERVED CVE-2017-15723 (In Irssi before 1.0.5, overlong nicks or targets may result in a NULL ...) - irssi (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15722 (In certain cases, Irssi before 1.0.5 may fail to verify that a Safe ...) - irssi (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages ...) - irssi (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15720 RESERVED @@ -3274,9 +3277,11 @@ RESERVED CVE-2017-15228 (Irssi before 1.0.5, when installing themes with unterminated colour ...) - irssi (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15227 (Irssi before 1.0.5, while waiting for the channel synchronisation, may ...) - irssi (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ...) NOT-FOR-US: Zyxel ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57213 - data/CVE
Author: sectracker Date: 2017-11-01 21:10:17 + (Wed, 01 Nov 2017) New Revision: 57213 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-01 20:56:37 UTC (rev 57212) +++ data/CVE/list 2017-11-01 21:10:17 UTC (rev 57213) @@ -1,3 +1,327 @@ +CVE-2017-16509 + RESERVED +CVE-2017-16508 + RESERVED +CVE-2017-16507 + RESERVED +CVE-2017-16506 + RESERVED +CVE-2017-16505 + RESERVED +CVE-2017-16504 + RESERVED +CVE-2017-16503 + RESERVED +CVE-2017-16502 + RESERVED +CVE-2017-16501 + RESERVED +CVE-2017-16500 + RESERVED +CVE-2017-16499 + RESERVED +CVE-2017-16498 + RESERVED +CVE-2017-16497 + RESERVED +CVE-2017-16496 + RESERVED +CVE-2017-16495 + RESERVED +CVE-2017-16494 + RESERVED +CVE-2017-16493 + RESERVED +CVE-2017-16492 + RESERVED +CVE-2017-16491 + RESERVED +CVE-2017-16490 + RESERVED +CVE-2017-16489 + RESERVED +CVE-2017-16488 + RESERVED +CVE-2017-16487 + RESERVED +CVE-2017-16486 + RESERVED +CVE-2017-16485 + RESERVED +CVE-2017-16484 + RESERVED +CVE-2017-16483 + RESERVED +CVE-2017-16482 + RESERVED +CVE-2017-16481 + RESERVED +CVE-2017-16480 + RESERVED +CVE-2017-16479 + RESERVED +CVE-2017-16478 + RESERVED +CVE-2017-16477 + RESERVED +CVE-2017-16476 + RESERVED +CVE-2017-16475 + RESERVED +CVE-2017-16474 + RESERVED +CVE-2017-16473 + RESERVED +CVE-2017-16472 + RESERVED +CVE-2017-16471 + RESERVED +CVE-2017-16470 + RESERVED +CVE-2017-16469 + RESERVED +CVE-2017-16468 + RESERVED +CVE-2017-16467 + RESERVED +CVE-2017-16466 + RESERVED +CVE-2017-16465 + RESERVED +CVE-2017-16464 + RESERVED +CVE-2017-16463 + RESERVED +CVE-2017-16462 + RESERVED +CVE-2017-16461 + RESERVED +CVE-2017-16460 + RESERVED +CVE-2017-16459 + RESERVED +CVE-2017-16458 + RESERVED +CVE-2017-16457 + RESERVED +CVE-2017-16456 + RESERVED +CVE-2017-16455 + RESERVED +CVE-2017-16454 + RESERVED +CVE-2017-16453 + RESERVED +CVE-2017-16452 + RESERVED +CVE-2017-16451 + RESERVED +CVE-2017-16450 + RESERVED +CVE-2017-16449 + RESERVED +CVE-2017-16448 + RESERVED +CVE-2017-16447 + RESERVED +CVE-2017-16446 + RESERVED +CVE-2017-16445 + RESERVED +CVE-2017-16444 + RESERVED +CVE-2017-16443 + RESERVED +CVE-2017-16442 + RESERVED +CVE-2017-16441 + RESERVED +CVE-2017-16440 + RESERVED +CVE-2017-16439 + RESERVED +CVE-2017-16438 + RESERVED +CVE-2017-16437 + RESERVED +CVE-2017-16436 + RESERVED +CVE-2017-16435 + RESERVED +CVE-2017-16434 + RESERVED +CVE-2017-16433 + RESERVED +CVE-2017-16432 + RESERVED +CVE-2017-16431 + RESERVED +CVE-2017-16430 + RESERVED +CVE-2017-16429 + RESERVED +CVE-2017-16428 + RESERVED +CVE-2017-16427 + RESERVED +CVE-2017-16426 + RESERVED +CVE-2017-16425 + RESERVED +CVE-2017-16424 + RESERVED +CVE-2017-16423 + RESERVED +CVE-2017-16422 + RESERVED +CVE-2017-16421 + RESERVED +CVE-2017-16420 + RESERVED +CVE-2017-16419 + RESERVED +CVE-2017-16418 + RESERVED +CVE-2017-16417 + RESERVED +CVE-2017-16416 + RESERVED +CVE-2017-16415 + RESERVED +CVE-2017-16414 + RESERVED +CVE-2017-16413 + RESERVED +CVE-2017-16412 + RESERVED +CVE-2017-16411 + RESERVED +CVE-2017-16410 + RESERVED +CVE-2017-16409 + RESERVED +CVE-2017-16408 + RESERVED +CVE-2017-16407 + RESERVED +CVE-2017-16406 + RESERVED +CVE-2017-16405 + RESERVED +CVE-2017-16404 + RESERVED +CVE-2017-16403 + RESERVED +CVE-2017-16402 + RESERVED +CVE-2017-16401 + RESERVED +CVE-2017-16400 + RESERVED +CVE-2017-16399 + RESERVED +CVE-2017-16398 + RESERVED +CVE-2017-16397 + RESERVED +CVE-2017-16396 + RESERVED +CVE-2017-16395 + RESERVED +CVE-2017-16394 + RESERVED +CVE-2017-16393 + RESERVED +CVE-2017-16392 + RESERVED +CVE-2017-16391 + RESERVED +CVE-2017-16390 + RESERVED +CVE-2017-16389 + RESERVED +CVE-2017-16388 + RESERVED +CVE-2017-16387 + RESERVED +CVE-2017-16386 + RESERVED +CVE-2017-16385 + RESERVED +CVE-2017-16384 + RESERVED +CVE-2017-16383 + RESERVED +CVE-2017-16382 + RESERVED +CVE-2017-16381 + RESERVED +CVE-2017-16380 + RESERVED +CVE-2017-16379 + RESERVED +CVE-2017-16378 + RESERVED +CVE-2017-16377 + RESERVED +CVE-2017-16376 + RESERVED +CVE-2017-16375 + RESERVED +CVE-2017-16374 + RESERVED +CVE-2017-16373 + RESERVED +CVE-2017-16372 + RESERVED +CVE-2017-16371 + RESERVED +CVE-2017-16370 + RESERVED
[Secure-testing-commits] r57212 - data/CVE
Author: carnil Date: 2017-11-01 20:56:37 + (Wed, 01 Nov 2017) New Revision: 57212 Modified: data/CVE/list Log: Update information for CVE-2017-5356 Modified: data/CVE/list === --- data/CVE/list 2017-11-01 20:29:38 UTC (rev 57211) +++ data/CVE/list 2017-11-01 20:56:37 UTC (rev 57212) @@ -33128,8 +33128,9 @@ NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of ...) - irssi 0.8.21-1 (low) - [jessie] - irssi (Minor issue) + [jessie] - irssi 0.8.17-1+deb8u3 [wheezy] - irssi (Minor issue) + NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html NOTE: https://irssi.org/security/irssi_sa_2017_01.txt CVE-2017-5355 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57211 - data/CVE
Author: carnil Date: 2017-11-01 20:29:38 + (Wed, 01 Nov 2017) New Revision: 57211 Modified: data/CVE/list Log: Add bug reference for CVE-2017-15566 Modified: data/CVE/list === --- data/CVE/list 2017-11-01 20:27:07 UTC (rev 57210) +++ data/CVE/list 2017-11-01 20:29:38 UTC (rev 57211) @@ -2059,7 +2059,7 @@ NOT-FOR-US: IDEMIA CVE-2017-15566 RESERVED - - slurm-llnl + - slurm-llnl (bug #880530) [jessie] - slurm-llnl (Vulnerable code introduced later) [wheezy] - slurm-llnl (Vulnerable code introduced later) NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57210 - data/CVE
Author: carnil Date: 2017-11-01 20:27:07 + (Wed, 01 Nov 2017) New Revision: 57210 Modified: data/CVE/list Log: Updat status for CVE-2017-15566 Modified: data/CVE/list === --- data/CVE/list 2017-11-01 20:21:25 UTC (rev 57209) +++ data/CVE/list 2017-11-01 20:27:07 UTC (rev 57210) @@ -2060,6 +2060,8 @@ CVE-2017-15566 RESERVED - slurm-llnl + [jessie] - slurm-llnl (Vulnerable code introduced later) + [wheezy] - slurm-llnl (Vulnerable code introduced later) NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public) NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57209 - data/CVE
Author: carnil Date: 2017-11-01 20:21:25 + (Wed, 01 Nov 2017) New Revision: 57209 Modified: data/CVE/list Log: Addbug reference for slurm-llnl Modified: data/CVE/list === --- data/CVE/list 2017-11-01 20:16:36 UTC (rev 57208) +++ data/CVE/list 2017-11-01 20:21:25 UTC (rev 57209) @@ -2060,6 +2060,7 @@ CVE-2017-15566 RESERVED - slurm-llnl + NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public) NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...) - poppler (bug #879066) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57208 - data/CVE
Author: carnil Date: 2017-11-01 20:16:36 + (Wed, 01 Nov 2017) New Revision: 57208 Modified: data/CVE/list Log: Add CVE-2017-15566/slurm-llnl Modified: data/CVE/list === --- data/CVE/list 2017-11-01 19:48:03 UTC (rev 57207) +++ data/CVE/list 2017-11-01 20:16:36 UTC (rev 57208) @@ -2059,6 +2059,8 @@ NOT-FOR-US: IDEMIA CVE-2017-15566 RESERVED + - slurm-llnl + NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...) - poppler (bug #879066) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57207 - data/CVE
Author: carnil Date: 2017-11-01 19:48:03 + (Wed, 01 Nov 2017) New Revision: 57207 Modified: data/CVE/list Log: Mark vim issue as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-11-01 19:38:40 UTC (rev 57206) +++ data/CVE/list 2017-11-01 19:48:03 UTC (rev 57207) @@ -223,6 +223,8 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) - vim + [stretch] - vim (Minor issue) + [jessie] - vim (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows ...) - libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57206 - data/CVE
Author: carnil Date: 2017-11-01 19:38:40 + (Wed, 01 Nov 2017) New Revision: 57206 Modified: data/CVE/list Log: Add CVE-2017-16231/pcre3 Modified: data/CVE/list === --- data/CVE/list 2017-11-01 18:33:14 UTC (rev 57205) +++ data/CVE/list 2017-11-01 19:38:40 UTC (rev 57206) @@ -252,8 +252,9 @@ CVE-2017-16232 [memory-based DoS in tiff2bw] - tiff (low) NOTE: http://seclists.org/oss-sec/2017/q4/168 -CVE-2017-16231 +CVE-2017-16231 [match() stack overflow] RESERVED + - pcre3 (unimportant) CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the ...) NOT-FOR-US: Typecho CVE-2017-16229 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57205 - data/CVE
Author: apo Date: 2017-11-01 18:33:14 + (Wed, 01 Nov 2017) New Revision: 57205 Modified: data/CVE/list Log: liblouis in Wheezy: Three CVE do not affect the package There is no heap-based buffer overflow hence CVE-2017-13739, CVE-2017-13740 and CVE-2017-13742 do not apply. Modified: data/CVE/list === --- data/CVE/list 2017-11-01 16:12:17 UTC (rev 57204) +++ data/CVE/list 2017-11-01 18:33:14 UTC (rev 57205) @@ -7170,7 +7170,7 @@ - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis (Minor issue) [jessie] - liblouis (Minor issue) - [wheezy] - liblouis (Minor issue) + [wheezy] - liblouis (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484334 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c CVE-2017-13741 (There is a use-after-free in the function compileBrailleIndicator() in ...) @@ -7184,14 +7184,14 @@ - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis (Minor issue) [jessie] - liblouis (Minor issue) - [wheezy] - liblouis (Minor issue) + [wheezy] - liblouis (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484306 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c CVE-2017-13739 (There is a heap-based buffer overflow that causes a more than two ...) - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis (Minor issue) [jessie] - liblouis (Minor issue) - [wheezy] - liblouis (Minor issue) + [wheezy] - liblouis (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484299 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c CVE-2017-13738 (There is an illegal address access in the _lou_getALine function in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57204 - data/CVE
Author: gcs Date: 2017-11-01 16:12:17 + (Wed, 01 Nov 2017) New Revision: 57204 Modified: data/CVE/list Log: Add CVE-2017-16232/tiff Modified: data/CVE/list === --- data/CVE/list 2017-11-01 16:02:44 UTC (rev 57203) +++ data/CVE/list 2017-11-01 16:12:17 UTC (rev 57204) @@ -249,8 +249,9 @@ NOT-FOR-US: D-Link devices CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge 10.2x and ...) TODO: check -CVE-2017-16232 - RESERVED +CVE-2017-16232 [memory-based DoS in tiff2bw] + - tiff (low) + NOTE: http://seclists.org/oss-sec/2017/q4/168 CVE-2017-16231 RESERVED CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57203 - data
Author: jmm Date: 2017-11-01 16:02:44 + (Wed, 01 Nov 2017) New Revision: 57203 Modified: data/dsa-needed.txt Log: add libreoffice to dsa-needed Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-01 13:01:37 UTC (rev 57202) +++ data/dsa-needed.txt 2017-11-01 16:02:44 UTC (rev 57203) @@ -23,6 +23,8 @@ -- irssi -- +libreoffice/oldstable +-- libvpx/oldstable -- libxml-libxml-perl (carnil) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57202 - data
Author: agx Date: 2017-11-01 13:01:37 + (Wed, 01 Nov 2017) New Revision: 57202 Modified: data/dla-needed.txt Log: lts: thunderbird dla released Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-01 09:22:41 UTC (rev 57201) +++ data/dla-needed.txt 2017-11-01 13:01:37 UTC (rev 57202) @@ -14,8 +14,6 @@ NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org NOTE: 20171013: anarcat pinged maintainer: https://lists.debian.org/87efpuc95w@curie.anarc.at -- -icedove (Guido Günther) --- irssi (Rhonda D'Vine) -- jasperreports ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57201 - data/CVE
Author: carnil Date: 2017-11-01 09:22:41 + (Wed, 01 Nov 2017) New Revision: 57201 Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-01 09:20:28 UTC (rev 57200) +++ data/CVE/list 2017-11-01 09:22:41 UTC (rev 57201) @@ -211,7 +211,7 @@ CVE-2017-16245 RESERVED CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) ...) - TODO: check + NOT-FOR-US: OctoberCMS CVE-2017-16243 RESERVED CVE-2017-16242 @@ -5420,9 +5420,9 @@ CVE-2017-14377 RESERVED CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ...) - TODO: check + NOT-FOR-US: EMC AppSync Server CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...) - TODO: check + NOT-FOR-US: EMC CVE-2017-14374 RESERVED CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a ...) @@ -36535,7 +36535,7 @@ CVE-2017-3936 RESERVED CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...) - TODO: check + NOT-FOR-US: McAfee Network Data Loss Prevention CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerability ...) NOT-FOR-US: McAfee Network Data Loss Prevention CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57199 - data/CVE
Author: carnil Date: 2017-11-01 09:17:59 + (Wed, 01 Nov 2017) New Revision: 57199 Modified: data/CVE/list Log: Add CVE-2017-15535/mongodb Modified: data/CVE/list === --- data/CVE/list 2017-11-01 09:10:18 UTC (rev 57198) +++ data/CVE/list 2017-11-01 09:17:59 UTC (rev 57199) @@ -2121,7 +2121,8 @@ CVE-2017-15536 RESERVED CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...) - TODO: check + - mongodb + NOTE: https://jira.mongodb.org/browse/SERVER-31273 CVE-2017-15534 RESERVED CVE-2017-15533 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57198 - data/CVE
Author: sectracker Date: 2017-11-01 09:10:18 + (Wed, 01 Nov 2017) New Revision: 57198 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-01 07:52:47 UTC (rev 57197) +++ data/CVE/list 2017-11-01 09:10:18 UTC (rev 57198) @@ -1,3 +1,219 @@ +CVE-2017-16351 + RESERVED +CVE-2017-16350 + RESERVED +CVE-2017-16349 + RESERVED +CVE-2017-16348 + RESERVED +CVE-2017-16347 + RESERVED +CVE-2017-16346 + RESERVED +CVE-2017-16345 + RESERVED +CVE-2017-16344 + RESERVED +CVE-2017-16343 + RESERVED +CVE-2017-16342 + RESERVED +CVE-2017-16341 + RESERVED +CVE-2017-16340 + RESERVED +CVE-2017-16339 + RESERVED +CVE-2017-16338 + RESERVED +CVE-2017-16337 + RESERVED +CVE-2017-16336 + RESERVED +CVE-2017-16335 + RESERVED +CVE-2017-16334 + RESERVED +CVE-2017-16333 + RESERVED +CVE-2017-16332 + RESERVED +CVE-2017-16331 + RESERVED +CVE-2017-16330 + RESERVED +CVE-2017-16329 + RESERVED +CVE-2017-16328 + RESERVED +CVE-2017-16327 + RESERVED +CVE-2017-16326 + RESERVED +CVE-2017-16325 + RESERVED +CVE-2017-16324 + RESERVED +CVE-2017-16323 + RESERVED +CVE-2017-16322 + RESERVED +CVE-2017-16321 + RESERVED +CVE-2017-16320 + RESERVED +CVE-2017-16319 + RESERVED +CVE-2017-16318 + RESERVED +CVE-2017-16317 + RESERVED +CVE-2017-16316 + RESERVED +CVE-2017-16315 + RESERVED +CVE-2017-16314 + RESERVED +CVE-2017-16313 + RESERVED +CVE-2017-16312 + RESERVED +CVE-2017-16311 + RESERVED +CVE-2017-16310 + RESERVED +CVE-2017-16309 + RESERVED +CVE-2017-16308 + RESERVED +CVE-2017-16307 + RESERVED +CVE-2017-16306 + RESERVED +CVE-2017-16305 + RESERVED +CVE-2017-16304 + RESERVED +CVE-2017-16303 + RESERVED +CVE-2017-16302 + RESERVED +CVE-2017-16301 + RESERVED +CVE-2017-16300 + RESERVED +CVE-2017-16299 + RESERVED +CVE-2017-16298 + RESERVED +CVE-2017-16297 + RESERVED +CVE-2017-16296 + RESERVED +CVE-2017-16295 + RESERVED +CVE-2017-16294 + RESERVED +CVE-2017-16293 + RESERVED +CVE-2017-16292 + RESERVED +CVE-2017-16291 + RESERVED +CVE-2017-16290 + RESERVED +CVE-2017-16289 + RESERVED +CVE-2017-16288 + RESERVED +CVE-2017-16287 + RESERVED +CVE-2017-16286 + RESERVED +CVE-2017-16285 + RESERVED +CVE-2017-16284 + RESERVED +CVE-2017-16283 + RESERVED +CVE-2017-16282 + RESERVED +CVE-2017-16281 + RESERVED +CVE-2017-16280 + RESERVED +CVE-2017-16279 + RESERVED +CVE-2017-16278 + RESERVED +CVE-2017-16277 + RESERVED +CVE-2017-16276 + RESERVED +CVE-2017-16275 + RESERVED +CVE-2017-16274 + RESERVED +CVE-2017-16273 + RESERVED +CVE-2017-16272 + RESERVED +CVE-2017-16271 + RESERVED +CVE-2017-16270 + RESERVED +CVE-2017-16269 + RESERVED +CVE-2017-16268 + RESERVED +CVE-2017-16267 + RESERVED +CVE-2017-16266 + RESERVED +CVE-2017-16265 + RESERVED +CVE-2017-16264 + RESERVED +CVE-2017-16263 + RESERVED +CVE-2017-16262 + RESERVED +CVE-2017-16261 + RESERVED +CVE-2017-16260 + RESERVED +CVE-2017-16259 + RESERVED +CVE-2017-16258 + RESERVED +CVE-2017-16257 + RESERVED +CVE-2017-16256 + RESERVED +CVE-2017-16255 + RESERVED +CVE-2017-16254 + RESERVED +CVE-2017-16253 + RESERVED +CVE-2017-16252 + RESERVED +CVE-2017-16251 + RESERVED +CVE-2017-16250 + RESERVED +CVE-2017-16249 + RESERVED +CVE-2017-16247 + RESERVED +CVE-2017-16246 + RESERVED +CVE-2017-16245 + RESERVED +CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) ...) + TODO: check +CVE-2017-16243 + RESERVED CVE-2017-16242 RESERVED CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) @@ -8,7 +224,7 @@ CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) - vim NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 -CVE-2017-16248 [leaks files without extention, inadvertently] +CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows ...) - libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 CVE-2017-16241 @@ -1904,8 +2120,8 @@ NOT-FOR-US: ILIAS CVE-2017-15536 RESERVED -CVE-2017-15535 - RESERVED +CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...) + TODO: check CVE-2017-15534 RESERVED CVE-2017-15533 @@ -3127,7 +3343,7 @@ - koji (bug #877921) NOTE:
[Secure-testing-commits] r57197 - data/CVE
Author: jmm Date: 2017-11-01 07:52:47 + (Wed, 01 Nov 2017) New Revision: 57197 Modified: data/CVE/list Log: openjdk-8 fixed Modified: data/CVE/list === --- data/CVE/list 2017-11-01 06:59:02 UTC (rev 57196) +++ data/CVE/list 2017-11-01 07:52:47 UTC (rev 57197) @@ -17137,7 +17137,7 @@ NOT-FOR-US: Oracle CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 @@ -17216,19 +17216,19 @@ NOT-FOR-US: Oracle CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 @@ -17242,35 +17242,35 @@ NOT-FOR-US: Oracle CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 @@ -17385,7 +17385,7 @@ NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 @@ -17394,7 +17394,7 @@ - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10293 (Vulnerability in the Java SE component of Oracle Java SE ...) - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 @@ -17416,7 +17416,7 @@ NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 @@ -17432,7 +17432,7 @@ RESERVED CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 @@ -17454,7 +17454,7 @@ NOT-FOR-US: Oracle CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-9 9.0.1+11-1 - - openjdk-8 + - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57196 - data/CVE
Author: carnil Date: 2017-11-01 06:59:02 + (Wed, 01 Nov 2017) New Revision: 57196 Modified: data/CVE/list Log: CVE-2017-126o{7,8}/libreoffice addressed in 5.0.2, included in 1:5.0.2-1 Modified: data/CVE/list === --- data/CVE/list 2017-11-01 06:57:03 UTC (rev 57195) +++ data/CVE/list 2017-11-01 06:59:02 UTC (rev 57196) @@ -10461,13 +10461,13 @@ RESERVED CVE-2017-12608 RESERVED - - libreoffice + - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608 NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba CVE-2017-12607 RESERVED - - libreoffice + - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607 NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57193 - data/CVE
Author: carnil Date: 2017-11-01 06:52:41 + (Wed, 01 Nov 2017) New Revision: 57193 Modified: data/CVE/list Log: Add CVE-2017-12608/libreoffice Modified: data/CVE/list === --- data/CVE/list 2017-11-01 06:51:09 UTC (rev 57192) +++ data/CVE/list 2017-11-01 06:52:41 UTC (rev 57193) @@ -10461,6 +10461,10 @@ RESERVED CVE-2017-12608 RESERVED + - libreoffice + NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301 + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608 + NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba CVE-2017-12607 RESERVED - libreoffice ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits