[Secure-testing-commits] r57673 - data/CVE
Author: carnil Date: 2017-11-16 06:51:00 + (Thu, 16 Nov 2017) New Revision: 57673 Modified: data/CVE/list Log: Add todo for CVE-2017-15699 Modified: data/CVE/list === --- data/CVE/list 2017-11-16 06:47:22 UTC (rev 57672) +++ data/CVE/list 2017-11-16 06:51:00 UTC (rev 57673) @@ -3046,6 +3046,7 @@ RESERVED CVE-2017-15699 RESERVED + TODO: check, this is possibly specific to AMQ Interconnect as used by Red Hat JBoss, although based on Apache Qpid project CVE-2017-15698 RESERVED CVE-2017-15697 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57672 - data/CVE
Author: carnil Date: 2017-11-16 06:47:22 + (Thu, 16 Nov 2017) New Revision: 57672 Modified: data/CVE/list Log: Add CVE-2017-15114/tripleo-heat-templates Modified: data/CVE/list === --- data/CVE/list 2017-11-16 06:40:54 UTC (rev 57671) +++ data/CVE/list 2017-11-16 06:47:22 UTC (rev 57672) @@ -4533,8 +4533,12 @@ RESERVED - linux NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) -CVE-2017-15114 +CVE-2017-15114 [Passwordless access for non-libvirt related services when using shared certificate authority] RESERVED + - tripleo-heat-templates + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015 + NOTE: https://review.openstack.org/#/c/519015/ + TODO: check, possibly not yet having se_tls_for_live_migration CVE-2017-15113 RESERVED NOT-FOR-US: ovirt-engine ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57671 - data/CVE
Author: carnil Date: 2017-11-16 06:40:54 + (Thu, 16 Nov 2017) New Revision: 57671 Modified: data/CVE/list Log: Add CVE-2017-16834/pnp4nagios Modified: data/CVE/list === --- data/CVE/list 2017-11-16 06:38:07 UTC (rev 57670) +++ data/CVE/list 2017-11-16 06:40:54 UTC (rev 57671) @@ -1,3 +1,6 @@ +CVE-2017-16834 [root privilege escalation via insecure permissions] + - pnp4nagios + NOTE: https://github.com/lingej/pnp4nagios/issues/140 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) TODO: check CVE-2017- [CPPOST-105] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57670 - data/CVE
Author: carnil Date: 2017-11-16 06:38:07 + (Thu, 16 Nov 2017) New Revision: 57670 Modified: data/CVE/list Log: Mark CVE-2017-0889 as NFU Modified: data/CVE/list === --- data/CVE/list 2017-11-15 23:24:02 UTC (rev 57669) +++ data/CVE/list 2017-11-16 06:38:07 UTC (rev 57670) @@ -46198,7 +46198,7 @@ CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...) - nextcloud (bug #835086) CVE-2017-0889 (Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde ...) - TODO: check + NOT-FOR-US: paperclip ruby gem CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a ...) - nextcloud (bug #835086) CVE-2017-0886 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57669 - in data: . DLA
Author: pochu Date: 2017-11-15 23:24:02 + (Wed, 15 Nov 2017) New Revision: 57669 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-1172-1 for firefox-esr Modified: data/DLA/list === --- data/DLA/list 2017-11-15 21:49:45 UTC (rev 57668) +++ data/DLA/list 2017-11-15 23:24:02 UTC (rev 57669) @@ -1,3 +1,6 @@ +[16 Nov 2017] DLA-1172-1 firefox-esr - security update + {CVE-2017-7826 CVE-2017-7828 CVE-2017-7830} + [wheezy] - firefox-esr 52.5.0esr-1~deb7u1 [14 Nov 2017] DLA-1171-1 libxml-libxml-perl - security update {CVE-2017-10672} [wheezy] - libxml-libxml-perl 2.0001+dfsg-1+deb7u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-15 21:49:45 UTC (rev 57668) +++ data/dla-needed.txt 2017-11-15 23:24:02 UTC (rev 57669) @@ -16,8 +16,6 @@ -- cacti -- -firefox-esr (Emilio Pozuelo) --- irssi (Rhonda D'Vine) -- jasperreports ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57667 - data/CVE
Author: carnil Date: 2017-11-15 21:18:11 + (Wed, 15 Nov 2017) New Revision: 57667 Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-15 21:10:20 UTC (rev 57666) +++ data/CVE/list 2017-11-15 21:18:11 UTC (rev 57667) @@ -4118,13 +4118,13 @@ - mahara NOTE: https://mahara.org/interaction/forum/topic.php?id=8081 CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside ...) - TODO: check + NOT-FOR-US: PSFTPd CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP ...) - TODO: check + NOT-FOR-US: PSFTPd CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data ...) - TODO: check + NOT-FOR-US: PSFTPd CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans ...) - TODO: check + NOT-FOR-US: PSFTPd CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...) - qemu (bug #880836) [stretch] - qemu (Minor issue) @@ -5105,7 +5105,7 @@ CVE-2017-14962 RESERVED CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...) - TODO: check + NOT-FOR-US: IKARUS anti.virus CVE-2017-14960 RESERVED CVE-2017-14959 @@ -12031,9 +12031,9 @@ - couchdb NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6 CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and ...) - TODO: check + NOT-FOR-US: Apache Camel CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and ...) - TODO: check + NOT-FOR-US: Apache Camel CVE-2017-12632 RESERVED CVE-2017-12631 @@ -14007,29 +14007,29 @@ CVE-2017-11850 (Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-11849 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11848 (Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11847 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11846 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11845 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11844 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11843 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11842 (Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11841 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11840 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11839 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11838 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11837 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) TODO: check CVE-2017-11836 (ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...) @@ -21300,11 +21300,11 @@ [wheezy] - qemu-kvm (Minor issue) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04 CVE-2017-9371 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...) - TODO: check + NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) CVE-2017-9370 (An information disclosure / elevation of privilege vulnerability in ...) NOT-FOR-US: BlackBerry CVE-2017-9369 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...) - TODO: check + NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) CVE-2017-9368 (An information disclosure vulnerability in the BlackBerry Workspaces ...) NOT-FOR-US: BlackBerry Workspaces Server CVE-2017-9367 (A directory traversal vulnerability in the BlackBerry Workspaces ...) @@ -38374,11 +38374,11 @@ CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console ...) NOT-FOR-US: BlackBerry CVE-2017-3893 (In BlackBerry QNX Software
[Secure-testing-commits] r57666 - data/CVE
Author: sectracker Date: 2017-11-15 21:10:20 + (Wed, 15 Nov 2017) New Revision: 57666 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-15 20:35:45 UTC (rev 57665) +++ data/CVE/list 2017-11-15 21:10:20 UTC (rev 57666) @@ -1,3 +1,5 @@ +CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) + TODO: check CVE-2017- [CPPOST-105] - opensaml2 (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d @@ -2540,8 +2542,7 @@ RESERVED CVE-2017-15925 RESERVED -CVE-2017-15923 [Crash in parsing IRC color formatting codes] - RESERVED +CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...) {DSA-4033-1} - konversation 1.7.3-1 (bug #881586) NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 @@ -2804,8 +2805,8 @@ NOT-FOR-US: phpMyFaq CVE-2017-15807 RESERVED -CVE-2017-15806 - RESERVED +CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components ...) + TODO: check CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function in ...) - python-werkzeug 0.11.11+dfsg1-1 NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/ @@ -4063,8 +4064,8 @@ - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51 -CVE-2017-15288 - RESERVED +CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...) + TODO: check CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia ...) NOT-FOR-US: BouquetEditor WebPlugin CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in ...) @@ -4116,14 +4117,14 @@ CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before ...) - mahara NOTE: https://mahara.org/interaction/forum/topic.php?id=8081 -CVE-2017-15272 - RESERVED -CVE-2017-15271 - RESERVED -CVE-2017-15270 - RESERVED -CVE-2017-15269 - RESERVED +CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside ...) + TODO: check +CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP ...) + TODO: check +CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data ...) + TODO: check +CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans ...) + TODO: check CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...) - qemu (bug #880836) [stretch] - qemu (Minor issue) @@ -5103,8 +5104,8 @@ RESERVED CVE-2017-14962 RESERVED -CVE-2017-14961 - RESERVED +CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...) + TODO: check CVE-2017-14960 RESERVED CVE-2017-14959 @@ -12029,10 +12030,10 @@ CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...) - couchdb NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6 -CVE-2017-12634 - RESERVED -CVE-2017-12633 - RESERVED +CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and ...) + TODO: check +CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and ...) + TODO: check CVE-2017-12632 RESERVED CVE-2017-12631 @@ -12490,7 +12491,7 @@ RESERVED CVE-2017-12461 RESERVED -CVE-2017-12460 (Unspecified vulnerability in Barco ClickShare CSM-1 firmware before ...) +CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware before ...) NOT-FOR-US: Barco ClickShare CSM-1 firmware CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the ...) - binutils 2.29-8 @@ -23189,7 +23190,7 @@ CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html - NOTE: https://phabricator.wikimedia.org/T119158 + NOTE: https://phabricator.wikimedia.org/T119158 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html @@ -23215,9 +23216,10 @@ CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) - mediawiki
[Secure-testing-commits] r57668 - in data: . DSA
Author: jmm Date: 2017-11-15 21:49:45 + (Wed, 15 Nov 2017) New Revision: 57668 Modified: data/DSA/list data/dsa-needed.txt Log: mediawiki, firefox DSAs Modified: data/DSA/list === --- data/DSA/list 2017-11-15 21:18:11 UTC (rev 57667) +++ data/DSA/list 2017-11-15 21:49:45 UTC (rev 57668) @@ -1,3 +1,10 @@ +[15 Nov 2017] DSA-4036-1 mediawiki - security update + {CVE-2017-8808 CVE-2017-8809 CVE-2017-8810 CVE-2017-8811 CVE-2017-8812 CVE-2017-8814 CVE-2017-8815} + [stretch] - mediawiki 1:1.27.4-1~deb9u1 +[15 Nov 2017] DSA-4035-1 firefox-esr - security update + {CVE-2017-7826 CVE-2017-7828 CVE-2017-7830} + [jessie] - firefox-esr 52.5.0esr-1~deb8u1 + [stretch] - firefox-esr 52.5.0esr-1~deb9u1 [15 Nov 2017] DSA-4034-1 varnish - security update {CVE-2017-8807} [stretch] - varnish 5.0.0-7+deb9u2 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-15 21:18:11 UTC (rev 57667) +++ data/dsa-needed.txt 2017-11-15 21:49:45 UTC (rev 57668) @@ -14,8 +14,6 @@ -- 389-ds-base (fw) -- -firefox-esr (jmm) --- graphicsmagick -- imagemagick/oldstable (jmm) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57665 - data
Author: carnil Date: 2017-11-15 20:35:45 + (Wed, 15 Nov 2017) New Revision: 57665 Modified: data/dsa-needed.txt Log: Add opensaml2 and shibboleth-sp2 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-15 20:14:22 UTC (rev 57664) +++ data/dsa-needed.txt 2017-11-15 20:35:45 UTC (rev 57665) @@ -35,6 +35,8 @@ -- openjdk-7/oldstable (jmm) -- +opensaml2 +-- php-horde-image -- php5 @@ -51,6 +53,8 @@ -- salt -- +shibboleth-sp2 +-- simplesamlphp -- tiff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57664 - data/CVE
Author: carnil Date: 2017-11-15 20:14:22 + (Wed, 15 Nov 2017) New Revision: 57664 Modified: data/CVE/list Log: Add bug references for opensaml2and shibboleth-sp2 issues, #881856, #881857 Modified: data/CVE/list === --- data/CVE/list 2017-11-15 19:58:44 UTC (rev 57663) +++ data/CVE/list 2017-11-15 20:14:22 UTC (rev 57664) @@ -1,9 +1,9 @@ CVE-2017- [CPPOST-105] - - opensaml2 + - opensaml2 (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt CVE-2017- [SSPCPP-763] - - shibboleth-sp2 + - shibboleth-sp2 (bug #881857) NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16 NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57663 - data/CVE
Author: carnil Date: 2017-11-15 19:58:44 + (Wed, 15 Nov 2017) New Revision: 57663 Modified: data/CVE/list Log: Add new opensaml2 and shibboleth-sp2 issue Modified: data/CVE/list === --- data/CVE/list 2017-11-15 19:23:38 UTC (rev 57662) +++ data/CVE/list 2017-11-15 19:58:44 UTC (rev 57663) @@ -1,3 +1,11 @@ +CVE-2017- [CPPOST-105] + - opensaml2 + NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d + NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt +CVE-2017- [SSPCPP-763] + - shibboleth-sp2 + NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16 + NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File ...) - binutils [stretch] - binutils (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57662 - data/CVE
Author: seb Date: 2017-11-15 19:23:38 + (Wed, 15 Nov 2017) New Revision: 57662 Modified: data/CVE/list Log: Correct version of jackson-databind affected by CVE-2017-15096 after DSA-4004-1 Modified: data/CVE/list === --- data/CVE/list 2017-11-15 12:44:48 UTC (rev 57661) +++ data/CVE/list 2017-11-15 19:23:38 UTC (rev 57662) @@ -4590,7 +4590,7 @@ CVE-2017-15095 [Incomplete fixes for CVE-2017-7525] RESERVED - jackson-databind 2.9.1-1 - NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.8.6-1+deb8u1) + NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1) NOTE: misses the further sets of blacklists, in particular as well NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835 NOTE: which was already for CVE-2017-7525 but then the further tickets and patches ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57661 - data/CVE
Author: jmm Date: 2017-11-15 12:44:48 + (Wed, 15 Nov 2017) New Revision: 57661 Modified: data/CVE/list Log: add upstream bugs for mediawiki issues Modified: data/CVE/list === --- data/CVE/list 2017-11-15 12:39:59 UTC (rev 57660) +++ data/CVE/list 2017-11-15 12:44:48 UTC (rev 57661) @@ -23181,26 +23181,33 @@ CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T119158 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T124404 CVE-2017-8813 REJECTED CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T125163 CVE-2017-8811 (The implementation of raw message parameter expansion in MediaWiki ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T176247 CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T134100 CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T128209 CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T178451 CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects] RESERVED - varnish (bug #881808) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57660 - in data: . DSA
Author: carnil Date: 2017-11-15 12:39:59 + (Wed, 15 Nov 2017) New Revision: 57660 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA number for varnish update Modified: data/DSA/list === --- data/DSA/list 2017-11-15 12:05:41 UTC (rev 57659) +++ data/DSA/list 2017-11-15 12:39:59 UTC (rev 57660) @@ -1,3 +1,6 @@ +[15 Nov 2017] DSA-4034-1 varnish - security update + {CVE-2017-8807} + [stretch] - varnish 5.0.0-7+deb9u2 [13 Nov 2017] DSA-4033-1 konversation - security update {CVE-2017-15923} [jessie] - konversation 1.5-2+deb8u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-15 12:05:41 UTC (rev 57659) +++ data/dsa-needed.txt 2017-11-15 12:39:59 UTC (rev 57660) @@ -56,8 +56,6 @@ tiff wait until more issues are around -- -varnish (carnil) --- vlc wait until 2.2.7 release -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57658 - data/CVE
Author: carnil Date: 2017-11-15 11:46:13 + (Wed, 15 Nov 2017) New Revision: 57658 Modified: data/CVE/list Log: add bug number for varnish issue, #881808 Modified: data/CVE/list === --- data/CVE/list 2017-11-15 11:39:49 UTC (rev 57657) +++ data/CVE/list 2017-11-15 11:46:13 UTC (rev 57658) @@ -23201,9 +23201,10 @@ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects] RESERVED - - varnish + - varnish (bug #881808) [jessie] - varnish (Vulnerable code not present, issue introduced in 4.1.0) NOTE: http://varnish-cache.org/security/VSV2.html + NOTE: https://github.com/varnishcache/varnish-cache/pull/2429 NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/176f8a075a CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster ...) {DSA-4029-1 DLA-1169-1} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57659 - data/CVE
Author: carnil Date: 2017-11-15 12:05:41 + (Wed, 15 Nov 2017) New Revision: 57659 Modified: data/CVE/list Log: Add CVE-2017-15115/linux Modified: data/CVE/list === --- data/CVE/list 2017-11-15 11:46:13 UTC (rev 57658) +++ data/CVE/list 2017-11-15 12:05:41 UTC (rev 57659) @@ -4517,8 +4517,10 @@ RESERVED CVE-2017-15116 RESERVED -CVE-2017-15115 +CVE-2017-15115 [sctp: use-after-free in sctp_cmp_addr_exact()] RESERVED + - linux + NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) CVE-2017-15114 RESERVED CVE-2017-15113 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57657 - data/CVE
Author: carnil Date: 2017-11-15 11:39:49 + (Wed, 15 Nov 2017) New Revision: 57657 Modified: data/CVE/list Log: Add fix reference for varnish Modified: data/CVE/list === --- data/CVE/list 2017-11-15 11:38:53 UTC (rev 57656) +++ data/CVE/list 2017-11-15 11:39:49 UTC (rev 57657) @@ -23204,6 +23204,7 @@ - varnish [jessie] - varnish (Vulnerable code not present, issue introduced in 4.1.0) NOTE: http://varnish-cache.org/security/VSV2.html + NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/176f8a075a CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster ...) {DSA-4029-1 DLA-1169-1} - postgresql-common 188 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57656 - data/CVE
Author: carnil Date: 2017-11-15 11:38:53 + (Wed, 15 Nov 2017) New Revision: 57656 Modified: data/CVE/list Log: Add Status for varnish issue in jessie Modified: data/CVE/list === --- data/CVE/list 2017-11-15 11:34:49 UTC (rev 57655) +++ data/CVE/list 2017-11-15 11:38:53 UTC (rev 57656) @@ -23199,10 +23199,11 @@ CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html -CVE-2017-8807 +CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects] RESERVED - varnish - NOTE: http://varnish-cache.org/security/VSV2.html#vsv2 + [jessie] - varnish (Vulnerable code not present, issue introduced in 4.1.0) + NOTE: http://varnish-cache.org/security/VSV2.html CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster ...) {DSA-4029-1 DLA-1169-1} - postgresql-common 188 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57655 - in data: . CVE
Author: jmm Date: 2017-11-15 11:34:49 + (Wed, 15 Nov 2017) New Revision: 57655 Modified: data/CVE/list data/dsa-needed.txt Log: new varnish issue Modified: data/CVE/list === --- data/CVE/list 2017-11-15 09:58:25 UTC (rev 57654) +++ data/CVE/list 2017-11-15 11:34:49 UTC (rev 57655) @@ -23201,6 +23201,8 @@ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html CVE-2017-8807 RESERVED + - varnish + NOTE: http://varnish-cache.org/security/VSV2.html#vsv2 CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster ...) {DSA-4029-1 DLA-1169-1} - postgresql-common 188 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-15 09:58:25 UTC (rev 57654) +++ data/dsa-needed.txt 2017-11-15 11:34:49 UTC (rev 57655) @@ -56,6 +56,8 @@ tiff wait until more issues are around -- +varnish (carnil) +-- vlc wait until 2.2.7 release -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57654 - data/CVE
Author: carnil Date: 2017-11-15 09:58:25 + (Wed, 15 Nov 2017) New Revision: 57654 Modified: data/CVE/list Log: Batch of NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-15 09:55:29 UTC (rev 57653) +++ data/CVE/list 2017-11-15 09:58:25 UTC (rev 57654) @@ -11722,11 +11722,11 @@ CVE-2017-12740 RESERVED CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) - TODO: check + NOT-FOR-US: Siemens CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) - TODO: check + NOT-FOR-US: Siemens CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) - TODO: check + NOT-FOR-US: Siemens CVE-2017-12736 RESERVED CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An ...) @@ -13926,75 +13926,75 @@ CVE-2017-11885 RESERVED CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to ...) TODO: check CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11881 RESERVED CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session ...) TODO: check CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11875 RESERVED CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11868 RESERVED CVE-2017-11867 RESERVED CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11865 RESERVED CVE-2017-11864 RESERVED CVE-2017-11863 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11862 (ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11861 (Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11860 RESERVED CVE-2017-11859 RESERVED CVE-2017-11858 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11857 RESERVED CVE-2017-11856 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11855 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11854 (Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11853 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11852 (Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11851 (The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11850 (Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-11849 (Windows kernel in Windows 7 SP1, Windows Server
[Secure-testing-commits] r57653 - data/CVE
Author: carnil Date: 2017-11-15 09:55:29 + (Wed, 15 Nov 2017) New Revision: 57653 Modified: data/CVE/list Log: Add fixing version for CVE-2017-15908 Modified: data/CVE/list === --- data/CVE/list 2017-11-15 09:35:08 UTC (rev 57652) +++ data/CVE/list 2017-11-15 09:55:29 UTC (rev 57653) @@ -2550,7 +2550,7 @@ CVE-2017-15917 (In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create ...) NOT-FOR-US: Paessler PRTG Network Monitor CVE-2017-15908 (In systemd 223 through 235, a remote DNS server can respond with a ...) - - systemd (bug #880026) + - systemd 235-3 (bug #880026) [stretch] - systemd (Minor issue; systemd-resolved not enabled by default) [jessie] - systemd (Vulnerable code introduced later) [wheezy] - systemd (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57652 - data
Author: pochu Date: 2017-11-15 09:35:08 + (Wed, 15 Nov 2017) New Revision: 57652 Modified: data/dla-needed.txt Log: dla: add firefox-esr Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-15 09:31:16 UTC (rev 57651) +++ data/dla-needed.txt 2017-11-15 09:35:08 UTC (rev 57652) @@ -16,6 +16,8 @@ -- cacti -- +firefox-esr (Emilio Pozuelo) +-- irssi (Rhonda D'Vine) -- jasperreports ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57651 - data/CVE
Author: carnil Date: 2017-11-15 09:31:16 + (Wed, 15 Nov 2017) New Revision: 57651 Modified: data/CVE/list Log: More binutils to be processed Modified: data/CVE/list === --- data/CVE/list 2017-11-15 09:29:03 UTC (rev 57650) +++ data/CVE/list 2017-11-15 09:31:16 UTC (rev 57651) @@ -23,11 +23,23 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22307 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163 CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22386 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22306 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419 CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary File ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22376 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d CVE-2017-16825 RESERVED CVE-2017-16824 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57650 - data/CVE
Author: carnil Date: 2017-11-15 09:29:03 + (Wed, 15 Nov 2017) New Revision: 57650 Modified: data/CVE/list Log: Process more binutils entries Modified: data/CVE/list === --- data/CVE/list 2017-11-15 09:26:59 UTC (rev 57649) +++ data/CVE/list 2017-11-15 09:29:03 UTC (rev 57650) @@ -5,11 +5,23 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22373 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22385 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22384 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c in the ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22307 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163 CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 ...) TODO: check CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57649 - data/CVE
Author: carnil Date: 2017-11-15 09:26:59 + (Wed, 15 Nov 2017) New Revision: 57649 Modified: data/CVE/list Log: Add CVE-2017-16832/binutils Modified: data/CVE/list === --- data/CVE/list 2017-11-15 09:10:14 UTC (rev 57648) +++ data/CVE/list 2017-11-15 09:26:59 UTC (rev 57649) @@ -1,5 +1,9 @@ CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22373 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) TODO: check CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57648 - data/CVE
Author: sectracker Date: 2017-11-15 09:10:14 + (Wed, 15 Nov 2017) New Revision: 57648 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-15 07:19:41 UTC (rev 57647) +++ data/CVE/list 2017-11-15 09:10:14 UTC (rev 57648) @@ -1,3 +1,31 @@ +CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File ...) + TODO: check +CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + TODO: check +CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils ...) + TODO: check +CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c in the ...) + TODO: check +CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 ...) + TODO: check +CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File ...) + TODO: check +CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary File ...) + TODO: check +CVE-2017-16825 + RESERVED +CVE-2017-16824 + RESERVED +CVE-2017-16823 + RESERVED +CVE-2017-16822 + RESERVED +CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java ...) + TODO: check +CVE-2017-16819 + RESERVED +CVE-2017-16818 + RESERVED CVE-2017-16817 RESERVED CVE-2017-16816 @@ -4,7 +32,7 @@ RESERVED CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration ...) NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress -CVE-2017-16820 [snmp plugin: double free or heap corruption] +CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in collectd ...) - collectd (bug #881757) NOTE: https://github.com/collectd/collectd/issues/2291 CVE-2017-16814 @@ -11665,12 +11693,12 @@ RESERVED CVE-2017-12740 RESERVED -CVE-2017-12739 - RESERVED -CVE-2017-12738 - RESERVED -CVE-2017-12737 - RESERVED +CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check +CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check +CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check CVE-2017-12736 RESERVED CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An ...) @@ -13869,122 +13897,122 @@ RESERVED CVE-2017-11885 RESERVED -CVE-2017-11884 - RESERVED -CVE-2017-11883 - RESERVED -CVE-2017-11882 - RESERVED +CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run ...) + TODO: check +CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to ...) + TODO: check +CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service ...) + TODO: check CVE-2017-11881 RESERVED -CVE-2017-11880 - RESERVED -CVE-2017-11879 - RESERVED -CVE-2017-11878 - RESERVED -CVE-2017-11877 - RESERVED -CVE-2017-11876 - RESERVED +CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session ...) + TODO: check +CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) + TODO: check +CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) + TODO: check +CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise Server ...) + TODO: check CVE-2017-11875 RESERVED -CVE-2017-11874 - RESERVED -CVE-2017-11873 - RESERVED -CVE-2017-11872 - RESERVED -CVE-2017-11871 - RESERVED -CVE-2017-11870 - RESERVED -CVE-2017-11869 - RESERVED +CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, ...) + TODO: check +CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...) + TODO: check +CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + TODO: check +CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...) + TODO: check +CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...) + TODO: check +CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + TODO: check CVE-2017-11868 RESERVED CVE-2017-11867 RESERVED -CVE-2017-11866 - RESERVED +CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...) +