[Secure-testing-commits] r58102 - data
Author: carnil Date: 2017-11-29 06:46:17 + (Wed, 29 Nov 2017) New Revision: 58102 Modified: data/dsa-needed.txt Log: Add thunderbird to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-29 05:57:55 UTC (rev 58101) +++ data/dsa-needed.txt 2017-11-29 06:46:17 UTC (rev 58102) @@ -53,6 +53,8 @@ tiff wait until more issues are around -- +thunderbird +-- wireshark (seb) 2017-05-13: asked balint@ if he wants to prepare an update now 2017-07-28: re-ping balint@ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58101 - data/CVE
Author: carnil Date: 2017-11-29 05:57:55 + (Wed, 29 Nov 2017) New Revision: 58101 Modified: data/CVE/list Log: Add CVE-2017-17052/linux Modified: data/CVE/list === --- data/CVE/list 2017-11-29 05:49:26 UTC (rev 58100) +++ data/CVE/list 2017-11-29 05:57:55 UTC (rev 58101) @@ -4,6 +4,12 @@ [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/ccd5b3235180eef3cfec337df1c8554ab151b5cc +CVE-2017-17052 [fork: fix incorrect fput of ->exe_file causing use-after-free] + - linux 4.12.12-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a CVE-2018-0730 RESERVED CVE-2018-0729 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58100 - data/CVE
Author: carnil Date: 2017-11-29 05:49:26 + (Wed, 29 Nov 2017) New Revision: 58100 Modified: data/CVE/list Log: Add CVE-2017-17053/linux Modified: data/CVE/list === --- data/CVE/list 2017-11-29 05:14:58 UTC (rev 58099) +++ data/CVE/list 2017-11-29 05:49:26 UTC (rev 58100) @@ -1,3 +1,9 @@ +CVE-2017-17053 [x86/mm: Fix use-after-free of ldt_struct] + - linux 4.12.12-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/ccd5b3235180eef3cfec337df1c8554ab151b5cc CVE-2018-0730 RESERVED CVE-2018-0729 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58099 - in data: CVE DSA
Author: carnil Date: 2017-11-29 05:14:58 + (Wed, 29 Nov 2017) New Revision: 58099 Modified: data/CVE/list data/DSA/list Log: CVEs assigned for xen issues Modified: data/CVE/list === --- data/CVE/list 2017-11-28 22:03:36 UTC (rev 58098) +++ data/CVE/list 2017-11-29 05:14:58 UTC (rev 58099) @@ -81,21 +81,15 @@ RESERVED CVE-2017-17027 RESERVED -CVE-2017- [XSA-247: Missing p2m error checking in PoD code] +CVE-2017-17045 [XSA-247: Missing p2m error checking in PoD code] - xen - [stretch] - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-247.html - NOTE: Workaround for DSA 4050 -CVE-2017- [XSA-246: x86: infinite loop due to missing PoD error checking] +CVE-2017-17044 [XSA-246: x86: infinite loop due to missing PoD error checking] - xen - [stretch] - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-246.html - NOTE: Workaround for DSA 4050 -CVE-2017- [XSA-245: ARM: Some memory not scrubbed at boot] +CVE-2017-17046 [XSA-245: ARM: Some memory not scrubbed at boot] - xen - [stretch] - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-245.html - NOTE: Workaround for DSA 4050 CVE-2018-0705 RESERVED CVE-2018-0704 Modified: data/DSA/list === --- data/DSA/list 2017-11-28 22:03:36 UTC (rev 58098) +++ data/DSA/list 2017-11-29 05:14:58 UTC (rev 58099) @@ -1,5 +1,5 @@ [28 Nov 2017] DSA-4050-1 xen - security update - {CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597} + {CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597 CVE-2017-17044 CVE-2017-17045 CVE-2017-17046} [stretch] - xen 4.8.2+xsa245-0+deb9u1 [27 Nov 2017] DSA-4049-1 ffmpeg - security update {CVE-2017-15186 CVE-2017-15672 CVE-2017-16840} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58098 - data
Author: carnil Date: 2017-11-28 22:03:36 + (Tue, 28 Nov 2017) New Revision: 58098 Modified: data/dsa-needed.txt Log: Take exim4 from dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-28 21:11:27 UTC (rev 58097) +++ data/dsa-needed.txt 2017-11-28 22:03:36 UTC (rev 58098) @@ -16,7 +16,7 @@ -- bzr (carnil) -- -exim4/stable +exim4/stable (carnil) -- graphicsmagick -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58097 - data/CVE
Author: carnil Date: 2017-11-28 21:11:27 + (Tue, 28 Nov 2017) New Revision: 58097 Modified: data/CVE/list Log: Add CVE-2017-17042/yard Modified: data/CVE/list === --- data/CVE/list 2017-11-28 21:10:17 UTC (rev 58096) +++ data/CVE/list 2017-11-28 21:11:27 UTC (rev 58097) @@ -49,7 +49,8 @@ CVE-2018-0706 RESERVED CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...) - TODO: check + - yard 0.9.12-1 + NOTE: Fixed by: https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b168250635975e62b4 (0.9.11) CVE-2017-17041 RESERVED CVE-2017-17040 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58096 - data/CVE
Author: sectracker Date: 2017-11-28 21:10:17 + (Tue, 28 Nov 2017) New Revision: 58096 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-28 21:04:17 UTC (rev 58095) +++ data/CVE/list 2017-11-28 21:10:17 UTC (rev 58096) @@ -1,3 +1,85 @@ +CVE-2018-0730 + RESERVED +CVE-2018-0729 + RESERVED +CVE-2018-0728 + RESERVED +CVE-2018-0727 + RESERVED +CVE-2018-0726 + RESERVED +CVE-2018-0725 + RESERVED +CVE-2018-0724 + RESERVED +CVE-2018-0723 + RESERVED +CVE-2018-0722 + RESERVED +CVE-2018-0721 + RESERVED +CVE-2018-0720 + RESERVED +CVE-2018-0719 + RESERVED +CVE-2018-0718 + RESERVED +CVE-2018-0717 + RESERVED +CVE-2018-0716 + RESERVED +CVE-2018-0715 + RESERVED +CVE-2018-0714 + RESERVED +CVE-2018-0713 + RESERVED +CVE-2018-0712 + RESERVED +CVE-2018-0711 + RESERVED +CVE-2018-0710 + RESERVED +CVE-2018-0709 + RESERVED +CVE-2018-0708 + RESERVED +CVE-2018-0707 + RESERVED +CVE-2018-0706 + RESERVED +CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...) + TODO: check +CVE-2017-17041 + RESERVED +CVE-2017-17040 + RESERVED +CVE-2017-17039 + RESERVED +CVE-2017-17038 + RESERVED +CVE-2017-17037 + RESERVED +CVE-2017-17036 + RESERVED +CVE-2017-17035 + RESERVED +CVE-2017-17034 + RESERVED +CVE-2017-17033 + RESERVED +CVE-2017-17032 + RESERVED +CVE-2017-17031 + RESERVED +CVE-2017-17030 + RESERVED +CVE-2017-17029 + RESERVED +CVE-2017-17028 + RESERVED +CVE-2017-17027 + RESERVED CVE-2017- [XSA-247: Missing p2m error checking in PoD code] - xen [stretch] - xen 4.8.2+xsa245-0+deb9u1 @@ -1419,10 +1501,10 @@ RESERVED CVE-2017-16953 RESERVED -CVE-2017-16952 - RESERVED -CVE-2017-16951 - RESERVED +CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial ...) + TODO: check CVE-2017-16950 RESERVED CVE-2017-16949 @@ -5309,8 +5391,8 @@ RESERVED CVE-2017-15674 RESERVED -CVE-2017-15673 - RESERVED +CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...) + TODO: check CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...) {DSA-4049-1} - ffmpeg 7:3.4-1 @@ -5500,6 +5582,7 @@ CVE-2017-15598 RESERVED CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying code made ...) + {DSA-4050-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-236.html CVE-2017-15586 @@ -6249,35 +6332,38 @@ CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before ...) NOT-FOR-US: Mirasys Video Management System CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...) + {DSA-4050-1} - xen [wheezy] - xen (minor issue) NOTE: https://xenbits.xen.org/xsa/advisory-244.html CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-243.html CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-242.html CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-241.html CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-240.html CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-239.html CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...) + {DSA-4050-1} - xen [jessie] - xen (Only affects 4.5 and later) [wheezy] - xen (Only affects 4.5 and later) NOTE: https://xenbits.xen.org/xsa/advisory-238.html CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS ...) + {DSA-4050-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-237.html CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu
[Secure-testing-commits] r58095 - data
Author: anarcat Date: 2017-11-28 21:04:17 + (Tue, 28 Nov 2017) New Revision: 58095 Modified: data/dla-needed.txt Log: claim optipng Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-28 21:03:48 UTC (rev 58094) +++ data/dla-needed.txt 2017-11-28 21:04:17 UTC (rev 58095) @@ -76,7 +76,7 @@ openexr (Guido Günther) NOTE: 20170902: CVE-2017-12596: bug reported upstream but no response yet (lamby) -- -optipng +optipng (anarcat) NOTE: 20171127: Can confirm vulnerable in wheezy. (lamby) -- otrs2 (Emilio Pozuelo) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58094 - data
Author: anarcat Date: 2017-11-28 21:03:48 + (Tue, 28 Nov 2017) New Revision: 58094 Modified: data/dla-needed.txt Log: give up on libreoffice, it is driving me nuts Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-28 21:03:32 UTC (rev 58093) +++ data/dla-needed.txt 2017-11-28 21:03:48 UTC (rev 58094) @@ -39,10 +39,11 @@ NOTE: The same should be done in wheezy too. So the action for this NOTE: package is to contact the FTP masters in order to handle this. -- -libreoffice (anarcat) +libreoffice NOTE: regression update, see: NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html NOTE: there are some new CVEs now as well + NOTE: patches available, but build fails: https://lists.debian.org/87374yqgfp@curie.anarc.at -- libvorbis (Guido Günther) NOTE: 20171120: Fixes for issues submitted upstream to libvorbis, ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58093 - data/CVE
Author: carnil Date: 2017-11-28 21:03:32 + (Tue, 28 Nov 2017) New Revision: 58093 Modified: data/CVE/list Log: Add commit for CVE-2017-16944/exim4 Modified: data/CVE/list === --- data/CVE/list 2017-11-28 20:22:18 UTC (rev 58092) +++ data/CVE/list 2017-11-28 21:03:32 UTC (rev 58093) @@ -1445,6 +1445,7 @@ [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) NOTE: https://bugs.exim.org/show_bug.cgi?id=2201 + NOTE: https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542 NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html NOTE: 4.89-10 adds a workaround which disables the affected code by default CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58092 - data/CVE
Author: carnil Date: 2017-11-28 20:22:18 + (Tue, 28 Nov 2017) New Revision: 58092 Modified: data/CVE/list Log: Several issues fixed for radare2 in unstable Modified: data/CVE/list === --- data/CVE/list 2017-11-28 20:20:46 UTC (rev 58091) +++ data/CVE/list 2017-11-28 20:22:18 UTC (rev 58092) @@ -2241,7 +2241,7 @@ CVE-2017-16806 (The Process function in RemoteTaskServer/WebServer/HttpServer.cs in ...) NOT-FOR-US: Ulterius CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...) - - radare2 (bug #882134) + - radare2 2.1.0+dfsg-1 (bug #882134) [stretch] - radare2 (Minor issue) [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Vulnerable code does not exist; no dwarf support) @@ -3353,7 +3353,7 @@ CVE-2017-16360 RESERVED CVE-2017-16359 (In radare 2.0.1, a pointer wraparound vulnerability exists in ...) - - radare2 (bug #880616) + - radare2 2.1.0+dfsg-1 (bug #880616) [stretch] - radare2 (Minor issue) [jessie] - radare2 (Vulnerable code introduced later) [wheezy] - radare2 (Vulnerable code introduced later) @@ -3362,14 +3362,14 @@ NOTE: https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d NOTE: https://github.com/radare/radare2/issues/8764 CVE-2017-16358 (In radare 2.0.1, an out-of-bounds read vulnerability exists in ...) - - radare2 (bug #880619) + - radare2 2.1.0+dfsg-1 (bug #880619) [stretch] - radare2 (Vulnerable code introduced later) [jessie] - radare2 (Vulnerable code introduced later) [wheezy] - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9 NOTE: https://github.com/radare/radare2/issues/8748 CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in ...) - - radare2 (bug #880620) + - radare2 2.1.0+dfsg-1 (bug #880620) [stretch] - radare2 (Minor issue) [jessie] - radare2 (Vulnerable code introduced later) [wheezy] - radare2 (Vulnerable code introduced later) @@ -4707,14 +4707,14 @@ CVE-2017-15933 (SQL injection vulnerability vulnerability in the EyesOfNetwork web ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number leading to an ...) - - radare2 (bug #880024) + - radare2 2.1.0+dfsg-1 (bug #880024) [stretch] - radare2 (Minor issue) [jessie] - radare2 (Vulnerable code introduced in 0.10.2) [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) NOTE: https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9 NOTE: https://github.com/radare/radare2/issues/8743 CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading to an ...) - - radare2 (bug #880025) + - radare2 2.1.0+dfsg-1 (bug #880025) [stretch] - radare2 (Minor issue) [jessie] - radare2 (Vulnerable code introduced in 0.10.2) [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) @@ -6025,7 +6025,7 @@ [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15385 (The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...) - - radare2 (bug #879119) + - radare2 2.1.0+dfsg-1 (bug #879119) [stretch] - radare2 (Minor issue) [jessie] - radare2 (Vulnerable code introduced in 0.10.2) [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) @@ -6078,7 +6078,7 @@ NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698592 CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 ...) - - radare2 (bug #878767) + - radare2 2.1.0+dfsg-1 (bug #878767) [stretch] - radare2 (Vulnerable code introduced in 2.0.0) [jessie] - radare2 (Vulnerable code introduced in 2.0.0) [wheezy] - radare2 (Vulnerable code introduced in 2.0.0) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58091 - data
Author: pochu Date: 2017-11-28 20:20:46 + (Tue, 28 Nov 2017) New Revision: 58091 Modified: data/dla-needed.txt Log: dla: claim libxfont and libxcursor Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-28 20:17:56 UTC (rev 58090) +++ data/dla-needed.txt 2017-11-28 20:20:46 UTC (rev 58091) @@ -49,6 +49,10 @@ NOTE: theora and sox. Awaiting feedback. Underlying reason for CVE-2017-14160 NOTE: unclear. -- +libxcursor (Emilio Pozuelo) +-- +libxfont (Emilio Pozuelo) +-- libxml2 (Thorsten Alteholz) -- linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58090 - data/CVE
Author: carnil Date: 2017-11-28 20:17:56 + (Tue, 28 Nov 2017) New Revision: 58090 Modified: data/CVE/list Log: Process round of NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:59:39 UTC (rev 58089) +++ data/CVE/list 2017-11-28 20:17:56 UTC (rev 58090) @@ -520,7 +520,7 @@ CVE-2016-10702 (Pebble Smartwatch devices through 4.3 mishandle UUID storage, which ...) TODO: check CVE-2016-10701 (In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists ...) - TODO: check + NOT-FOR-US: Hitachi Vantara Pentaho BA Platform CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution in the ...) TODO: check CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties such as a ...) @@ -9056,9 +9056,9 @@ CVE-2017-14391 RESERVED CVE-2017-14390 (In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2017-14389 (An issue was discovered in Cloud Foundry Foundation capi-release (all ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 ...) NOT-FOR-US: Cloud Foundry Foundation GrootFS CVE-2017-14387 @@ -9078,7 +9078,7 @@ CVE-2017-14380 RESERVED CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site ...) - TODO: check + NOT-FOR-US: EMC CVE-2017-14378 RESERVED CVE-2017-14377 @@ -27552,7 +27552,7 @@ CVE-2017-8039 (An issue was discovered in Pivotal Spring Web Flow through 2.4.5. ...) NOT-FOR-US: Spring Web Flow CVE-2017-8038 (In Cloud Foundry Foundation Credhub-release version 1.1.0, access ...) - TODO: check + NOT-FOR-US: Cloud Foundry Foundation Credhub-release CVE-2017-8037 (In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and ...) NOT-FOR-US: Cloud Foundry CVE-2017-8036 (An issue was discovered in the Cloud Controller API in Cloud Foundry ...) @@ -27566,7 +27566,7 @@ CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release all ...) NOT-FOR-US: Cloud Foundry CVE-2017-8031 (An issue was discovered in Cloud Foundry Foundation cf-release (all ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2017-8030 RESERVED CVE-2017-8029 @@ -27591,9 +27591,9 @@ CVE-2017-8021 (EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an ...) NOT-FOR-US: EMC Elastic Cloud Storage CVE-2017-8020 (An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow ...) - TODO: check + NOT-FOR-US: EMC CVE-2017-8019 (An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in ...) - TODO: check + NOT-FOR-US: EMC CVE-2017-8018 (EMC AppSync host plug-in versions 3.5 and below (Windows platform only) ...) NOT-FOR-US: EMC AppSync CVE-2017-8017 (EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and ...) @@ -27629,7 +27629,7 @@ CVE-2017-8002 (EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL ...) NOT-FOR-US: EMC Data Protection Advisor CVE-2017-8001 (An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, ...) - TODO: check + NOT-FOR-US: EMC CVE-2017-8000 (In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA ...) NOT-FOR-US: EMC CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote ...) @@ -46888,9 +46888,9 @@ CVE-2017-1690 RESERVED CVE-2017-1689 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1688 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1687 RESERVED CVE-2017-1686 @@ -46910,7 +46910,7 @@ CVE-2017-1679 RESERVED CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1677 RESERVED CVE-2017-1676 @@ -46966,7 +46966,7 @@ CVE-2017-1651 RESERVED CVE-2017-1650 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1649 RESERVED CVE-2017-1648 @@ -47010,7 +47010,7 @@ CVE-2017-1629 RESERVED CVE-2017-1628 (IBM Business Process Manager 8.6.0.0 allows authenticated users to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1627 RESERVED CVE-2017-1626 @@ -47052,7 +47052,7 @@ CVE-2017-1608 RESERVED CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1606 RESERVED CVE-2017-1605 @@ -47080,7 +47080,7 @@ CVE-2017-1594 RESE
[Secure-testing-commits] r58089 - in data: CVE DSA
Author: carnil Date: 2017-11-28 19:59:39 + (Tue, 28 Nov 2017) New Revision: 58089 Modified: data/CVE/list data/DSA/list Log: XSA-238 is CVE-2017-15591 Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:56:41 UTC (rev 58088) +++ data/CVE/list 2017-11-28 19:59:39 UTC (rev 58089) @@ -1,8 +1,3 @@ -CVE-2017- [XSA-238: DMOP map/unmap missing argument checks] - - xen - [stretch] - xen 4.8.2+xsa245-0+deb9u1 - NOTE: https://xenbits.xen.org/xsa/advisory-238.html - NOTE: Workaround for DSA 4050 CVE-2017- [XSA-247: Missing p2m error checking in PoD code] - xen [stretch] - xen 4.8.2+xsa245-0+deb9u1 Modified: data/DSA/list === --- data/DSA/list 2017-11-28 19:56:41 UTC (rev 58088) +++ data/DSA/list 2017-11-28 19:59:39 UTC (rev 58089) @@ -1,5 +1,5 @@ [28 Nov 2017] DSA-4050-1 xen - security update - {CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597} + {CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597} [stretch] - xen 4.8.2+xsa245-0+deb9u1 [27 Nov 2017] DSA-4049-1 ffmpeg - security update {CVE-2017-15186 CVE-2017-15672 CVE-2017-16840} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58088 - data/CVE
Author: jmm Date: 2017-11-28 19:56:41 + (Tue, 28 Nov 2017) New Revision: 58088 Modified: data/CVE/list Log: libxfont no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:50:50 UTC (rev 58087) +++ data/CVE/list 2017-11-28 19:56:41 UTC (rev 58088) @@ -2739,7 +2739,9 @@ NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2 CVE-2017-16611 [Open files with O_NOFOLLOW] RESERVED - - libxfont + - libxfont (low) + [stretch] - libxfont (Minor issue) + [jessie] - libxfont (Minor issue) - libxfont1 (unimportant) NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/7 NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58087 - data/CVE
Author: jmm Date: 2017-11-28 19:50:50 + (Tue, 28 Nov 2017) New Revision: 58087 Modified: data/CVE/list Log: two more xen temp stubs Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:47:38 UTC (rev 58086) +++ data/CVE/list 2017-11-28 19:50:50 UTC (rev 58087) @@ -1,3 +1,8 @@ +CVE-2017- [XSA-238: DMOP map/unmap missing argument checks] + - xen + [stretch] - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-238.html + NOTE: Workaround for DSA 4050 CVE-2017- [XSA-247: Missing p2m error checking in PoD code] - xen [stretch] - xen 4.8.2+xsa245-0+deb9u1 @@ -8,6 +13,11 @@ [stretch] - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-246.html NOTE: Workaround for DSA 4050 +CVE-2017- [XSA-245: ARM: Some memory not scrubbed at boot] + - xen + [stretch] - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-245.html + NOTE: Workaround for DSA 4050 CVE-2018-0705 RESERVED CVE-2018-0704 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58086 - in data: . CVE
Author: anarcat Date: 2017-11-28 19:47:38 + (Tue, 28 Nov 2017) New Revision: 58086 Modified: data/CVE/list data/dla-needed.txt Log: mark exiv2 issues as unreproducible Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:46:03 UTC (rev 58085) +++ data/CVE/list 2017-11-28 19:47:38 UTC (rev 58086) @@ -1675,17 +1675,19 @@ NOT-FOR-US: Phoenix Framework CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...) - exiv2 + [wheezy] - exiv2 (Cannot reproduce with crash file) NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/177 CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...) - exiv2 + [wheezy] - exiv2 (Cannot reproduce with crash file) NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/176 CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...) - exiv2 + [wheezy] - exiv2 (Cannot reproduce with crash file) NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/175 - NOTE: Can't seem to reproduce this in wheezy. CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in ...) - ncurses 6.0+20171125-1 (bug #882620) [stretch] - ncurses (Minor issue) Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-28 19:46:03 UTC (rev 58085) +++ data/dla-needed.txt 2017-11-28 19:47:38 UTC (rev 58086) @@ -17,9 +17,6 @@ couchdb NOTE: Only in wheezy, we are on our own. -- -exiv2 - NOTE: confirmed that vulnerabilities cannot be reproduced with ASAN: https://lists.debian.org/debian-lts/2017/11/msg00124.html --- irssi (Rhonda D'Vine) -- jasperreports ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58085 - in data: . CVE DSA
Author: jmm Date: 2017-11-28 19:46:03 + (Tue, 28 Nov 2017) New Revision: 58085 Modified: data/CVE/list data/DSA/list data/dsa-needed.txt Log: xen DSA Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:30:41 UTC (rev 58084) +++ data/CVE/list 2017-11-28 19:46:03 UTC (rev 58085) @@ -1,9 +1,13 @@ CVE-2017- [XSA-247: Missing p2m error checking in PoD code] - xen + [stretch] - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-247.html + NOTE: Workaround for DSA 4050 CVE-2017- [XSA-246: x86: infinite loop due to missing PoD error checking] - xen + [stretch] - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-246.html + NOTE: Workaround for DSA 4050 CVE-2018-0705 RESERVED CVE-2018-0704 Modified: data/DSA/list === --- data/DSA/list 2017-11-28 19:30:41 UTC (rev 58084) +++ data/DSA/list 2017-11-28 19:46:03 UTC (rev 58085) @@ -1,3 +1,6 @@ +[28 Nov 2017] DSA-4050-1 xen - security update + {CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597} + [stretch] - xen 4.8.2+xsa245-0+deb9u1 [27 Nov 2017] DSA-4049-1 ffmpeg - security update {CVE-2017-15186 CVE-2017-15672 CVE-2017-16840} [stretch] - ffmpeg 7:3.2.9-1~deb9u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-28 19:30:41 UTC (rev 58084) +++ data/dsa-needed.txt 2017-11-28 19:46:03 UTC (rev 58085) @@ -59,7 +59,5 @@ -- wordpress -- -xen --- zendframework/oldstable -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58084 - data/CVE
Author: carnil Date: 2017-11-28 19:30:41 + (Tue, 28 Nov 2017) New Revision: 58084 Modified: data/CVE/list Log: Add fixing version for CVE-2017-16943/exim4 Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:26:55 UTC (rev 58083) +++ data/CVE/list 2017-11-28 19:30:41 UTC (rev 58084) @@ -1439,7 +1439,7 @@ NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html NOTE: 4.89-10 adds a workaround which disables the affected code by default CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) - - exim4 (bug #882648) + - exim4 4.89-12 (bug #882648) [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) NOTE: https://bugs.exim.org/show_bug.cgi?id=2199 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58083 - data/CVE
Author: carnil Date: 2017-11-28 19:26:55 + (Tue, 28 Nov 2017) New Revision: 58083 Modified: data/CVE/list Log: Add CVE-2017-15119/qemu Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:22:31 UTC (rev 58082) +++ data/CVE/list 2017-11-28 19:26:55 UTC (rev 58083) @@ -6736,8 +6736,11 @@ RESERVED CVE-2017-15120 RESERVED -CVE-2017-15119 +CVE-2017-15119 [DoS via large option request] RESERVED + - qemu + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html CVE-2017-15118 [stack buffer overflow in NBD server triggered via long export name] RESERVED - qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58082 - data/CVE
Author: carnil Date: 2017-11-28 19:22:31 + (Tue, 28 Nov 2017) New Revision: 58082 Modified: data/CVE/list Log: Add CVE-2017-15118/qemu Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:21:24 UTC (rev 58081) +++ data/CVE/list 2017-11-28 19:22:31 UTC (rev 58082) @@ -6738,8 +6738,11 @@ RESERVED CVE-2017-15119 RESERVED -CVE-2017-15118 +CVE-2017-15118 [stack buffer overflow in NBD server triggered via long export name] RESERVED + - qemu + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html CVE-2017-15117 REJECTED CVE-2017-15116 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58081 - data/CVE
Author: carnil Date: 2017-11-28 19:21:24 + (Tue, 28 Nov 2017) New Revision: 58081 Modified: data/CVE/list Log: Add CVE-2017-16611/libxfont Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:18:39 UTC (rev 58080) +++ data/CVE/list 2017-11-28 19:21:24 UTC (rev 58081) @@ -2721,8 +2721,14 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6 NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2 -CVE-2017-16611 +CVE-2017-16611 [Open files with O_NOFOLLOW] RESERVED + - libxfont + - libxfont1 (unimportant) + NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/7 + NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8 + NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2 + NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2 CVE-2017-16610 RESERVED CVE-2017-16609 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58080 - data/CVE
Author: carnil Date: 2017-11-28 19:18:39 + (Tue, 28 Nov 2017) New Revision: 58080 Modified: data/CVE/list Log: Add fixing commit for CVE-2017-16612 Modified: data/CVE/list === --- data/CVE/list 2017-11-28 19:17:10 UTC (rev 58079) +++ data/CVE/list 2017-11-28 19:18:39 UTC (rev 58080) @@ -2719,6 +2719,7 @@ RESERVED - libxcursor NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6 + NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2 CVE-2017-16611 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58079 - data/CVE
Author: carnil Date: 2017-11-28 19:17:10 + (Tue, 28 Nov 2017) New Revision: 58079 Modified: data/CVE/list Log: Add CVE-2017-16612/libxcursor Modified: data/CVE/list === --- data/CVE/list 2017-11-28 15:13:54 UTC (rev 58078) +++ data/CVE/list 2017-11-28 19:17:10 UTC (rev 58079) @@ -2715,8 +2715,11 @@ {DSA-4044-1} - swauth 1.2.0-4 (bug #882314) NOTE: https://bugs.launchpad.net/swift/+bug/1655781 -CVE-2017-16612 +CVE-2017-16612 [heap overflows when parsing malicious files] RESERVED + - libxcursor + NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6 + NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2 CVE-2017-16611 RESERVED CVE-2017-16610 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58078 - data/CVE
Author: carnil Date: 2017-11-28 15:13:54 + (Tue, 28 Nov 2017) New Revision: 58078 Modified: data/CVE/list Log: Add fixing version for busybox Modified: data/CVE/list === --- data/CVE/list 2017-11-28 14:02:09 UTC (rev 58077) +++ data/CVE/list 2017-11-28 15:13:54 UTC (rev 58078) @@ -2870,7 +2870,7 @@ NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through ...) - - busybox (bug #882258) + - busybox 1:1.27.2-2 (bug #882258) [stretch] - busybox (Minor issue, can be fixed via point release) [jessie] - busybox (Minor issue, can be fixed via point release) [wheezy] - busybox (Minor issue) @@ -4830,7 +4830,7 @@ CVE-2017-15875 RESERVED CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an ...) - - busybox (bug #879732) + - busybox 1:1.27.2-2 (bug #879732) [stretch] - busybox (Vulnerable code not present) [jessie] - busybox (Vulnerable code not present) [wheezy] - busybox (Vulnerable code not present) @@ -4838,7 +4838,7 @@ NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2.c ...) - - busybox (bug #879732) + - busybox 1:1.27.2-2 (bug #879732) [stretch] - busybox (Minor issue) [jessie] - busybox (Minor issue) [wheezy] - busybox (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58077 - data/CVE
Author: carnil Date: 2017-11-28 14:02:09 + (Tue, 28 Nov 2017) New Revision: 58077 Modified: data/CVE/list Log: Add two new xen issues Modified: data/CVE/list === --- data/CVE/list 2017-11-28 11:26:00 UTC (rev 58076) +++ data/CVE/list 2017-11-28 14:02:09 UTC (rev 58077) @@ -1,3 +1,9 @@ +CVE-2017- [XSA-247: Missing p2m error checking in PoD code] + - xen + NOTE: https://xenbits.xen.org/xsa/advisory-247.html +CVE-2017- [XSA-246: x86: infinite loop due to missing PoD error checking] + - xen + NOTE: https://xenbits.xen.org/xsa/advisory-246.html CVE-2018-0705 RESERVED CVE-2018-0704 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58076 - data/CVE
Author: carnil Date: 2017-11-28 11:26:00 + (Tue, 28 Nov 2017) New Revision: 58076 Modified: data/CVE/list Log: Add thunderbird issues Modified: data/CVE/list === --- data/CVE/list 2017-11-28 09:10:21 UTC (rev 58075) +++ data/CVE/list 2017-11-28 11:26:00 UTC (rev 58076) @@ -28251,8 +28251,10 @@ {DSA-4035-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830 - NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830 CVE-2017-7829 RESERVED CVE-2017-7828 @@ -28260,8 +28262,10 @@ {DSA-4035-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7828 CVE-2017-7827 RESERVED - firefox 57.0-1 @@ -28271,8 +28275,10 @@ {DSA-4035-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 + - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7826 CVE-2017-7825 RESERVED - firefox (Only affects Firefox on OS X) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58075 - data/CVE
Author: sectracker Date: 2017-11-28 09:10:21 + (Tue, 28 Nov 2017) New Revision: 58075 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-28 05:35:21 UTC (rev 58074) +++ data/CVE/list 2017-11-28 09:10:21 UTC (rev 58075) @@ -1,3 +1,511 @@ +CVE-2018-0705 + RESERVED +CVE-2018-0704 + RESERVED +CVE-2018-0703 + RESERVED +CVE-2018-0702 + RESERVED +CVE-2018-0701 + RESERVED +CVE-2018-0700 + RESERVED +CVE-2018-0699 + RESERVED +CVE-2018-0698 + RESERVED +CVE-2018-0697 + RESERVED +CVE-2018-0696 + RESERVED +CVE-2018-0695 + RESERVED +CVE-2018-0694 + RESERVED +CVE-2018-0693 + RESERVED +CVE-2018-0692 + RESERVED +CVE-2018-0691 + RESERVED +CVE-2018-0690 + RESERVED +CVE-2018-0689 + RESERVED +CVE-2018-0688 + RESERVED +CVE-2018-0687 + RESERVED +CVE-2018-0686 + RESERVED +CVE-2018-0685 + RESERVED +CVE-2018-0684 + RESERVED +CVE-2018-0683 + RESERVED +CVE-2018-0682 + RESERVED +CVE-2018-0681 + RESERVED +CVE-2018-0680 + RESERVED +CVE-2018-0679 + RESERVED +CVE-2018-0678 + RESERVED +CVE-2018-0677 + RESERVED +CVE-2018-0676 + RESERVED +CVE-2018-0675 + RESERVED +CVE-2018-0674 + RESERVED +CVE-2018-0673 + RESERVED +CVE-2018-0672 + RESERVED +CVE-2018-0671 + RESERVED +CVE-2018-0670 + RESERVED +CVE-2018-0669 + RESERVED +CVE-2018-0668 + RESERVED +CVE-2018-0667 + RESERVED +CVE-2018-0666 + RESERVED +CVE-2018-0665 + RESERVED +CVE-2018-0664 + RESERVED +CVE-2018-0663 + RESERVED +CVE-2018-0662 + RESERVED +CVE-2018-0661 + RESERVED +CVE-2018-0660 + RESERVED +CVE-2018-0659 + RESERVED +CVE-2018-0658 + RESERVED +CVE-2018-0657 + RESERVED +CVE-2018-0656 + RESERVED +CVE-2018-0655 + RESERVED +CVE-2018-0654 + RESERVED +CVE-2018-0653 + RESERVED +CVE-2018-0652 + RESERVED +CVE-2018-0651 + RESERVED +CVE-2018-0650 + RESERVED +CVE-2018-0649 + RESERVED +CVE-2018-0648 + RESERVED +CVE-2018-0647 + RESERVED +CVE-2018-0646 + RESERVED +CVE-2018-0645 + RESERVED +CVE-2018-0644 + RESERVED +CVE-2018-0643 + RESERVED +CVE-2018-0642 + RESERVED +CVE-2018-0641 + RESERVED +CVE-2018-0640 + RESERVED +CVE-2018-0639 + RESERVED +CVE-2018-0638 + RESERVED +CVE-2018-0637 + RESERVED +CVE-2018-0636 + RESERVED +CVE-2018-0635 + RESERVED +CVE-2018-0634 + RESERVED +CVE-2018-0633 + RESERVED +CVE-2018-0632 + RESERVED +CVE-2018-0631 + RESERVED +CVE-2018-0630 + RESERVED +CVE-2018-0629 + RESERVED +CVE-2018-0628 + RESERVED +CVE-2018-0627 + RESERVED +CVE-2018-0626 + RESERVED +CVE-2018-0625 + RESERVED +CVE-2018-0624 + RESERVED +CVE-2018-0623 + RESERVED +CVE-2018-0622 + RESERVED +CVE-2018-0621 + RESERVED +CVE-2018-0620 + RESERVED +CVE-2018-0619 + RESERVED +CVE-2018-0618 + RESERVED +CVE-2018-0617 + RESERVED +CVE-2018-0616 + RESERVED +CVE-2018-0615 + RESERVED +CVE-2018-0614 + RESERVED +CVE-2018-0613 + RESERVED +CVE-2018-0612 + RESERVED +CVE-2018-0611 + RESERVED +CVE-2018-0610 + RESERVED +CVE-2018-0609 + RESERVED +CVE-2018-0608 + RESERVED +CVE-2018-0607 + RESERVED +CVE-2018-0606 + RESERVED +CVE-2018-0605 + RESERVED +CVE-2018-0604 + RESERVED +CVE-2018-0603 + RESERVED +CVE-2018-0602 + RESERVED +CVE-2018-0601 + RESERVED +CVE-2018-0600 + RESERVED +CVE-2018-0599 + RESERVED +CVE-2018-0598 + RESERVED +CVE-2018-0597 + RESERVED +CVE-2018-0596 + RESERVED +CVE-2018-0595 + RESERVED +CVE-2018-0594 + RESERVED +CVE-2018-0593 + RESERVED +CVE-2018-0592 + RESERVED +CVE-2018-0591 + RESERVED +CVE-2018-0590 + RESERVED +CVE-2018-0589 + RESERVED +CVE-2018-0588 + RESERVED +CVE-2018-0587 + RESERVED +CVE-2018-0586 + RESERVED +CVE-2018-0585 + RESERVED +CVE-2018-0584 + RESERVED +CVE-2018-0583 + RESERVED +CVE-2018-0582 + RESERVED +CVE-2018-0581 + RESERVED +CVE-2018-0580 + RESERVED +CVE-2018-0579 + RESERVED +CVE-2018-0578 + RESERVED +CVE-2018-0577 + RESERVED +CVE-2018-0576 + RESERVED +CVE-2018-0575 + RESERVED +CVE-2018-0574 + RESERVED +CVE-2018-0573 + RESERVED +CVE-2018-0572 + RESERVED +CVE-2018-0571 + RESERVED +CVE-2018-0570 + RESERVED +CVE-2018-0569 + RESERVED +CVE-2018-0568 + RESERVED +CVE-2018-0567 + RESERVED +CVE-2018-0566 + RESERVED +CVE-2018-0565 + RESERVED +CVE-2018-0564 + RESERVED +CVE-2018-0563 + RESERVED +CVE-2018-0562 + RESERVED +CVE-2018-0561 +