[Secure-testing-commits] r58263 - data/CVE
Author: carnil Date: 2017-12-05 07:43:45 + (Tue, 05 Dec 2017) New Revision: 58263 Modified: data/CVE/list Log: Add CVE-2017-17381/qemu Modified: data/CVE/list === --- data/CVE/list 2017-12-05 06:21:52 UTC (rev 58262) +++ data/CVE/list 2017-12-05 07:43:45 UTC (rev 58263) @@ -4,8 +4,11 @@ RESERVED CVE-2017-17382 RESERVED -CVE-2017-17381 +CVE-2017-17381 [virtio: divide by zero exception while updating rings] RESERVED + - qemu + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html CVE-2018-1140 RESERVED CVE-2018-1139 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58262 - data/CVE
Author: carnil Date: 2017-12-05 06:21:52 + (Tue, 05 Dec 2017) New Revision: 58262 Modified: data/CVE/list Log: Add CVE-2017-1000385/erlang Modified: data/CVE/list === --- data/CVE/list 2017-12-05 05:53:02 UTC (rev 58261) +++ data/CVE/list 2017-12-05 06:21:52 UTC (rev 58262) @@ -1537,8 +1537,11 @@ RESERVED CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts ...) NOT-FOR-US: WordPress plugin wp-thumb-post -CVE-2017-1000385 +CVE-2017-1000385 [TLS server vunlerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery ot MITM attack] RESERVED + - erlang + NOTE: https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM + TODO: check CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58261 - data/CVE
Author: carnil Date: 2017-12-05 05:53:02 + (Tue, 05 Dec 2017) New Revision: 58261 Modified: data/CVE/list Log: Add CVE-2017-8824/linux Modified: data/CVE/list === --- data/CVE/list 2017-12-05 05:47:01 UTC (rev 58260) +++ data/CVE/list 2017-12-05 05:53:02 UTC (rev 58261) @@ -27273,8 +27273,10 @@ [wheezy] - libetpan (Minor issue) NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d NOTE: https://github.com/dinhviethoa/libetpan/issues/274 -CVE-2017-8824 +CVE-2017-8824 [use-after-free in DCCP code] RESERVED + - linux + NOTE: http://lists.openwall.net/netdev/2017/12/04/224 CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) {DSA-4054-1} - tor 0.3.1.9-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58260 - data
Author: carnil Date: 2017-12-05 05:47:01 + (Tue, 05 Dec 2017) New Revision: 58260 Modified: data/embedded-code-copies Log: Record the ITP for skia Modified: data/embedded-code-copies === --- data/embedded-code-copies 2017-12-05 04:07:33 UTC (rev 58259) +++ data/embedded-code-copies 2017-12-05 05:47:01 UTC (rev 58260) @@ -2270,7 +2270,7 @@ - icedove (embed) - thunderbird (embed) -skia (not in Debian) +skia (ITP: #818180) - firefox-esr (embed) - firefox (embed) - qtwebengine-opensource-src (embed) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58259 - data
Author: luciano Date: 2017-12-05 04:07:33 + (Tue, 05 Dec 2017) New Revision: 58259 Modified: data/embedded-code-copies Log: libutils and skia in firefox and others Modified: data/embedded-code-copies === --- data/embedded-code-copies 2017-12-05 04:02:19 UTC (rev 58258) +++ data/embedded-code-copies 2017-12-05 04:07:33 UTC (rev 58259) @@ -2263,6 +2263,20 @@ libunwind - android-platform-external-libunwind (fork) +libutils (not in Debian) + - android-platform-system-core (embed) + - firefox (embed) + - firefox-esr (embed) + - icedove (embed) + - thunderbird (embed) + +skia (not in Debian) + - firefox-esr (embed) + - firefox (embed) + - qtwebengine-opensource-src (embed) + - icedove (embed) + - thunderbird (embed) + jsilver (removed from stretch and later): - android-platform-external-jsilver (fork) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58258 - data/CVE
Author: luciano Date: 2017-12-05 04:02:19 + (Tue, 05 Dec 2017) New Revision: 58258 Modified: data/CVE/list Log: revisiting some nfu Modified: data/CVE/list === --- data/CVE/list 2017-12-04 22:34:40 UTC (rev 58257) +++ data/CVE/list 2017-12-05 04:02:19 UTC (rev 58258) @@ -50595,9 +50595,15 @@ CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci. Product: ...) TODO: check CVE-2017-0842 (An elevation of privilege vulnerability in the Android system ...) - TODO: check + NOT-FOR-US: Fluoride Bluetooth stack in Android CVE-2017-0841 (A remote code execution vulnerability in the Android system ...) - TODO: check + - android-platform-system-core (unimportant) + - firefox + - firefox-esr + - icedove + - thunderbird + TODO: Vulnerable code exists in firefox/firefox-esr and thunderbird/icedove but not sure if affected + NOTE: Fixed by https://android.googlesource.com/platform/system/core/+/47efc676c849e3abf32001d66e2d6eb887e83c48%5E!/ CVE-2017-0840 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0839 (An information disclosure vulnerability in the Android media framework ...) @@ -50617,9 +50623,9 @@ CVE-2017-0832 (A remote code execution vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0831 (An elevation of privilege vulnerability in the Android framework ...) - TODO: check + NOT-FOR-US: Android CVE-2017-0830 (An elevation of privilege vulnerability in the Android framework ...) - TODO: check + NOT-FOR-US: Android CVE-2017-0829 (An elevation of privilege vulnerability in the Motorola bootloader. ...) NOT-FOR-US: Motorola bootloader CVE-2017-0828 (An elevation of privilege vulnerability in the Huawei bootloader. ...) @@ -50633,9 +50639,10 @@ CVE-2017-0824 (An elevation of privilege vulnerability in the Broadcom wifi driver. ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0823 (An information disclosure vulnerability in the Android system (rild). ...) - NOT-FOR-US: Android + NOT-FOR-US: Android (rild) CVE-2017-0822 (An elevation of privilege vulnerability in the Android system ...) - NOT-FOR-US: Android + - android-framework-23 (unimportant) + NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a CVE-2017-0821 RESERVED CVE-2017-0820 (A vulnerability in the Android media framework (n/a). Product: ...) @@ -50726,7 +50733,7 @@ NOT-FOR-US: Android NOTE: https://www.armis.com/blueborne/ CVE-2017-0780 (A denial of service vulnerability in the Android runtime (android ...) - NOT-FOR-US: Android + NOT-FOR-US: Android messaging CVE-2017-0779 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0778 (A information disclosure vulnerability in the Android media framework ...) @@ -50780,9 +50787,10 @@ CVE-2017-0754 RESERVED CVE-2017-0753 (A remote code execution vulnerability in the Android libraries ...) - NOT-FOR-US: Android + NOT-FOR-US: Android (libgdx) CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework ...) - NOT-FOR-US: Android + - android-framework-23 (unimportant) + NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/6ca2eccdbbd4f11698bd5312812b4d171ff3c8ce%5E%21/ CVE-2017-0751 RESERVED NOT-FOR-US: Google drivers for Android @@ -50947,9 +50955,14 @@ CVE-2017-0673 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0672 (A denial of service vulnerability in the Android libraries. Product: ...) - NOT-FOR-US: Android + - firefox-esr + - firefox 54.0-1 + - qtwebengine-opensource-src + - icedove + - thunderbird CVE-2017-0671 (A remote code execution vulnerability in the Android libraries. ...) NOT-FOR-US: Android + NOTE: Not publicly available CVE-2017-0670 (A denial of service vulnerability in the Android framework. Product: ...) NOT-FOR-US: Android CVE-2017-0669 (A information disclosure vulnerability in the Android framework. ...) @@ -64251,7 +64264,7 @@ CVE-2016-6025 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 ...) NOT-FOR-US: IBM CVE-2016-6024 (IBM Jazz technology based products might divulge information that ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-6023 (Directory traversal vulnerability in the Configuration Manager in IBM ...) NOT-FOR-US: IBM CVE-2016-6022 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are
[Secure-testing-commits] r58257 - data/CVE
Author: jmm Date: 2017-12-04 22:34:40 + (Mon, 04 Dec 2017) New Revision: 58257 Modified: data/CVE/list Log: further wireshark triage Modified: data/CVE/list === --- data/CVE/list 2017-12-04 21:29:34 UTC (rev 58256) +++ data/CVE/list 2017-12-04 22:34:40 UTC (rev 58257) @@ -30600,7 +30600,8 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7749 CVE-2017-7748 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector ...) - - wireshark 2.2.6+g32dac6a-1 + - wireshark 2.2.6+g32dac6a-1 (low) + [jessie] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-21.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581 @@ -30610,7 +30611,8 @@ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5cfd52d6629cf8a7ab67c6bacd3431a964f43584 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559 CVE-2017-7746 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector ...) - - wireshark 2.2.6+g32dac6a-1 + - wireshark 2.2.6+g32dac6a-1 (low) + [jessie] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-19.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=58e69cc769dea24b721abd8a29f9eedc11024b7e NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576 @@ -30731,12 +30733,14 @@ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8 CVE-2017-7703 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector ...) - - wireshark 2.2.6+g32dac6a-1 + - wireshark 2.2.6+g32dac6a-1 (low) + [jessie] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-12.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13466 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=671e32820ab29d41d712cc8a472eab9b672684d9 CVE-2017-7702 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector ...) - - wireshark 2.2.6+g32dac6a-1 + - wireshark 2.2.6+g32dac6a-1 (low) + [jessie] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7 @@ -30752,7 +30756,8 @@ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=fa31f69b407436d0946f84baa0acdcc50962bf7a CVE-2017-7700 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file ...) {DLA-858-1} - - wireshark 2.2.6+g32dac6a-1 + - wireshark 2.2.6+g32dac6a-1 (low) + [jessie] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-14.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58256 - data/CVE
Author: carnil Date: 2017-12-04 21:29:34 + (Mon, 04 Dec 2017) New Revision: 58256 Modified: data/CVE/list Log: Add CVE-2017-0910/zulip-server, itp'ed #800052 Modified: data/CVE/list === --- data/CVE/list 2017-12-04 21:29:22 UTC (rev 58255) +++ data/CVE/list 2017-12-04 21:29:34 UTC (rev 58256) @@ -50260,7 +50260,7 @@ CVE-2017-0911 RESERVED CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a ...) - TODO: check + - zulip-server (bug #800052) CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable to a ...) TODO: check CVE-2017-0908 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58255 - data/CVE
Author: carnil Date: 2017-12-04 21:29:22 + (Mon, 04 Dec 2017) New Revision: 58255 Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list === --- data/CVE/list 2017-12-04 21:10:19 UTC (rev 58254) +++ data/CVE/list 2017-12-04 21:29:22 UTC (rev 58255) @@ -1542,9 +1542,9 @@ CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...) - TODO: check + NOT-FOR-US: ZKTeco ZKTime Web Software CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to ...) - TODO: check + NOT-FOR-US: ZKTeco ZKTime Web Software CVE-2017-17055 RESERVED CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function ...) @@ -4127,7 +4127,7 @@ CVE-2017-16722 RESERVED CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...) - TODO: check + NOT-FOR-US: Geovap Reliance SCADA CVE-2017-16720 RESERVED CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...) @@ -6518,7 +6518,7 @@ CVE-2017-15890 RESERVED CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...) - TODO: check + NOT-FOR-US: Synology DiskStation Manager CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...) NOT-FOR-US: Synology CVE-2017-15887 (An improper restriction of excessive authentication attempts ...) @@ -17581,9 +17581,9 @@ CVE-2017-12081 RESERVED CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration ...) - TODO: check + NOT-FOR-US: Synology Photo Station CVE-2017-12079 (Files or directories accessible to external parties vulnerability in ...) - TODO: check + NOT-FOR-US: Synology Photo Station CVE-2017-12078 RESERVED CVE-2017-12077 (Uncontrolled Resource Consumption vulnerability in ...) @@ -20751,7 +20751,7 @@ CVE-2017-11019 RESERVED CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) TODO: check CVE-2017-11016 @@ -20763,7 +20763,7 @@ CVE-2017-11013 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) TODO: check CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11011 RESERVED CVE-2017-11010 @@ -21124,13 +21124,13 @@ CVE-2017-10904 RESERVED CVE-2017-10903 (Improper authentication issue in PTW-WMS1 firmware version 2.000.012 ...) - TODO: check + NOT-FOR-US: PTW-WMS1 firmware CVE-2017-10902 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: PTW-WMS1 firmware CVE-2017-10901 (Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote ...) - TODO: check + NOT-FOR-US: PTW-WMS1 firmware CVE-2017-10900 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: PTW-WMS1 firmware CVE-2017-10899 (SQL injection vulnerability in the A-Reserve and A-Reserve for MT ...) TODO: check CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for MT cloud ...) @@ -21140,15 +21140,15 @@ CVE-2017-10896 RESERVED CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: sDNSProxy CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: StreamRelay.NET CVE-2017-10893 RESERVED CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version ...) - TODO: check + NOT-FOR-US: Music Center for PC CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...) - TODO: check + NOT-FOR-US: Media Go CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to ...) NOT-FOR-US: RX-V200 firmware CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML ...) @@ -21182,7 +21182,7 @@ CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an ...) NOT-FOR-US: I-O DATA DEVICE LAN DISK Connect CVE-2017-10874 (PWR-Q200 does not use random values for source ports of DNS query ...) - TODO: check + NOT-FOR-US: PWR-Q200 CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to
[Secure-testing-commits] r58254 - data/CVE
Author: sectracker Date: 2017-12-04 21:10:19 + (Mon, 04 Dec 2017) New Revision: 58254 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-04 20:52:15 UTC (rev 58253) +++ data/CVE/list 2017-12-04 21:10:19 UTC (rev 58254) @@ -1,3 +1,11 @@ +CVE-2017-17384 + RESERVED +CVE-2017-17383 + RESERVED +CVE-2017-17382 + RESERVED +CVE-2017-17381 + RESERVED CVE-2018-1140 RESERVED CVE-2018-1139 @@ -1533,10 +1541,10 @@ RESERVED CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...) NOT-FOR-US: WooCommerce plugin for WordPress -CVE-2017-17057 - RESERVED -CVE-2017-17056 - RESERVED +CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...) + TODO: check +CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to ...) + TODO: check CVE-2017-17055 RESERVED CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function ...) @@ -4118,8 +4126,8 @@ RESERVED CVE-2017-16722 RESERVED -CVE-2017-16721 - RESERVED +CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...) + TODO: check CVE-2017-16720 RESERVED CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...) @@ -6431,6 +6439,7 @@ - konversation 1.7.3-1 (bug #881586) NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...) + {DLA-1198-1} - libextractor (low; bug #880016) NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg8.html NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117 @@ -6508,8 +6517,8 @@ RESERVED CVE-2017-15890 RESERVED -CVE-2017-15889 - RESERVED +CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...) + TODO: check CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...) NOT-FOR-US: Synology CVE-2017-15887 (An improper restriction of excessive authentication attempts ...) @@ -6931,7 +6940,7 @@ RESERVED CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...) - qpid-java (bug #840131) -CVE-2017-15701 (In Apache Qpid Broker-J before 6.1.x before 6.1.5, the broker does not ...) +CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the ...) - qpid-java (bug #840131) CVE-2017-15700 RESERVED @@ -7172,14 +7181,17 @@ CVE-2017-15603 RESERVED CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error for the ...) + {DLA-1198-1} - libextractor 1:1.6-1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg5.html NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...) + {DLA-1198-1} - libextractor 1:1.6-1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg6.html NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091 CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the ...) + {DLA-1198-1} - libextractor 1:1.6-1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg4.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695 @@ -8064,6 +8076,7 @@ NOTE: https://bugs.launchpad.net/bugs/1718964 NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493 CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in ...) + {DLA-1198-1} - libextractor 1:1.6-1 (bug #878314) [stretch] - libextractor (Minor issue) [jessie] - libextractor (Minor issue) @@ -8072,6 +8085,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600 NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2 CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...) + {DLA-1198-1} - libextractor 1:1.6-1 (bug #878314) [stretch] - libextractor (Minor issue) [jessie] - libextractor (Minor issue) @@ -17566,10 +17580,10 @@ RESERVED CVE-2017-12081 RESERVED -CVE-2017-12080 - RESERVED -CVE-2017-12079 - RESERVED +CVE-2017-12080 (An information exposure vulnerability in
[Secure-testing-commits] r58253 - data/CVE
Author: carnil Date: 2017-12-04 20:52:15 + (Mon, 04 Dec 2017) New Revision: 58253 Modified: data/CVE/list Log: Process couple of NFUs in Android components Modified: data/CVE/list === --- data/CVE/list 2017-12-04 19:06:12 UTC (rev 58252) +++ data/CVE/list 2017-12-04 20:52:15 UTC (rev 58253) @@ -20697,39 +20697,39 @@ CVE-2017-11039 RESERVED CVE-2017-11038 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11037 RESERVED CVE-2017-11036 RESERVED CVE-2017-11035 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11034 RESERVED CVE-2017-11033 RESERVED CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11031 RESERVED CVE-2017-11030 RESERVED CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Android CVE-2017-11027 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11026 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11025 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11024 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11023 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - TODO: check + NOT-FOR-US: Qualcomm components for Android CVE-2017-11021 RESERVED CVE-2017-11020 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58252 - data/CVE
Author: carnil Date: 2017-12-04 19:06:12 + (Mon, 04 Dec 2017) New Revision: 58252 Modified: data/CVE/list Log: Three wireshark issues fixed with 2.4.3 upload to unstable Modified: data/CVE/list === --- data/CVE/list 2017-12-04 18:53:41 UTC (rev 58251) +++ data/CVE/list 2017-12-04 19:06:12 UTC (rev 58252) @@ -1441,17 +1441,17 @@ CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a /script substring in an ...) NOT-FOR-US: Indeo Otter CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety ...) - - wireshark + - wireshark 2.4.3-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-49.html CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA ...) - - wireshark + - wireshark 2.4.3-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14236 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8502fe94ef9e431860921507e1a351c5e3f5c634 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-47.html CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...) - - wireshark + - wireshark 2.4.3-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14249 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58251 - data
Author: apo Date: 2017-12-04 18:53:41 + (Mon, 04 Dec 2017) New Revision: 58251 Modified: data/dla-needed.txt Log: Claim wordpress in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-04 18:50:14 UTC (rev 58250) +++ data/dla-needed.txt 2017-12-04 18:53:41 UTC (rev 58251) @@ -101,7 +101,7 @@ NOTE: 2017-08-28: Contacted maintainer since most issues affect NOTE: Jessie/Stretch as well -- -wordpress +wordpress (Markus Koschany) -- xen -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58250 - in data: . DLA
Author: apo Date: 2017-12-04 18:50:14 + (Mon, 04 Dec 2017) New Revision: 58250 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-1198-1 for libextractor Modified: data/DLA/list === --- data/DLA/list 2017-12-04 17:43:11 UTC (rev 58249) +++ data/DLA/list 2017-12-04 18:50:14 UTC (rev 58250) @@ -1,3 +1,6 @@ +[04 Dec 2017] DLA-1198-1 libextractor - security update + {CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922} + [wheezy] - libextractor 1:0.6.3-5+deb7u1 [30 Nov 2017] DLA-1197-1 sox - security update {CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642} [wheezy] - sox 14.4.0-3+deb7u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-04 17:43:11 UTC (rev 58249) +++ data/dla-needed.txt 2017-12-04 18:50:14 UTC (rev 58250) @@ -31,9 +31,6 @@ libav (Hugo Lefeuvre) NOTE: 20171116: Diego Biurrun (from the libav team) is working on patches. -- -libextractor (Markus Koschany) - NOTE: not all patches available, so didn't bother maintainer yet --- libnet-ping-external-perl NOTE: The solution for jessie is to remove the package from the archieve. NOTE: The same should be done in wheezy too. So the action for this ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58249 - data/CVE
Author: carnil Date: 2017-12-04 17:43:11 + (Mon, 04 Dec 2017) New Revision: 58249 Modified: data/CVE/list Log: Add upstream bug references for CVE-2017-171{27..30} Modified: data/CVE/list === --- data/CVE/list 2017-12-04 17:21:24 UTC (rev 58248) +++ data/CVE/list 2017-12-04 17:43:11 UTC (rev 58249) @@ -700,13 +700,17 @@ RESERVED CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in ...) - libav + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1100 CVE-2017-17129 (The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 ...) - libav (Vulnerable code introduced in 12.x) + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1101 CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 ...) - libav + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1104 CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 ...) - libav [jessie] - libav (Minor issue) + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099 CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.29.1 ...) - binutils [stretch] - binutils (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58248 - data/CVE
Author: jmm Date: 2017-12-04 17:21:24 + (Mon, 04 Dec 2017) New Revision: 58248 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2017-12-04 17:17:12 UTC (rev 58247) +++ data/CVE/list 2017-12-04 17:21:24 UTC (rev 58248) @@ -762,11 +762,11 @@ CVE-2017-17115 RESERVED CVE-2017-17114 (ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus ...) - TODO: check + NOT-FOR-US: IKARUS CVE-2017-17113 (ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL ...) - TODO: check + NOT-FOR-US: IKARUS CVE-2017-17112 (ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool ...) - TODO: check + NOT-FOR-US: IKARUS CVE-2017-17111 RESERVED CVE-2017-17110 @@ -782,23 +782,23 @@ CVE-2017-17105 RESERVED CVE-2017-17104 (Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in ...) - TODO: check + NOT-FOR-US: Fiyo CMS CVE-2017-17103 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via ...) - TODO: check + NOT-FOR-US: Fiyo CMS CVE-2017-17102 (Fiyo CMS 2.0.7 has SQL injection in /system/site.php via ...) - TODO: check + NOT-FOR-US: Fiyo CMS CVE-2017-17101 RESERVED CVE-2017-17100 RESERVED CVE-2017-17099 (There exists an unauthenticated SEH based Buffer Overflow vulnerability ...) - TODO: check + NOT-FOR-US: Flexense SyncBreeze Enterprise CVE-2017-17098 RESERVED CVE-2017-17097 RESERVED CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards plugin ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source ...) - asterisk (bug #883342) NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58247 - data/CVE
Author: jmm Date: 2017-12-04 17:17:12 + (Mon, 04 Dec 2017) New Revision: 58247 Modified: data/CVE/list Log: new libav issue Modified: data/CVE/list === --- data/CVE/list 2017-12-04 17:13:11 UTC (rev 58246) +++ data/CVE/list 2017-12-04 17:17:12 UTC (rev 58247) @@ -703,7 +703,7 @@ CVE-2017-17129 (The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 ...) - libav (Vulnerable code introduced in 12.x) CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 ...) - TODO: check + - libav CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 ...) - libav [jessie] - libav (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58246 - data/CVE
Author: jmm Date: 2017-12-04 17:13:11 + (Mon, 04 Dec 2017) New Revision: 58246 Modified: data/CVE/list Log: new ffmpeg issue Modified: data/CVE/list === --- data/CVE/list 2017-12-04 17:06:43 UTC (rev 58245) +++ data/CVE/list 2017-12-04 17:13:11 UTC (rev 58246) @@ -699,7 +699,7 @@ CVE-2017-17131 RESERVED CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in ...) - TODO: check + - libav CVE-2017-17129 (The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 ...) - libav (Vulnerable code introduced in 12.x) CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58245 - data/CVE
Author: jmm Date: 2017-12-04 17:06:43 + (Mon, 04 Dec 2017) New Revision: 58245 Modified: data/CVE/list Log: one new libav issue n/a Modified: data/CVE/list === --- data/CVE/list 2017-12-04 11:24:11 UTC (rev 58244) +++ data/CVE/list 2017-12-04 17:06:43 UTC (rev 58245) @@ -701,7 +701,7 @@ CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in ...) TODO: check CVE-2017-17129 (The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 ...) - TODO: check + - libav (Vulnerable code introduced in 12.x) CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 ...) TODO: check CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58244 - data/CVE
Author: carnil Date: 2017-12-04 11:24:11 + (Mon, 04 Dec 2017) New Revision: 58244 Modified: data/CVE/list Log: Add CVE-2017-1000407 Modified: data/CVE/list === --- data/CVE/list 2017-12-04 09:55:35 UTC (rev 58243) +++ data/CVE/list 2017-12-04 11:24:11 UTC (rev 58244) @@ -3262,6 +3262,9 @@ RESERVED CVE-2017-16885 RESERVED +CVE-2017-1000407 [DoS via write flood to I/O port 0x80] + - linux + NOTE: https://www.spinics.net/lists/kvm/msg159809.html CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...) NOT-FOR-US: OpenDayLight CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58243 - data/CVE
Author: jmm Date: 2017-12-04 09:55:35 + (Mon, 04 Dec 2017) New Revision: 58243 Modified: data/CVE/list Log: new libav issue (ffmpeg not affected or fixed before reupload to archive, not really worth investigating) Modified: data/CVE/list === --- data/CVE/list 2017-12-04 09:54:26 UTC (rev 58242) +++ data/CVE/list 2017-12-04 09:55:35 UTC (rev 58243) @@ -705,7 +705,8 @@ CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 ...) TODO: check CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 ...) - TODO: check + - libav + [jessie] - libav (Minor issue) CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.29.1 ...) - binutils [stretch] - binutils (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58242 - data/CVE
Author: carnil Date: 2017-12-04 09:54:26 + (Mon, 04 Dec 2017) New Revision: 58242 Modified: data/CVE/list Log: Add CVE-2017-17121/binutils Modified: data/CVE/list === --- data/CVE/list 2017-12-04 09:53:18 UTC (rev 58241) +++ data/CVE/list 2017-12-04 09:54:26 UTC (rev 58242) @@ -742,7 +742,12 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22508 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f CVE-2017-17121 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22506 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b CVE-2017-17120 RESERVED CVE-2017-17119 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58241 - data/CVE
Author: carnil Date: 2017-12-04 09:53:18 + (Mon, 04 Dec 2017) New Revision: 58241 Modified: data/CVE/list Log: Add CVE-2017-17122/binutils Modified: data/CVE/list === --- data/CVE/list 2017-12-04 09:52:10 UTC (rev 58240) +++ data/CVE/list 2017-12-04 09:53:18 UTC (rev 58241) @@ -735,7 +735,12 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22509 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543 CVE-2017-17122 (The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22508 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f CVE-2017-17121 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) TODO: check CVE-2017-17120 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58240 - data/CVE
Author: carnil Date: 2017-12-04 09:52:10 + (Mon, 04 Dec 2017) New Revision: 58240 Modified: data/CVE/list Log: Add CVE-2017-17123/binutils Modified: data/CVE/list === --- data/CVE/list 2017-12-04 09:51:02 UTC (rev 58239) +++ data/CVE/list 2017-12-04 09:52:10 UTC (rev 58240) @@ -728,7 +728,12 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22507 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c CVE-2017-17123 (The coff_slurp_reloc_table function in coffcode.h in the Binary File ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22509 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543 CVE-2017-17122 (The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 ...) TODO: check CVE-2017-17121 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58239 - data/CVE
Author: carnil Date: 2017-12-04 09:51:02 + (Mon, 04 Dec 2017) New Revision: 58239 Modified: data/CVE/list Log: Add CVE-2017-17124 Modified: data/CVE/list === --- data/CVE/list 2017-12-04 09:49:46 UTC (rev 58238) +++ data/CVE/list 2017-12-04 09:51:02 UTC (rev 58239) @@ -721,7 +721,12 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22443 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4 CVE-2017-17124 (The _bfd_coff_read_string_table function in coffgen.c in the Binary ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22507 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c CVE-2017-17123 (The coff_slurp_reloc_table function in coffcode.h in the Binary File ...) TODO: check CVE-2017-17122 (The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58238 - data/CVE
Author: carnil Date: 2017-12-04 09:49:46 + (Mon, 04 Dec 2017) New Revision: 58238 Modified: data/CVE/list Log: Add CVE-2017-17125/binutils Modified: data/CVE/list === --- data/CVE/list 2017-12-04 09:48:16 UTC (rev 58237) +++ data/CVE/list 2017-12-04 09:49:46 UTC (rev 58238) @@ -714,7 +714,12 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22510 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8 CVE-2017-17125 (nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22443 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4 CVE-2017-17124 (The _bfd_coff_read_string_table function in coffgen.c in the Binary ...) TODO: check CVE-2017-17123 (The coff_slurp_reloc_table function in coffcode.h in the Binary File ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58237 - data/CVE
Author: carnil Date: 2017-12-04 09:48:16 + (Mon, 04 Dec 2017) New Revision: 58237 Modified: data/CVE/list Log: Add CVE-2017-17126/binutils Modified: data/CVE/list === --- data/CVE/list 2017-12-04 09:10:21 UTC (rev 58236) +++ data/CVE/list 2017-12-04 09:48:16 UTC (rev 58237) @@ -707,7 +707,12 @@ CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 ...) TODO: check CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.29.1 ...) - TODO: check + - binutils + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22510 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8 CVE-2017-17125 (nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global ...) TODO: check CVE-2017-17124 (The _bfd_coff_read_string_table function in coffgen.c in the Binary ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58236 - data/CVE
Author: sectracker Date: 2017-12-04 09:10:21 + (Mon, 04 Dec 2017) New Revision: 58236 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-03 23:07:15 UTC (rev 58235) +++ data/CVE/list 2017-12-04 09:10:21 UTC (rev 58236) @@ -1,7 +1,767 @@ +CVE-2018-1140 + RESERVED +CVE-2018-1139 + RESERVED +CVE-2018-1138 + RESERVED +CVE-2018-1137 + RESERVED +CVE-2018-1136 + RESERVED +CVE-2018-1135 + RESERVED +CVE-2018-1134 + RESERVED +CVE-2018-1133 + RESERVED +CVE-2018-1132 + RESERVED +CVE-2018-1131 + RESERVED +CVE-2018-1130 + RESERVED +CVE-2018-1129 + RESERVED +CVE-2018-1128 + RESERVED +CVE-2018-1127 + RESERVED +CVE-2018-1126 + RESERVED +CVE-2018-1125 + RESERVED +CVE-2018-1124 + RESERVED +CVE-2018-1123 + RESERVED +CVE-2018-1122 + RESERVED +CVE-2018-1121 + RESERVED +CVE-2018-1120 + RESERVED +CVE-2018-1119 + RESERVED +CVE-2018-1118 + RESERVED +CVE-2018-1117 + RESERVED +CVE-2018-1116 + RESERVED +CVE-2018-1115 + RESERVED +CVE-2018-1114 + RESERVED +CVE-2018-1113 + RESERVED +CVE-2018-1112 + RESERVED +CVE-2018- + RESERVED +CVE-2018-1110 + RESERVED +CVE-2018-1109 + RESERVED +CVE-2018-1108 + RESERVED +CVE-2018-1107 + RESERVED +CVE-2018-1106 + RESERVED +CVE-2018-1105 + RESERVED +CVE-2018-1104 + RESERVED +CVE-2018-1103 + RESERVED +CVE-2018-1102 + RESERVED +CVE-2018-1101 + RESERVED +CVE-2018-1100 + RESERVED +CVE-2018-1099 + RESERVED +CVE-2018-1098 + RESERVED +CVE-2018-1097 + RESERVED +CVE-2018-1096 + RESERVED +CVE-2018-1095 + RESERVED +CVE-2018-1094 + RESERVED +CVE-2018-1093 + RESERVED +CVE-2018-1092 + RESERVED +CVE-2018-1091 + RESERVED +CVE-2018-1090 + RESERVED +CVE-2018-1089 + RESERVED +CVE-2018-1088 + RESERVED +CVE-2018-1087 + RESERVED +CVE-2018-1086 + RESERVED +CVE-2018-1085 + RESERVED +CVE-2018-1084 + RESERVED +CVE-2018-1083 + RESERVED +CVE-2018-1082 + RESERVED +CVE-2018-1081 + RESERVED +CVE-2018-1080 + RESERVED +CVE-2018-1079 + RESERVED +CVE-2018-1078 + RESERVED +CVE-2018-1077 + RESERVED +CVE-2018-1076 + RESERVED +CVE-2018-1075 + RESERVED +CVE-2018-1074 + RESERVED +CVE-2018-1073 + RESERVED +CVE-2018-1072 + RESERVED +CVE-2018-1071 + RESERVED +CVE-2018-1070 + RESERVED +CVE-2018-1069 + RESERVED +CVE-2018-1068 + RESERVED +CVE-2018-1067 + RESERVED +CVE-2018-1066 + RESERVED +CVE-2018-1065 + RESERVED +CVE-2018-1064 + RESERVED +CVE-2018-1063 + RESERVED +CVE-2018-1062 + RESERVED +CVE-2018-1061 + RESERVED +CVE-2018-1060 + RESERVED +CVE-2018-1059 + RESERVED +CVE-2018-1058 + RESERVED +CVE-2018-1057 + RESERVED +CVE-2018-1056 + RESERVED +CVE-2018-1055 + RESERVED +CVE-2018-1054 + RESERVED +CVE-2018-1053 + RESERVED +CVE-2018-1052 + RESERVED +CVE-2018-1051 + RESERVED +CVE-2018-1050 + RESERVED +CVE-2018-1049 + RESERVED +CVE-2018-1048 + RESERVED +CVE-2018-1047 + RESERVED +CVE-2018-1046 + RESERVED +CVE-2018-1045 + RESERVED +CVE-2018-1044 + RESERVED +CVE-2018-1043 + RESERVED +CVE-2018-1042 + RESERVED +CVE-2018-1041 + RESERVED +CVE-2017-17380 + RESERVED +CVE-2017-17379 + RESERVED +CVE-2017-17378 + RESERVED +CVE-2017-17377 + RESERVED +CVE-2017-17376 + RESERVED +CVE-2017-17375 + RESERVED +CVE-2017-17374 + RESERVED +CVE-2017-17373 + RESERVED +CVE-2017-17372 + RESERVED +CVE-2017-17371 + RESERVED +CVE-2017-17370 + RESERVED +CVE-2017-17369 + RESERVED +CVE-2017-17368 + RESERVED +CVE-2017-17367 + RESERVED +CVE-2017-17366 + RESERVED +CVE-2017-17365 + RESERVED +CVE-2017-17364 + RESERVED +CVE-2017-17363 + RESERVED +CVE-2017-17362 + RESERVED +CVE-2017-17361 + RESERVED +CVE-2017-17360 + RESERVED +CVE-2017-17359 + RESERVED +CVE-2017-17358 + RESERVED +CVE-2017-17357 + RESERVED +CVE-2017-17356 + RESERVED +CVE-2017-17355 + RESERVED +CVE-2017-17354 + RESERVED +CVE-2017-17353 + RESERVED +CVE-2017-17352 + RESERVED +CVE-2017-17351 + RESERVED +CVE-2017-17350 + RESERVED +CVE-2017-17349 + RESERVED +CVE-2017-17348 + RESERVED +CVE-2017-17347 + RESERVED +CVE-2017-17346 + RESERVED +CVE-2017-17345 + RESERVED +CVE-2017-17344 + RESERVED +CVE-2017-17343 + RESERVED +CVE-2017-17342 + RESERVED +CVE-2017-17341 + RESERVED +CVE-2017-17340 + RESERVED +CVE-2017-17339 + RESERVED +CVE-2017-17338 + RESERVED