Author: sectracker
Date: 2017-02-10 09:10:12 +0000 (Fri, 10 Feb 2017)
New Revision: 48832
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-10 08:45:23 UTC (rev 48831)
+++ data/CVE/list 2017-02-10 09:10:12 UTC (rev 48832)
@@ -1,3 +1,45 @@
+CVE-2017-5954 (An issue was discovered in the serialize-to-js package 0.5.0
for ...)
+ TODO: check
+CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for
tree ...)
+ TODO: check
+CVE-2017-5952
+ RESERVED
+CVE-2017-5951
+ RESERVED
+CVE-2017-5950
+ RESERVED
+CVE-2017-5949
+ RESERVED
+CVE-2017-5948
+ RESERVED
+CVE-2017-5947
+ RESERVED
+CVE-2017-5946
+ RESERVED
+CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through
3.0.20 for ...)
+ TODO: check
+CVE-2017-5944
+ RESERVED
+CVE-2017-5943
+ RESERVED
+CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for
WordPress. ...)
+ TODO: check
+CVE-2016-10222
+ RESERVED
+CVE-2016-10221
+ RESERVED
+CVE-2016-10220
+ RESERVED
+CVE-2016-10219
+ RESERVED
+CVE-2016-10218
+ RESERVED
+CVE-2016-10217
+ RESERVED
+CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through
1.23. The ...)
+ TODO: check
+CVE-2016-10215 (An issue was discovered in Fastspot BigTree
bigtree-form-builder before ...)
+ TODO: check
CVE-2017-XXXX [diffoscope writes to arbitrary locations on disk based on the
contents of an untrusted archive]
- diffoscope <unfixed> (bug #854723)
CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for
...)
@@ -178,7 +220,7 @@
RESERVED
CVE-2017-5938 [viewc Cross-Site Scripting (XSS) vulnerability]
RESERVED
- {DSA-3784-1}
+ {DSA-3784-1 DLA-820-1}
- viewvc 1.1.26-1 (bug #854681)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/08/7
NOTE:
https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
@@ -276,8 +318,7 @@
RESERVED
CVE-2017-5859
RESERVED
-CVE-2017-5858
- RESERVED
+CVE-2017-5858 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
NOT-FOR-US: converse.js
CVE-2017-5851
RESERVED
@@ -903,20 +944,15 @@
- serendipity <removed>
CVE-2017-5607
RESERVED
-CVE-2017-5606
- RESERVED
+CVE-2017-5606 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
NOT-FOR-US: Xabber
-CVE-2017-5605
- RESERVED
+CVE-2017-5605 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
NOT-FOR-US: Movim
-CVE-2017-5604
- RESERVED
+CVE-2017-5604 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
- mcabber <unfixed> (bug #854738)
-CVE-2017-5603
- RESERVED
+CVE-2017-5603 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
- jitsi <unfixed> (bug #854737)
-CVE-2017-5602
- RESERVED
+CVE-2017-5602 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
- jappix <itp> (bug #619347)
CVE-2017-5601 (An error in the lha_read_file_header_1() function ...)
{DLA-810-1}
@@ -1053,21 +1089,16 @@
- zoneminder <unfixed> (bug #854733)
CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this
...)
NOT-FOR-US: Pagekit CMS
-CVE-2017-5593
- RESERVED
+CVE-2017-5593 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
- psi-plus <unfixed> (bug #854736)
-CVE-2017-5592
- RESERVED
+CVE-2017-5592 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
- profanity <unfixed> (bug #854735)
-CVE-2017-5591
- RESERVED
+CVE-2017-5591 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
- sleekxmpp <unfixed> (bug #854739)
- slixmpp <unfixed> (bug #854740)
-CVE-2017-5590
- RESERVED
+CVE-2017-5590 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
NOT-FOR-US: ChatSecure / Zom
-CVE-2017-5589
- RESERVED
+CVE-2017-5589 (An incorrect implementation of "XEP-0280: Message
Carbons" in multiple ...)
NOT-FOR-US: yaxim / Bruno
CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6
and ...)
{DSA-3778-1 DLA-808-1}
@@ -14822,7 +14853,7 @@
REJECTED
CVE-2016-9560 [stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)]
RESERVED
- {DLA-739-1}
+ {DSA-3785-1 DLA-739-1}
- jasper <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
NOTE: Fixed by:
https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
@@ -17332,7 +17363,7 @@
NOTE:
https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8882 (The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in
JasPer ...)
- {DLA-739-1}
+ {DSA-3785-1 DLA-739-1}
- jasper <removed> (unimportant)
NOTE: https://github.com/mdadams/jasper/issues/30
NOTE:
https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee
(version-1.900.8)
@@ -17469,20 +17500,20 @@
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
RESERVED
- {DLA-739-1}
+ {DSA-3785-1 DLA-739-1}
- jasper <removed> (bug #841110)
NOTE:
https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
NOTE:
https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
CVE-2016-8692 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
RESERVED
- {DLA-739-1}
+ {DSA-3785-1 DLA-739-1}
- jasper <removed> (unimportant; low; bug #841111)
NOTE:
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
NOTE: Fixed by:
https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020
(version-1.900.4)
NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8691 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
RESERVED
- {DLA-739-1}
+ {DSA-3785-1 DLA-739-1}
- jasper <removed> (unimportant; bug #841111)
NOTE:
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
NOTE: Fixed by:
https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020
(version-1.900.4)
@@ -17608,7 +17639,7 @@
NOTE: Non-privileged user namespaces disabled by default, only
exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec]
RESERVED
- {DLA-739-1}
+ {DSA-3785-1 DLA-739-1}
- jasper <removed>
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/93
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/94
@@ -40760,6 +40791,7 @@
NOTE: Fixed in 2.8.5 upstream
TODO: Recheck, the issue might be fixed incompletely, cf. #811519
CVE-2016-1867 (The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote
attackers ...)
+ {DSA-3785-1}
- jasper <removed> (bug #811023)
[jessie] - jasper <no-dsa> (Minor issue)
[wheezy] - jasper <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
