[Secure-testing-commits] r49520 - data/CVE

security tracker role Wed, 08 Mar 2017 13:10:43 -0800

Author: sectracker
Date: 2017-03-08 21:10:13 +0000 (Wed, 08 Mar 2017)
New Revision: 49520


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-03-08 21:02:43 UTC (rev 49519)
+++ data/CVE/list       2017-03-08 21:10:13 UTC (rev 49520)
@@ -1,23 +1,23 @@
 CVE-2017-6542
        RESERVED
-CVE-2017-6541
-       RESERVED
-CVE-2017-6540
-       RESERVED
-CVE-2017-6539
-       RESERVED
-CVE-2017-6538
-       RESERVED
-CVE-2017-6537
-       RESERVED
-CVE-2017-6536
-       RESERVED
-CVE-2017-6535
-       RESERVED
-CVE-2017-6534
-       RESERVED
-CVE-2017-6533
-       RESERVED
+CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in 
...)
+       TODO: check
+CVE-2017-6540 (Multiple Cross-Site Scripting (XSS) issues were discovered in 
...)
+       TODO: check
+CVE-2017-6539 (Multiple Cross-Site Scripting (XSS) issues were discovered in 
...)
+       TODO: check
+CVE-2017-6538 (A Cross-Site Scripting (XSS) issue was discovered in 
webpagetest 3.0. ...)
+       TODO: check
+CVE-2017-6537 (A Cross-Site Scripting (XSS) issue was discovered in 
webpagetest 3.0. ...)
+       TODO: check
+CVE-2017-6536 (Multiple Cross-Site Scripting (XSS) issues were discovered in 
...)
+       TODO: check
+CVE-2017-6535 (Multiple Cross-Site Scripting (XSS) issues were discovered in 
...)
+       TODO: check
+CVE-2017-6534 (A Cross-Site Scripting (XSS) issue was discovered in 
webpagetest 3.0. ...)
+       TODO: check
+CVE-2017-6533 (A Cross-Site Scripting (XSS) issue was discovered in 
webpagetest 3.0. ...)
+       TODO: check
 CVE-2017-6532
        RESERVED
 CVE-2017-6531
@@ -186,6 +186,7 @@
 CVE-2017-6478 (paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a 
reflected ...)
        NOT-FOR-US: MaNGOSWebV4
 CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 
before ...)
+       {DLA-848-1}
        - freetype <unfixed> (bug #856971)
        NOTE: Fixed in 2.7: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
@@ -724,9 +725,11 @@
        NOTE: 
https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d
        NOTE: 
https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559
 CVE-2017-6353 (net/sctp/socket.c in the Linux kernel through 4.10.1 does not 
properly ...)
+       {DSA-3804-1 DLA-849-1}
        - linux 4.9.13-1
        NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2
 CVE-2017-6348 (The hashbin_delete function in net/irda/irqueue.c in the Linux 
kernel ...)
+       {DSA-3804-1 DLA-849-1}
        - linux 4.9.13-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788
 CVE-2017-6347 (The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in 
the ...)
@@ -735,9 +738,11 @@
        [wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0)
        NOTE: Fixed by: 
https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
 CVE-2017-6346 (Race condition in net/packet/af_packet.c in the Linux kernel 
before ...)
+       {DSA-3804-1 DLA-849-1}
        - linux 4.9.13-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b
 CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not 
ensure ...)
+       {DSA-3804-1 DLA-849-1}
        - linux 4.9.13-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
 CVE-2017-6321
@@ -1023,6 +1028,7 @@
 CVE-2017-6211
        RESERVED
 CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux 
kernel ...)
+       {DSA-3804-1 DLA-849-1}
        - linux 4.9.13-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 
(v4.10-rc8)
 CVE-2017-6210 [null pointer dereference in vrend_decode_reset]
@@ -1556,6 +1562,7 @@
        [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html
 CVE-2017-5986 (Race condition in the sctp_wait_for_sndbuf function in ...)
+       {DSA-3804-1 DLA-849-1}
        - linux 4.9.10-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90
 CVE-2017-5985
@@ -2545,6 +2552,7 @@
 CVE-2017-5670
        RESERVED
 CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 
4.9.12 ...)
+       {DSA-3804-1 DLA-849-1}
        - linux 4.9.13-1
        NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=192931
 CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2 
allows ...)
@@ -4404,8 +4412,8 @@
        NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
 CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus 
before ...)
        NOT-FOR-US: Nessus
-CVE-2017-5178
-       RESERVED
+CVE-2017-5178 (An issue was discovered in Schneider Electric Tableau 
Server/Desktop ...)
+       TODO: check
 CVE-2017-5177
        RESERVED
 CVE-2017-5176
@@ -7727,8 +7735,8 @@
        RESERVED
 CVE-2016-9986
        RESERVED
-CVE-2016-9985
-       RESERVED
+CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive 
information ...)
+       TODO: check
 CVE-2016-9984
        RESERVED
 CVE-2016-9983
@@ -10919,6 +10927,7 @@
 CVE-2017-2637
        RESERVED
 CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel 
through ...)
+       {DSA-3804-1 DLA-849-1}
        - linux <unfixed>
        NOTE: http://www.openwall.com/lists/oss-security/2017/03/07/6
 CVE-2017-2635 [Null pointer dereference when updating storage size on empty 
drives]
@@ -14039,8 +14048,8 @@
        RESERVED
 CVE-2017-1151
        RESERVED
-CVE-2017-1150
-       RESERVED
+CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) ...)
+       TODO: check
 CVE-2017-1149
        RESERVED
 CVE-2017-1148
@@ -16227,6 +16236,7 @@
 CVE-2016-9589
        RESERVED
 CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages 
the #BP ...)
+       {DSA-3804-1 DLA-849-1}
        - linux 4.8.15-2
        NOTE: https://www.spinics.net/lists/kvm/msg142495.html
        NOTE: Fixed by: 
https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388
@@ -18497,8 +18507,8 @@
        NOT-FOR-US: IBM
 CVE-2016-9007
        RESERVED
-CVE-2016-9006
-       RESERVED
+CVE-2016-9006 (IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site 
...)
+       TODO: check
 CVE-2016-9005 (IBM System Storage TS3100-TS3200 Tape Library could allow an 
...)
        NOT-FOR-US: IBM
 CVE-2016-9004
@@ -28458,8 +28468,8 @@
        NOT-FOR-US: IBM
 CVE-2016-5934 (IBM Tivoli Storage Manager FastBack installer could allow a 
remote ...)
        NOT-FOR-US: IBM
-CVE-2016-5933
-       RESERVED
+CVE-2016-5933 (IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible 
host ...)
+       TODO: check
 CVE-2016-5932 (IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to 
cross-site ...)
        NOT-FOR-US: IBM
 CVE-2016-5931
@@ -28536,8 +28546,8 @@
        NOT-FOR-US: IBM
 CVE-2016-5895
        RESERVED
-CVE-2016-5894
-       RESERVED
+CVE-2016-5894 (IBM WebSphere Commerce Enterprise, Professional, Express, and 
...)
+       TODO: check
 CVE-2016-5893
        RESERVED
 CVE-2016-5892 (Cross-site scripting (XSS) vulnerability in IBM 10x, as used in 
...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49520 - data/CVE

Reply via email to