Author: sectracker Date: 2017-06-13 21:10:13 +0000 (Tue, 13 Jun 2017) New Revision: 52543
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-13 20:51:06 UTC (rev 52542) +++ data/CVE/list 2017-06-13 21:10:13 UTC (rev 52543) @@ -1,9 +1,15 @@ -CVE-2017-9605 [drm/vmwgfx: 4 byte read of uninitialised kernel memory in vmw_gb_surface_define_ioctl()] +CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...) + TODO: check +CVE-2017-1000379 + RESERVED +CVE-2017-1000378 + RESERVED +CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...) - linux <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2 NOTE: Fixed by: https://git.kernel.org/linus/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c (v4.12-rc5) -CVE-2017-9603 - RESERVED +CVE-2017-9603 (SQL injection vulnerability in the WP Jobs plugin before 1.5 for ...) + TODO: check CVE-2017-9602 RESERVED CVE-2017-9601 @@ -104,8 +110,8 @@ RESERVED CVE-2017-9553 RESERVED -CVE-2017-9552 - RESERVED +CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 ...) + TODO: check CVE-2015-9097 (The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is ...) TODO: check CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...) @@ -443,8 +449,8 @@ NOTE: Crash in CLI tool, disputable if any exposed service makes use of dnstrace. NOTE: One scenario would be to have a web application that launches dnstracer NOTE: with user supplied name strings to evaluate. -CVE-2017-9429 - RESERVED +CVE-2017-9429 (SQL injection vulnerability in the Event List plugin 0.7.8 for ...) + TODO: check CVE-2017-9428 (A directory traversal vulnerability exists in ...) NOT-FOR-US: BigTree CMS CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...) @@ -512,6 +518,7 @@ [jessie] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise) NOTE: https://github.com/ImageMagick/ImageMagick/issues/457 CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...) + {DLA-984-1 DLA-983-1} - tiff 4.0.8-1 - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2688 @@ -527,6 +534,7 @@ NOTE: with backtrace following the methods in http://bugzilla.maptools.org/show_bug.cgi?id=2688 NOTE: is shown. CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...) + {DLA-984-1 DLA-983-1} - tiff 4.0.8-1 - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2689 @@ -926,6 +934,7 @@ CVE-2014-9971 RESERVED CVE-2017-1000380 [infoleak due to a data race in ALSA timer] + RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378 (v4.12-rc5) NOTE: Fixed by: https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728 (v4.12-rc5) @@ -1089,8 +1098,8 @@ RESERVED CVE-2017-9247 RESERVED -CVE-2017-9246 - RESERVED +CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe ...) + TODO: check CVE-2017-9245 RESERVED CVE-2017-9244 @@ -1418,6 +1427,7 @@ NOTE: http://freeradius.org/security.html#session-resumption-2017 NOTE: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563 CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ...) + {DLA-984-1 DLA-983-1} - tiff 4.0.8-2 (bug #863185) [stretch] - tiff <no-dsa> (Minor issue) [jessie] - tiff <no-dsa> (Minor issue) @@ -3808,26 +3818,26 @@ - linux <not-affected> (Android-specific patch) CVE-2017-8243 RESERVED -CVE-2017-8242 - RESERVED -CVE-2017-8241 - RESERVED -CVE-2017-8240 - RESERVED -CVE-2017-8239 - RESERVED -CVE-2017-8238 - RESERVED -CVE-2017-8237 - RESERVED -CVE-2017-8236 - RESERVED -CVE-2017-8235 - RESERVED -CVE-2017-8234 - RESERVED -CVE-2017-8233 - RESERVED +CVE-2017-8242 (In all Android releases from CAF using the Linux kernel, a race ...) + TODO: check +CVE-2017-8241 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2017-8240 (In all Android releases from CAF using the Linux kernel, a kernel ...) + TODO: check +CVE-2017-8239 (In all Android releases from CAF using the Linux kernel, ...) + TODO: check +CVE-2017-8238 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2017-8237 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2017-8236 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2017-8235 (In all Android releases from CAF using the Linux kernel, a memory ...) + TODO: check +CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out of ...) + TODO: check +CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...) + TODO: check CVE-2017-8232 RESERVED CVE-2017-8231 @@ -4684,28 +4694,28 @@ RESERVED CVE-2016-10343 RESERVED -CVE-2016-10342 - RESERVED -CVE-2016-10341 - RESERVED -CVE-2016-10340 - RESERVED -CVE-2016-10339 - RESERVED -CVE-2016-10338 - RESERVED -CVE-2016-10337 - RESERVED -CVE-2016-10336 - RESERVED -CVE-2016-10335 - RESERVED -CVE-2016-10334 - RESERVED -CVE-2016-10333 - RESERVED -CVE-2016-10332 - RESERVED +CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party ...) + TODO: check +CVE-2016-10340 (In all Android releases from CAF using the Linux kernel, an integer ...) + TODO: check +CVE-2016-10339 (In all Android releases from CAF using the Linux kernel, HLOS can ...) + TODO: check +CVE-2016-10338 (In all Android releases from CAF using the Linux kernel, there was an ...) + TODO: check +CVE-2016-10337 (In all Android releases from CAF using the Linux kernel, some ...) + TODO: check +CVE-2016-10336 (In all Android releases from CAF using the Linux kernel, some regions ...) + TODO: check +CVE-2016-10335 (In all Android releases from CAF using the Linux kernel, libtomcrypt ...) + TODO: check +CVE-2016-10334 (In all Android releases from CAF using the Linux kernel, a ...) + TODO: check +CVE-2016-10333 (In all Android releases from CAF using the Linux kernel, a sensitive ...) + TODO: check +CVE-2016-10332 (In all Android releases from CAF using the Linux kernel, stack ...) + TODO: check CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo ...) NOT-FOR-US: Synology Photo Station CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID ...) @@ -4754,54 +4764,54 @@ RESERVED CVE-2015-9034 RESERVED -CVE-2015-9033 - RESERVED -CVE-2015-9032 - RESERVED -CVE-2015-9031 - RESERVED -CVE-2015-9030 - RESERVED -CVE-2015-9029 - RESERVED -CVE-2015-9028 - RESERVED -CVE-2015-9027 - RESERVED -CVE-2015-9026 - RESERVED -CVE-2015-9025 - RESERVED -CVE-2015-9024 - RESERVED -CVE-2015-9023 - RESERVED -CVE-2015-9022 - RESERVED -CVE-2015-9021 - RESERVED -CVE-2015-9020 - RESERVED +CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE system ...) + TODO: check +CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM key was ...) + TODO: check +CVE-2015-9031 (In all Android releases from CAF using the Linux kernel, a TZ memory ...) + TODO: check +CVE-2015-9030 (In all Android releases from CAF using the Linux kernel, the ...) + TODO: check +CVE-2015-9029 (In all Android releases from CAF using the Linux kernel, a ...) + TODO: check +CVE-2015-9028 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2015-9027 (In all Android releases from CAF using the Linux kernel, an untrusted ...) + TODO: check +CVE-2015-9026 (In all Android releases from CAF using the Linux kernel, an untrusted ...) + TODO: check +CVE-2015-9025 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2015-9024 (In all Android releases from CAF using the Linux kernel, some ...) + TODO: check +CVE-2015-9023 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2015-9022 (In all Android releases from CAF using the Linux kernel, time-of-check ...) + TODO: check +CVE-2015-9021 (In all Android releases from CAF using the Linux kernel, access ...) + TODO: check +CVE-2015-9020 (In all Android releases from CAF using the Linux kernel, an untrusted ...) + TODO: check CVE-2014-9969 RESERVED CVE-2014-9968 RESERVED -CVE-2014-9967 - RESERVED -CVE-2014-9966 - RESERVED -CVE-2014-9965 - RESERVED -CVE-2014-9964 - RESERVED -CVE-2014-9963 - RESERVED -CVE-2014-9962 - RESERVED -CVE-2014-9961 - RESERVED -CVE-2014-9960 - RESERVED +CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted ...) + TODO: check +CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a ...) + TODO: check +CVE-2014-9965 (In all Android releases from CAF using the Linux kernel, a ...) + TODO: check +CVE-2014-9964 (In all Android releases from CAF using the Linux kernel, an integer ...) + TODO: check +CVE-2014-9963 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check +CVE-2014-9962 (In all Android releases from CAF using the Linux kernel, a ...) + TODO: check +CVE-2014-9961 (In all Android releases from CAF using the Linux kernel, a ...) + TODO: check +CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check CVE-2017-7894 RESERVED CVE-2017-7893 @@ -4953,7 +4963,7 @@ CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote ...) - radare2 <not-affected> (Vulnerable code introduced later) CVE-2017-7853 (In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can ...) - {DLA-898-1} + {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109265 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 @@ -4962,17 +4972,17 @@ CVE-2017-7851 RESERVED CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...) - {DLA-898-1} + {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109132 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=b9dd097b5b24f5ee54b0a8739e59641cd51b6ead CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...) - {DLA-898-1} + {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109131 NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1d9fb1d3a71cc85ef95352e549b140c706cf8696 CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...) - {DLA-898-1} + {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109133 NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f @@ -6364,24 +6374,24 @@ [jessie] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1) [wheezy] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1) NOTE: Fixed by: https://git.kernel.org/linus/1b53cf9815bb4744958d41f3795d5d5a1d365e2d (4.11-rc4) -CVE-2017-7373 - RESERVED -CVE-2017-7372 - RESERVED -CVE-2017-7371 - RESERVED -CVE-2017-7370 - RESERVED -CVE-2017-7369 - RESERVED -CVE-2017-7368 - RESERVED -CVE-2017-7367 - RESERVED -CVE-2017-7366 - RESERVED -CVE-2017-7365 - RESERVED +CVE-2017-7373 (In all Android releases from CAF using the Linux kernel, a double free ...) + TODO: check +CVE-2017-7372 (In all Android releases from CAF using the Linux kernel, a race ...) + TODO: check +CVE-2017-7371 (In all Android releases from CAF using the Linux kernel, a data ...) + TODO: check +CVE-2017-7370 (In all Android releases from CAF using the Linux kernel, a race ...) + TODO: check +CVE-2017-7369 (In all Android releases from CAF using the Linux kernel, an array ...) + TODO: check +CVE-2017-7368 (In all Android releases from CAF using the Linux kernel, a race ...) + TODO: check +CVE-2017-7367 (In all Android releases from CAF using the Linux kernel, an integer ...) + TODO: check +CVE-2017-7366 (In all Android releases from CAF using the Linux kernel, a KGSL ioctl ...) + TODO: check +CVE-2017-7365 (In all Android releases from CAF using the Linux kernel, a buffer ...) + TODO: check CVE-2017-7364 RESERVED CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS ...) @@ -14210,6 +14220,7 @@ CVE-2017-4955 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions ...) TODO: check CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in ...) + {DLA-984-1 DLA-983-1} - tiff 4.0.8-2 (bug #850316) - tiff3 <removed> NOTE: This is a duplicate of CVE-2015-7554, both were reported against tiffsplit @@ -16911,8 +16922,8 @@ RESERVED CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information ...) NOT-FOR-US: IBM -CVE-2016-9984 - RESERVED +CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote ...) + TODO: check CVE-2016-9983 RESERVED CVE-2016-9982 @@ -16933,8 +16944,8 @@ NOT-FOR-US: IBM CVE-2016-9974 RESERVED -CVE-2016-9973 - RESERVED +CVE-2016-9973 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2016-9972 RESERVED CVE-2016-9971 @@ -23584,18 +23595,18 @@ RESERVED CVE-2017-1105 RESERVED -CVE-2017-1104 - RESERVED +CVE-2017-1104 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...) + TODO: check CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service, caused by ...) NOT-FOR-US: IBM -CVE-2017-1102 - RESERVED -CVE-2017-1101 - RESERVED -CVE-2017-1100 - RESERVED -CVE-2017-1099 - RESERVED +CVE-2017-1102 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...) + TODO: check +CVE-2017-1101 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...) + TODO: check +CVE-2017-1100 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...) + TODO: check +CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive information to ...) + TODO: check CVE-2017-1098 RESERVED CVE-2017-1097 @@ -39692,8 +39703,7 @@ [wheezy] - linux <not-affected> (Transactional memory not supported) NOTE: https://marc.info/?l=kvm&m=146968629127349&w=2 NOTE: https://git.kernel.org/linus/93d17397e4e2182fdaad503e2f9da46202c0f1c3 (v4.8-rc1) -CVE-2016-5411 - RESERVED +CVE-2016-5411 (/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart ...) NOT-FOR-US: ovirt engine CVE-2016-5410 (firewalld.py in firewalld before 0.4.3.3 allows local users to bypass ...) - firewalld 0.4.3.3-1 (bug #834529) @@ -39759,8 +39769,7 @@ - hadoop <itp> (bug #793644) CVE-2016-5392 (The API server in Kubernetes, as used in Red Hat OpenShift Enterprise ...) NOT-FOR-US: OpenShift -CVE-2016-5391 - RESERVED +CVE-2016-5391 (libreswan before 3.18 allows remote attackers to cause a denial of ...) - libreswan <not-affected> (Fixed before the initial upload to Debian) NOTE: https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt CVE-2016-5390 (Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote ...) @@ -45543,8 +45552,7 @@ - libxml2 2.9.3+dfsg1-1.1 (bug #823414) NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6 (v2.9.4) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207 -CVE-2016-3704 - RESERVED +CVE-2016-3704 (Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate ...) NOT-FOR-US: Pulp (Red Hat) CVE-2016-3703 (Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the ...) NOT-FOR-US: OpenShift @@ -45569,8 +45577,7 @@ - runc 0.1.0+dfsg-1 NOTE: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 (runc, v0.1.0) NOTE: https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a (docker) -CVE-2016-3696 - RESERVED +CVE-2016-3696 (The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users ...) NOT-FOR-US: Pulp (Red Hat) CVE-2016-3695 RESERVED @@ -68867,8 +68874,8 @@ NOT-FOR-US: TYPO3 extension jobfair CVE-2015-4597 RESERVED -CVE-2015-4596 - RESERVED +CVE-2015-4596 (Lenovo Mouse Suite before 6.73 allows local users to run arbitrary ...) + TODO: check CVE-2015-4595 RESERVED CVE-2015-4594 (eClinicalWorks Population Health (CCMR) suffers from a session ...) @@ -72811,8 +72818,7 @@ [jessie] - neutron <not-affected> (ipset code introduced in Juno) NOTE: https://bugs.launchpad.net/neutron/+bug/1461054/comments/18 NOTE: 2014.2 versions through 2014.2.3 and 2015.1.0 version -CVE-2015-3220 - RESERVED +CVE-2015-3220 (The tlslite library before 0.4.9 for Python allows remote attackers to ...) - tlslite <removed> CVE-2015-3219 (Cross-site scripting (XSS) vulnerability in the Orchestration/Stack ...) {DSA-3617-1} _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits