Author: sectracker Date: 2017-10-11 09:10:12 +0000 (Wed, 11 Oct 2017) New Revision: 56596
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-11 09:04:44 UTC (rev 56595) +++ data/CVE/list 2017-10-11 09:10:12 UTC (rev 56596) @@ -1,6 +1,104 @@ -CVE-2016-10514 +CVE-2017-15265 + RESERVED +CVE-2017-15264 + RESERVED +CVE-2017-15263 + RESERVED +CVE-2017-15262 + RESERVED +CVE-2017-15261 + RESERVED +CVE-2017-15260 + RESERVED +CVE-2017-15259 + RESERVED +CVE-2017-15258 + RESERVED +CVE-2017-15257 + RESERVED +CVE-2017-15256 + RESERVED +CVE-2017-15255 + RESERVED +CVE-2017-15254 + RESERVED +CVE-2017-15253 + RESERVED +CVE-2017-15252 + RESERVED +CVE-2017-15251 + RESERVED +CVE-2017-15250 + RESERVED +CVE-2017-15249 + RESERVED +CVE-2017-15248 + RESERVED +CVE-2017-15247 + RESERVED +CVE-2017-15246 + RESERVED +CVE-2017-15245 + RESERVED +CVE-2017-15244 + RESERVED +CVE-2017-15243 + RESERVED +CVE-2017-15242 + RESERVED +CVE-2017-15241 + RESERVED +CVE-2017-15240 + RESERVED +CVE-2017-15239 + RESERVED +CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a ...) + TODO: check +CVE-2017-15237 + RESERVED +CVE-2017-15236 (Tiandy IP cameras 5.56.17.120 do not properly restrict a certain ...) + TODO: check +CVE-2017-15235 (The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 ...) + TODO: check +CVE-2017-15234 + RESERVED +CVE-2017-15233 + RESERVED +CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and ...) + TODO: check +CVE-2017-15231 + RESERVED +CVE-2017-15230 + RESERVED +CVE-2017-15229 + RESERVED +CVE-2017-15228 + RESERVED +CVE-2017-15227 + RESERVED +CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ...) + TODO: check +CVE-2017-15225 (_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File ...) + TODO: check +CVE-2017-15224 + RESERVED +CVE-2017-15223 + RESERVED +CVE-2017-15222 + RESERVED +CVE-2017-15221 + RESERVED +CVE-2017-15220 + RESERVED +CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in ...) + TODO: check +CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...) + TODO: check +CVE-2016-10514 (url_check_format in include/functions.inc.php in Piwigo before 2.8.3 ...) - piwigo <removed> -CVE-2016-10513 +CVE-2016-10513 (Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted ...) - piwigo <removed> CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete ...) NOT-FOR-US: MISP @@ -46,16 +144,16 @@ - kanboard <itp> (bug #790814) CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) - kanboard <itp> (bug #790814) -CVE-2017-15193 - RESERVED -CVE-2017-15192 - RESERVED -CVE-2017-15191 - RESERVED -CVE-2017-15190 - RESERVED -CVE-2017-15189 - RESERVED +CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector ...) + TODO: check +CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector ...) + TODO: check +CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the ...) + TODO: check +CVE-2017-15190 (In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was ...) + TODO: check +CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an ...) + TODO: check CVE-2017-15188 (A persistent (stored) XSS vulnerability in the EyesOfNetwork web ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-15187 @@ -489,11 +587,13 @@ - lame <unfixed> NOTE: https://sourceforge.net/p/lame/bugs/480/ CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...) + {DLA-1131-1} - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/723 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375 CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...) + {DLA-1131-1} - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/725 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457 @@ -610,6 +710,7 @@ - wordpress 4.8.2+dfsg-2 (bug #877629) NOTE: https://core.trac.wordpress.org/ticket/38474 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...) + {DLA-1131-1} - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/781 NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628 @@ -1237,6 +1338,7 @@ CVE-2017-14742 RESERVED CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick ...) + {DLA-1131-1} - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/771 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f @@ -1244,6 +1346,7 @@ CVE-2017-14740 RESERVED CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...) + {DLA-1131-1} - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/780 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d @@ -1411,6 +1514,7 @@ CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by ...) NOT-FOR-US: geminabox CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #876488) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00 @@ -1633,6 +1737,7 @@ NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21 NOTE: https://github.com/LibRaw/LibRaw/issues/101 CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ...) + {DLA-1131-1} - imagemagick <unfixed> (low) NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74 NOTE: https://github.com/ImageMagick/ImageMagick/issues/765 @@ -1892,6 +1997,7 @@ CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...) NOT-FOR-US: geminabox CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...) + {DLA-1131-1} - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/716 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9 @@ -2219,6 +2325,7 @@ CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in ...) + {DLA-1131-1} - imagemagick <unfixed> (low) NOTE: https://github.com/ImageMagick/ImageMagick/issues/746 NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af @@ -2346,6 +2453,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21 CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...) + {DLA-1131-1} - imagemagick <unfixed> (low; bug #876105) NOTE: https://github.com/ImageMagick/ImageMagick/issues/654 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24 @@ -2413,17 +2521,21 @@ CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to ...) NOT-FOR-US: Mirasvit Helpdesk MX CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. When ...) + {DLA-1132-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-234.html CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function ...) + {DLA-1132-1} - xen <unfixed> [jessie] - xen <not-affected> (Only affects 4.5 and later) NOTE: https://xenbits.xen.org/xsa/advisory-232.html NOTE: Wheezy will be affected with the upcoming grant table backport CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon (aka ...) + {DLA-1132-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-233.html CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9.x. The ...) + {DLA-1132-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-231.html CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation ...) @@ -2597,6 +2709,7 @@ CVE-2017-14250 RESERVED CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in ...) + {DLA-1131-1} - imagemagick <unfixed> (low; bug #876099) NOTE: https://github.com/ImageMagick/ImageMagick/issues/708 NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac @@ -2706,6 +2819,7 @@ - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2 CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #876097) NOTE: https://github.com/ImageMagick/ImageMagick/issues/733 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde @@ -2811,19 +2925,23 @@ CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...) NOT-FOR-US: aacplusenc CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #875502) NOTE: https://github.com/ImageMagick/ImageMagick/issues/712 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56 CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #875503) NOTE: https://github.com/ImageMagick/ImageMagick/issues/714 NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64 CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #875504) NOTE: https://github.com/ImageMagick/ImageMagick/issues/713 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #875506) NOTE: https://github.com/ImageMagick/ImageMagick/issues/715 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c @@ -3226,6 +3344,7 @@ - libidn <not-affected> (Vulnerable code not present) NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305 CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in ...) + {DLA-1131-1} - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/710 NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c @@ -3858,6 +3977,7 @@ CVE-2017-13770 RESERVED CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...) + {DLA-1131-1} - imagemagick <unfixed> (low) NOTE: https://github.com/ImageMagick/ImageMagick/issues/705 NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c @@ -3866,6 +3986,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260 CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in ...) + {DLA-1131-1} - imagemagick <unfixed> (low; bug #875352) NOTE: https://github.com/ImageMagick/ImageMagick/issues/706 NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3 @@ -3904,6 +4025,7 @@ CVE-2017-13759 RESERVED CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...) + {DLA-1131-1} - imagemagick <unfixed> NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907 @@ -6704,6 +6826,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/663 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #873871) NOTE: https://github.com/ImageMagick/ImageMagick/issues/659 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e @@ -6771,7 +6894,7 @@ - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201708-01 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-230.html CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is ...) @@ -7205,16 +7328,19 @@ NOTE: https://curl.haxx.se/CVE-2017-1000099.patch NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8 CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #875341) NOTE: https://github.com/ImageMagick/ImageMagick/issues/652 NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #875339) NOTE: https://github.com/ImageMagick/ImageMagick/issues/653 NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15 CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 ...) + {DLA-1131-1} - imagemagick <unfixed> (bug #875338) NOTE: https://github.com/ImageMagick/ImageMagick/issues/656 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d @@ -8627,7 +8753,7 @@ CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in ...) NOT-FOR-US: XOOPS CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-227.html CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x ...) @@ -8637,7 +8763,7 @@ [wheezy] - xen <not-affected> (Only affects 4.6 and later) NOTE: https://xenbits.xen.org/xsa/advisory-228.html CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-226.html CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in ...) @@ -11794,50 +11920,50 @@ RESERVED CVE-2017-11068 RESERVED -CVE-2017-11067 - RESERVED +CVE-2017-11067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11066 RESERVED CVE-2017-11065 RESERVED -CVE-2017-11064 - RESERVED -CVE-2017-11063 - RESERVED -CVE-2017-11062 - RESERVED -CVE-2017-11061 - RESERVED -CVE-2017-11060 - RESERVED -CVE-2017-11059 - RESERVED +CVE-2017-11064 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11063 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11062 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11061 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11060 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11058 RESERVED -CVE-2017-11057 - RESERVED -CVE-2017-11056 - RESERVED -CVE-2017-11055 - RESERVED -CVE-2017-11054 - RESERVED -CVE-2017-11053 - RESERVED -CVE-2017-11052 - RESERVED -CVE-2017-11051 - RESERVED -CVE-2017-11050 - RESERVED +CVE-2017-11057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11055 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11054 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11053 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11052 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11051 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11049 RESERVED -CVE-2017-11048 - RESERVED +CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11047 RESERVED -CVE-2017-11046 - RESERVED +CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11045 RESERVED CVE-2017-11044 @@ -15051,15 +15177,15 @@ [wheezy] - xen <not-affected> (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-225.html CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO region ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure sufficient ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...) @@ -15069,7 +15195,7 @@ [wheezy] - xen <not-affected> (arm not supported) NOTE: https://xenbits.xen.org/xsa/advisory-223.html CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-222.html CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled event ...) @@ -15084,19 +15210,19 @@ [wheezy] - xen <not-affected> (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-220.html CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-219.html CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race condition ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-218.html CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false mapping ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-218.html CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest OS users ...) - {DSA-3969-1} + {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-217.html CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...) @@ -15376,14 +15502,14 @@ RESERVED CVE-2017-9718 RESERVED -CVE-2017-9717 - RESERVED +CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9716 RESERVED -CVE-2017-9715 - RESERVED -CVE-2017-9714 - RESERVED +CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9713 RESERVED CVE-2017-9712 @@ -15398,8 +15524,8 @@ RESERVED CVE-2017-9707 RESERVED -CVE-2017-9706 - RESERVED +CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9705 RESERVED CVE-2017-9704 @@ -15416,8 +15542,8 @@ RESERVED CVE-2017-9698 RESERVED -CVE-2017-9697 - RESERVED +CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9696 RESERVED CVE-2017-9695 @@ -15440,16 +15566,16 @@ RESERVED CVE-2017-9688 RESERVED -CVE-2017-9687 - RESERVED -CVE-2017-9686 - RESERVED +CVE-2017-9687 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-9686 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9685 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9684 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-9683 - RESERVED +CVE-2017-9683 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9681 @@ -17737,8 +17863,8 @@ RESERVED CVE-2017-8995 RESERVED -CVE-2017-8994 - RESERVED +CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration ...) + TODO: check CVE-2017-8993 RESERVED CVE-2017-8992 @@ -22839,8 +22965,8 @@ RESERVED CVE-2017-7353 RESERVED -CVE-2017-7352 - RESERVED +CVE-2017-7352 (Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity ...) + TODO: check CVE-2017-7351 RESERVED CVE-2017-7350 @@ -27722,10 +27848,10 @@ RESERVED CVE-2017-5723 RESERVED -CVE-2017-5722 - RESERVED -CVE-2017-5721 - RESERVED +CVE-2017-5722 (Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, ...) + TODO: check +CVE-2017-5721 (Insufficient input validation in system firmware for Intel NUC7i3BNK, ...) + TODO: check CVE-2017-5720 RESERVED CVE-2017-5719 @@ -27764,10 +27890,10 @@ RESERVED CVE-2017-5702 RESERVED -CVE-2017-5701 - RESERVED -CVE-2017-5700 - RESERVED +CVE-2017-5701 (Insecure platform configuration in system firmware for Intel ...) + TODO: check +CVE-2017-5700 (Insufficient protection of password storage in system firmware for ...) + TODO: check CVE-2017-5699 RESERVED CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, and ...) @@ -39652,8 +39778,8 @@ RESERVED CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...) NOT-FOR-US: IBM -CVE-2017-1538 - RESERVED +CVE-2017-1538 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) + TODO: check CVE-2017-1537 RESERVED CVE-2017-1536 @@ -39722,8 +39848,8 @@ RESERVED CVE-2017-1504 (IBM WebSphere Application Server version 9.0.0.4 could provide weaker ...) NOT-FOR-US: IBM -CVE-2017-1503 - RESERVED +CVE-2017-1503 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + TODO: check CVE-2017-1502 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits