Author: sectracker
Date: 2017-12-23 09:10:23 +0000 (Sat, 23 Dec 2017)
New Revision: 58860
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-23 08:31:21 UTC (rev 58859)
+++ data/CVE/list 2017-12-23 09:10:23 UTC (rev 58860)
@@ -1,34 +1,48 @@
-CVE-2017-17857 [bpf: fix missing error return in check_stack_boundary()]
+CVE-2017-17861
+ RESERVED
+CVE-2017-17860
+ RESERVED
+CVE-2017-17859
+ RESERVED
+CVE-2017-17858
+ RESERVED
+CVE-2017-17851
+ RESERVED
+CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4
and ...)
+ TODO: check
+CVE-2017-17849
+ RESERVED
+CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in
the Linux ...)
- linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introdued later)
[jessie] - linux <not-affected> (Vulnerable code introdued later)
[wheezy] - linux <not-affected> (Vulnerable code introdued later)
NOTE: Fixed by:
https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469
-CVE-2017-17856 [bpf: force strict alignment checks for stack pointers]
+CVE-2017-17856 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8
allows local ...)
- linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introdued later)
[jessie] - linux <not-affected> (Vulnerable code introdued later)
[wheezy] - linux <not-affected> (Vulnerable code introdued later)
NOTE: Fixed by:
https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f
-CVE-2017-17855 [bpf: don't prune branches when a scalar is replaced with a
pointer]
+CVE-2017-17855 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8
allows local ...)
- linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introdued later)
[jessie] - linux <not-affected> (Vulnerable code introdued later)
[wheezy] - linux <not-affected> (Vulnerable code introdued later)
NOTE: Fixed by:
https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14
-CVE-2017-17854 [bpf: fix integer overflows]
+CVE-2017-17854 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8
allows local ...)
- linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introdued later)
[jessie] - linux <not-affected> (Vulnerable code introdued later)
[wheezy] - linux <not-affected> (Vulnerable code introdued later)
NOTE: Fixed by:
https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03
-CVE-2017-17853 [bpf/verifier: fix bounds calculation on BPF_RSH]
+CVE-2017-17853 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8
allows local ...)
- linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introdued later)
[jessie] - linux <not-affected> (Vulnerable code introdued later)
[wheezy] - linux <not-affected> (Vulnerable code introdued later)
NOTE: Fixed by:
https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941
-CVE-2017-17852 [bpf: fix 32-bit ALU op verification]
+CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8
allows local ...)
- linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introdued later)
[jessie] - linux <not-affected> (Vulnerable code introdued later)
@@ -64,22 +78,28 @@
RESERVED
CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a
...)
TODO: check
-CVE-2017-17843
+CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows
remote ...)
+ {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE:
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17844
+CVE-2017-17844 (An issue was discovered in Enigmail before 1.9.9. A remote
attacker can ...)
+ {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE:
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17845
+CVE-2017-17845 (An issue was discovered in Enigmail before 1.9.9. Improper
Random ...)
+ {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE:
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17846
+CVE-2017-17846 (An issue was discovered in Enigmail before 1.9.9. Regular
expressions ...)
+ {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE:
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17847
+CVE-2017-17847 (An issue was discovered in Enigmail before 1.9.9. Signature
spoofing is ...)
+ {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE:
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17848
+CVE-2017-17848 (An issue was discovered in Enigmail before 1.9.9. In a variant
of ...)
+ {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE:
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute
...)
@@ -5381,7 +5401,7 @@
[jessie] - lilypond <no-dsa> (Minor issue)
[wheezy] - lilypond <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/testlilyissues/issues/5243/
-CVE-2017-17522 (Lib/webbrowser.py in Python through 3.6.3 does not validate
strings ...)
+CVE-2017-17522 (** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does
not ...)
- jython <unfixed>
[wheezy] - jython <not-affected> (Vulnerable code is not provided in
the binary package)
- python2.6 <removed>
@@ -6004,12 +6024,12 @@
CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe
VT20i ...)
NOT-FOR-US: Vaultek Gun Safe
CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before
2017-12-03, ...)
- {DSA-4068-1}
+ {DSA-4068-1 DLA-1218-1}
- rsync 3.1.2-2.1 (bug #883665)
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
CVE-2017-17433 (The recv_files function in receiver.c in the daemon in rsync
3.1.2, and ...)
- {DSA-4068-1}
+ {DSA-4068-1 DLA-1218-1}
- rsync 3.1.2-2.1 (bug #883667)
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q,
status, ...)
@@ -10922,7 +10942,7 @@
CVE-2017-16549
RESERVED
CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
- {DSA-4068-1}
+ {DSA-4068-1 DLA-1218-1}
- rsync 3.1.2-2.1 (bug #880954)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
NOTE:
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
@@ -18494,8 +18514,8 @@
NOT-FOR-US: Schneider Electric
CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens
SIMATIC ...)
NOT-FOR-US: Siemens
-CVE-2017-14022
- RESERVED
+CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell
...)
+ TODO: check
CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in
Korenix ...)
NOT-FOR-US: Korenix
CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
