Author: sectracker Date: 2017-03-08 21:10:13 +0000 (Wed, 08 Mar 2017) New Revision: 49520
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-08 21:02:43 UTC (rev 49519) +++ data/CVE/list 2017-03-08 21:10:13 UTC (rev 49520) @@ -1,23 +1,23 @@ CVE-2017-6542 RESERVED -CVE-2017-6541 - RESERVED -CVE-2017-6540 - RESERVED -CVE-2017-6539 - RESERVED -CVE-2017-6538 - RESERVED -CVE-2017-6537 - RESERVED -CVE-2017-6536 - RESERVED -CVE-2017-6535 - RESERVED -CVE-2017-6534 - RESERVED -CVE-2017-6533 - RESERVED +CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...) + TODO: check +CVE-2017-6540 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...) + TODO: check +CVE-2017-6539 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...) + TODO: check +CVE-2017-6538 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) + TODO: check +CVE-2017-6537 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) + TODO: check +CVE-2017-6536 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...) + TODO: check +CVE-2017-6535 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...) + TODO: check +CVE-2017-6534 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) + TODO: check +CVE-2017-6533 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) + TODO: check CVE-2017-6532 RESERVED CVE-2017-6531 @@ -186,6 +186,7 @@ CVE-2017-6478 (paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected ...) NOT-FOR-US: MaNGOSWebV4 CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before ...) + {DLA-848-1} - freetype <unfixed> (bug #856971) NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 @@ -724,9 +725,11 @@ NOTE: https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d NOTE: https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559 CVE-2017-6353 (net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly ...) + {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2 CVE-2017-6348 (The hashbin_delete function in net/irda/irqueue.c in the Linux kernel ...) + {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788 CVE-2017-6347 (The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the ...) @@ -735,9 +738,11 @@ [wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0) NOTE: Fixed by: https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 CVE-2017-6346 (Race condition in net/packet/af_packet.c in the Linux kernel before ...) + {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not ensure ...) + {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762 CVE-2017-6321 @@ -1023,6 +1028,7 @@ CVE-2017-6211 RESERVED CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel ...) + {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 (v4.10-rc8) CVE-2017-6210 [null pointer dereference in vrend_decode_reset] @@ -1556,6 +1562,7 @@ [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html CVE-2017-5986 (Race condition in the sctp_wait_for_sndbuf function in ...) + {DSA-3804-1 DLA-849-1} - linux 4.9.10-1 NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90 CVE-2017-5985 @@ -2545,6 +2552,7 @@ CVE-2017-5670 RESERVED CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...) + {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=192931 CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...) @@ -4404,8 +4412,8 @@ NOTE: https://irssi.org/security/irssi_sa_2017_01.txt CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before ...) NOT-FOR-US: Nessus -CVE-2017-5178 - RESERVED +CVE-2017-5178 (An issue was discovered in Schneider Electric Tableau Server/Desktop ...) + TODO: check CVE-2017-5177 RESERVED CVE-2017-5176 @@ -7727,8 +7735,8 @@ RESERVED CVE-2016-9986 RESERVED -CVE-2016-9985 - RESERVED +CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information ...) + TODO: check CVE-2016-9984 RESERVED CVE-2016-9983 @@ -10919,6 +10927,7 @@ CVE-2017-2637 RESERVED CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through ...) + {DSA-3804-1 DLA-849-1} - linux <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/03/07/6 CVE-2017-2635 [Null pointer dereference when updating storage size on empty drives] @@ -14039,8 +14048,8 @@ RESERVED CVE-2017-1151 RESERVED -CVE-2017-1150 - RESERVED +CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...) + TODO: check CVE-2017-1149 RESERVED CVE-2017-1148 @@ -16227,6 +16236,7 @@ CVE-2016-9589 RESERVED CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP ...) + {DSA-3804-1 DLA-849-1} - linux 4.8.15-2 NOTE: https://www.spinics.net/lists/kvm/msg142495.html NOTE: Fixed by: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388 @@ -18497,8 +18507,8 @@ NOT-FOR-US: IBM CVE-2016-9007 RESERVED -CVE-2016-9006 - RESERVED +CVE-2016-9006 (IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site ...) + TODO: check CVE-2016-9005 (IBM System Storage TS3100-TS3200 Tape Library could allow an ...) NOT-FOR-US: IBM CVE-2016-9004 @@ -28458,8 +28468,8 @@ NOT-FOR-US: IBM CVE-2016-5934 (IBM Tivoli Storage Manager FastBack installer could allow a remote ...) NOT-FOR-US: IBM -CVE-2016-5933 - RESERVED +CVE-2016-5933 (IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host ...) + TODO: check CVE-2016-5932 (IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2016-5931 @@ -28536,8 +28546,8 @@ NOT-FOR-US: IBM CVE-2016-5895 RESERVED -CVE-2016-5894 - RESERVED +CVE-2016-5894 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...) + TODO: check CVE-2016-5893 RESERVED CVE-2016-5892 (Cross-site scripting (XSS) vulnerability in IBM 10x, as used in ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits