Author: sectracker Date: 2017-03-25 09:10:12 +0000 (Sat, 25 Mar 2017) New Revision: 50045
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-25 09:05:34 UTC (rev 50044) +++ data/CVE/list 2017-03-25 09:10:12 UTC (rev 50045) @@ -1,7 +1,11 @@ +CVE-2017-7262 (The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows ...) + TODO: check +CVE-2017-7261 (The vmw_surface_define_ioctl function in ...) + TODO: check CVE-2017-7260 RESERVED CVE-2017-7259 - RESERVED + REJECTED CVE-2017-7258 RESERVED CVE-2017-7257 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...) @@ -11,11 +15,13 @@ CVE-2017-7255 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...) NOT-FOR-US: CMS Made Simple CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...) + {DSA-3762-1 DLA-795-1} - tiff 4.0.7-2 NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620 CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a ...) + {DSA-3762-1 DLA-795-1} - tiff 4.0.7-2 NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a @@ -2037,6 +2043,7 @@ [jessie] - libplist <no-dsa> (Minor issue) NOTE: https://github.com/libimobiledevice/libplist/issues/99 CVE-2017-6439 (Heap-based buffer overflow in the parse_string_node function in ...) + {DLA-870-1} - libplist 1.12+git+1+e37ca00-0.1 [jessie] - libplist <no-dsa> (Minor issue) NOTE: https://github.com/libimobiledevice/libplist/issues/95 @@ -2050,11 +2057,13 @@ [jessie] - libplist <no-dsa> (Minor issue) NOTE: https://github.com/libimobiledevice/libplist/issues/100 CVE-2017-6436 (The parse_string_node function in bplist.c in libimobiledevice ...) + {DLA-870-1} - libplist 1.12+git+1+e37ca00-0.1 [jessie] - libplist <no-dsa> (Minor issue) NOTE: https://github.com/libimobiledevice/libplist/issues/94 NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd CVE-2017-6435 (The parse_string_node function in bplist.c in libimobiledevice ...) + {DLA-870-1} - libplist 1.12+git+1+e37ca00-0.1 [jessie] - libplist <no-dsa> (Minor issue) NOTE: https://github.com/libimobiledevice/libplist/issues/93 @@ -18053,6 +18062,7 @@ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035 CVE-2016-9601 [Heap-buffer overflow due to Integer overflow in jbig2_image_new function] RESERVED + {DSA-3817-1} - jbig2dec 0.13-4 (bug #850497) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457 NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092 @@ -47750,7 +47760,7 @@ [jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl) NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45 CVE-2016-0772 (The smtplib library in CPython (aka Python) before 2.7.12, 3.x before ...) - {DLA-522-1} + {DLA-871-1 DLA-522-1} - python3.5 3.5.2~rc1-1 - python3.4 <removed> [jessie] - python3.4 <no-dsa> (Will be fixed via a point release) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits