Author: sectracker
Date: 2017-05-04 21:10:12 +0000 (Thu, 04 May 2017)
New Revision: 51340
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-04 21:02:47 UTC (rev 51339)
+++ data/CVE/list 2017-05-04 21:10:12 UTC (rev 51340)
@@ -1,4 +1,14 @@
-CVE-2017-8779 [rpcbind: remote rpcbind denial-of-service]
+CVE-2017-8782
+ RESERVED
+CVE-2017-8781
+ RESERVED
+CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is
mishandled during ...)
+ TODO: check
+CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before
8.16.5 ...)
+ TODO: check
+CVE-2017-8777
+ RESERVED
+CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc
through ...)
- rpcbind <unfixed> (bug #861835)
- libtirpc <unfixed> (bug #861834)
- ntirpc <unfixed> (bug #861836)
@@ -1120,8 +1130,7 @@
[jessie] - kedpm <no-dsa> (Minor issue, can be fixed via point release)
NOTE: patch in BTS gives workaround to always prompt for password and
do not save to database
NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
-CVE-2017-8295
- RESERVED
+CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a
...)
- wordpress <unfixed>
NOTE:
https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote
...)
@@ -1515,7 +1524,7 @@
NOTE:
https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e
(1.0.x)
CVE-2017-8113
RESERVED
-CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allow local
guest OS ...)
+CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local
guest ...)
- qemu <unfixed> (bug #861351)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -2673,7 +2682,7 @@
NOT-FOR-US: PrivateTunnel
CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka
spider-event-calendar) ...)
NOT-FOR-US: Spider Event Calendar
-CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow
local ...)
+CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows
local ...)
- qemu 1:2.8+dfsg-4
- qemu-kvm <removed>
NOTE:
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904
@@ -11375,8 +11384,8 @@
RESERVED
CVE-2017-4984
RESERVED
-CVE-2017-4983
- RESERVED
+CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0
before ...)
+ TODO: check
CVE-2017-4982
RESERVED
CVE-2017-4981
@@ -14080,22 +14089,19 @@
RESERVED
CVE-2017-3734
RESERVED
-CVE-2017-3733
- RESERVED
+CVE-2017-3733 (During a renegotiation handshake if the Encrypt-Then-Mac
extension is ...)
- openssl 1.1.0e-1
[jessie] - openssl <not-affected> (Only affects 1.1)
[wheezy] - openssl <not-affected> (Only affects 1.1)
- openssl1.0 <not-affected> (Only affects 1.1)
NOTE: https://www.openssl.org/news/secadv/20170216.txt
-CVE-2017-3732
- RESERVED
+CVE-2017-3732 (There is a carry propagating bug in the x86_64 Montgomery
squaring ...)
- openssl 1.1.0d-1
[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
- openssl1.0 1.0.2k-1
NOTE: https://www.openssl.org/news/secadv/20170126.txt
-CVE-2017-3731
- RESERVED
+CVE-2017-3731 (If an SSL/TLS server or client is running on a 32-bit host, and
a ...)
{DSA-3773-1 DLA-814-1}
- openssl 1.1.0d-1
- openssl1.0 1.0.2k-1
@@ -14103,8 +14109,7 @@
NOTE: Fix for 1.0.2:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9
NOTE: Fix for 1.1.0:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0
NOTE: and
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21
-CVE-2017-3730
- RESERVED
+CVE-2017-3730 (In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies
bad ...)
- openssl 1.1.0d-1
[jessie] - openssl <not-affected> (Only affects OpenSSL 1.1)
[wheezy] - openssl <not-affected> (Only affects OpenSSL 1.1)
@@ -31410,23 +31415,20 @@
NOTE: https://eprint.iacr.org/2016/1195.pdf
NOTE: Fixed by:
https://git.openssl.org/?p=openssl.git;a=commit;h=f54be179aa4cbbd944728771d7d59ed588158a12
NOTE: Fixed by:
https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008
(OpenSSL_1_0_2-beta3)
-CVE-2016-7055 [Montgomery multiplication may produce incorrect results]
- RESERVED
+CVE-2016-7055 (There is a carry propagating bug in the Broadwell-specific
Montgomery ...)
- openssl 1.1.0c-1 (low)
[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
- openssl1.0 1.0.2k-1 (low)
NOTE: https://www.openssl.org/news/secadv/20161110.txt
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=2fac86d9abeaa643677d1ffd0a139239fdf9406a
-CVE-2016-7054 [ChaCha20/Poly1305 heap-buffer-overflow]
- RESERVED
+CVE-2016-7054 (In OpenSSL 1.1.0 before 1.1.0c, TLS connections using ...)
- openssl 1.1.0c-1
[jessie] - openssl <not-affected> (Only affects 1.1.0)
[wheezy] - openssl <not-affected> (Only affects 1.1.0)
- openssl1.0 <not-affected> (Only affects 1.1.0)
NOTE: https://www.openssl.org/news/secadv/20161110.txt
-CVE-2016-7053 [CMS Null dereference]
- RESERVED
+CVE-2016-7053 (In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid
CMS ...)
- openssl 1.1.0c-1
[jessie] - openssl <not-affected> (Only affects 1.1.0)
[wheezy] - openssl <not-affected> (Only affects 1.1.0)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
