Author: sectracker Date: 2017-05-04 21:10:12 +0000 (Thu, 04 May 2017) New Revision: 51340
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-04 21:02:47 UTC (rev 51339) +++ data/CVE/list 2017-05-04 21:10:12 UTC (rev 51340) @@ -1,4 +1,14 @@ -CVE-2017-8779 [rpcbind: remote rpcbind denial-of-service] +CVE-2017-8782 + RESERVED +CVE-2017-8781 + RESERVED +CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during ...) + TODO: check +CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 ...) + TODO: check +CVE-2017-8777 + RESERVED +CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through ...) - rpcbind <unfixed> (bug #861835) - libtirpc <unfixed> (bug #861834) - ntirpc <unfixed> (bug #861836) @@ -1120,8 +1130,7 @@ [jessie] - kedpm <no-dsa> (Minor issue, can be fixed via point release) NOTE: patch in BTS gives workaround to always prompt for password and do not save to database NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9 -CVE-2017-8295 - RESERVED +CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a ...) - wordpress <unfixed> NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote ...) @@ -1515,7 +1524,7 @@ NOTE: https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e (1.0.x) CVE-2017-8113 RESERVED -CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allow local guest OS ...) +CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest ...) - qemu <unfixed> (bug #861351) [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <not-affected> (Vulnerable code not present) @@ -2673,7 +2682,7 @@ NOT-FOR-US: PrivateTunnel CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...) NOT-FOR-US: Spider Event Calendar -CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local ...) +CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ...) - qemu 1:2.8+dfsg-4 - qemu-kvm <removed> NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904 @@ -11375,8 +11384,8 @@ RESERVED CVE-2017-4984 RESERVED -CVE-2017-4983 - RESERVED +CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before ...) + TODO: check CVE-2017-4982 RESERVED CVE-2017-4981 @@ -14080,22 +14089,19 @@ RESERVED CVE-2017-3734 RESERVED -CVE-2017-3733 - RESERVED +CVE-2017-3733 (During a renegotiation handshake if the Encrypt-Then-Mac extension is ...) - openssl 1.1.0e-1 [jessie] - openssl <not-affected> (Only affects 1.1) [wheezy] - openssl <not-affected> (Only affects 1.1) - openssl1.0 <not-affected> (Only affects 1.1) NOTE: https://www.openssl.org/news/secadv/20170216.txt -CVE-2017-3732 - RESERVED +CVE-2017-3732 (There is a carry propagating bug in the x86_64 Montgomery squaring ...) - openssl 1.1.0d-1 [jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0) [wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0) - openssl1.0 1.0.2k-1 NOTE: https://www.openssl.org/news/secadv/20170126.txt -CVE-2017-3731 - RESERVED +CVE-2017-3731 (If an SSL/TLS server or client is running on a 32-bit host, and a ...) {DSA-3773-1 DLA-814-1} - openssl 1.1.0d-1 - openssl1.0 1.0.2k-1 @@ -14103,8 +14109,7 @@ NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9 NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0 NOTE: and https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21 -CVE-2017-3730 - RESERVED +CVE-2017-3730 (In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad ...) - openssl 1.1.0d-1 [jessie] - openssl <not-affected> (Only affects OpenSSL 1.1) [wheezy] - openssl <not-affected> (Only affects OpenSSL 1.1) @@ -31410,23 +31415,20 @@ NOTE: https://eprint.iacr.org/2016/1195.pdf NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=f54be179aa4cbbd944728771d7d59ed588158a12 NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 (OpenSSL_1_0_2-beta3) -CVE-2016-7055 [Montgomery multiplication may produce incorrect results] - RESERVED +CVE-2016-7055 (There is a carry propagating bug in the Broadwell-specific Montgomery ...) - openssl 1.1.0c-1 (low) [jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0) [wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0) - openssl1.0 1.0.2k-1 (low) NOTE: https://www.openssl.org/news/secadv/20161110.txt NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=2fac86d9abeaa643677d1ffd0a139239fdf9406a -CVE-2016-7054 [ChaCha20/Poly1305 heap-buffer-overflow] - RESERVED +CVE-2016-7054 (In OpenSSL 1.1.0 before 1.1.0c, TLS connections using ...) - openssl 1.1.0c-1 [jessie] - openssl <not-affected> (Only affects 1.1.0) [wheezy] - openssl <not-affected> (Only affects 1.1.0) - openssl1.0 <not-affected> (Only affects 1.1.0) NOTE: https://www.openssl.org/news/secadv/20161110.txt -CVE-2016-7053 [CMS Null dereference] - RESERVED +CVE-2016-7053 (In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS ...) - openssl 1.1.0c-1 [jessie] - openssl <not-affected> (Only affects 1.1.0) [wheezy] - openssl <not-affected> (Only affects 1.1.0) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits