Author: sectracker
Date: 2017-05-15 21:10:15 +0000 (Mon, 15 May 2017)
New Revision: 51665
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-15 20:28:30 UTC (rev 51664)
+++ data/CVE/list 2017-05-15 21:10:15 UTC (rev 51665)
@@ -16,12 +16,12 @@
- deluge <unfixed> (bug #862611)
NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
NOTE: Fixed by:
http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
-CVE-2017-8934 [single instance socket may be blocked by another user]
+CVE-2017-8934 (PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing
a local ...)
- pcmanfm 1.2.5-3 (low; bug #862571)
[jessie] - pcmanfm <no-dsa> (Minor issue)
[wheezy] - pcmanfm <no-dsa> (Minor issue)
NOTE: Fixed by:
https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08
-CVE-2017-8933 [menu-cached socket may be blocked by another user]
+CVE-2017-8933 (Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file,
allowing a ...)
- menu-cache 1.0.2-3 (low; bug #862570)
[jessie] - menu-cache <no-dsa> (Minor issue)
[wheezy] - menu-cache <no-dsa> (Minor issue)
@@ -2372,10 +2372,12 @@
CVE-2017-7977
RESERVED
CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads
because of ...)
+ {DLA-942-1}
- jbig2dec <unfixed> (bug #860787)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683
NOTE: Fixed by:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows
out-of-bounds ...)
+ {DLA-942-1}
- jbig2dec <unfixed> (bug #860788)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
NOTE: Fixed by:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
@@ -2728,6 +2730,7 @@
- dolibarr <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading
to ...)
+ {DLA-942-1}
- jbig2dec <unfixed> (bug #860460)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703
NOTE: Fixed by:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
@@ -3261,7 +3264,7 @@
CVE-2017-7693
RESERVED
CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before
20170427_0200-SVN) ...)
- {DSA-3852-1}
+ {DSA-3852-1 DLA-941-1}
- squirrelmail <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
NOTE:
https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
@@ -3808,12 +3811,12 @@
CVE-2017-7492
RESERVED
- resteasy <undetermined>
-CVE-2017-7491
- RESERVED
-CVE-2017-7490
- RESERVED
-CVE-2017-7489
- RESERVED
+CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows
attackers ...)
+ TODO: check
+CVE-2017-7490 (In Moodle 2.x and 3.x, searching of arbitrary blogs is possible
because ...)
+ TODO: check
+CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take
ownership of ...)
+ TODO: check
CVE-2017-7488
RESERVED
NOT-FOR-US: authconfig in Red Hat
@@ -9351,8 +9354,8 @@
RESERVED
CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed
way of ...)
NOT-FOR-US: Apache CXF
-CVE-2017-5655
- RESERVED
+CVE-2017-5655 (In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data
may be ...)
+ TODO: check
CVE-2017-5654 (In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized
user of ...)
NOT-FOR-US: Apache Ambari
CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before
3.1.11 and ...)
@@ -26385,8 +26388,7 @@
NOTE: For 2.2 preparation is done in
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
CVE-2016-8742
RESERVED
-CVE-2016-8741
- RESERVED
+CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use
different so ...)
NOT-FOR-US: Apache Qpid Java Broker
CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through
2.4.23, ...)
- apache2 2.4.25-1 (bug #847124)
@@ -28375,8 +28377,8 @@
NOT-FOR-US: Microsoft
CVE-2017-0253
RESERVED
-CVE-2017-0252
- RESERVED
+CVE-2017-0252 (A remote code execution vulnerability exists in Microsoft
Chakra Core ...)
+ TODO: check
CVE-2017-0251
RESERVED
CVE-2017-0250
@@ -28433,8 +28435,8 @@
RESERVED
CVE-2017-0224 (A remote code execution vulnerability exists in the way
JavaScript ...)
NOT-FOR-US: Microsoft
-CVE-2017-0223
- RESERVED
+CVE-2017-0223 (A remote code execution vulnerability exists in Microsoft
Chakra Core ...)
+ TODO: check
CVE-2017-0222 (A remote code execution vulnerability exists when Internet
Explorer ...)
NOT-FOR-US: Microsoft
CVE-2017-0221 (A vulnerability exists when Microsoft Edge improperly accesses
objects ...)
@@ -106881,7 +106883,7 @@
CVE-2014-0052
RESERVED
CVE-2014-0051
- RESERVED
+ REJECTED
CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1,
as ...)
{DSA-2897-1 DSA-2856-1}
- libcommons-fileupload-java 1.3.1-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
