[Secure-testing-commits] r51937 - data/CVE

security tracker role Wed, 24 May 2017 14:10:47 -0700

Author: sectracker
Date: 2017-05-24 21:10:25 +0000 (Wed, 24 May 2017)
New Revision: 51937


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-24 18:46:36 UTC (rev 51936)
+++ data/CVE/list       2017-05-24 21:10:25 UTC (rev 51937)
@@ -1,3 +1,31 @@
+CVE-2017-9231
+       RESERVED
+CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain 
attack ...)
+       TODO: check
+CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in 
Oniguruma-mod in ...)
+       TODO: check
+CVE-2017-9228 (An issue was discovered in Oniguruma 6.2.0, as used in 
Oniguruma-mod in ...)
+       TODO: check
+CVE-2017-9227 (An issue was discovered in Oniguruma 6.2.0, as used in 
Oniguruma-mod in ...)
+       TODO: check
+CVE-2017-9226 (An issue was discovered in Oniguruma 6.2.0, as used in 
Oniguruma-mod in ...)
+       TODO: check
+CVE-2017-9225 (An issue was discovered in Oniguruma 6.2.0, as used in 
Oniguruma-mod in ...)
+       TODO: check
+CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in 
Oniguruma-mod in ...)
+       TODO: check
+CVE-2017-9223
+       RESERVED
+CVE-2017-9222
+       RESERVED
+CVE-2017-9221
+       RESERVED
+CVE-2017-9220
+       RESERVED
+CVE-2017-9219
+       RESERVED
+CVE-2017-9218
+       RESERVED
 CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a 
denial ...)
        - systemd <unfixed> (bug #863277)
        [jessie] - systemd <not-affected> (vulnerable code introduced later)
@@ -6415,7 +6443,7 @@
 CVE-2017-6892
        RESERVED
 CVE-2017-6891 (Two errors in the &quot;asn1_find_node()&quot; function 
(lib/parser_aux.c) ...)
-       {DLA-950-1}
+       {DSA-3861-1 DLA-950-1}
        - libtasn1-6 <unfixed> (bug #863186)
        - libtasn1-3 <removed>
        NOTE: 
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
@@ -18394,26 +18422,25 @@
        RESERVED
 CVE-2017-2825
        RESERVED
-CVE-2017-2824
-       RESERVED
+CVE-2017-2824 (An exploitable code execution vulnerability exists in the 
trapper ...)
        - zabbix <unfixed>
        NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0325/
        NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0326/
        NOTE: Apparently only one CVE assigned for both issues
-CVE-2017-2823
-       RESERVED
+CVE-2017-2823 (A use-after-free vulnerability exists in the .ISO parsing ...)
+       TODO: check
 CVE-2017-2822
        RESERVED
 CVE-2017-2821
        RESERVED
 CVE-2017-2820
        RESERVED
-CVE-2017-2819
-       RESERVED
+CVE-2017-2819 (An exploitable heap-based buffer overflow exists in the Hangul 
Word ...)
+       TODO: check
 CVE-2017-2818
        RESERVED
-CVE-2017-2817
-       RESERVED
+CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing 
...)
+       TODO: check
 CVE-2017-2816
        RESERVED
 CVE-2017-2815
@@ -18444,20 +18471,18 @@
        RESERVED
 CVE-2017-2802
        RESERVED
-CVE-2017-2801 [Incorrect comparison in X.509 DN strings]
-       RESERVED
+CVE-2017-2801 (A programming error exists in a way Randombit Botan 
cryptographic ...)
        {DLA-915-1}
        - botan1.10 <unfixed> (bug #860072)
        NOTE: 
https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4
 (1.10.16)
        NOTE: Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16
-CVE-2017-2800
-       RESERVED
+CVE-2017-2800 (A specially crafted x509 certificate can cause a single out of 
bounds ...)
        - wolfssl <unfixed> (bug #862154)
        NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0293/
-CVE-2017-2799
-       RESERVED
-CVE-2017-2798
-       RESERVED
+CVE-2017-2799 (An exploitable heap corruption vulnerability exists in the 
AddSst ...)
+       TODO: check
+CVE-2017-2798 (An exploitable heap corruption vulnerability exists in the ...)
+       TODO: check
 CVE-2017-2797 (An exploitable heap overflow vulnerability exists in the ...)
        NOT-FOR-US: AntennaHouse
 CVE-2017-2796
@@ -36165,7 +36190,7 @@
        NOT-FOR-US: IBM
 CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable 
to a ...)
        NOT-FOR-US: IBM
-CVE-2016-6110 (IBM Tivoli Storage Manager undisclosed unencrypted login 
credentials ...)
+CVE-2016-6110 (IBM Tivoli Storage Manager discloses unencrypted login 
credentials to ...)
        NOT-FOR-US: IBM
 CVE-2016-6109
        RESERVED


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51937 - data/CVE

Reply via email to