[Secure-testing-commits] r52761 - data/CVE

security tracker role Tue, 20 Jun 2017 14:10:49 -0700

Author: sectracker
Date: 2017-06-20 21:10:14 +0000 (Tue, 20 Jun 2017)
New Revision: 52761


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-06-20 20:28:08 UTC (rev 52760)
+++ data/CVE/list       2017-06-20 21:10:14 UTC (rev 52761)
@@ -3852,11 +3852,13 @@
 CVE-2017-8402 (PivotX 2.3.11 allows remote authenticated users to execute 
arbitrary ...)
        NOT-FOR-US: PivotX
 CVE-2017-8401 (In SWFTools 0.9.2, an out-of-bounds read of heap data can occur 
in the ...)
+       {DLA-995-1}
        - swftools <unfixed> (unimportant; bug #861998)
        NOTE: https://github.com/matthiaskramm/swftools/issues/14
        NOTE: 
https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c551615c651c3f5326f2
        NOTE: Crash in CLI tool not considered a security issue
 CVE-2017-8400 (In SWFTools 0.9.2, an out-of-bounds write of heap data can 
occur in the ...)
+       {DLA-995-1}
        - swftools 0.9.2+git20130725-4.1 (bug #861693)
        [jessie] - swftools <no-dsa> (Minor issue)
        NOTE: https://github.com/matthiaskramm/swftools/issues/13
@@ -11117,19 +11119,19 @@
        NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
        NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57544
 CVE-2017-5981 (seeko.c in zziplib 0.13.62 allows remote attackers to cause a 
denial ...)
-       {DSA-3878-1}
+       {DSA-3878-1 DLA-994-1}
        - zziplib 0.13.62-3.1 (bug #854727)
        NOTE: 
http://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/
 CVE-2017-5980 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 
allows ...)
-       {DSA-3878-1}
+       {DSA-3878-1 DLA-994-1}
        - zziplib 0.13.62-3.1 (bug #854727)
        NOTE: 
http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/
 CVE-2017-5979 (The prescan_entry function in fseeko.c in zziplib 0.13.62 
allows ...)
-       {DSA-3878-1}
+       {DSA-3878-1 DLA-994-1}
        - zziplib 0.13.62-3.1 (bug #854727)
        NOTE: 
http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/
 CVE-2017-5978 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 
allows ...)
-       {DSA-3878-1}
+       {DSA-3878-1 DLA-994-1}
        - zziplib 0.13.62-3.1 (bug #854727)
        NOTE: 
http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
 CVE-2017-5977 (The zzip_mem_entry_extra_block function in memdisk.c in zziplib 
...)
@@ -11138,15 +11140,15 @@
        [jessie] - zziplib <no-dsa> (Minor issue)
        NOTE: 
http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
 CVE-2017-5976 (Heap-based buffer overflow in the zzip_mem_entry_extra_block 
function ...)
-       {DSA-3878-1}
+       {DSA-3878-1 DLA-994-1}
        - zziplib 0.13.62-3.1 (bug #854727)
        NOTE: 
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/
 CVE-2017-5975 (Heap-based buffer overflow in the __zzip_get64 function in 
fetch.c in ...)
-       {DSA-3878-1}
+       {DSA-3878-1 DLA-994-1}
        - zziplib 0.13.62-3.1 (bug #854727)
        NOTE: 
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/
 CVE-2017-5974 (Heap-based buffer overflow in the __zzip_get32 function in 
fetch.c in ...)
-       {DSA-3878-1}
+       {DSA-3878-1 DLA-994-1}
        - zziplib 0.13.62-3.1 (bug #854727)
        NOTE: 
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
 CVE-2017-5973 (The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka 
Quick ...)
@@ -12177,6 +12179,7 @@
        NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
        NOTE: No security impact, crash in CLI tool
 CVE-2017-5664 (The error page mechanism of the Java Servlet Specification 
requires ...)
+       {DLA-996-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.14-2 (bug #864447)
        - tomcat7 7.0.72-3
@@ -19822,62 +19825,53 @@
        RESERVED
 CVE-2017-3099
        RESERVED
-CVE-2017-3098
-       RESERVED
-CVE-2017-3097
-       RESERVED
-CVE-2017-3096
-       RESERVED
-CVE-2017-3095
-       RESERVED
-CVE-2017-3094
-       RESERVED
-CVE-2017-3093
-       RESERVED
-CVE-2017-3092
-       RESERVED
+CVE-2017-3098 (Adobe Captivate versions 9 and earlier have a remote code 
execution ...)
+       TODO: check
+CVE-2017-3097 (Adobe Digital Editions versions 4.5.4 and earlier contain an 
insecure ...)
+       TODO: check
+CVE-2017-3096 (Adobe Digital Editions versions 4.5.4 and earlier have an 
exploitable ...)
+       TODO: check
+CVE-2017-3095 (Adobe Digital Editions versions 4.5.4 and earlier have an 
exploitable ...)
+       TODO: check
+CVE-2017-3094 (Adobe Digital Editions versions 4.5.4 and earlier have an 
exploitable ...)
+       TODO: check
+CVE-2017-3093 (Adobe Digital Editions versions 4.5.4 and earlier have an 
exploitable ...)
+       TODO: check
+CVE-2017-3092 (Adobe Digital Editions versions 4.5.4 and earlier contain an 
insecure ...)
+       TODO: check
 CVE-2017-3091
        RESERVED
-CVE-2017-3090
-       RESERVED
-CVE-2017-3089
-       RESERVED
-CVE-2017-3088
-       RESERVED
-CVE-2017-3087
-       RESERVED
-CVE-2017-3086
-       RESERVED
+CVE-2017-3090 (Adobe Digital Editions versions 4.5.4 and earlier contain an 
insecure ...)
+       TODO: check
+CVE-2017-3089 (Adobe Digital Editions versions 4.5.4 and earlier have an 
exploitable ...)
+       TODO: check
+CVE-2017-3088 (Adobe Digital Editions versions 4.5.4 and earlier have an 
exploitable ...)
+       TODO: check
+CVE-2017-3087 (Adobe Captivate versions 9 and earlier have an information 
disclosure ...)
+       TODO: check
+CVE-2017-3086 (Adobe Shockwave versions 12.2.8.198 and earlier have an 
exploitable ...)
+       TODO: check
 CVE-2017-3085
        RESERVED
-CVE-2017-3084
-       RESERVED
+CVE-2017-3084 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
-CVE-2017-3083
-       RESERVED
+CVE-2017-3083 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
-CVE-2017-3082
-       RESERVED
+CVE-2017-3082 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
-CVE-2017-3081
-       RESERVED
+CVE-2017-3081 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
 CVE-2017-3080
        RESERVED
-CVE-2017-3079
-       RESERVED
+CVE-2017-3079 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
-CVE-2017-3078
-       RESERVED
+CVE-2017-3078 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
-CVE-2017-3077
-       RESERVED
+CVE-2017-3077 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
-CVE-2017-3076
-       RESERVED
+CVE-2017-3076 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
-CVE-2017-3075
-       RESERVED
+CVE-2017-3075 (Adobe Flash Player versions 25.0.0.171 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
 CVE-2017-3074 (Adobe Flash Player versions 25.0.0.148 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r52761 - data/CVE

Reply via email to