Author: sectracker
Date: 2017-07-03 21:10:17 +0000 (Mon, 03 Jul 2017)
New Revision: 53157
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-03 20:30:08 UTC (rev 53156)
+++ data/CVE/list 2017-07-03 21:10:17 UTC (rev 53157)
@@ -1,3 +1,11 @@
+CVE-2017-10805
+ RESERVED
+CVE-2017-10804
+ RESERVED
+CVE-2017-10803
+ RESERVED
+CVE-2017-10802
+ RESERVED
CVE-2017-10801
RESERVED
CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in
coders/mat.c, it ...)
@@ -3741,6 +3749,7 @@
NOTE: Fixed by:
https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378
(v4.12-rc5)
NOTE: Fixed by:
https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728
(v4.12-rc5)
CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is
vulnerable to an ...)
+ {DLA-1011-1}
- sudo 1.8.20p1-1.1 (bug #863897)
[buster] - sudo 1.8.19p1-2.1
[stretch] - sudo 1.8.19p1-2.1
@@ -3903,8 +3912,8 @@
NOT-FOR-US: jerryscript
CVE-2017-9249 (Cross-site scripting (XSS) vulnerability in Allen Disk 1.6
allows ...)
NOT-FOR-US: Allen Disk
-CVE-2017-9248
- RESERVED
+CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX
before R2 ...)
+ TODO: check
CVE-2017-9247
RESERVED
CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws
to safe ...)
@@ -6936,8 +6945,8 @@
RESERVED
CVE-2017-8117
RESERVED
-CVE-2017-8116
- RESERVED
+CVE-2017-8116 (The management interface for the Teltonika RUT9XX routers (aka
LuCI) ...)
+ TODO: check
CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the
search ...)
NOT-FOR-US: MODX
CVE-2017-8114 (Roundcube Webmail allows arbitrary password resets by
authenticated ...)
@@ -7499,8 +7508,8 @@
NOT-FOR-US: Hikvision
CVE-2017-7920
RESERVED
-CVE-2017-7919
- RESERVED
+CVE-2017-7919 (An Improper Authentication issue was discovered in Newport
XPS-Cx and ...)
+ TODO: check
CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium
Networks ...)
NOT-FOR-US: Cambium Networks ePMP
CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa
OnCell ...)
@@ -13665,12 +13674,10 @@
NOTE: https://github.com/rubyzip/rubyzip/issues/315
CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through
3.0.20 for ...)
NOT-FOR-US: Moodle plugin
-CVE-2017-5944 [Remote code execution in dashboard interface]
- RESERVED
+CVE-2017-5944 (The dashboard subscription interface in Request Tracker (RT)
4.x ...)
{DSA-3882-1 DLA-987-1}
- request-tracker4 4.4.1-4
-CVE-2017-5943 [CSRF verification token information leak]
- RESERVED
+CVE-2017-5943 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14,
and 4.4.x ...)
{DSA-3882-1 DLA-987-1}
- request-tracker4 4.4.1-4
CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for
WordPress. ...)
@@ -15947,8 +15954,7 @@
RESERVED
CVE-2017-5362
RESERVED
-CVE-2017-5361 [Timing side-channel vulnerability in password verification]
- RESERVED
+CVE-2017-5361 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14,
and 4.4.x ...)
{DSA-3883-1 DSA-3882-1 DLA-988-1 DLA-987-1}
- request-tracker4 4.4.1-4
- rt-authen-externalauth <removed>
@@ -24405,7 +24411,7 @@
RESERVED
CVE-2017-2295 [Unsafe YAML deseralization]
RESERVED
- {DSA-3862-1}
+ {DSA-3862-1 DLA-1012-1}
- puppet 4.8.2-5 (bug #863212)
NOTE: https://puppet.com/security/cve/cve-2017-2295
NOTE:
https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea
@@ -40509,8 +40515,8 @@
RESERVED
CVE-2016-6202
RESERVED
-CVE-2016-6201
- RESERVED
+CVE-2016-6201 (Cross-site scripting (XSS) vulnerability in Ektron Content
Management ...)
+ TODO: check
CVE-2016-6200
RESERVED
CVE-2016-6199 (ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers
to ...)
@@ -40865,8 +40871,7 @@
NOTE:
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
NOTE: The CVE is originally assigend to OP-TEE, but the underlying
issue seems to be in
NOTE: libtomcrypt, thus keep that source package as well for now
associated.
-CVE-2016-6127 [XSS in file uploads]
- RESERVED
+CVE-2016-6127 (Cross-site scripting (XSS) vulnerability in Request Tracker
(RT) 4.x ...)
{DSA-3882-1 DLA-987-1}
- request-tracker4 4.4.1-4
CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a
remote ...)
@@ -44789,8 +44794,8 @@
NOT-FOR-US: NetApp OnCommand System Manager
CVE-2016-5046
RESERVED
-CVE-2016-5045
- RESERVED
+CVE-2016-5045 (NetApp OnCommand System Manager before 9.0 allows remote
attackers to ...)
+ TODO: check
CVE-2016-5025 (For the NVIDIA Quadro, NVS, and GeForce products, improper ...)
NOT-FOR-US: NVIDIA Quadro, NVS, and GeForce product
CVE-2016-5024 (Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1
and ...)
@@ -47907,10 +47912,10 @@
NOTE: https://hg.python.org/jython/rev/d06e29d100c0
CVE-2016-3999 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra
...)
NOT-FOR-US: Zimbra
-CVE-2016-3998
- RESERVED
-CVE-2016-3997
- RESERVED
+CVE-2016-3998 (NetApp AltaVault 4.1 and earlier allows man-in-the-middle
attackers to ...)
+ TODO: check
+CVE-2016-3997 (NetApp Clustered Data ONTAP allows man-in-the-middle attackers
to ...)
+ TODO: check
CVE-2016-XXXX [auth bypass]
- brltty <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=967436
@@ -49639,8 +49644,8 @@
NOT-FOR-US: Zimbra
CVE-2016-3401 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0
allows ...)
NOT-FOR-US: Zimbra
-CVE-2016-3400
- RESERVED
+CVE-2016-3400 (NetApp Data ONTAP, when operating in 7-Mode 8.1 and 8.2, allows
...)
+ TODO: check
CVE-2016-3399
RESERVED
CVE-2016-3398
@@ -66203,7 +66208,7 @@
NOTE: https://savannah.gnu.org/bugs/?45713
NOTE: http://www.openwall.com/lists/oss-security/2015/09/01/1
CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in
...)
- {DLA-317-1}
+ {DLA-1010-1 DLA-317-1}
- vorbis-tools 1.4.0-7 (bug #797461)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
@@ -82758,7 +82763,7 @@
CVE-2014-9631
RESERVED
CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a
denial ...)
- {DLA-317-1}
+ {DLA-1010-1 DLA-317-1}
- vorbis-tools 1.4.0-7 (unimportant; bug #776086)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
- opus-tools 0.1.10-1 (unimportant; bug #780160)
@@ -82767,7 +82772,7 @@
NOTE: No security impact
NOTE: proposed patch:
http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
CVE-2014-9639 (Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote
...)
- {DLA-317-1}
+ {DLA-1010-1 DLA-317-1}
- vorbis-tools 1.4.0-7 (low; bug #776086)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
[squeeze] - vorbis-tools <no-dsa> (Minor issue)
@@ -82778,7 +82783,7 @@
NOTE: Fixed by:
https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
NOTE: proposed patch:
http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers
to cause ...)
- {DLA-317-1}
+ {DLA-1010-1 DLA-317-1}
- vorbis-tools 1.4.0-6 (bug #771363)
[squeeze] - vorbis-tools <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/ticket/2009
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
