Author: sectracker Date: 2017-08-23 21:10:13 +0000 (Wed, 23 Aug 2017) New Revision: 55007
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-23 20:48:29 UTC (rev 55006) +++ data/CVE/list 2017-08-23 21:10:13 UTC (rev 55007) @@ -1,3 +1,1009 @@ +CVE-2017-13649 (UnrealIRCd 4.0.13 and earlier creates a PID file after dropping ...) + TODO: check +CVE-2017-13648 (In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the ...) + TODO: check +CVE-2017-13647 + RESERVED +CVE-2017-13646 + RESERVED +CVE-2017-13645 + RESERVED +CVE-2017-13644 + RESERVED +CVE-2017-13643 + RESERVED +CVE-2017-13642 + RESERVED +CVE-2017-13641 + RESERVED +CVE-2017-13640 + RESERVED +CVE-2017-13639 + RESERVED +CVE-2017-13638 + RESERVED +CVE-2017-13637 + RESERVED +CVE-2017-13636 + RESERVED +CVE-2017-13635 + RESERVED +CVE-2017-13634 + RESERVED +CVE-2017-13633 + RESERVED +CVE-2017-13632 + RESERVED +CVE-2017-13631 + RESERVED +CVE-2017-13630 + RESERVED +CVE-2017-13629 + RESERVED +CVE-2017-13628 + RESERVED +CVE-2017-13627 + RESERVED +CVE-2017-13626 + RESERVED +CVE-2017-13625 + RESERVED +CVE-2017-13624 + RESERVED +CVE-2017-13623 + RESERVED +CVE-2017-13622 + RESERVED +CVE-2017-13621 + RESERVED +CVE-2017-13620 + RESERVED +CVE-2017-13619 + RESERVED +CVE-2017-13618 + RESERVED +CVE-2017-13617 + RESERVED +CVE-2017-13616 + RESERVED +CVE-2017-13615 + RESERVED +CVE-2017-13614 + RESERVED +CVE-2017-13613 + RESERVED +CVE-2017-13612 + RESERVED +CVE-2017-13611 + RESERVED +CVE-2017-13610 + RESERVED +CVE-2017-13609 + RESERVED +CVE-2017-13608 + RESERVED +CVE-2017-13607 + RESERVED +CVE-2017-13606 + RESERVED +CVE-2017-13605 + RESERVED +CVE-2017-13604 + RESERVED +CVE-2017-13603 + RESERVED +CVE-2017-13602 + RESERVED +CVE-2017-13601 + RESERVED +CVE-2017-13600 + RESERVED +CVE-2017-13599 + RESERVED +CVE-2017-13598 + RESERVED +CVE-2017-13597 + RESERVED +CVE-2017-13596 + RESERVED +CVE-2017-13595 + RESERVED +CVE-2017-13594 + RESERVED +CVE-2017-13593 + RESERVED +CVE-2017-13592 + RESERVED +CVE-2017-13591 + RESERVED +CVE-2017-13590 + RESERVED +CVE-2017-13589 + RESERVED +CVE-2017-13588 + RESERVED +CVE-2017-13587 + RESERVED +CVE-2017-13586 + RESERVED +CVE-2017-13585 + RESERVED +CVE-2017-13584 + RESERVED +CVE-2017-13583 + RESERVED +CVE-2017-13582 + RESERVED +CVE-2017-13581 + RESERVED +CVE-2017-13580 + RESERVED +CVE-2017-13579 + RESERVED +CVE-2017-13578 + RESERVED +CVE-2017-13577 + RESERVED +CVE-2017-13576 + RESERVED +CVE-2017-13575 + RESERVED +CVE-2017-13574 + RESERVED +CVE-2017-13573 + RESERVED +CVE-2017-13572 + RESERVED +CVE-2017-13571 + RESERVED +CVE-2017-13570 + RESERVED +CVE-2017-13569 + RESERVED +CVE-2017-13568 + RESERVED +CVE-2017-13567 + RESERVED +CVE-2017-13566 + RESERVED +CVE-2017-13565 + RESERVED +CVE-2017-13564 + RESERVED +CVE-2017-13563 + RESERVED +CVE-2017-13562 + RESERVED +CVE-2017-13561 + RESERVED +CVE-2017-13560 + RESERVED +CVE-2017-13559 + RESERVED +CVE-2017-13558 + RESERVED +CVE-2017-13557 + RESERVED +CVE-2017-13556 + RESERVED +CVE-2017-13555 + RESERVED +CVE-2017-13554 + RESERVED +CVE-2017-13553 + RESERVED +CVE-2017-13552 + RESERVED +CVE-2017-13551 + RESERVED +CVE-2017-13550 + RESERVED +CVE-2017-13549 + RESERVED +CVE-2017-13548 + RESERVED +CVE-2017-13547 + RESERVED +CVE-2017-13546 + RESERVED +CVE-2017-13545 + RESERVED +CVE-2017-13544 + RESERVED +CVE-2017-13543 + RESERVED +CVE-2017-13542 + RESERVED +CVE-2017-13541 + RESERVED +CVE-2017-13540 + RESERVED +CVE-2017-13539 + RESERVED +CVE-2017-13538 + RESERVED +CVE-2017-13537 + RESERVED +CVE-2017-13536 + RESERVED +CVE-2017-13535 + RESERVED +CVE-2017-13534 + RESERVED +CVE-2017-13533 + RESERVED +CVE-2017-13532 + RESERVED +CVE-2017-13531 + RESERVED +CVE-2017-13530 + RESERVED +CVE-2017-13529 + RESERVED +CVE-2017-13528 + RESERVED +CVE-2017-13527 + RESERVED +CVE-2017-13526 + RESERVED +CVE-2017-13525 + RESERVED +CVE-2017-13524 + RESERVED +CVE-2017-13523 + RESERVED +CVE-2017-13522 + RESERVED +CVE-2017-13521 + RESERVED +CVE-2017-13520 + RESERVED +CVE-2017-13519 + RESERVED +CVE-2017-13518 + RESERVED +CVE-2017-13517 + RESERVED +CVE-2017-13516 + RESERVED +CVE-2017-13515 + RESERVED +CVE-2017-13514 + RESERVED +CVE-2017-13513 + RESERVED +CVE-2017-13512 + RESERVED +CVE-2017-13511 + RESERVED +CVE-2017-13510 + RESERVED +CVE-2017-13509 + RESERVED +CVE-2017-13508 + RESERVED +CVE-2017-13507 + RESERVED +CVE-2017-13506 + RESERVED +CVE-2017-13505 + RESERVED +CVE-2017-13504 + RESERVED +CVE-2017-13503 + RESERVED +CVE-2017-13502 + RESERVED +CVE-2017-13501 + RESERVED +CVE-2017-13500 + RESERVED +CVE-2017-13499 + RESERVED +CVE-2017-13498 + RESERVED +CVE-2017-13497 + RESERVED +CVE-2017-13496 + RESERVED +CVE-2017-13495 + RESERVED +CVE-2017-13494 + RESERVED +CVE-2017-13493 + RESERVED +CVE-2017-13492 + RESERVED +CVE-2017-13491 + RESERVED +CVE-2017-13490 + RESERVED +CVE-2017-13489 + RESERVED +CVE-2017-13488 + RESERVED +CVE-2017-13487 + RESERVED +CVE-2017-13486 + RESERVED +CVE-2017-13485 + RESERVED +CVE-2017-13484 + RESERVED +CVE-2017-13483 + RESERVED +CVE-2017-13482 + RESERVED +CVE-2017-13481 + RESERVED +CVE-2017-13480 + RESERVED +CVE-2017-13479 + RESERVED +CVE-2017-13478 + RESERVED +CVE-2017-13477 + RESERVED +CVE-2017-13476 + RESERVED +CVE-2017-13475 + RESERVED +CVE-2017-13474 + RESERVED +CVE-2017-13473 + RESERVED +CVE-2017-13472 + RESERVED +CVE-2017-13471 + RESERVED +CVE-2017-13470 + RESERVED +CVE-2017-13469 + RESERVED +CVE-2017-13468 + RESERVED +CVE-2017-13467 + RESERVED +CVE-2017-13466 + RESERVED +CVE-2017-13465 + RESERVED +CVE-2017-13464 + RESERVED +CVE-2017-13463 + RESERVED +CVE-2017-13462 + RESERVED +CVE-2017-13461 + RESERVED +CVE-2017-13460 + RESERVED +CVE-2017-13459 + RESERVED +CVE-2017-13458 + RESERVED +CVE-2017-13457 + RESERVED +CVE-2017-13456 + RESERVED +CVE-2017-13455 + RESERVED +CVE-2017-13454 + RESERVED +CVE-2017-13453 + RESERVED +CVE-2017-13452 + RESERVED +CVE-2017-13451 + RESERVED +CVE-2017-13450 + RESERVED +CVE-2017-13449 + RESERVED +CVE-2017-13448 + RESERVED +CVE-2017-13447 + RESERVED +CVE-2017-13446 + RESERVED +CVE-2017-13445 + RESERVED +CVE-2017-13444 + RESERVED +CVE-2017-13443 + RESERVED +CVE-2017-13442 + RESERVED +CVE-2017-13441 + RESERVED +CVE-2017-13440 + RESERVED +CVE-2017-13439 + RESERVED +CVE-2017-13438 + RESERVED +CVE-2017-13437 + RESERVED +CVE-2017-13436 + RESERVED +CVE-2017-13435 + RESERVED +CVE-2017-13434 + RESERVED +CVE-2017-13433 + RESERVED +CVE-2017-13432 + RESERVED +CVE-2017-13431 + RESERVED +CVE-2017-13430 + RESERVED +CVE-2017-13429 + RESERVED +CVE-2017-13428 + RESERVED +CVE-2017-13427 + RESERVED +CVE-2017-13426 + RESERVED +CVE-2017-13425 + RESERVED +CVE-2017-13424 + RESERVED +CVE-2017-13423 + RESERVED +CVE-2017-13422 + RESERVED +CVE-2017-13421 + RESERVED +CVE-2017-13420 + RESERVED +CVE-2017-13419 + RESERVED +CVE-2017-13418 + RESERVED +CVE-2017-13417 + RESERVED +CVE-2017-13416 + RESERVED +CVE-2017-13415 + RESERVED +CVE-2017-13414 + RESERVED +CVE-2017-13413 + RESERVED +CVE-2017-13412 + RESERVED +CVE-2017-13411 + RESERVED +CVE-2017-13410 + RESERVED +CVE-2017-13409 + RESERVED +CVE-2017-13408 + RESERVED +CVE-2017-13407 + RESERVED +CVE-2017-13406 + RESERVED +CVE-2017-13405 + RESERVED +CVE-2017-13404 + RESERVED +CVE-2017-13403 + RESERVED +CVE-2017-13402 + RESERVED +CVE-2017-13401 + RESERVED +CVE-2017-13400 + RESERVED +CVE-2017-13399 + RESERVED +CVE-2017-13398 + RESERVED +CVE-2017-13397 + RESERVED +CVE-2017-13396 + RESERVED +CVE-2017-13395 + RESERVED +CVE-2017-13394 + RESERVED +CVE-2017-13393 + RESERVED +CVE-2017-13392 + RESERVED +CVE-2017-13391 + RESERVED +CVE-2017-13390 + RESERVED +CVE-2017-13389 + RESERVED +CVE-2017-13388 + RESERVED +CVE-2017-13387 + RESERVED +CVE-2017-13386 + RESERVED +CVE-2017-13385 + RESERVED +CVE-2017-13384 + RESERVED +CVE-2017-13383 + RESERVED +CVE-2017-13382 + RESERVED +CVE-2017-13381 + RESERVED +CVE-2017-13380 + RESERVED +CVE-2017-13379 + RESERVED +CVE-2017-13378 + RESERVED +CVE-2017-13377 + RESERVED +CVE-2017-13376 + RESERVED +CVE-2017-13375 + RESERVED +CVE-2017-13374 + RESERVED +CVE-2017-13373 + RESERVED +CVE-2017-13372 + RESERVED +CVE-2017-13371 + RESERVED +CVE-2017-13370 + RESERVED +CVE-2017-13369 + RESERVED +CVE-2017-13368 + RESERVED +CVE-2017-13367 + RESERVED +CVE-2017-13366 + RESERVED +CVE-2017-13365 + RESERVED +CVE-2017-13364 + RESERVED +CVE-2017-13363 + RESERVED +CVE-2017-13362 + RESERVED +CVE-2017-13361 + RESERVED +CVE-2017-13360 + RESERVED +CVE-2017-13359 + RESERVED +CVE-2017-13358 + RESERVED +CVE-2017-13357 + RESERVED +CVE-2017-13356 + RESERVED +CVE-2017-13355 + RESERVED +CVE-2017-13354 + RESERVED +CVE-2017-13353 + RESERVED +CVE-2017-13352 + RESERVED +CVE-2017-13351 + RESERVED +CVE-2017-13350 + RESERVED +CVE-2017-13349 + RESERVED +CVE-2017-13348 + RESERVED +CVE-2017-13347 + RESERVED +CVE-2017-13346 + RESERVED +CVE-2017-13345 + RESERVED +CVE-2017-13344 + RESERVED +CVE-2017-13343 + RESERVED +CVE-2017-13342 + RESERVED +CVE-2017-13341 + RESERVED +CVE-2017-13340 + RESERVED +CVE-2017-13339 + RESERVED +CVE-2017-13338 + RESERVED +CVE-2017-13337 + RESERVED +CVE-2017-13336 + RESERVED +CVE-2017-13335 + RESERVED +CVE-2017-13334 + RESERVED +CVE-2017-13333 + RESERVED +CVE-2017-13332 + RESERVED +CVE-2017-13331 + RESERVED +CVE-2017-13330 + RESERVED +CVE-2017-13329 + RESERVED +CVE-2017-13328 + RESERVED +CVE-2017-13327 + RESERVED +CVE-2017-13326 + RESERVED +CVE-2017-13325 + RESERVED +CVE-2017-13324 + RESERVED +CVE-2017-13323 + RESERVED +CVE-2017-13322 + RESERVED +CVE-2017-13321 + RESERVED +CVE-2017-13320 + RESERVED +CVE-2017-13319 + RESERVED +CVE-2017-13318 + RESERVED +CVE-2017-13317 + RESERVED +CVE-2017-13316 + RESERVED +CVE-2017-13315 + RESERVED +CVE-2017-13314 + RESERVED +CVE-2017-13313 + RESERVED +CVE-2017-13312 + RESERVED +CVE-2017-13311 + RESERVED +CVE-2017-13310 + RESERVED +CVE-2017-13309 + RESERVED +CVE-2017-13308 + RESERVED +CVE-2017-13307 + RESERVED +CVE-2017-13306 + RESERVED +CVE-2017-13305 + RESERVED +CVE-2017-13304 + RESERVED +CVE-2017-13303 + RESERVED +CVE-2017-13302 + RESERVED +CVE-2017-13301 + RESERVED +CVE-2017-13300 + RESERVED +CVE-2017-13299 + RESERVED +CVE-2017-13298 + RESERVED +CVE-2017-13297 + RESERVED +CVE-2017-13296 + RESERVED +CVE-2017-13295 + RESERVED +CVE-2017-13294 + RESERVED +CVE-2017-13293 + RESERVED +CVE-2017-13292 + RESERVED +CVE-2017-13291 + RESERVED +CVE-2017-13290 + RESERVED +CVE-2017-13289 + RESERVED +CVE-2017-13288 + RESERVED +CVE-2017-13287 + RESERVED +CVE-2017-13286 + RESERVED +CVE-2017-13285 + RESERVED +CVE-2017-13284 + RESERVED +CVE-2017-13283 + RESERVED +CVE-2017-13282 + RESERVED +CVE-2017-13281 + RESERVED +CVE-2017-13280 + RESERVED +CVE-2017-13279 + RESERVED +CVE-2017-13278 + RESERVED +CVE-2017-13277 + RESERVED +CVE-2017-13276 + RESERVED +CVE-2017-13275 + RESERVED +CVE-2017-13274 + RESERVED +CVE-2017-13273 + RESERVED +CVE-2017-13272 + RESERVED +CVE-2017-13271 + RESERVED +CVE-2017-13270 + RESERVED +CVE-2017-13269 + RESERVED +CVE-2017-13268 + RESERVED +CVE-2017-13267 + RESERVED +CVE-2017-13266 + RESERVED +CVE-2017-13265 + RESERVED +CVE-2017-13264 + RESERVED +CVE-2017-13263 + RESERVED +CVE-2017-13262 + RESERVED +CVE-2017-13261 + RESERVED +CVE-2017-13260 + RESERVED +CVE-2017-13259 + RESERVED +CVE-2017-13258 + RESERVED +CVE-2017-13257 + RESERVED +CVE-2017-13256 + RESERVED +CVE-2017-13255 + RESERVED +CVE-2017-13254 + RESERVED +CVE-2017-13253 + RESERVED +CVE-2017-13252 + RESERVED +CVE-2017-13251 + RESERVED +CVE-2017-13250 + RESERVED +CVE-2017-13249 + RESERVED +CVE-2017-13248 + RESERVED +CVE-2017-13247 + RESERVED +CVE-2017-13246 + RESERVED +CVE-2017-13245 + RESERVED +CVE-2017-13244 + RESERVED +CVE-2017-13243 + RESERVED +CVE-2017-13242 + RESERVED +CVE-2017-13241 + RESERVED +CVE-2017-13240 + RESERVED +CVE-2017-13239 + RESERVED +CVE-2017-13238 + RESERVED +CVE-2017-13237 + RESERVED +CVE-2017-13236 + RESERVED +CVE-2017-13235 + RESERVED +CVE-2017-13234 + RESERVED +CVE-2017-13233 + RESERVED +CVE-2017-13232 + RESERVED +CVE-2017-13231 + RESERVED +CVE-2017-13230 + RESERVED +CVE-2017-13229 + RESERVED +CVE-2017-13228 + RESERVED +CVE-2017-13227 + RESERVED +CVE-2017-13226 + RESERVED +CVE-2017-13225 + RESERVED +CVE-2017-13224 + RESERVED +CVE-2017-13223 + RESERVED +CVE-2017-13222 + RESERVED +CVE-2017-13221 + RESERVED +CVE-2017-13220 + RESERVED +CVE-2017-13219 + RESERVED +CVE-2017-13218 + RESERVED +CVE-2017-13217 + RESERVED +CVE-2017-13216 + RESERVED +CVE-2017-13215 + RESERVED +CVE-2017-13214 + RESERVED +CVE-2017-13213 + RESERVED +CVE-2017-13212 + RESERVED +CVE-2017-13211 + RESERVED +CVE-2017-13210 + RESERVED +CVE-2017-13209 + RESERVED +CVE-2017-13208 + RESERVED +CVE-2017-13207 + RESERVED +CVE-2017-13206 + RESERVED +CVE-2017-13205 + RESERVED +CVE-2017-13204 + RESERVED +CVE-2017-13203 + RESERVED +CVE-2017-13202 + RESERVED +CVE-2017-13201 + RESERVED +CVE-2017-13200 + RESERVED +CVE-2017-13199 + RESERVED +CVE-2017-13198 + RESERVED +CVE-2017-13197 + RESERVED +CVE-2017-13196 + RESERVED +CVE-2017-13195 + RESERVED +CVE-2017-13194 + RESERVED +CVE-2017-13193 + RESERVED +CVE-2017-13192 + RESERVED +CVE-2017-13191 + RESERVED +CVE-2017-13190 + RESERVED +CVE-2017-13189 + RESERVED +CVE-2017-13188 + RESERVED +CVE-2017-13187 + RESERVED +CVE-2017-13186 + RESERVED +CVE-2017-13185 + RESERVED +CVE-2017-13184 + RESERVED +CVE-2017-13183 + RESERVED +CVE-2017-13182 + RESERVED +CVE-2017-13181 + RESERVED +CVE-2017-13180 + RESERVED +CVE-2017-13179 + RESERVED +CVE-2017-13178 + RESERVED +CVE-2017-13177 + RESERVED +CVE-2017-13176 + RESERVED +CVE-2017-13175 + RESERVED +CVE-2017-13174 + RESERVED +CVE-2017-13173 + RESERVED +CVE-2017-13172 + RESERVED +CVE-2017-13171 + RESERVED +CVE-2017-13170 + RESERVED +CVE-2017-13169 + RESERVED +CVE-2017-13168 + RESERVED +CVE-2017-13167 + RESERVED +CVE-2017-13166 + RESERVED +CVE-2017-13165 + RESERVED +CVE-2017-13164 + RESERVED +CVE-2017-13163 + RESERVED +CVE-2017-13162 + RESERVED +CVE-2017-13161 + RESERVED +CVE-2017-13160 + RESERVED +CVE-2017-13159 + RESERVED +CVE-2017-13158 + RESERVED +CVE-2017-13157 + RESERVED +CVE-2017-13156 + RESERVED +CVE-2017-13155 + RESERVED +CVE-2017-13154 + RESERVED +CVE-2017-13153 + RESERVED +CVE-2017-13152 + RESERVED +CVE-2017-13151 + RESERVED +CVE-2017-13150 + RESERVED +CVE-2017-13149 + RESERVED +CVE-2017-13148 + RESERVED +CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability was found ...) + TODO: check CVE-2017-13146 (In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory ...) - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870013) NOTE: https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430 @@ -4,10 +1010,10 @@ CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file ...) - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116) NOTE: https://github.com/ImageMagick/ImageMagick/issues/600 -CVE-2017-13138 - RESERVED -CVE-2017-13137 - RESERVED +CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...) + TODO: check +CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the ...) + TODO: check CVE-2017-13136 RESERVED CVE-2017-13135 @@ -404,10 +1410,10 @@ NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a NOTE: http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn NOTE: This is similar class of issue as for CVE-2017-1000117/git -CVE-2017-12971 - RESERVED -CVE-2017-12970 - RESERVED +CVE-2017-12971 (Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows ...) + TODO: check +CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...) + TODO: check CVE-2017-12969 RESERVED CVE-2017-12968 @@ -422,8 +1428,8 @@ - asn1c <unfixed> [stretch] - asn1c <no-dsa> (Minor issue) [jessie] - asn1c <no-dsa> (Minor issue) -CVE-2017-12965 - RESERVED +CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote ...) + TODO: check CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...) - libsass <unfixed> [stretch] - libsass <no-dsa> (Minor issue) @@ -586,8 +1592,7 @@ RESERVED CVE-2017-12905 RESERVED -CVE-2017-12904 [RCE in newbeuter when bookmarking malicious article] - RESERVED +CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS Command in ...) {DSA-3947-1 DLA-1061-1} - newsbeuter 2.9-6 NOTE: https://github.com/akrennmair/newsbeuter/issues/591 @@ -1212,8 +2217,8 @@ RESERVED CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...) NOT-FOR-US: NetApp -CVE-2017-12858 - RESERVED +CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in ...) + TODO: check CVE-2017-12857 RESERVED CVE-2017-12856 @@ -1275,8 +2280,7 @@ RESERVED CVE-2017-12848 RESERVED -CVE-2017-12847 [privilege escalation via PID file manipulation] - RESERVED +CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...) - nagios3 <removed> [jessie] - nagios3 <no-dsa> (Minor issue) [wheezy] - nagios3 <no-dsa> (Minor issue) @@ -1288,8 +2292,8 @@ RESERVED CVE-2017-12845 RESERVED -CVE-2017-12844 - RESERVED +CVE-2017-12844 (Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp ...) + TODO: check CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to write to ...) - cyrus-imapd <not-affected> (Vulnerable code introduced later) - cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later) @@ -1358,8 +2362,7 @@ RESERVED CVE-2017-12810 RESERVED -CVE-2017-12809 [ide: flushing of empty CDROM drives leads to NULL dereference] - RESERVED +CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...) - qemu <unfixed> [stretch] - qemu <no-dsa> (Minor issue) [jessie] - qemu <no-dsa> (Minor issue) @@ -1411,8 +2414,7 @@ RESERVED CVE-2017-12792 RESERVED -CVE-2017-12791 [Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master] - RESERVED +CVE-2017-12791 (Directory traversal vulnerability in minion id validation in SaltStack ...) - salt <unfixed> (bug #872399) NOTE: https://github.com/saltstack/salt/pull/42944 NOTE: https://github.com/saltstack/salt/commit/6366e05d0d70bd709cc4233c3faf32a759d0173a @@ -2301,6 +3303,7 @@ - minidjvu <unfixed> (unimportant; bug #871495) NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ CVE-2017-12440 (Aodh as packaged in Openstack Ocata and Newton before change-ID ...) + {DSA-3953-1} - aodh <unfixed> (bug #872605) - python-ceilometerclient <undetermined> NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0080 @@ -3761,16 +4764,16 @@ [stretch] - smplayer <no-dsa> (Minor issue) [jessie] - smplayer <no-dsa> (Minor issue) [wheezy] - smplayer <not-affected> (vulnerable code not present) -CVE-2017-13140 [Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT #596] +CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ...) - imagemagick 8:6.9.7.4+dfsg-15 (bug #870111) NOTE: https://github.com/ImageMagick/ImageMagick/issues/596 -CVE-2017-13139 [out-of-bounds read with the MNG CLIP chunk] +CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...) - imagemagick 8:6.9.7.4+dfsg-15 (bug #870109) CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ...) - imagemagick 8:6.9.7.4+dfsg-15 (bug #870107) NOTE: https://github.com/ImageMagick/ImageMagick/issues/549 NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f -CVE-2017-13142 [Lack of validation of png file] +CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG ...) - imagemagick 8:6.9.7.4+dfsg-15 (bug #870105) NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3 NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac @@ -3897,7 +4900,7 @@ [wheezy] - imagemagick <not-affected> (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/547 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375 -CVE-2017-13143 [use of uninitialized data in ImageMagick/coders/mat.c] +CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage ...) - imagemagick 8:6.9.7.4+dfsg-14 (bug #870012) NOTE: https://github.com/ImageMagick/ImageMagick/issues/362 NOTE: https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960 @@ -4065,7 +5068,7 @@ NOT-FOR-US: eapmd5pass CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet function in ...) NOT-FOR-US: eapmd5pass -CVE-2017-13145 [crash in jp2 codec] +CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image ...) - imagemagick 8:6.9.7.4+dfsg-13 (bug #869830) NOTE: https://github.com/ImageMagick/ImageMagick/issues/501 NOTE: https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa @@ -4254,7 +5257,7 @@ [wheezy] - t1utils <not-affected> (Vulnerable code introduced in 1.39) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/kohler/t1utils/issues/6 -CVE-2017-13144 [Avoid a crash for mpc coder] +CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a "width ...) - imagemagick 8:6.9.7.4+dfsg-13 (bug #869728) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438 CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) @@ -4300,8 +5303,7 @@ NOT-FOR-US: ZyXEL CVE-2017-11611 RESERVED -CVE-2017-11610 [Authenticated RCE] - RESERVED +CVE-2017-11610 (The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, ...) {DSA-3942-1 DLA-1047-1} - supervisor 3.3.1-1.1 (bug #870187) NOTE: https://github.com/Supervisor/supervisor/issues/964 @@ -5012,8 +6014,8 @@ [jessie] - sox <no-dsa> (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ -CVE-2017-11357 - RESERVED +CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...) + TODO: check CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...) NOT-FOR-US: PEGA Platform CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform ...) @@ -5164,8 +6166,8 @@ RESERVED CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...) NOT-FOR-US: Cobian -CVE-2017-11317 - RESERVED +CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...) + TODO: check CVE-2017-11316 RESERVED CVE-2017-11315 @@ -5557,8 +6559,8 @@ RESERVED CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in ...) NOT-FOR-US: Installer in Synology Assistant -CVE-2017-11159 - RESERVED +CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in ...) + TODO: check CVE-2017-11158 RESERVED CVE-2017-11157 @@ -10055,8 +11057,8 @@ RESERVED CVE-2017-9507 RESERVED -CVE-2017-9506 - RESERVED +CVE-2017-9506 (The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 ...) + TODO: check CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...) NOT-FOR-US: Atlassian Confluence CVE-2017-9504 @@ -77876,8 +78878,7 @@ - qemu-kvm <not-affected> (Vulnerable code introduced in 2.1.0) NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b (v2.1.0-rc0) -CVE-2015-5224 [login-utils: file name collision due to incorrect mkstemp use] - RESERVED +CVE-2015-5224 (The mkostemp function in login-utils in util-linux when used ...) [experimental] - util-linux 2.27~rc2-2 - util-linux 2.27-1 (unimportant) NOTE: chfn/chsh not built in util-linux in Debian (--disable-chfn-chsh) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits