Author: sectracker Date: 2017-11-22 21:10:15 +0000 (Wed, 22 Nov 2017) New Revision: 57939
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-22 20:57:18 UTC (rev 57938) +++ data/CVE/list 2017-11-22 21:10:15 UTC (rev 57939) @@ -1047,6 +1047,7 @@ NOTE: https://github.com/bit-team/backintime/issues/834 NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3 CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-based ...) + {DLA-1185-1} - sam2p <removed> NOTE: https://github.com/pts/sam2p/issues/16 CVE-2017-16662 @@ -4059,8 +4060,8 @@ RESERVED CVE-2017-15529 RESERVED -CVE-2017-15528 - RESERVED +CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can be ...) + TODO: check CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be ...) NOT-FOR-US: Symantec CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) @@ -5248,15 +5249,13 @@ CVE-2017-15100 RESERVED - foreman <itp> (bug #663101) -CVE-2017-15099 - RESERVED +CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before ...) {DSA-4028-1} - postgresql-10 10.1-1 - postgresql-9.6 <unfixed> - postgresql-9.4 <not-affected> (ON CONFLICT DO UPDATE and RLS introduced in 9.5) - postgresql-9.1 <not-affected> (ON CONFLICT DO UPDATE and RLS introduced in 9.5) -CVE-2017-15098 - RESERVED +CVE-2017-15098 (Invalid json_populate_recordset or jsonb_populate_recordset function ...) {DSA-4028-1 DSA-4027-1} - postgresql-10 10.1-1 - postgresql-9.6 <unfixed> @@ -10857,8 +10856,8 @@ RESERVED CVE-2017-13072 RESERVED -CVE-2017-13071 - RESERVED +CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern ...) + TODO: check CVE-2017-13070 RESERVED CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities found in ...) @@ -13848,8 +13847,7 @@ RESERVED CVE-2017-12194 RESERVED -CVE-2017-12193 - RESERVED +CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array.c ...) - linux 4.13.13-1 [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13-rc1) NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7) @@ -13861,8 +13859,7 @@ NOTE: Introduced by: https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1) CVE-2017-12191 RESERVED -CVE-2017-12190 [memory leak when merging buffers in SCSI IO vectors] - RESERVED +CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the ...) - linux 4.13.10-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089 CVE-2017-12189 @@ -25984,7 +25981,7 @@ RESERVED CVE-2017-8028 RESERVED - {DLA-1180-1} + {DSA-4046-1 DLA-1180-1} - libspring-ldap-java <removed> NOTE: https://pivotal.io/security/cve-2017-8028 NOTE: https://github.com/spring-projects/spring-ldap/issues/430 @@ -27240,8 +27237,8 @@ RESERVED CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...) NOT-FOR-US: Fortinet -CVE-2017-7736 - RESERVED +CVE-2017-7736 (A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb ...) + TODO: check CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) @@ -32364,8 +32361,8 @@ NOT-FOR-US: F5 BIG-IP CVE-2017-6167 RESERVED -CVE-2017-6166 - RESERVED +CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...) + TODO: check CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6164 @@ -52120,7 +52117,7 @@ CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to files that ...) - moodle 2.7.17+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=343275 -CVE-2016-10089 (Nagios 4.2.4 and earlier allows local users to gain root privileges ...) +CVE-2016-10089 (Nagios 4.3.2 and earlier allows local users to gain root privileges ...) - nagios3 <not-affected> (Vulnerable code not present) NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript. CVE-2016-8641 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits