Author: sectracker Date: 2017-12-05 21:10:17 +0000 (Tue, 05 Dec 2017) New Revision: 58277
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-05 21:08:45 UTC (rev 58276) +++ data/CVE/list 2017-12-05 21:10:17 UTC (rev 58277) @@ -1,3 +1,17 @@ +CVE-2017-17430 + RESERVED +CVE-2017-17429 + RESERVED +CVE-2017-17428 + RESERVED +CVE-2017-17427 + RESERVED +CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.26 ...) + TODO: check +CVE-2017-1000409 + RESERVED +CVE-2017-1000408 + RESERVED CVE-2017-XXXX [OPENAFS-SA-2017-001: Rx assertion failure from insufficient input validation] - openafs 1.6.22-1 (bug #883602) NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt @@ -1689,8 +1703,8 @@ RESERVED CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...) NOT-FOR-US: Splunk Web -CVE-2017-17066 - RESERVED +CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the ...) + TODO: check CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...) NOT-FOR-US: D-Link CVE-2017-17064 @@ -3335,10 +3349,10 @@ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956 NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050 -CVE-2017-16930 - RESERVED -CVE-2017-16929 - RESERVED +CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 10.1 ...) + TODO: check +CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...) + TODO: check CVE-2017-16928 RESERVED CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...) @@ -3446,6 +3460,7 @@ CVE-2017-16885 RESERVED CVE-2017-1000407 [DoS via write flood to I/O port 0x80] + RESERVED - linux <unfixed> NOTE: https://www.spinics.net/lists/kvm/msg159809.html CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...) @@ -3623,9 +3638,9 @@ - pjproject 2.7.1~dfsg-1 NOTE: https://trac.pjsip.org/repos/ticket/2056 NOTE: https://trac.pjsip.org/repos/changeset/5682 -CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...) +CVE-2017-16871 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...) NOT-FOR-US: UpdraftPlus plugin for WordPress -CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...) +CVE-2017-16870 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...) NOT-FOR-US: UpdraftPlus plugin for WordPress CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...) - upx-ucl <unfixed> (bug #882041; unimportant) @@ -3942,10 +3957,10 @@ RESERVED CVE-2017-16858 RESERVED -CVE-2017-16857 - RESERVED -CVE-2017-16856 - RESERVED +CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...) + TODO: check +CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...) + TODO: check CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...) - ipsilon <itp> (bug #826838) CVE-2017-16854 @@ -5513,7 +5528,7 @@ RESERVED CVE-2017-16240 RESERVED -CVE-2017-17051 [Regression introduced with the fix for OSSA-2017-005 (CVE-2017-16239)] +CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack ...) - nova <unfixed> (bug #883621) [stretch] - nova <not-affected> (Fix for CVE-2017-16239 not applied and not affecting 14.x.y) [jessie] - nova <not-affected> (Vulnerable code not present) @@ -6873,8 +6888,8 @@ RESERVED CVE-2017-15814 RESERVED -CVE-2017-15813 - RESERVED +CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...) NOT-FOR-US: Wordpress plugin CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the ...) @@ -9458,16 +9473,16 @@ - nodejs <unfixed> (unimportant) NOTE: Debian doesn't use zlib 1.2.9 yet NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ -CVE-2017-14918 - RESERVED -CVE-2017-14917 - RESERVED -CVE-2017-14916 - RESERVED +CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-14915 RESERVED -CVE-2017-14914 - RESERVED +CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-14913 RESERVED CVE-2017-14912 @@ -9476,36 +9491,36 @@ RESERVED CVE-2017-14910 RESERVED -CVE-2017-14909 - RESERVED -CVE-2017-14908 - RESERVED -CVE-2017-14907 - RESERVED +CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-14906 RESERVED -CVE-2017-14905 - RESERVED -CVE-2017-14904 - RESERVED -CVE-2017-14903 - RESERVED -CVE-2017-14902 - RESERVED -CVE-2017-14901 - RESERVED -CVE-2017-14900 - RESERVED -CVE-2017-14899 - RESERVED -CVE-2017-14898 - RESERVED -CVE-2017-14897 - RESERVED -CVE-2017-14896 - RESERVED -CVE-2017-14895 - RESERVED +CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14899 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-14894 RESERVED CVE-2017-14893 @@ -20871,22 +20886,22 @@ NOT-FOR-US: Qualcomm components for Android CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-11049 - RESERVED +CVE-2017-11049 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-11047 - RESERVED +CVE-2017-11047 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-11045 - RESERVED -CVE-2017-11044 - RESERVED -CVE-2017-11043 - RESERVED -CVE-2017-11042 - RESERVED +CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11044 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11043 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11042 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11041 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-11040 (In all Qualcomm products with Android releases from CAF using the ...) @@ -20903,14 +20918,14 @@ NOT-FOR-US: Qualcomm components for Android CVE-2017-11034 RESERVED -CVE-2017-11033 - RESERVED +CVE-2017-11033 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-11031 - RESERVED -CVE-2017-11030 - RESERVED +CVE-2017-11031 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11030 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -20931,14 +20946,14 @@ RESERVED CVE-2017-11020 RESERVED -CVE-2017-11019 - RESERVED +CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-11016 - RESERVED +CVE-2017-11016 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11015 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11014 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -20955,12 +20970,12 @@ RESERVED CVE-2017-11008 RESERVED -CVE-2017-11007 - RESERVED -CVE-2017-11006 - RESERVED -CVE-2017-11005 - RESERVED +CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11004 RESERVED CVE-2017-11003 @@ -24579,20 +24594,20 @@ NOT-FOR-US: Qualcomm driver for Android CVE-2017-9723 RESERVED -CVE-2017-9722 - RESERVED +CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9721 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Android boot loader (aboot) CVE-2017-9720 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9719 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-9718 - RESERVED +CVE-2017-9718 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-9716 - RESERVED +CVE-2017-9716 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -24603,12 +24618,12 @@ RESERVED CVE-2017-9711 RESERVED -CVE-2017-9710 - RESERVED -CVE-2017-9709 - RESERVED -CVE-2017-9708 - RESERVED +CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-9708 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9707 RESERVED CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -24617,18 +24632,18 @@ RESERVED CVE-2017-9704 RESERVED -CVE-2017-9703 - RESERVED +CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9701 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-9700 - RESERVED +CVE-2017-9700 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9699 RESERVED -CVE-2017-9698 - RESERVED +CVE-2017-9698 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -27456,8 +27471,7 @@ [wheezy] - libetpan <no-dsa> (Minor issue) NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d NOTE: https://github.com/dinhviethoa/libetpan/issues/274 -CVE-2017-8824 [use-after-free in DCCP code] - RESERVED +CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel ...) - linux <unfixed> NOTE: http://lists.openwall.net/netdev/2017/12/04/224 CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) @@ -35848,8 +35862,8 @@ RESERVED CVE-2017-6212 REJECTED -CVE-2017-6211 - RESERVED +CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel ...) {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 @@ -80477,26 +80491,22 @@ RESERVED CVE-2015-8699 (Multiple cross-site scripting (XSS) vulnerabilities in CA Release ...) NOT-FOR-US: CA Release Automation -CVE-2016-1255 [privilege escalation from postgresql user to root] - RESERVED +CVE-2016-1255 (The pg_ctlcluster script in postgresql-common package in Debian wheezy ...) {DLA-774-1} - postgresql-common 178 [jessie] - postgresql-common 165+deb8u2 NOTE: Fix: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee NOTE: Testsuite update: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=30f0e4200cfc358b4536bf5d1f6c48abb779d438 -CVE-2016-1254 [TROVE-2016-12-002] - RESERVED +CVE-2016-1254 (Tor before 0.2.8.12 might allow remote attackers to cause a denial of ...) {DSA-3741-1 DLA-754-1} - tor 0.2.9.8-2 (bug #848847) NOTE: https://blog.torproject.org/blog/tor-02812-released NOTE: https://trac.torproject.org/projects/tor/ticket/21018 -CVE-2016-1253 [shell injection attack using LZMA-compressed files] - RESERVED +CVE-2016-1253 (The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie ...) {DLA-745-1} - most 5.0.0a-3 (bug #848132) [jessie] - most 5.0.0a-2.3+deb8u1 -CVE-2016-1252 - RESERVED +CVE-2016-1252 (The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ...) {DSA-3733-1} - apt 1.4~beta2 [wheezy] - apt <not-affected> (Issue introduced in apt >= 0.9.8) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits