diff options
author | security tracker role <sectracker@debian.org> | 2017-10-10 18:45:48 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-10-10 18:45:48 +0000 |
commit | 619335b0357eeeff24fd0329ac1259a40792561d (patch) | |
tree | 2d04ef1a9ee2e9f971807cc62b61950677fb231a | |
parent | 7ea91226c6decba1422fd02d55385865ca34a9dc (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@56576 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2008.list | 3 | ||||
-rw-r--r-- | data/CVE/2014.list | 3 | ||||
-rw-r--r-- | data/CVE/2015.list | 35 | ||||
-rw-r--r-- | data/CVE/2017.list | 17 |
4 files changed, 26 insertions, 32 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 7356c4a893..0181ecba4c 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -6,8 +6,7 @@ CVE-2008-7316 (mm/filemap.c in the Linux kernel before 2.6.25 allows local users - linux <not-affected> (Issue fixed before the src:linux-2.6 rename) - linux-2.6 2.6.25-1 NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1) -CVE-2008-7315 [Shell escape vulnerability] - RESERVED +CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute ...) - libui-dialog-perl <unfixed> (bug #496448) [jessie] - libui-dialog-perl <no-dsa> (Minor issue) [wheezy] - libui-dialog-perl <no-dsa> (Minor issue) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index aa9cc34802..c5a73ffae5 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -3165,8 +3165,7 @@ CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a denia NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449 NOTE: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401 NOTE: fixed in experimental with 1:4.4.0~beta1-1 -CVE-2014-9092 - RESERVED +CVE-2014-9092 (libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial ...) - libjpeg-turbo 1:1.3.1-11 (bug #768369) CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the Linux ...) {DSA-3093-1 DLA-103-1} diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 5c1835b64a..e0ab8af81b 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -3486,8 +3486,7 @@ CVE-2015-8241 (The xmlNextChar function in libxml2 2.9.2 does not properly check NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe NOTE: Introduced/Uncovered by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941) NOTE: http://www.openwall.com/lists/oss-security/2015/11/17/5 -CVE-2015-8239 [race condition checking digests/checksums in sudoers] - RESERVED +CVE-2015-8239 (The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 ...) - sudo 1.8.17p1-1 (bug #805563) [jessie] - sudo <no-dsa> (Minor issue) [wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher) @@ -4832,8 +4831,8 @@ CVE-2015-7780 (Directory traversal vulnerability in ManageEngine Firewall Analyz NOT-FOR-US: ManageEngine Firewall Analyzer CVE-2015-7779 REJECTED -CVE-2015-7778 - RESERVED +CVE-2015-7778 (Gurunavi App for iOS before 6.0.0 does not verify SSL certificates ...) + TODO: check CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest ...) NOT-FOR-US: JosephErnest Void CVE-2015-7776 (Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict ...) @@ -5727,8 +5726,7 @@ CVE-2015-7504 [net: pcnet: heap overflow vulnerability in loopback mode] [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html NOTE: Xen not affected in wheezy, CVE covered by XSA-162: https://marc.info/?l=oss-security&m=144888089404618&w=2 -CVE-2015-7503 [Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey] - RESERVED +CVE-2015-7503 (Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before ...) NOT-FOR-US: php-zend-crypt NOTE: http://framework.zend.com/security/advisory/ZF2015-10 CVE-2015-7502 (Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms ...) @@ -5984,8 +5982,7 @@ CVE-2015-7386 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Gallery - Photo Albums - Portfolio plugin for WordPress CVE-2015-7385 (Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard ...) NOT-FOR-US: Open-Xchange -CVE-2015-7384 [HTTP Denial of Service Vulnerability] - RESERVED +CVE-2015-7384 (Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a ...) - nodejs 4.1.1~dfsg-3 (bug #800580) [jessie] - nodejs <not-affected> (Vulnerability not present) NOTE: https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I @@ -7148,8 +7145,7 @@ CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the NOT-FOR-US: sourceAFRICA plugin for WordPress CVE-2015-6919 (Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) ...) NOT-FOR-US: googleSearch (CSE) component for Joomla! -CVE-2015-6918 [git module leaks authentication details into log] - RESERVED +CVE-2015-6918 (salt before 2015.5.5 leaks git usernames and passwords to the log. ...) - salt 2015.8.1+ds-1 (bug #803182) [jessie] - salt <no-dsa> (Minor issue) NOTE: https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a @@ -8288,8 +8284,8 @@ CVE-2015-6527 (The php_str_replace_in_subject function in ext/standard/string.c - php5 <not-affected> (Specific to PHP 7) NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5 NOTE: https://bugs.php.net/bug.php?id=70140 -CVE-2015-6521 - RESERVED +CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS ...) + TODO: check CVE-2015-6519 (SQL injection vulnerability in Arab Portal 3 allows remote attackers ...) NOT-FOR-US: Arab Portal 3 CVE-2015-6518 (Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin ...) @@ -10410,8 +10406,7 @@ CVE-2015-5677 (bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readab NOT-FOR-US: bsnmpd CVE-2015-5676 RESERVED -CVE-2015-5675 [IRET privilege escalation] - RESERVED +CVE-2015-5675 (The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 ...) - kfreebsd-10 10.1~svn274115-10 (unimportant; bug #796996) NOTE: kfreebsd not covered by security support in Jessie - kfreebsd-9 <removed> (bug #796997) @@ -10497,8 +10492,8 @@ CVE-2015-5641 (SQL injection vulnerability in baserCMS before 3.0.8 allows remot NOT-FOR-US: baserCMS CVE-2015-5640 (baserCMS before 3.0.8 allows remote authenticated users to modify ...) NOT-FOR-US: baserCMS -CVE-2015-5639 - RESERVED +CVE-2015-5639 (niconico App for iOS before 6.38 does not verify SSL certificates ...) + TODO: check CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...) NOT-FOR-US: H2O CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows ...) @@ -18085,8 +18080,8 @@ CVE-2015-2990 (Directory traversal vulnerability in zhtml.cgi in NEOJAPAN deskne NOT-FOR-US: desknet NEO CVE-2015-2989 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...) NOT-FOR-US: LEMON-S -CVE-2015-2988 - RESERVED +CVE-2015-2988 (Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL ...) + TODO: check CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, ...) NOT-FOR-US: Type74 ED CVE-2015-2986 (Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji ...) @@ -18351,8 +18346,8 @@ CVE-2015-2858 (Datalex airline booking software before 2015-09-03 allows remote NOT-FOR-US: Datalex airline booking software CVE-2015-2857 (Accellion File Transfer Appliance before FTA_9_11_210 allows remote ...) NOT-FOR-US: Accellion File Transfer Appliance -CVE-2015-2856 - RESERVED +CVE-2015-2856 (Directory traversal vulnerability in the template function in ...) + TODO: check CVE-2015-2855 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...) NOT-FOR-US: Blue Coat SSL Visibility Appliance CVE-2015-2854 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 471fc940cf..405a4c32db 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,5 @@ +CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete ...) + TODO: check CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated ...) - shaarli <itp> (bug #864559) CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...) @@ -4118,8 +4120,8 @@ CVE-2017-13708 (Buffer overflow in the web server service in VX Search Enterpris NOT-FOR-US: VX Search Enterprise CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version ...) NOT-FOR-US: Replibit -CVE-2017-13706 - RESERVED +CVE-2017-13706 (XML external entity (XXE) vulnerability in the import package ...) + TODO: check CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...) - flightgear 1:2017.2.1+dfsg-4 (low; bug #873439) [stretch] - flightgear <no-dsa> (Minor issue) @@ -6143,10 +6145,10 @@ CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer ... {DLA-1117-1} - opencv <unfixed> (bug #875342) NOTE: https://github.com/opencv/opencv/issues/9370 -CVE-2017-12861 - RESERVED -CVE-2017-12860 - RESERVED +CVE-2017-12861 (The Epson "EasyMP" software (tested on version 2.86) is designed to ...) + TODO: check +CVE-2017-12860 (The Epson "EasyMP" software (tested on version 2.86) is designed to ...) + TODO: check CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...) NOT-FOR-US: NetApp CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in ...) @@ -6817,8 +6819,7 @@ CVE-2017-12625 RESERVED CVE-2017-12624 RESERVED -CVE-2017-12623 - RESERVED +CVE-2017-12623 (An authorized user could upload a template which contained malicious ...) NOT-FOR-US: Apache NiFi CVE-2017-12622 RESERVED |