automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@50983 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-04-24 09:10:12 +0000
committer: security tracker role <sectracker@debian.org> 2017-04-24 09:10:12 +0000
commit: 5ed77910522058816d79f3a02a4868a5a11fa058 (patch)
tree: ce95f03a8b93cb787f2adba2115ac69c27bc36da /data/CVE
parent: 1c86a9ac549d69d95cb993531a4c9333807655e4 (diff)
5 files changed, 47 insertions, 24 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 56d00e0367..8994eed20f 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,5 @@
+CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before ...)
+	TODO: check
 CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) ...)
 	NOT-FOR-US: Dataprobe iBootBar
 CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released ...)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 61786b9236..d86b8a86c3 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,3 +1,5 @@
+CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...)
+	TODO: check
 CVE-2010-5328 (include/linux/init_task.h in the Linux kernel before 2.6.35 does not ...)
 	- linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux rename)
 	- linux-2.6 2.6.37-1
@@ -22,8 +24,7 @@ CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earl
 CVE-2010-XXXX [crash when parsing overly long links]
 	- lynx-cur 2.8.8dev.4-1
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2
-CVE-2010-5321 [v4l: videobuf: hotfix a bug on multiple calls to mmap()]
-	RESERVED
+CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf ...)
 	- linux <unfixed> (unimportant; bug #827340)
 	- linux-2.6 <removed> (unimportant)
 	NOTE: Unclear, old report for Linux
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index dd211141ea..71695e00f0 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1037,12 +1037,11 @@ CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in ...)
 	NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/10/15
 CVE-2014-9681 [preserves TZ by default]
-	RESERVED
+	REJECTED
 	- procmail <unfixed> (unimportant; bug #778341; bug #772706)
 	NOTE: No security boundaries are crossed here
 	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
-CVE-2014-9680 [preserves TZ by default]
-	RESERVED
+CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment variable is ...)
 	{DSA-3167-1 DLA-160-1}
 	- sudo 1.8.12-1 (bug #772707)
 	[jessie] - sudo 1.8.10p3-1+deb8u2
@@ -1060,8 +1059,7 @@ CVE-2014-9655 (The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2
 	- tiff3 <removed>
 	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif
 	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif
-CVE-2014-9654
-	RESERVED
+CVE-2014-9654 (The Regular Expressions package in International Components for ...)
 	{DSA-3187-1 DLA-219-1}
 	- icu 52.1-7.1 (bug #776719)
 	NOTE: https://ssl.icu-project.org/trac/changeset/36801
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 431605726b..1a883cc9a7 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -3415,10 +3415,10 @@ CVE-2015-8112
 	RESERVED
 CVE-2015-8111
 	RESERVED
-CVE-2015-8110
-	RESERVED
-CVE-2015-8109
-	RESERVED
+CVE-2015-8110 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
+	TODO: check
+CVE-2015-8109 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
+	TODO: check
 CVE-2015-8108 (The management interface in LenovoEMC EZ Media &amp; Backup (hm3), ...)
 	NOT-FOR-US: LenovoEMC
 CVE-2015-8107 (Format string vulnerability in GNU a2ps 4.14 allows remote attackers ...)
@@ -22027,10 +22027,10 @@ CVE-2015-1524
 	RESERVED
 CVE-2015-1523
 	RESERVED
-CVE-2015-1522
-	RESERVED
-CVE-2015-1521
-	RESERVED
+CVE-2015-1522 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject ...)
+	TODO: check
+CVE-2015-1521 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly ...)
+	TODO: check
 CVE-2015-1520
 	RESERVED
 CVE-2015-1519
@@ -26167,14 +26167,14 @@ CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
 	NOT-FOR-US: IBM
 CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
 	NOT-FOR-US: IBM
-CVE-2015-0107
-	RESERVED
+CVE-2015-0107 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...)
+	TODO: check
 CVE-2015-0106 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
 	NOT-FOR-US: IBM Business Process Manager
 CVE-2015-0105 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...)
 	NOT-FOR-US: IBM Business Process Manager
-CVE-2015-0104
-	RESERVED
+CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...)
+	TODO: check
 CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process ...)
 	NOT-FOR-US: IBM Business Process Manager
 CVE-2015-0102
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 2a643c3946..63043ed177 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,13 @@
+CVE-2017-8084
+	RESERVED
+CVE-2017-8083
+	RESERVED
+CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which ...)
+	TODO: check
+CVE-2017-8081
+	RESERVED
+CVE-2017-8080
+	RESERVED
 CVE-2017-8079
 	RESERVED
 CVE-2017-8078 (On the TP-Link TL-SG108E 1.0, the upgrade process can be requested ...)
@@ -337,8 +347,8 @@ CVE-2017-7946 (The get_relocs_64 function in libr/bin/format/mach0/mach0.c in ra
 	NOTE: https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92
 CVE-2017-7945
 	RESERVED
-CVE-2017-7944
-	RESERVED
+CVE-2017-7944 (XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install ...)
+	TODO: check
 CVE-2017-7943 (The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote ...)
 	- imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860736)
 	[jessie] - imagemagick <no-dsa> (Minor issue)
@@ -505,6 +515,7 @@ CVE-2017-7872
 CVE-2017-7871 (trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in ...)
 	NOT-FOR-US: trollepierre/tdm
 CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a ...)
+	{DLA-910-1}
 	- libreoffice 1:5.2.5-1
 	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
 CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an ...)
@@ -573,8 +584,8 @@ CVE-2017-7853 (In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead t
 	- libosip2 4.1.0-2.1 (bug #860287)
 	NOTE: https://savannah.gnu.org/support/index.php?109265
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
-CVE-2017-7852
-	RESERVED
+CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file that ...)
+	TODO: check
 CVE-2017-7851
 	RESERVED
 CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local ...)
@@ -1174,42 +1185,50 @@ CVE-2017-7604 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-s
 CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed ...)
 	NOT-FOR-US: libaacplus
 CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7601 (LibTIFF 4.0.7 has a &quot;shift exponent too large for 64-bit type long&quot; ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7600 (LibTIFF 4.0.7 has an &quot;outside the range of representable values of type ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7599 (LibTIFF 4.0.7 has an &quot;outside the range of representable values of type ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6 (low)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an &quot;outside the range of ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7596 (LibTIFF 4.0.7 has an &quot;outside the range of representable values of type ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6 (low; bug #860003)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
@@ -1217,15 +1236,18 @@ CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allo
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c
 	NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
 CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6 (low; bug #860001)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659
 CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6 (bug #860000)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651
 CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a ...)
+	{DLA-911-1}
 	- tiff 4.0.7-6 (bug #859998)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658
@@ -12322,7 +12344,7 @@ CVE-2017-3158
 	RESERVED
 CVE-2017-3157
 	RESERVED
-	{DSA-3792-1}
+	{DSA-3792-1 DLA-910-1}
 	- libreoffice 1:5.2.3-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
 CVE-2017-3156
author	security tracker role <sectracker@debian.org>	2017-04-24 09:10:12 +0000
committer	security tracker role <sectracker@debian.org>	2017-04-24 09:10:12 +0000
commit	5ed77910522058816d79f3a02a4868a5a11fa058 (patch)
tree	ce95f03a8b93cb787f2adba2115ac69c27bc36da /data/CVE
parent	1c86a9ac549d69d95cb993531a4c9333807655e4 (diff)