diff options
author | security tracker role <sectracker@debian.org> | 2017-03-03 09:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-03-03 09:10:17 +0000 |
commit | babc0ab7ca3d7969ed8a96014ac0bc7299e21882 (patch) | |
tree | e70ef3a39c3ad2fe4e17002fd20126ffad52b197 /data/CVE | |
parent | 8b8b7c473176bbb69652350cfd4e3a10a5d69371 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@49385 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2002.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 28 | ||||
-rw-r--r-- | data/CVE/2017.list | 20 |
3 files changed, 26 insertions, 24 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list index f71a3834b2..2e3f31d842 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,3 +1,5 @@ +CVE-2002-2447 + RESERVED CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index d56c608f15..1a503cd579 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1213,8 +1213,8 @@ CVE-2016-9893 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9893 -CVE-2016-9892 - RESERVED +CVE-2016-9892 (The esets_daemon service in ESET Endpoint Antivirus for macOS before ...) + TODO: check CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and ...) - dotclear <removed> CVE-2016-9890 @@ -2710,8 +2710,7 @@ CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporar NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie -CVE-2016-10071 [mat file out of bound] - RESERVED +CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845246) NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366 @@ -2726,8 +2725,7 @@ CVE-2016-10070 [mat file out of bound] NOTE: https://github.com/ImageMagick/ImageMagick/issues/131 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10069 [Add check for invalid mat file] - RESERVED +CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845244) NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0 @@ -2751,8 +2749,7 @@ CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray] NOTE: https://github.com/ImageMagick/ImageMagick/issues/301 NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master) -CVE-2016-10068 [Prevent fault in MSL interpreter] - RESERVED +CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote ...) {DLA-756-1} - imagemagick 8:6.9.6.5+dfsg-1 (bug #845241) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797 @@ -2765,8 +2762,7 @@ CVE-2016-10058 [Fixed memory leak in psd file handling] [wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10067 - RESERVED +CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213) NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 @@ -2785,20 +2781,17 @@ CVE-2016-10065 [Fix out of bound read in viff file handling] NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05 NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10064 [Better check for bufferoverflow for TIFF handling] - RESERVED +CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845202) NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10063 [Check validity of extend during TIFF file reading] - RESERVED +CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845198) NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10062 [fwrite issue in ReadGROUP4Image] - RESERVED +CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not ...) {DSA-3799-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #849439) [wheezy] - imagemagick <no-dsa> (Minor issue) @@ -2818,8 +2811,7 @@ CVE-2016-10061 NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9 NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10060 - RESERVED +CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ...) {DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845196) [jessie] - imagemagick <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 57e0082e05..7ee8bba814 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,11 @@ +CVE-2017-6446 + RESERVED +CVE-2017-6445 + RESERVED +CVE-2017-6444 + RESERVED +CVE-2017-6443 + RESERVED CVE-2017-XXXX [dns: out of bound memory read] - suricata <unfixed> NOTE: https://redmine.openinfosecfoundation.org/issues/2022 @@ -828,12 +836,12 @@ CVE-2017-6106 RESERVED CVE-2017-6105 RESERVED -CVE-2017-6104 - RESERVED -CVE-2017-6103 - RESERVED -CVE-2017-6102 - RESERVED +CVE-2017-6104 (Remote file upload vulnerability in Wordpress Plugin Mobile App Native ...) + TODO: check +CVE-2017-6103 (Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. ...) + TODO: check +CVE-2017-6102 (Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. ...) + TODO: check CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in ...) - atheme-services 7.2.9-1 (bug #855588) [jessie] - atheme-services <not-affected> (versions prior to 7.2.7 not vulnerable) |