diff options
author | security tracker role <sectracker@debian.org> | 2017-04-24 09:10:12 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-04-24 09:10:12 +0000 |
commit | 5ed77910522058816d79f3a02a4868a5a11fa058 (patch) | |
tree | ce95f03a8b93cb787f2adba2115ac69c27bc36da /data | |
parent | 1c86a9ac549d69d95cb993531a4c9333807655e4 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@50983 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2010.list | 5 | ||||
-rw-r--r-- | data/CVE/2014.list | 8 | ||||
-rw-r--r-- | data/CVE/2015.list | 24 | ||||
-rw-r--r-- | data/CVE/2017.list | 32 |
5 files changed, 47 insertions, 24 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 56d00e0367..8994eed20f 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,3 +1,5 @@ +CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before ...) + TODO: check CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) ...) NOT-FOR-US: Dataprobe iBootBar CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 61786b9236..d86b8a86c3 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1,3 +1,5 @@ +CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) + TODO: check CVE-2010-5328 (include/linux/init_task.h in the Linux kernel before 2.6.35 does not ...) - linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux rename) - linux-2.6 2.6.37-1 @@ -22,8 +24,7 @@ CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earl CVE-2010-XXXX [crash when parsing overly long links] - lynx-cur 2.8.8dev.4-1 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2 -CVE-2010-5321 [v4l: videobuf: hotfix a bug on multiple calls to mmap()] - RESERVED +CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf ...) - linux <unfixed> (unimportant; bug #827340) - linux-2.6 <removed> (unimportant) NOTE: Unclear, old report for Linux diff --git a/data/CVE/2014.list b/data/CVE/2014.list index dd211141ea..71695e00f0 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1037,12 +1037,11 @@ CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in ...) NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch NOTE: http://www.openwall.com/lists/oss-security/2015/02/10/15 CVE-2014-9681 [preserves TZ by default] - RESERVED + REJECTED - procmail <unfixed> (unimportant; bug #778341; bug #772706) NOTE: No security boundaries are crossed here NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24 -CVE-2014-9680 [preserves TZ by default] - RESERVED +CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment variable is ...) {DSA-3167-1 DLA-160-1} - sudo 1.8.12-1 (bug #772707) [jessie] - sudo 1.8.10p3-1+deb8u2 @@ -1060,8 +1059,7 @@ CVE-2014-9655 (The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2 - tiff3 <removed> NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif -CVE-2014-9654 - RESERVED +CVE-2014-9654 (The Regular Expressions package in International Components for ...) {DSA-3187-1 DLA-219-1} - icu 52.1-7.1 (bug #776719) NOTE: https://ssl.icu-project.org/trac/changeset/36801 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 431605726b..1a883cc9a7 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -3415,10 +3415,10 @@ CVE-2015-8112 RESERVED CVE-2015-8111 RESERVED -CVE-2015-8110 - RESERVED -CVE-2015-8109 - RESERVED +CVE-2015-8110 (Lenovo System Update (formerly ThinkVantage System Update) before ...) + TODO: check +CVE-2015-8109 (Lenovo System Update (formerly ThinkVantage System Update) before ...) + TODO: check CVE-2015-8108 (The management interface in LenovoEMC EZ Media & Backup (hm3), ...) NOT-FOR-US: LenovoEMC CVE-2015-8107 (Format string vulnerability in GNU a2ps 4.14 allows remote attackers ...) @@ -22027,10 +22027,10 @@ CVE-2015-1524 RESERVED CVE-2015-1523 RESERVED -CVE-2015-1522 - RESERVED -CVE-2015-1521 - RESERVED +CVE-2015-1522 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject ...) + TODO: check +CVE-2015-1521 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly ...) + TODO: check CVE-2015-1520 RESERVED CVE-2015-1519 @@ -26167,14 +26167,14 @@ CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM -CVE-2015-0107 - RESERVED +CVE-2015-0107 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...) + TODO: check CVE-2015-0106 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...) NOT-FOR-US: IBM Business Process Manager CVE-2015-0105 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...) NOT-FOR-US: IBM Business Process Manager -CVE-2015-0104 - RESERVED +CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...) + TODO: check CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process ...) NOT-FOR-US: IBM Business Process Manager CVE-2015-0102 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 2a643c3946..63043ed177 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,13 @@ +CVE-2017-8084 + RESERVED +CVE-2017-8083 + RESERVED +CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which ...) + TODO: check +CVE-2017-8081 + RESERVED +CVE-2017-8080 + RESERVED CVE-2017-8079 RESERVED CVE-2017-8078 (On the TP-Link TL-SG108E 1.0, the upgrade process can be requested ...) @@ -337,8 +347,8 @@ CVE-2017-7946 (The get_relocs_64 function in libr/bin/format/mach0/mach0.c in ra NOTE: https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92 CVE-2017-7945 RESERVED -CVE-2017-7944 - RESERVED +CVE-2017-7944 (XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install ...) + TODO: check CVE-2017-7943 (The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote ...) - imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860736) [jessie] - imagemagick <no-dsa> (Minor issue) @@ -505,6 +515,7 @@ CVE-2017-7872 CVE-2017-7871 (trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in ...) NOT-FOR-US: trollepierre/tdm CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a ...) + {DLA-910-1} - libreoffice 1:5.2.5-1 NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722 CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an ...) @@ -573,8 +584,8 @@ CVE-2017-7853 (In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead t - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109265 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 -CVE-2017-7852 - RESERVED +CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file that ...) + TODO: check CVE-2017-7851 RESERVED CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local ...) @@ -1174,42 +1185,50 @@ CVE-2017-7604 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-s CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed ...) NOT-FOR-US: libaacplus CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...) + {DLA-911-1} - tiff 4.0.7-6 (low) [jessie] - tiff <no-dsa> (Minor issue) - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...) + {DLA-911-1} - tiff 4.0.7-6 - tiff3 <removed> NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...) + {DLA-911-1} - tiff 4.0.7-6 (low; bug #860003) [jessie] - tiff <no-dsa> (Minor issue) - tiff3 <removed> @@ -1217,15 +1236,18 @@ CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allo NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122 CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...) + {DLA-911-1} - tiff 4.0.7-6 (low; bug #860001) [jessie] - tiff <no-dsa> (Minor issue) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659 CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...) + {DLA-911-1} - tiff 4.0.7-6 (bug #860000) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651 CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a ...) + {DLA-911-1} - tiff 4.0.7-6 (bug #859998) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658 @@ -12322,7 +12344,7 @@ CVE-2017-3158 RESERVED CVE-2017-3157 RESERVED - {DSA-3792-1} + {DSA-3792-1 DLA-910-1} - libreoffice 1:5.2.3-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ CVE-2017-3156 |