Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: add10d8e by security tracker role at 2018-04-24T20:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,43 @@ +CVE-2018-10349 + RESERVED +CVE-2018-10348 + RESERVED +CVE-2018-10347 + RESERVED +CVE-2018-10346 + RESERVED +CVE-2018-10345 + RESERVED +CVE-2018-10344 + RESERVED +CVE-2018-10343 + RESERVED +CVE-2018-10342 + RESERVED +CVE-2018-10341 + RESERVED +CVE-2018-10340 + RESERVED +CVE-2018-10339 + RESERVED +CVE-2018-10338 + RESERVED +CVE-2018-10337 + RESERVED +CVE-2018-10336 + RESERVED +CVE-2018-10335 + RESERVED +CVE-2018-10334 + RESERVED +CVE-2018-10333 + RESERVED +CVE-2018-10332 + RESERVED +CVE-2018-10331 + RESERVED +CVE-2018-10330 + RESERVED CVE-2018-XXXX [ktexteditor privilege escalation] - ktexteditor <unfixed> (bug #896836) [stretch] - ktexteditor <not-affected> (Introduced in 5.34.0) @@ -197,6 +237,7 @@ CVE-2018-10243 CVE-2018-10242 RESERVED CVE-2014-10073 (The create_response function in server/server.c in Psensor before 1.1.4 ...) + {DLA-1361-1} - psensor 1.1.5-1 (low; bug #896195) [jessie] - psensor <no-dsa> (Minor issue) NOTE: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c @@ -2797,8 +2838,8 @@ CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLab CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...) - ming <removed> NOTE: https://github.com/libming/libming/issues/133 -CVE-2018-9131 - RESERVED +CVE-2018-9131 (Reaper 5.78 suffers from a local buffer overflow that allows code ...) + TODO: check CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...) NOT-FOR-US: IBOS CVE-2018-9129 @@ -2939,8 +2980,8 @@ CVE-2018-9062 RESERVED CVE-2018-9061 RESERVED -CVE-2018-9060 - RESERVED +CVE-2018-9060 (R 3.4.4 suffers from a local buffer overflow that allows code ...) + TODO: check CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 ...) NOT-FOR-US: Easy File Sharing (EFS) CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the ...) @@ -5648,10 +5689,10 @@ CVE-2018-7934 RESERVED CVE-2018-7933 RESERVED -CVE-2018-7932 - RESERVED -CVE-2018-7931 - RESERVED +CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary ...) + TODO: check +CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism ...) + TODO: check CVE-2018-7930 (The Near Field Communication (NFC) module in Mate 9 Huawei mobile ...) NOT-FOR-US: Mate 9 Huawei mobile phones CVE-2018-7929 @@ -10106,7 +10147,7 @@ CVE-2018-6493 RESERVED CVE-2018-6492 RESERVED -CVE-2018-6491 (Local Escalation of Priviledge vulnerability to Micro Focus Universal ...) +CVE-2018-6491 (Local Escalation of Privilege vulnerability to Micro Focus Universal ...) NOT-FOR-US: Micro Focus Universal CMDB CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...) NOT-FOR-US: Micro Focus Operations Orchestration Software @@ -13787,8 +13828,8 @@ CVE-2018-5230 RESERVED CVE-2018-5229 RESERVED -CVE-2018-5228 - RESERVED +CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible before ...) + TODO: check CVE-2018-5227 (Various administrative application link resources in Atlassian ...) NOT-FOR-US: Atlassian CVE-2018-5226 @@ -14922,8 +14963,8 @@ CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controll NOT-FOR-US: Desigo CVE-2018-4833 RESERVED -CVE-2018-4832 - RESERVED +CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...) + TODO: check CVE-2018-4831 RESERVED CVE-2018-4830 @@ -17007,8 +17048,7 @@ CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The ...) [jessie] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 not applied) NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212 NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b -CVE-2018-3836 [gplotMakeOutput Command Injection Vulnerability] - RESERVED +CVE-2018-3836 (An exploitable command injection vulnerability exists in the ...) {DLA-1284-1} - leptonlib 1.75.3-1 (bug #889759) [stretch] - leptonlib <no-dsa> (Minor issue) @@ -24221,6 +24261,7 @@ CVE-2018-1310 CVE-2018-1309 RESERVED CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 ...) + {DLA-1360-1} - lucene-solr <unfixed> (bug #896604) NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/3 NOTE: https://issues.apache.org/jira/browse/SOLR-11971 @@ -25179,8 +25220,7 @@ CVE-2018-1060 [DOS via regular expression catastrophic backtracking in apop() me NOTE: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5) NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4) NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7) -CVE-2018-1059 - RESERVED +CVE-2018-1059 (The DPDK vhost-user interface does not check to verify that all the ...) - dpdk 17.11.2-1 (bug #896688) [stretch] - dpdk <no-dsa> (Minor issue; can be fixed via point release) CVE-2018-1058 (A flaw was found in the way Postgresql allowed a user to modify the ...) @@ -25519,22 +25559,22 @@ CVE-2017-17260 RESERVED CVE-2017-17259 RESERVED -CVE-2017-17258 - RESERVED -CVE-2017-17257 - RESERVED -CVE-2017-17256 - RESERVED -CVE-2017-17255 - RESERVED -CVE-2017-17254 - RESERVED -CVE-2017-17253 - RESERVED -CVE-2017-17252 - RESERVED -CVE-2017-17251 - RESERVED +CVE-2017-17258 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) + TODO: check +CVE-2017-17257 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) + TODO: check +CVE-2017-17256 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) + TODO: check +CVE-2017-17255 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) + TODO: check +CVE-2017-17254 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) + TODO: check +CVE-2017-17253 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) + TODO: check +CVE-2017-17252 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) + TODO: check +CVE-2017-17251 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) + TODO: check CVE-2017-17250 (Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; ...) NOT-FOR-US: Huawei CVE-2017-17249 @@ -36259,22 +36299,19 @@ CVE-2017-14452 RESERVED CVE-2017-14451 RESERVED -CVE-2017-14450 [Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer Overflow Vulnerability] - RESERVED +CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing ...) {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499 NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84 -CVE-2017-14449 [Simple DirectMedia Layer SDL2_image do_layer_surface Double-Free Vulnerability] - RESERVED +CVE-2017-14449 (A double-Free vulnerability exists in the XCF image rendering ...) {DSA-4177-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 <not-affected> (Vulnerable code not present) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498 NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c -CVE-2017-14448 [Simple DirectMedia Layer SDL2_image load_xcf_tile_rle Decompression Code Execution Vulnerability] - RESERVED +CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF image ...) {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 @@ -36290,22 +36327,19 @@ CVE-2017-14444 RESERVED CVE-2017-14443 RESERVED -CVE-2017-14442 [Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability] - RESERVED +CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP image ...) {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491 NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8 -CVE-2017-14441 [Simple DirectMedia Layer SDL2_image ICO Pitch Handling Code Execution Vulnerability] - RESERVED +CVE-2017-14441 (An exploitable code execution vulnerability exists in the ICO image ...) {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490 NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10 -CVE-2017-14440 [Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code Execution Vulnerability] - RESERVED +CVE-2017-14440 (An exploitable code execution vulnerability exists in the ILBM image ...) {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 @@ -43261,8 +43295,7 @@ CVE-2017-12124 RESERVED CVE-2017-12123 RESERVED -CVE-2017-12122 [Simple DirectMedia Layer SDL2_Image IMG_LoadLBM_RW Code Execution Vulnerability] - RESERVED +CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM image ...) {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 @@ -43297,28 +43330,28 @@ CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...) {DSA-4173-1} - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462 -CVE-2017-12109 - RESERVED -CVE-2017-12108 - RESERVED -CVE-2017-12107 - RESERVED +CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the ...) + TODO: check +CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the ...) + TODO: check +CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ...) + TODO: check CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...) NOT-FOR-US: Computerinsel Photoline -CVE-2017-12105 - RESERVED -CVE-2017-12104 - RESERVED -CVE-2017-12103 - RESERVED -CVE-2017-12102 - RESERVED -CVE-2017-12101 - RESERVED -CVE-2017-12100 - RESERVED -CVE-2017-12099 - RESERVED +CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ...) + TODO: check +CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ...) + TODO: check +CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ...) + TODO: check +CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ...) + TODO: check +CVE-2017-12101 (An exploitable integer overflow exists in the ...) + TODO: check +CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' ...) + TODO: check +CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy ...) + TODO: check CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists in the ...) - ruby-rails-admin <unfixed> [stretch] - ruby-rails-admin <no-dsa> (Minor issue) @@ -43343,23 +43376,22 @@ CVE-2017-12089 (An exploitable denial of service vulnerability exists in the pro NOT-FOR-US: Allen Bradley Micrologix CVE-2017-12088 (An exploitable denial of service vulnerability exists in the Ethernet ...) NOT-FOR-US: Allen Bradley Micrologix -CVE-2017-12087 - RESERVED +CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvcmdns ...) - shairport-sync 3.1.4-1 (unimportant; bug #882508) NOTE: Debian build uses Avahi instead NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668 -CVE-2017-12086 - RESERVED +CVE-2017-12086 (An exploitable integer overflow exists in the ...) + TODO: check CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with Disney ...) NOT-FOR-US: Circle with Disney CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality of ...) NOT-FOR-US: Circle with Disney CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...) NOT-FOR-US: Circle with Disney -CVE-2017-12082 - RESERVED -CVE-2017-12081 - RESERVED +CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh ...) + TODO: check +CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...) + TODO: check CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration ...) NOT-FOR-US: Synology Photo Station CVE-2017-12079 (Files or directories accessible to external parties vulnerability in ...) @@ -50391,12 +50423,12 @@ CVE-2017-9658 RESERVED CVE-2017-9657 RESERVED -CVE-2017-9656 - RESERVED +CVE-2017-9656 (The backend database of the Philips DoseWise Portal application ...) + TODO: check CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator ...) NOT-FOR-US: OSIsoft -CVE-2017-9654 - RESERVED +CVE-2017-9654 (The Philips DoseWise Portal web-based application versions 1.1.7.333 ...) + TODO: check CVE-2017-9653 (An Improper Authorization issue was discovered in OSIsoft PI ...) NOT-FOR-US: OSIsoft CVE-2017-9652 @@ -56817,8 +56849,7 @@ CVE-2017-7652 - mosquitto 1.4.15-1 NOTE: Patches: https://mosquitto.org/files/cve/2017-7652 NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ -CVE-2017-7651 - RESERVED +CVE-2017-7651 (In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ...) {DLA-1334-1} - mosquitto 1.4.15-1 NOTE: Patches: https://mosquitto.org/files/cve/2017-7651 @@ -71842,14 +71873,12 @@ CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in SimpleSA NOTE: https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c NOTE: only exploitable in hard to achieve conditions NOTE: http://www.openwall.com/lists/oss-security/2016/12/03/5 -CVE-2017-2924 [Heap-based buffer overflow in the read_legacy_biff function] - RESERVED +CVE-2017-2924 (An exploitable heap-based buffer overflow vulnerability exists in the ...) {DSA-3976-1 DLA-1098-1} - freexl 1.0.4-1 (bug #875691) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431 NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8 -CVE-2017-2923 [Heap-based buffer overflow in the read_biff_next_record function] - RESERVED +CVE-2017-2923 (An exploitable heap based buffer overflow vulnerability exists in the ...) {DSA-3976-1 DLA-1098-1} - freexl 1.0.4-1 (bug #875690) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 @@ -71870,8 +71899,8 @@ CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists i {DSA-4173-1} - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426 -CVE-2017-2918 - RESERVED +CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...) + TODO: check CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...) NOT-FOR-US: Circle with Disney CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore ...) @@ -71893,26 +71922,26 @@ CVE-2017-2909 (An infinite loop programming error exists in the DNS server ...) [stretch] - smplayer <not-affected> (Vulnerable code not present) [jessie] - smplayer <not-affected> (Vulnerable code not present) [wheezy] - smplayer <not-affected> (Vulnerable code not present) -CVE-2017-2908 - RESERVED -CVE-2017-2907 - RESERVED -CVE-2017-2906 - RESERVED -CVE-2017-2905 - RESERVED -CVE-2017-2904 - RESERVED -CVE-2017-2903 - RESERVED -CVE-2017-2902 - RESERVED -CVE-2017-2901 - RESERVED -CVE-2017-2900 - RESERVED -CVE-2017-2899 - RESERVED +CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality ...) + TODO: check +CVE-2017-2907 (An exploitable integer overflow exists in the animation playing ...) + TODO: check +CVE-2017-2906 (An exploitable integer overflow exists in the animation playing ...) + TODO: check +CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...) + TODO: check +CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading ...) + TODO: check +CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...) + TODO: check +CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...) + TODO: check +CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...) + TODO: check +CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...) + TODO: check +CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...) + TODO: check CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of ...) NOT-FOR-US: Circle with Disney CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the ...) @@ -71968,8 +71997,7 @@ CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF .. NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705 CVE-2017-2886 (A memory corruption vulnerability exists in the .PSD parsing ...) NOT-FOR-US: ACDSee Ultimate -CVE-2017-2885 [stack based buffer overflow with HTTP Chunked Encoding] - RESERVED +CVE-2017-2885 (An exploitable stack based buffer overflow vulnerability exists in the ...) {DSA-3929-1} - libsoup2.4 2.56.1-1 (bug #871650) [wheezy] - libsoup2.4 <not-affected> (Vulnerable code not present) @@ -72071,55 +72099,49 @@ CVE-2017-2842 (In the web management interface in Foscam C1 Indoor HD Camera run NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2841 (An exploitable command injection vulnerability exists in the web ...) NOT-FOR-US: Foscam C1 Indoor HD Camera -CVE-2017-2840 - RESERVED -CVE-2017-2839 [Rdp Client License Read Challenge Packet Denial of Service] - RESERVED +CVE-2017-2840 (A buffer overflow vulnerability exists in the ISO parsing ...) + TODO: check +CVE-2017-2839 (An exploitable denial of service vulnerability exists within the ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) -CVE-2017-2838 [Rdp Client License Read Product Info Denial of Service] - RESERVED +CVE-2017-2838 (An exploitable denial of service vulnerability exists within the ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) -CVE-2017-2837 [Rdp Client GCC Read Server Security Data Denial of Service] - RESERVED +CVE-2017-2837 (An exploitable denial of service vulnerability exists within the ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) -CVE-2017-2836 [Rdp Client Read Server Proprietary Certificate Denial of Service] - RESERVED +CVE-2017-2836 (An exploitable denial of service vulnerability exists within the ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) -CVE-2017-2835 [Out-of-bounds write in rdp_recv_tpkt_pdu] - RESERVED +CVE-2017-2835 (An exploitable code execution vulnerability exists in the RDP receive ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) -CVE-2017-2834 [Out-of-bounds write in license_recv()] - RESERVED +CVE-2017-2834 (An exploitable code execution vulnerability exists in the ...) {DSA-3923-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) [wheezy] - freerdp <not-affected> (vulnerable code not present) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) -CVE-2017-2833 - RESERVED -CVE-2017-2832 - RESERVED +CVE-2017-2833 (An exploitable command injection vulnerability exists in the web ...) + TODO: check +CVE-2017-2832 (An exploitable command injection vulnerability exists in the web ...) + TODO: check CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web ...) @@ -72182,10 +72204,10 @@ CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image .. NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319 CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...) NOT-FOR-US: IrfanView -CVE-2017-2812 - RESERVED -CVE-2017-2811 - RESERVED +CVE-2017-2812 (A code execution vulnerability exists in the kdu_buffered_expand ...) + TODO: check +CVE-2017-2811 (A code execution vulnerability exists in the Kakadu SDK 7.9's parsing ...) + TODO: check CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...) - python-tablib 0.9.11-3 (bug #864818) [stretch] - python-tablib 0.9.11-2+deb8u1 @@ -72210,12 +72232,12 @@ CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Le NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...) NOT-FOR-US: Foscam C1 Indoor HD Camera -CVE-2017-2804 - RESERVED -CVE-2017-2803 - RESERVED -CVE-2017-2802 - RESERVED +CVE-2017-2804 (A remote out of bound write vulnerability exists in the TIFF parsing ...) + TODO: check +CVE-2017-2803 (A remote out of bound write vulnerability exists in the TIFF parsing ...) + TODO: check +CVE-2017-2802 (An exploitable dll hijacking vulnerability exists in the ...) + TODO: check CVE-2017-2801 (A programming error exists in a way Randombit Botan cryptographic ...) {DSA-3939-1 DLA-915-1} - botan1.10 1.10.16-1 (bug #860072) @@ -74664,8 +74686,8 @@ CVE-2017-1736 RESERVED CVE-2017-1735 RESERVED -CVE-2017-1734 - RESERVED +CVE-2017-1734 (IBM Jazz Team Server affecting the following IBM Rational Products: ...) + TODO: check CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files ...) NOT-FOR-US: IBM CVE-2017-1732 @@ -74682,8 +74704,8 @@ CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sens NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1726 RESERVED -CVE-2017-1725 - RESERVED +CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational Products: ...) + TODO: check CVE-2017-1724 RESERVED CVE-2017-1723 @@ -74732,8 +74754,8 @@ CVE-2017-1702 RESERVED CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, ...) NOT-FOR-US: IBM -CVE-2017-1700 - RESERVED +CVE-2017-1700 (IBM Jazz Team Server affecting the following IBM Rational Products: ...) + TODO: check CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure ...) NOT-FOR-US: IBM MQ Managed File Transfer Agent CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive ...) @@ -78255,8 +78277,7 @@ CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the - linux 4.8.15-2 NOTE: https://www.spinics.net/lists/kvm/msg142495.html NOTE: Fixed by: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388 -CVE-2016-9587 [Compromised remote hosts can lead to running commands on the Ansible controller] - RESERVED +CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper ...) - ansible 2.2.0.0-3 (bug #850846) [jessie] - ansible <not-affected> (Vulnerable code not present, way ssh commands was reworked in 2.x branch) NOTE: Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3) @@ -80406,8 +80427,8 @@ CVE-2016-9045 RESERVED CVE-2016-9044 RESERVED -CVE-2016-9043 - RESERVED +CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing ...) + TODO: check CVE-2016-9042 RESERVED - ntp 1:4.2.8p10+dfsg-1 @@ -80425,8 +80446,8 @@ CVE-2016-9040 RESERVED CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS ...) NOT-FOR-US: Joyent -CVE-2016-9038 - RESERVED +CVE-2016-9038 (An exploitable double fetch vulnerability exists in the SboxDrv.sys ...) + TODO: check CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists in the ...) - tarantool 1.7.2.385.g952d79e-1 [jessie] - tarantool <not-affected> (Vulnerable code not present) @@ -81125,21 +81146,19 @@ CVE-2016-8734 (Subversion's mod_dontdothat module and HTTP clients 1.4.0 through NOTE: https://subversion.apache.org/security/CVE-2016-8734-advisory.txt CVE-2016-8733 (An exploitable integer overflow exists in the Joyent SmartOS ...) NOT-FOR-US: Joyent SmartOS -CVE-2016-8732 - RESERVED +CVE-2016-8732 (Multiple security flaws exists in InvProtectDrv.sys which is a part of ...) + TODO: check CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1 running ...) NOT-FOR-US: Foscam C1 -CVE-2016-8730 - RESERVED -CVE-2016-8729 - RESERVED +CVE-2016-8730 (An of bound write / memory corruption vulnerability exists in the GIF ...) + TODO: check +CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG2 ...) {DSA-3817-1 DLA-874-1} - jbig2dec 0.13-4 (bug #863886) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438 NOTE: http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092 -CVE-2016-8728 - RESERVED +CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in the ...) - mupdf <not-affected> (Vulnerable code introduced in 1.10, cf. #863545) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20 CVE-2016-8727 (An exploitable information disclosure vulnerability exists in the Web ...) @@ -82448,12 +82467,12 @@ CVE-2016-8386 (An exploitable heap-based buffer overflow exists in Iceni Argus. NOT-FOR-US: Iceni Argus CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads to a ...) NOT-FOR-US: Iceni Argus -CVE-2016-8384 - RESERVED -CVE-2016-8383 - RESERVED -CVE-2016-8382 - RESERVED +CVE-2016-8384 (An exploitable heap corruption vulnerability exists in the DHFSummary ...) + TODO: check +CVE-2016-8383 (An exploitable heap corruption vulnerability exists in the ...) + TODO: check +CVE-2016-8382 (An exploitable heap corruption vulnerability exists in the ...) + TODO: check CVE-2016-8381 RESERVED CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to read and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/add10d8e96a23993b082e18a7bd3912736eceed1 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/add10d8e96a23993b082e18a7bd3912736eceed1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits