Author: sectracker Date: 2017-03-20 09:10:13 +0000 (Mon, 20 Mar 2017) New Revision: 49831
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-20 07:16:50 UTC (rev 49830) +++ data/CVE/list 2017-03-20 09:10:13 UTC (rev 49831) @@ -1,7 +1,21 @@ -CVE-2017-7184 +CVE-2017-7185 + RESERVED +CVE-2017-7183 + RESERVED +CVE-2017-7182 + RESERVED +CVE-2017-7181 + RESERVED +CVE-2017-7180 + RESERVED +CVE-2017-7179 + RESERVED +CVE-2016-10253 (An issue was discovered in Erlang/OTP 18.x. Erlang's generation of ...) + TODO: check +CVE-2017-7184 (The linux-image-* package 4.8.0.41.52 for the Linux kernel on Ubuntu ...) - linux <undetermined> TODO: check as soon more details are available to see if this is specific to Ubuntu -CVE-2017-7186 +CVE-2017-7186 (libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote ...) - pcre3 <unfixed> (bug #858230) - pcre2 <unfixed> (bug #858233) NOTE: https://bugs.exim.org/show_bug.cgi?id=2052 @@ -9,7 +23,7 @@ NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date (for pcre3) NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date (for pcre2) NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date (for pcre2) -CVE-2017-7178 [WebUI Cross-site request forgery vulnerability] +CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The ...) {DLA-863-1} - deluge 1.3.13+git20161130.48cedf63-2 (bug #857903) [jessie] - deluge <no-dsa> (Minor issue) @@ -1702,7 +1716,7 @@ [wheezy] - suricata <not-affected> (vulnerable code not present) NOTE: https://redmine.openinfosecfoundation.org/issues/2022 NOTE: Fixed by: https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19 (3.2.1) -CVE-2017-7177 [IPv4 defrag evasion issue] +CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused ...) - suricata 3.2.1-1 (bug #856649) NOTE: https://redmine.openinfosecfoundation.org/issues/2019 NOTE: Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1) @@ -1852,7 +1866,7 @@ RESERVED CVE-2015-8995 RESERVED -CVE-2014-9938 [git-prompt.sh: don't put unsanitized branch names in $PS1] +CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...) - git 1:2.0.0~rc2-1 NOTE: https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f NOTE: https://github.com/njhartwell/pw3nage @@ -4064,8 +4078,8 @@ RESERVED CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. ...) NOT-FOR-US: OxygenOS -CVE-2017-5623 - RESERVED +CVE-2017-5623 (An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T ...) + TODO: check CVE-2017-5622 RESERVED CVE-2017-5621 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and ...) @@ -20309,8 +20323,8 @@ RESERVED CVE-2016-8856 (Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux ...) NOT-FOR-US: Foxit -CVE-2016-8855 - RESERVED +CVE-2016-8855 (Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List ...) + TODO: check CVE-2016-8854 REJECTED CVE-2016-8853 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits