[Secure-testing-commits] r52210 - data/CVE

security tracker role Thu, 01 Jun 2017 14:10:55 -0700

Author: sectracker
Date: 2017-06-01 21:10:13 +0000 (Thu, 01 Jun 2017)
New Revision: 52210


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-06-01 21:02:06 UTC (rev 52209)
+++ data/CVE/list       2017-06-01 21:10:13 UTC (rev 52210)
@@ -381,7 +381,7 @@
        [wheezy] - openvswitch <not-affected> (Vulnerable code using tot_len 
introduced later)
        NOTE: 
https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html
 CVE-2017-9287 (servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is 
prone to ...)
-       {DSA-3868-1}
+       {DSA-3868-1 DLA-972-1}
        - openldap 2.4.44+dfsg-5 (bug #863563)
        NOTE: http://www.openldap.org/its/?findid=8655
        NOTE: 
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
@@ -887,8 +887,7 @@
        NOT-FOR-US: MODX Revolution
 CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an 
attacker is ...)
        NOT-FOR-US: MODX Revolution
-CVE-2017-9060 [virtio-gpu: host memory leakage in Virtio GPU device]
-       RESERVED
+CVE-2017-9060 (Memory leak in the virtio_gpu_set_scanout function in ...)
        - qemu <unfixed> (unimportant)
        [jessie] - qemu <not-affected> (Vulnerable code not present)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -1058,12 +1057,12 @@
        NOT-FOR-US: Secure Bytes Cisco Configuration Manager
 CVE-2017-9023
        RESERVED
-       {DSA-3866-1}
+       {DSA-3866-1 DLA-973-1}
        - strongswan 5.5.1-4
        NOTE: upstream fix 
https://git.strongswan.org/?p=strongswan.git;a=commit;h=407fcca200fdf6a41a04ac0885a770b6b53c5d23
 CVE-2017-9022
        RESERVED
-       {DSA-3866-1}
+       {DSA-3866-1 DLA-973-1}
        - strongswan 5.5.1-4
        NOTE: upstream fix 
https://git.strongswan.org/?p=strongswan.git;a=commit;h=6681d98d18d24b31410fc12c3d61f150107481b3
 CVE-2017-9021
@@ -2599,8 +2598,7 @@
        NOT-FOR-US: GeniXCMS
 CVE-2017-8387
        RESERVED
-CVE-2017-8386
-       RESERVED
+CVE-2017-8386 (git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x 
before ...)
        {DSA-3848-1 DLA-938-1}
        - git 1:2.11.0-3
        NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
@@ -3609,8 +3607,8 @@
        RESERVED
 CVE-2017-8000
        RESERVED
-CVE-2017-7999
-       RESERVED
+CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows 
remote ...)
+       TODO: check
 CVE-2017-7998
        RESERVED
 CVE-2017-7997
@@ -5088,7 +5086,7 @@
 CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of 
...)
        NOT-FOR-US: Red Hat JBoss EAP implementation of 
javax.xml.transform.TransformerFactory
 CVE-2017-7502 (Null pointer dereference vulnerability in NSS since 3.24.0 was 
found ...)
-       {DLA-971-1}
+       {DSA-3872-1 DLA-971-1}
        [experimental] - nss 2:3.29-1
        - nss <unfixed> (bug #863839)
        NOTE: https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
@@ -5494,8 +5492,8 @@
        NOT-FOR-US: symetrie
 CVE-2017-7385
        RESERVED
-CVE-2017-7384
-       RESERVED
+CVE-2017-7384 (Cross-site scripting (XSS) vulnerability in FlipBuilder Flip 
PDF ...)
+       TODO: check
 CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows 
remote ...)
        {DLA-968-1}
        - libpodofo 0.9.4-6 (bug #859329)
@@ -7868,8 +7866,7 @@
        RESERVED
 CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor 
before ...)
        NOT-FOR-US: Softaculous Virtualizor
-CVE-2017-6512 [File-Path rmtree/remove_tree race condition]
-       RESERVED
+CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the 
...)
        - perl 5.24.1-3 (bug #863870)
        NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
        NOTE: 
https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
@@ -10737,6 +10734,7 @@
        NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
 CVE-2017-5637
        RESERVED
+       {DSA-3871-1}
        - zookeeper <unfixed> (bug #863811)
        NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
 CVE-2017-5636
@@ -11469,7 +11467,7 @@
        - firefox <not-affected> (Only affects Firefox on Android)
 CVE-2017-5462
        RESERVED
-       {DSA-3831-1 DLA-946-1 DLA-906-1}
+       {DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
        - firefox 52.0.1-1
        - firefox-esr 45.9.0esr-1
        [experimental] - nss 2:3.30-1
@@ -11477,7 +11475,7 @@
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462
        NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
 CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x 
through ...)
-       {DSA-3831-1 DLA-946-1 DLA-906-1}
+       {DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
        - firefox 52.0.1-1
        [experimental] - nss 2:3.30.1-1
        - nss <unfixed> (bug #862958)
@@ -18122,8 +18120,8 @@
        NOT-FOR-US: Fortinet FortiWeb
 CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet 
FortiOS ...)
        NOT-FOR-US: Fortinet FortiOS
-CVE-2017-3127
-       RESERVED
+CVE-2017-3127 (A Cross-Site Scripting vulnerability in Fortinet FortiGate 
5.2.0 ...)
+       TODO: check
 CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 
through ...)
        NOT-FOR-US: Fortinet FortiAnalyzer
 CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 
5.2.9 and ...)
@@ -62554,8 +62552,8 @@
        RESERVED
 CVE-2015-6532
        RESERVED
-CVE-2015-6531
-       RESERVED
+CVE-2015-6531 (Palo Alto Networks Panorama VM Appliance with PAN-OS before 
6.0.1 ...)
+       TODO: check
 CVE-2015-6530 (Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 
2013 ...)
        NOT-FOR-US: OpenText Secure MFT 2013
 CVE-2015-6529 (Multiple cross-site scripting (XSS) vulnerabilities in phpipam 
1.1.010 ...)
@@ -65301,8 +65299,8 @@
        NOTE: 
https://github.com/bestpractical/rt/commit/4ec786bb4743f67a35a634c1bf43b13d3d3b39a9
 (4.0.x)
 CVE-2015-5474 (BitTorrent and uTorrent allow remote attackers to inject 
command line ...)
        NOT-FOR-US: uTorrent
-CVE-2015-5473
-       RESERVED
+CVE-2015-5473 (Multiple directory traversal vulnerabilities in Samsung 
SyncThru 6 ...)
+       TODO: check
 CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in 
the IBS ...)
        NOT-FOR-US: IBS Mappro plugin for WordPress
 CVE-2015-5471 (Absolute path traversal vulnerability in 
include/user/download.php in ...)
@@ -79419,8 +79417,8 @@
        NOT-FOR-US: Blue Coat
 CVE-2015-0937 (Cross-site scripting (XSS) vulnerability in search.php on the 
Blue ...)
        NOT-FOR-US: Blue Coat
-CVE-2015-0936
-       RESERVED
+CVE-2015-0936 (Ceragon FibeAir IP-10 have a default SSH public key in the ...)
+       TODO: check
 CVE-2015-0935 (Bomgar Remote Support before 15.1.1 allows remote attackers to 
execute ...)
        NOT-FOR-US: Bomgar Remote Support
 CVE-2015-0934 (Common LaTeX Service Interface (CLSI) before 0.1.3, as used in 
...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r52210 - data/CVE

Reply via email to