[Secure-testing-commits] r52826 - data/CVE

security tracker role Thu, 22 Jun 2017 14:10:53 -0700

Author: sectracker
Date: 2017-06-22 21:10:14 +0000 (Thu, 22 Jun 2017)
New Revision: 52826


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-06-22 20:50:49 UTC (rev 52825)
+++ data/CVE/list       2017-06-22 21:10:14 UTC (rev 52826)
@@ -1,3 +1,41 @@
+CVE-2017-9825
+       RESERVED
+CVE-2017-9824
+       RESERVED
+CVE-2017-9823
+       RESERVED
+CVE-2017-9822
+       RESERVED
+CVE-2017-9821
+       RESERVED
+CVE-2017-9820
+       RESERVED
+CVE-2017-9819
+       RESERVED
+CVE-2017-9818
+       RESERVED
+CVE-2017-9817
+       RESERVED
+CVE-2017-9816
+       RESERVED
+CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in 
...)
+       TODO: check
+CVE-2017-9814
+       RESERVED
+CVE-2017-9813
+       RESERVED
+CVE-2017-9812
+       RESERVED
+CVE-2017-9811
+       RESERVED
+CVE-2017-9810
+       RESERVED
+CVE-2017-9809
+       RESERVED
+CVE-2017-9808
+       RESERVED
+CVE-2015-9098 (In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote 
...)
+       TODO: check
 CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 
for E2 ...)
        TODO: check
 CVE-2017-9806
@@ -1256,7 +1294,7 @@
        NOTE: 
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1
 CVE-2017-9779
        RESERVED
-CVE-2012-6706 [VMSF_DELTA filter in unrar allows arbitrary memory write]
+CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 
5.5.5, as ...)
        - unrar-nonfree 1:5.5.5-1 (bug #865461)
        [stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
        [jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
@@ -1301,6 +1339,7 @@
 CVE-2017-9764
        RESERVED
 CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could 
include ...)
+       {DSA-3895-1}
        - flatpak 0.8.7-1 (bug #865413)
        NOTE: https://github.com/flatpak/flatpak/issues/845
 CVE-2017-XXXX [XSA 225]
@@ -1339,6 +1378,7 @@
        - qemu <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-216.html
 CVE-2017-1000381 [c-ares NAPTR parser out of bounds access]
+       {DLA-998-1}
        - c-ares <unfixed> (bug #865360)
        NOTE: https://c-ares.haxx.se/adv_20170620.html
        NOTE: Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch
@@ -2288,8 +2328,8 @@
        RESERVED
 CVE-2017-9425
        RESERVED
-CVE-2017-9424
-       RESERVED
+CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote 
attackers ...)
+       TODO: check
 CVE-2017-9423
        RESERVED
 CVE-2017-9422
@@ -3475,7 +3515,8 @@
        {DSA-3886-1 DLA-993-1}
        - linux 4.9.30-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1
-CVE-2017-9073 (A buffer overflow in Smart Card authentication code in 
gpkcsp.dll in ...)
+CVE-2017-9073
+       REJECTED
        NOT-FOR-US: Windows
 CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. 
...)
        NOT-FOR-US: CalendarXP
@@ -6976,7 +7017,7 @@
        RESERVED
 CVE-2017-7778
        RESERVED
-       {DSA-3881-1 DLA-991-1}
+       {DSA-3894-1 DSA-3881-1 DLA-991-1}
        - graphite2 1.3.10-1
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
        - firefox 54.0-1
@@ -6987,7 +7028,7 @@
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778
 CVE-2017-7777
        RESERVED
-       {DSA-3881-1 DLA-991-1}
+       {DSA-3894-1 DSA-3881-1 DLA-991-1}
        - graphite2 1.3.10-1
        - firefox 54.0-1
        - firefox-esr 52.2.0esr-1
@@ -6996,7 +7037,7 @@
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
 CVE-2017-7776
        RESERVED
-       {DSA-3881-1 DLA-991-1}
+       {DSA-3894-1 DSA-3881-1 DLA-991-1}
        - graphite2 1.3.10-1
        - firefox 54.0-1
        - firefox-esr 52.2.0esr-1
@@ -7004,7 +7045,7 @@
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
 CVE-2017-7775
        RESERVED
-       {DSA-3881-1 DLA-991-1}
+       {DSA-3894-1 DSA-3881-1 DLA-991-1}
        - graphite2 1.3.10-1
        - firefox 54.0-1
        - firefox-esr 52.2.0esr-1
@@ -7012,7 +7053,7 @@
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
 CVE-2017-7774
        RESERVED
-       {DSA-3881-1 DLA-991-1}
+       {DSA-3894-1 DSA-3881-1 DLA-991-1}
        - graphite2 1.3.10-1
        - firefox 54.0-1
        - firefox-esr 52.2.0esr-1
@@ -7020,7 +7061,7 @@
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
 CVE-2017-7773
        RESERVED
-       {DSA-3881-1 DLA-991-1}
+       {DSA-3894-1 DSA-3881-1 DLA-991-1}
        - graphite2 1.3.10-1
        - firefox 54.0-1
        - firefox-esr 52.2.0esr-1
@@ -7028,7 +7069,7 @@
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
 CVE-2017-7772
        RESERVED
-       {DSA-3881-1 DLA-991-1}
+       {DSA-3894-1 DSA-3881-1 DLA-991-1}
        - graphite2 1.3.10-1
        - firefox 54.0-1
        - firefox-esr 52.2.0esr-1
@@ -7036,7 +7077,7 @@
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
 CVE-2017-7771
        RESERVED
-       {DSA-3881-1 DLA-991-1}
+       {DSA-3894-1 DSA-3881-1 DLA-991-1}
        - graphite2 1.3.10-1
        - firefox 54.0-1
        - firefox-esr 52.2.0esr-1
@@ -7396,6 +7437,7 @@
 CVE-2017-7680
        RESERVED
 CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, 
mod_mime ...)
+       {DSA-3896-1}
        - apache2 2.4.25-4
 CVE-2017-7678
        RESERVED
@@ -7418,6 +7460,7 @@
 CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...)
        - hadoop <itp> (bug #793644)
 CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 
and ...)
+       {DSA-3896-1}
        - apache2 2.4.25-4
 CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish 
the ...)
        NOT-FOR-US: Apache NiFi
@@ -7877,6 +7920,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
 CVE-2017-7520 [Pre-authentication remote crash/information disclosure for 
clients]
        RESERVED
+       {DLA-999-1}
        - openvpn 2.4.3-1 (bug #865480)
        NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/7718c8984f
        NOTE: 
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
@@ -19013,10 +19057,10 @@
        NOT-FOR-US: IBM
 CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote 
...)
        NOT-FOR-US: IBM
-CVE-2016-9983
-       RESERVED
-CVE-2016-9982
-       RESERVED
+CVE-2016-9983 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an 
...)
+       TODO: check
+CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an 
...)
+       TODO: check
 CVE-2016-9981
        RESERVED
 CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is 
vulnerable to ...)
@@ -19658,12 +19702,12 @@
        RESERVED
 CVE-2017-3632
        RESERVED
-CVE-2017-3631
-       RESERVED
-CVE-2017-3630
-       RESERVED
-CVE-2017-3629
-       RESERVED
+CVE-2017-3631 (Vulnerability in the Solaris component of Oracle Sun Systems 
Products ...)
+       TODO: check
+CVE-2017-3630 (Vulnerability in the Solaris component of Oracle Sun Systems 
Products ...)
+       TODO: check
+CVE-2017-3629 (Vulnerability in the Solaris component of Oracle Sun Systems 
Products ...)
+       TODO: check
 CVE-2017-3628
        RESERVED
 CVE-2017-3627
@@ -20961,10 +21005,12 @@
 CVE-2017-3170
        RESERVED
 CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, 
mod_ssl ...)
+       {DSA-3896-1}
        - apache2 2.4.25-4
 CVE-2017-3168
        RESERVED
 CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, 
use of ...)
+       {DSA-3896-1}
        - apache2 2.4.25-4
 CVE-2017-3166
        RESERVED
@@ -25257,8 +25303,8 @@
        RESERVED
 CVE-2017-1327
        RESERVED
-CVE-2017-1326
-       RESERVED
+CVE-2017-1326 (IBM Sterling File Gateway does not properly restrict user 
requests ...)
+       TODO: check
 CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. 
This ...)
        NOT-FOR-US: IBM
 CVE-2017-1324
@@ -26169,8 +26215,8 @@
        RESERVED
 CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses 
sensitive ...)
        NOT-FOR-US: IBM
-CVE-2016-9747
-       RESERVED
+CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site 
scripting. This ...)
+       TODO: check
 CVE-2016-9746
        RESERVED
 CVE-2016-9745
@@ -32900,8 +32946,8 @@
        NOT-FOR-US: Microsoft
 CVE-2017-0177
        RESERVED
-CVE-2017-0176
-       RESERVED
+CVE-2017-0176 (A buffer overflow in Smart Card authentication code in 
gpkcsp.dll in ...)
+       TODO: check
 CVE-2017-0175 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and 
Windows ...)
        NOT-FOR-US: Microsoft
 CVE-2017-0174
@@ -46805,7 +46851,7 @@
        NOTE: Introduced by: 
https://git.kernel.org/linus/fb09692e71f13af7298eb603a1975850b1c7a8d8 (v3.9-rc1)
 CVE-2016-4000 [Unsafe deserialization leads to code execution]
        RESERVED
-       {DLA-989-1}
+       {DSA-3893-1 DLA-989-1}
        - jython 2.5.3-17 (bug #864859)
        NOTE: http://bugs.jython.org/issue2454
        NOTE: https://hg.python.org/jython/rev/d06e29d100c0


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r52826 - data/CVE

Reply via email to