diff options
Diffstat (limited to 'data/CVE/2017.list')
-rw-r--r-- | data/CVE/2017.list | 1248 |
1 files changed, 659 insertions, 589 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 475519fb74..dcb1defe6c 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,60 @@ +CVE-2017-20016 + RESERVED +CVE-2017-20015 + RESERVED +CVE-2017-20014 + RESERVED +CVE-2017-20013 + RESERVED +CVE-2017-20012 + RESERVED +CVE-2017-20011 + RESERVED +CVE-2017-20010 + RESERVED + NOT-FOR-US: MODX Revolution +CVE-2017-20009 + RESERVED + NOT-FOR-US: MODX Revolution +CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) + NOT-FOR-US: Ingeteam INGEPAC DA AU +CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...) + - unrar-nonfree 1:5.6.6-1 + [stretch] - unrar-nonfree <no-dsa> (Non-free not supported) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 + NOTE: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml +CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...) + {DLA-2680-1} + - nginx 1.13.6-1 + NOTE: https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf + NOTE: https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b + NOTE: https://trac.nginx.org/nginx/ticket/1368 +CVE-2017-20004 (In the standard library in Rust before 1.19.0, there is a synchronizat ...) + - rustc 1.19.0+dfsg3-2 + NOTE: https://github.com/rust-lang/rust/issues/41622 + NOTE: https://github.com/rust-lang/rust/pull/41624 +CVE-2017-20003 + REJECTED +CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists ...) + {DLA-2596-1} + - shadow 1:4.5-1 (bug #914957) + NOTE: Introduced in attempt to address #830255 in 1:4.4-2 +CVE-2017-20001 (The AES encryption project 7.x and 8.x for Drupal does not sufficientl ...) + NOT-FOR-US: AES encryption project for Drupal +CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c in Rapto ...) + {DSA-4785-1 DLA-2438-1} + - raptor <removed> + - raptor2 2.0.14-1.1 (bug #973889) + NOTE: Fixed by: https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f + NOTE: https://www.openwall.com/lists/oss-security/2017/06/07/1 +CVE-2017-18925 (opentmpfiles through 0.3.1 allows local users to take ownership of arb ...) + - opentmpfiles <removed> (bug #973242) + NOTE: https://github.com/OpenRC/opentmpfiles/issues/4 +CVE-2017-18924 (** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 im ...) + NOT-FOR-US: node-oauth2-server CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that allows down ...) NOT-FOR-US: beroNet CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...) @@ -7,109 +64,109 @@ CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9 NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433 NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2 CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. X ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The WebSock ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. A ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18910 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when SAML is ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18902 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18901 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18900 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18899 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18898 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18897 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18896 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18895 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18894 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18893 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18892 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18891 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18890 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18889 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18888 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18887 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18886 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18885 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18884 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18883 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18882 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18881 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18880 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18879 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18878 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18877 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18876 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18875 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18874 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18873 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18872 (An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. A ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18871 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3. ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18870 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 co ...) - node-chownr 1.1.1-1 (bug #909024) NOTE: https://github.com/isaacs/chownr/issues/14 @@ -569,7 +626,8 @@ CVE-2017-18643 (An issue was discovered on Samsung mobile devices with M(6.x) an CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...) NOT-FOR-US: Syska Smart Bulb devices CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...) - - lxc-templates <unfixed> + - lxc-templates <unfixed> (bug #988730) + [bullseye] - lxc-templates <ignored> (Minor issue) [buster] - lxc-templates <ignored> (Minor issue) - lxc 1:3.0.3-1 (low) [stretch] - lxc <no-dsa> (Minor issue) @@ -590,9 +648,8 @@ CVE-2017-18640 (The Alias feature in SnakeYAML 1.18 allows entity expansion duri CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : ...) NOT-FOR-US: Progress Sitefinity CMS CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using user input ...) - {DLA-1986-1} + {DLA-2864-1 DLA-1986-1} - ruby-haml 5.0.4-1 - [stretch] - ruby-haml <no-dsa> (Minor issue) NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362 NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2 CVE-2017-18638 (send_email in graphite-web/webapp/graphite/composer/views.py in Graphi ...) @@ -607,9 +664,8 @@ CVE-2017-18637 CVE-2017-18636 (CDG through 2017-01-01 allows downloadDocument.jsp?command=download&am ...) NOT-FOR-US: CDG CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...) - {DLA-1946-1} + {DLA-2854-1 DLA-1946-1} - novnc 1:1.0.0-1 - [stretch] - novnc <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/horizon/+bug/1656435 NOTE: https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534 NOTE: https://github.com/novnc/noVNC/issues/748 @@ -1206,9 +1262,8 @@ CVE-2017-18360 (In change_port_settings in drivers/usb/serial/io_ti.c in the Lin [jessie] - linux 3.16.48-1 NOTE: Fixed by: https://git.kernel.org/linus/6aeb75e6adfaed16e58780309613a578fe1ee90b CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attac ...) - {DLA-1653-1} + {DLA-2857-1 DLA-1653-1} - postgis 2.3.3+dfsg-1 (low) - [stretch] - postgis <no-dsa> (Minor issue) NOTE: https://trac.osgeo.org/postgis/ticket/3704 NOTE: https://trac.osgeo.org/postgis/changeset/15444 NOTE: https://trac.osgeo.org/postgis/changeset/15445 @@ -1495,7 +1550,7 @@ CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows r {DLA-2369-1 DLA-1524-1} [experimental] - libxml2 2.9.7+dfsg-1 - libxml2 2.9.10+dfsg-2 (low; bug #895245) - [buster] - libxml2 <no-dsa> (Minor issue) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u1 [wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696 NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb @@ -1654,6 +1709,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation fo NOT-FOR-US: TitanHQ WebTitan Gateway CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...) - jabberd2 <unfixed> (low; bug #902783) + [bullseye] - jabberd2 <ignored> (Minor issue, default init system not affected) [buster] - jabberd2 <ignored> (Minor issue, default init system not affected) [stretch] - jabberd2 <ignored> (Minor issue, default init system not affected) NOTE: https://bugs.gentoo.org/631068 @@ -1714,7 +1770,9 @@ CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regula NOTE: https://nodesecurity.io/advisories/532 NOTE: nodejs not covered by security support CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - NOT-FOR-US: JerryScript + - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/2140 CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...) {DLA-2366-1} - imagemagick 8:6.9.9.34+dfsg-3 (low) @@ -1746,9 +1804,8 @@ CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kerne CVE-2017-18207 (** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py i ...) NOTE: Nonsense report for Python CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...) - {DLA-1304-1} + {DLA-2470-1 DLA-1304-1} - zsh 5.4.1-1 - [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is used, th ...) @@ -1848,7 +1905,8 @@ CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) throug [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53 CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sys ...) - NOT-FOR-US: opentmpfiles + - opentmpfiles <removed> (bug #973246) + NOTE: https://github.com/OpenRC/opentmpfiles/issues/3 CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through a ...) {DSA-4147-1 DSA-4138-1} - mbedtls 2.7.0-2 @@ -2035,8 +2093,8 @@ CVE-2017-18115 RESERVED CVE-2017-18114 RESERVED -CVE-2017-18113 - RESERVED +CVE-2017-18113 (The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data C ...) + NOT-FOR-US: Atlassian CVE-2017-18112 (Affected versions of Atlassian Fisheye allow remote attackers to view ...) NOT-FOR-US: Atlassian CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version 5.0.10, ...) @@ -2254,7 +2312,7 @@ CVE-2017-18036 (The Github repository importer in Atlassian Bitbucket Server bef NOT-FOR-US: Atlassian Bitbucket CVE-2017-18035 (The /rest/review-coverage-chart/1.0/data/<repository_name>/.json ...) NOT-FOR-US: Atlassian Fisheye and Crucible -CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible before ve ...) +CVE-2017-18034 (The source browse resource in Atlassian Fisheye and Crucible before ve ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allow ...) NOT-FOR-US: Jira-importers-plugin in Atlassian Jira @@ -2273,6 +2331,7 @@ CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was fou - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/691 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/77fcc8d92a602299a23be9ac76887ba6cfe50bd3 CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was foun ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/736 @@ -2453,9 +2512,8 @@ CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redir ...) NOT-FOR-US: Wordpress plugin Furikake CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with pyth ...) - {DLA-1410-1} + {DLA-2577-1 DLA-1410-1} - python-pysaml2 4.5.0-2 (bug #886423) - [stretch] - python-pysaml2 <no-dsa> (Minor issue) NOTE: https://github.com/rohe/pysaml2/issues/451 NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5 CVE-2017-1000432 (Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting to ...) @@ -2485,8 +2543,9 @@ CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate boundaries NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103116 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=7ee9dadef37b20bca707a6b1e858e17d191e368b CVE-2017-1000455 (GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d us ...) - - guix <itp> (bug #850644) + - guix <not-affected> (Fixed before initial upload to Debian) NOTE: https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00090.html + NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5e66574a128937e7f2fcf146d146225703ccfd5d (v0.14.0) CVE-2017-1000454 (CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template In ...) NOT-FOR-US: CMS Made Simple CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templat ...) @@ -2496,10 +2555,9 @@ CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2. CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git versio ...) NOT-FOR-US: fs-git CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...) - {DLA-1438-1 DLA-1235-1} + {DLA-2799-1 DLA-1438-1 DLA-1235-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #886282) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9723 NOTE: https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor NOTE: https://github.com/opencv/opencv/pull/9726 @@ -2522,8 +2580,8 @@ CVE-2017-1000442 (Passbolt API version 1.6.4 and older are vulnerable to a XSS i CVE-2017-1000431 (eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is ...) NOT-FOR-US: eZ Systems eZ Publish CVE-2017-1000430 (rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow whe ...) - NOTE: https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml - NOT-FOR-US: rust-base64 + - rust-base64 <not-affected> (Fixed before initial release to Debian) + NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0004.html CVE-2017-1000424 (Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable ...) - electron <itp> (bug #842420) CVE-2017-1000423 (b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation ( ...) @@ -3391,10 +3449,9 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in read_c NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853 NOTE: Crash in desktop tool, no/negligible security impact CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData fun ...) - {DLA-1438-1 DLA-1235-1} + {DLA-2799-1 DLA-1438-1 DLA-1235-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #885843) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/10351 NOTE: https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive informatio ...) @@ -3433,7 +3490,8 @@ CVE-2017-17743 (Improper input sanitization within the restricted administration NOT-FOR-US: UCOPIA Wireless Appliance CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...) {DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1} - - jruby <unfixed> + - jruby <unfixed> (bug #972230) + [buster] - jruby <no-dsa> (Minor issue) - ruby2.5 2.5.1-1 - ruby2.3 <removed> - ruby2.1 <removed> @@ -3441,6 +3499,7 @@ CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5. - ruby1.8 <removed> NOTE: https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/ NOTE: https://github.com/jruby/jruby/releases/tag/9.2.12.0 + NOTE: https://github.com/ruby/ruby/commit/d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16 CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows attac ...) {DSA-4082-1 DSA-4073-1 DLA-1232-1} - linux 4.14.7-1 @@ -3631,16 +3690,16 @@ CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was fou NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b97357e7f8d6ae848a4c699fe17db6fcf4bd7a9 CVE-2017-17679 RESERVED -CVE-2017-17678 - RESERVED -CVE-2017-17677 - RESERVED +CVE-2017-17678 (BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). ...) + NOT-FOR-US: BMC +CVE-2017-17677 (BMC Remedy 9.1SP3 is affected by authenticated code execution. Authent ...) + NOT-FOR-US: BMC CVE-2017-17676 RESERVED -CVE-2017-17675 - RESERVED -CVE-2017-17674 - RESERVED +CVE-2017-17675 (BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote loggin ...) + NOT-FOR-US: BMC +CVE-2017-17674 (BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclus ...) + NOT-FOR-US: BMC CVE-2017-17673 RESERVED CVE-2017-17672 (In vBulletin through 5.3.x, there is an unauthenticated deserializatio ...) @@ -4100,15 +4159,12 @@ CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the f NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/0a7128c0d5bd035288be7b02ca9cf9bba321aadd CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...) - - hdf5 <unfixed> (low; bug #915807) - [buster] - hdf5 <no-dsa> (Minor issue, requires ABI change) - [stretch] - hdf5 <no-dsa> (Minor issue) - [jessie] - hdf5 <no-dsa> (Minor issue) - [wheezy] - hdf5 <no-dsa> (Minor issue) + - hdf5 <unfixed> (unimportant; bug #915807) NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md NOTE: Fixing the bug requires an ABI changes thus upstream will only include a fix NOTE: on a major version bump. + NOTE: Negligible security impact CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...) - hdf5 1.10.4+repack-1 (bug #884365) [stretch] - hdf5 <no-dsa> (Minor issue) @@ -4226,8 +4282,8 @@ CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega Pla ...) NOT-FOR-US: Pegasystems Pega Platform -CVE-2017-17477 - RESERVED +CVE-2017-17477 (Pexip Infinity before 17 allows an unauthenticated remote attacker to ...) + NOT-FOR-US: Pexip Infinity CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...) NOT-FOR-US: TG Soft Vir.IT eXplorer Lite CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...) @@ -4512,105 +4568,105 @@ CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest us [wheezy] - qemu-kvm <postponed> (Can be fixed along in later update) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html CVE-2017-17380 - RESERVED + REJECTED CVE-2017-17379 - RESERVED + REJECTED CVE-2017-17378 - RESERVED + REJECTED CVE-2017-17377 - RESERVED + REJECTED CVE-2017-17376 - RESERVED + REJECTED CVE-2017-17375 - RESERVED + REJECTED CVE-2017-17374 - RESERVED + REJECTED CVE-2017-17373 - RESERVED + REJECTED CVE-2017-17372 - RESERVED + REJECTED CVE-2017-17371 - RESERVED + REJECTED CVE-2017-17370 - RESERVED + REJECTED CVE-2017-17369 - RESERVED + REJECTED CVE-2017-17368 - RESERVED + REJECTED CVE-2017-17367 - RESERVED + REJECTED CVE-2017-17366 - RESERVED + REJECTED CVE-2017-17365 - RESERVED + REJECTED CVE-2017-17364 - RESERVED + REJECTED CVE-2017-17363 - RESERVED + REJECTED CVE-2017-17362 - RESERVED + REJECTED CVE-2017-17361 - RESERVED + REJECTED CVE-2017-17360 - RESERVED + REJECTED CVE-2017-17359 - RESERVED + REJECTED CVE-2017-17358 - RESERVED + REJECTED CVE-2017-17357 - RESERVED + REJECTED CVE-2017-17356 - RESERVED + REJECTED CVE-2017-17355 - RESERVED + REJECTED CVE-2017-17354 - RESERVED + REJECTED CVE-2017-17353 - RESERVED + REJECTED CVE-2017-17352 - RESERVED + REJECTED CVE-2017-17351 - RESERVED + REJECTED CVE-2017-17350 - RESERVED + REJECTED CVE-2017-17349 - RESERVED + REJECTED CVE-2017-17348 - RESERVED + REJECTED CVE-2017-17347 - RESERVED + REJECTED CVE-2017-17346 - RESERVED + REJECTED CVE-2017-17345 - RESERVED + REJECTED CVE-2017-17344 - RESERVED + REJECTED CVE-2017-17343 - RESERVED + REJECTED CVE-2017-17342 - RESERVED + REJECTED CVE-2017-17341 - RESERVED + REJECTED CVE-2017-17340 - RESERVED + REJECTED CVE-2017-17339 - RESERVED + REJECTED CVE-2017-17338 - RESERVED + REJECTED CVE-2017-17337 - RESERVED + REJECTED CVE-2017-17336 - RESERVED + REJECTED CVE-2017-17335 - RESERVED + REJECTED CVE-2017-17334 - RESERVED + REJECTED CVE-2017-17333 - RESERVED + REJECTED CVE-2017-17332 - RESERVED + REJECTED CVE-2017-17331 - RESERVED + REJECTED CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200 ...) NOT-FOR-US: Huawei CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. Th ...) @@ -5163,9 +5219,8 @@ CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attack CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected b ...) NOT-FOR-US: SyncBreeze CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp f ...) - {DLA-1871-1} + {DLA-2876-1 DLA-1871-1} - vim 2:8.0.1401-1 - [stretch] - vim <no-dsa> (Minor issue) [wheezy] - vim <no-dsa> (Minor issue) NOTE: https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 (8.0.1263) CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "</script>" substring in ...) @@ -5190,7 +5245,7 @@ CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dis NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html CVE-2017-17082 REJECTED -CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 do ...) +CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 an ...) {DSA-4099-1} - ffmpeg 7:3.4.1-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8 @@ -5679,15 +5734,15 @@ CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 an [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (internal/ ...) + {DLA-2903-1} - libraw 0.18.6-1 - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...) + {DLA-2903-1} - libraw 0.18.6-1 - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 @@ -5744,7 +5799,7 @@ CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...) NOT-FOR-US: Arq CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...) - NOT-FOR-US: Laravel framework + - php-laravel-framework <undetermined> CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...) - piwigo <removed> CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...) @@ -5787,27 +5842,27 @@ CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users wit CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the c ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(j ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/ ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /com ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information abou ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestion ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metada ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check permiss ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 an ...) @@ -5895,7 +5950,7 @@ CVE-2017-1000233 CVE-2017-1000222 REJECTED CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticate ...) - - xrootd <itp> (bug #687222) + - xrootd <not-affected> (Fixed with first upload to Debian) CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code execut ...) NOT-FOR-US: Elixir's vim plugin CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML ...) @@ -5978,19 +6033,18 @@ CVE-2017-1000235 (I, Librarian version <=4.6 & 4.7 is vulnerable to OS Co CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enu ...) - i-librarian <itp> (bug #649291) CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecifi ...) + {DLA-2910-1} - ldns 1.7.0-4 (bug #882014) - [stretch] - ldns <no-dsa> (Minor issue) [jessie] - ldns <no-dsa> (Minor issue) [wheezy] - ldns <not-affected> (Vulnerable code not present) NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257 - NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7 + NOTE: https://github.com/NLnetLabs/ldns/commit/3bdeed02505c9bbacb3b64a97ddcb1de967153b7 CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...) - {DLA-1182-1} + {DLA-2910-1 DLA-1182-1} - ldns 1.7.0-4 (bug #882015) - [stretch] - ldns <no-dsa> (Minor issue) [jessie] - ldns <no-dsa> (Minor issue) NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 - NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2 + NOTE: https://github.com/NLnetLabs/ldns/commit/c8391790c96d4c8a2c10f9ab1460fda83b509fc2 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) {DSA-4058-1 DLA-1184-1} - optipng 0.7.6-1.1 (bug #882032) @@ -6147,16 +6201,17 @@ CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in admin/google_search_ NOT-FOR-US: Yoast SEO plugin for WordPress CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to /Calend ...) NOT-FOR-US: LanSweeper -CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attacke ...) +CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote ...) {DSA-4049-1} - ffmpeg 7:3.4.1-1 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...) NOT-FOR-US: vagrant-vmware-fusion CVE-2017-16838 RESERVED CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are no ...) - - tboot <itp> (bug #803180) + - tboot <not-affected> (Fixed with first upload to Debian) + NOTE: https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/ CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC2 ...) NOT-FOR-US: Arris TG1682G devices CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has a ...) @@ -6766,14 +6821,14 @@ CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a NOT-FOR-US: Joomla! CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only i ...) NOT-FOR-US: Joomla! -CVE-2017-16632 - RESERVED -CVE-2017-16631 - RESERVED -CVE-2017-16630 - RESERVED -CVE-2017-16629 - RESERVED +CVE-2017-16632 (In SapphireIMS 4097_1, the password in the database is stored in Base6 ...) + NOT-FOR-US: SapphireIMS +CVE-2017-16631 (In SapphireIMS 4097_1, a guest user is able to change the password of ...) + NOT-FOR-US: SapphireIMS +CVE-2017-16630 (In SapphireIMS 4097_1, a guest user can create a local administrator a ...) + NOT-FOR-US: SapphireIMS +CVE-2017-16629 (In SapphireIMS 4097_1, it is possible to guess the registered/active u ...) + NOT-FOR-US: SapphireIMS CVE-2017-16628 RESERVED CVE-2017-16627 @@ -6823,8 +6878,8 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload NOTE: did not merge in the 1.14.0-2 upload. CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...) + {DLA-2901-1} - libxfont 1:2.0.3-1 (low; bug #883929) - [stretch] - libxfont <no-dsa> (Minor issue) [jessie] - libxfont <no-dsa> (Minor issue) [wheezy] - libxfont <postponed> (Minor issue) - libxfont1 <removed> (unimportant) @@ -6985,9 +7040,8 @@ CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3. NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-2 (bug #882258) - [stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release) [wheezy] - busybox <no-dsa> (Minor issue) NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/ NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 @@ -8289,15 +8343,16 @@ CVE-2017-16019 (GitBook is a command line tool (and Node.js library) for buildin CVE-2017-16018 (Restify is a framework for building REST APIs. Restify >=2.0.0 < ...) NOT-FOR-US: Restify CVE-2017-16017 (sanitize-html is a library for scrubbing html input for malicious valu ...) - NOT-FOR-US: sanitize-html + - node-sanitize-html <not-affected> (Fixed before initial upload) CVE-2017-16016 (Sanitize-html is a library for scrubbing html input of malicious value ...) - NOT-FOR-US: sanitize-html + - node-sanitize-html <not-affected> (Fixed before initial upload) CVE-2017-16015 (Forms is a library for easily creating HTML forms. Versions before 1.3 ...) NOT-FOR-US: Forms CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors are handle ...) - - node-http-proxy <itp> (bug #896978) + - node-http-proxy <not-affected> (Fixed before initial upload to Debian) NOTE: https://nodesecurity.io/advisories/323 NOTE: https://github.com/nodejitsu/node-http-proxy/pull/101 + NOTE: https://github.com/http-party/node-http-proxy/commit/07c8d2ee6017264c3d4deac9f42ca264a3740b48 (v0.7.0) CVE-2017-16013 (hapi is a web and services application framework. When hapi >= 15.0 ...) NOT-FOR-US: hapi CVE-2017-16012 @@ -8659,9 +8714,8 @@ CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2. ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-2 (bug #879732) - [stretch] - busybox <no-dsa> (Minor issue) [wheezy] - busybox <no-dsa> (Minor issue) NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0 NOTE: https://bugs.busybox.net/show_bug.cgi?id=10431 @@ -9027,8 +9081,8 @@ CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to - apache2 2.4.33-1 NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/8 CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...) + {DLA-2583-1} - activemq 5.15.3-1 (bug #890352) - [stretch] - activemq <no-dsa> (Minor issue) [jessie] - activemq <not-affected> (Issue introduced with OpenWire protocol support) [wheezy] - activemq <not-affected> (Issue introduced with OpenWire protocol support) CVE-2017-15708 (In Apache Synapse, by default no authentication is required for Java R ...) @@ -9105,20 +9159,20 @@ CVE-2017-15688 RESERVED CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7 ...) NOT-FOR-US: Logitech -CVE-2017-15686 - RESERVED -CVE-2017-15685 - RESERVED -CVE-2017-15684 - RESERVED -CVE-2017-15683 - RESERVED -CVE-2017-15682 - RESERVED -CVE-2017-15681 - RESERVED -CVE-2017-15680 - RESERVED +CVE-2017-15686 (Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15685 (Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity ( ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15684 (Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerabili ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15683 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15682 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15681 (In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerabilit ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15680 (In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which ...) + NOT-FOR-US: Crafter CMS Crafter Studio CVE-2017-15679 RESERVED CVE-2017-15678 @@ -9133,11 +9187,11 @@ CVE-2017-15674 RESERVED CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...) NOT-FOR-US: CS-Cart -CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and e ...) +CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3 ...) {DSA-4049-1 DLA-1630-1} - ffmpeg 7:3.4-1 - libav <removed> - NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 + NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) [experimental] - glibc 2.26-0experimental0 - glibc 2.25-3 (low; bug #879500) @@ -10023,7 +10077,7 @@ CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x b [jessie] - mariadb-10.0 <not-affected> (vulnerable code not present) - percona-xtrabackup <undetermined> [jessie] - percona-xtrabackup <not-affected> (vulnerable code not present) - - mysql-5.7 <undetermined> + - mysql-5.7 <removed> - mysql-5.5 <not-affected> (Vulnerable code not present) NOTE: MariaDB: Fixed in 10.2.10, 10.1.30 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234 @@ -10477,7 +10531,7 @@ CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/ CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete acti ...) NOT-FOR-US: MISP CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticate ...) - - shaarli <itp> (bug #864559) + - shaarli <not-affected> (Fixed before initial re-upload to the archive) CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...) NOT-FOR-US: Flyspray CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenti ...) @@ -10589,95 +10643,95 @@ CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_blo [wheezy] - libmp3splt <no-dsa> (Minor issue) NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932 CVE-2017-15184 - RESERVED + REJECTED CVE-2017-15183 - RESERVED + REJECTED CVE-2017-15182 - RESERVED + REJECTED CVE-2017-15181 - RESERVED + REJECTED CVE-2017-15180 - RESERVED + REJECTED CVE-2017-15179 - RESERVED + REJECTED CVE-2017-15178 - RESERVED + REJECTED CVE-2017-15177 - RESERVED + REJECTED CVE-2017-15176 - RESERVED + REJECTED CVE-2017-15175 - RESERVED + REJECTED CVE-2017-15174 - RESERVED + REJECTED CVE-2017-15173 - RESERVED + REJECTED CVE-2017-15172 - RESERVED + REJECTED CVE-2017-15171 - RESERVED + REJECTED CVE-2017-15170 - RESERVED + REJECTED CVE-2017-15169 - RESERVED + REJECTED CVE-2017-15168 - RESERVED + REJECTED CVE-2017-15167 - RESERVED + REJECTED CVE-2017-15166 - RESERVED + REJECTED CVE-2017-15165 - RESERVED + REJECTED CVE-2017-15164 - RESERVED + REJECTED CVE-2017-15163 - RESERVED + REJECTED CVE-2017-15162 - RESERVED + REJECTED CVE-2017-15161 - RESERVED + REJECTED CVE-2017-15160 - RESERVED + REJECTED CVE-2017-15159 - RESERVED + REJECTED CVE-2017-15158 - RESERVED + REJECTED CVE-2017-15157 - RESERVED + REJECTED CVE-2017-15156 - RESERVED + REJECTED CVE-2017-15155 - RESERVED + REJECTED CVE-2017-15154 - RESERVED + REJECTED CVE-2017-15153 - RESERVED + REJECTED CVE-2017-15152 - RESERVED + REJECTED CVE-2017-15151 - RESERVED + REJECTED CVE-2017-15150 - RESERVED + REJECTED CVE-2017-15149 - RESERVED + REJECTED CVE-2017-15148 - RESERVED + REJECTED CVE-2017-15147 - RESERVED + REJECTED CVE-2017-15146 - RESERVED + REJECTED CVE-2017-15145 - RESERVED + REJECTED CVE-2017-15144 - RESERVED + REJECTED CVE-2017-15143 - RESERVED + REJECTED CVE-2017-15142 - RESERVED + REJECTED CVE-2017-15141 - RESERVED + REJECTED CVE-2017-15140 - RESERVED + REJECTED CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and inclu ...) [experimental] - cinder 2:13.0.0-1 - cinder 2:13.0.0-2 @@ -10832,8 +10886,8 @@ CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other st CVE-2017-15109 RESERVED CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escape save ...) + {DLA-2524-1} - spice-vdagent 0.18.0-1 (bug #883238) - [stretch] - spice-vdagent <no-dsa> (Minor issue) [jessie] - spice-vdagent <no-dsa> (Minor issue) [wheezy] - spice-vdagent <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 @@ -10844,8 +10898,8 @@ CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dns [jessie] - dnsmasq <no-dsa> (Minor issue) [wheezy] - dnsmasq <no-dsa> (Minor issue) NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html - NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 - NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404 + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404 NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be CVE-2017-15106 RESERVED @@ -10901,7 +10955,8 @@ CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in versi ...) {DSA-4037-1 DLA-2342-1 DLA-2091-1} - jackson-databind 2.9.1-1 - - libjackson-json-java <unfixed> + - libjackson-json-java 1.9.13-2 + [buster] - libjackson-json-java <no-dsa> (Minor issue) NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1) NOTE: misses the further sets of blacklists, in particular as well NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835 @@ -11077,14 +11132,14 @@ CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allow [wheezy] - redis <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/antirez/redis/issues/4278 NOTE: Pull request: https://github.com/antirez/redis/pull/4365 -CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples i ...) +CVE-2017-15046 (LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based ...) - lame 3.99.5+repack1-8 [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://sourceforge.net/p/lame/bugs/479/ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations -CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3 ...) +CVE-2017-15045 (LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and ...) - lame 3.99.5+repack1-8 [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://sourceforge.net/p/lame/bugs/478/ @@ -11098,29 +11153,28 @@ CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x befo ...) - golang-1.9 1.9.1-1 - golang-1.8 1.8.4-1 - [stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable) + [stretch] - golang-1.8 <ignored> (Minor issue, would require rebuilds of affected go-based packages) - golang-1.7 <removed> - [stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable) + [stretch] - golang-1.7 <ignored> (Minor issue, would require rebuilds of affected go-based packages) - golang <removed> - [jessie] - golang <ignored> (Minor issue, would require builds of all go packages in stable) + [jessie] - golang <ignored> (Minor issue, would require rebuilds of affected go packages in oldstable) [wheezy] - golang <not-affected> (Vulnerable code introduced later in version 1.1) NOTE: https://github.com/golang/go/issues/22134 NOTE: https://golang.org/cl/68023 NOTE: https://golang.org/cl/68210 NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...) - {DLA-1148-1} + {DLA-2592-1 DLA-2591-1 DLA-1148-1} - golang-1.9 1.9.1-1 - golang-1.8 1.8.4-1 - [stretch] - golang-1.8 <ignored> (Minor issue) - golang-1.7 <removed> - [stretch] - golang-1.7 <ignored> (Minor issue) - golang <removed> [jessie] - golang <ignored> (Minor issue) NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/ NOTE: https://github.com/golang/go/issues/22125 - NOTE: https://golang.org/cl/68022 - NOTE: https://golang.org/cl/68190 + NOTE: https://golang.org/cl/68022 (1.9.x) + NOTE: https://golang.org/cl/68190 (1.8.x) + NOTE: https://github.com/golang/go/commit/533ee44cd45c064608ee2b833af9e86ef1cb294e (regression) NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ CVE-2017-15040 RESERVED @@ -11221,7 +11275,7 @@ CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_ini [stretch] - lame <ignored> (Minor issue) [jessie] - lame <ignored> (Minor issue) NOTE: https://sourceforge.net/p/lame/bugs/477/ -CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a malforme ...) +CVE-2017-15018 (LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and ...) - lame 3.99.5+repack1-8 [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://sourceforge.net/p/lame/bugs/480/ @@ -11576,8 +11630,8 @@ CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to Object: NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...) + {DLA-2440-1} - poppler 0.61.1-2 (low; bug #877231) - [stretch] - poppler <ignored> (Minor issue) [jessie] - poppler <not-affected> (Problematic code introduced in 0.36) [wheezy] - poppler <not-affected> (Problematic code introduced in 0.36) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102607 @@ -11590,16 +11644,16 @@ CVE-2017-14927 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the Spla NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102604 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...) + {DLA-2440-1} - poppler 0.61.1-2 (low; bug #877239) - [stretch] - poppler <ignored> (Minor issue) [jessie] - poppler <not-affected> (Problematic code introduced in 0.36) [wheezy] - poppler <not-affected> (Problematic code introduced in 0.36) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2017-14923 (Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine ...) NOT-FOR-US: Tine groupware CVE-2017-14922 (Stored XSS vulnerability via IMG element at "History" of Profile, Cale ...) @@ -11701,7 +11755,7 @@ CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE i ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14874 - RESERVED + REJECTED CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14872 (While flashing a meta image, a buffer over-read can potentially occur ...) @@ -11943,7 +11997,8 @@ CVE-2017-14777 CVE-2017-14776 REJECTED CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...) - NOT-FOR-US: Laravel + - php-laravel-framework <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/laravel/framework/pull/21320 CVE-2017-14774 RESERVED CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...) @@ -11999,7 +12054,9 @@ CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, relat CVE-2017-14750 RESERVED CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...) - NOT-FOR-US: JerryScript + - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/2008 CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote authentica ...) NOT-FOR-US: Blizzard Overwatch CVE-2017-14747 @@ -12048,9 +12105,8 @@ CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-p CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL injec ...) NOT-FOR-US: FileRun CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...) - {DLA-1125-1} + {DLA-2812-1 DLA-1125-1} - botan1.10 1.10.17-0.1 (bug #877436) - [stretch] - botan1.10 <no-dsa> (Minor issue) [jessie] - botan1.10 <no-dsa> (Minor issue) NOTE: https://github.com/randombit/botan/issues/1222 NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai @@ -12364,9 +12420,8 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2 NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (bug #876783) - [stretch] - libsndfile <ignored> (Minor issue) [wheezy] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/318 NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788 @@ -12464,7 +12519,7 @@ CVE-2017-14612 ("Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka sh CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote att ...) NOT-FOR-US: Cockpit CMS (different from src:cockpit) CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 a ...) - - bareos <unfixed> (low; bug #877334) + - bareos <removed> (low; bug #877334) [buster] - bareos <ignored> (Minor issue) [stretch] - bareos <ignored> (Minor issue) [jessie] - bareos <no-dsa> (Minor issue) @@ -12473,9 +12528,8 @@ CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file - kannel <not-affected> (No real security issue in combination with start-stop-daemon from dpkg, see #877361) NOTE: https://redmine.kannel.org/issues/771 CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_ ...) - {DLA-1109-1} + {DLA-2903-1 DLA-1109-1} - libraw 0.18.5-1 (low) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21 NOTE: https://github.com/LibRaw/LibRaw/issues/101 @@ -12532,9 +12586,9 @@ CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial re NOT-FOR-US: Atlassian Bamboo CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates thr ...) NOT-FOR-US: Atlassian Bamboo -CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...) +CVE-2017-14588 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...) NOT-FOR-US: Atlassian -CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and Cru ...) +CVE-2017-14587 (The administration user deletion resource in Atlassian Fisheye and Cru ...) NOT-FOR-US: Atlassian CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...) NOT-FOR-US: Atlassian @@ -12673,13 +12727,14 @@ CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Des NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582 CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...) + {DLA-2523-1} [experimental] - imagemagick 8:6.9.10.2+dfsg-1 - imagemagick 8:6.9.10.2+dfsg-2 (bug #878544) - [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <not-affected> (Vulnerable code not present) [wheezy] - imagemagick <not-affected> (Can't reproduce crash with file) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2730 NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/6f7cba13ebae405b2689647a2277827f1c272364 CVE-2017-14527 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...) NOT-FOR-US: OpenText Documentum Webtop CVE-2017-14526 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...) @@ -12791,7 +12846,7 @@ CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq be [jessie] - dnsmasq <not-affected> (Vulnerable code introduced later) [wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later) NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html - NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7 + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7 CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id o ...) - dnsmasq 2.78-1 [stretch] - dnsmasq 2.76-5+deb9u1 @@ -12957,7 +13012,7 @@ CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in the CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the JavaScript e ...) NOT-FOR-US: Foxit PDF Reader CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...) - - cpp-etherum <itp> (bug #860434) + - cpp-ethereum <itp> (bug #860434) CVE-2017-14456 REJECTED CVE-2017-14455 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...) @@ -12968,8 +13023,8 @@ CVE-2017-14453 (On Insteon Hub 2245-222 devices with firmware version 1012, spec NOT-FOR-US: Insteon Hub CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) NOT-FOR-US: Insteon Hub -CVE-2017-14451 - RESERVED +CVE-2017-14451 (An exploitable out-of-bounds read vulnerability exists in libevm (Ethe ...) + NOT-FOR-US: CPP-Ethereum CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing functi ...) {DSA-4184-1 DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 @@ -13069,31 +13124,33 @@ CVE-2017-14414 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_be CVE-2017-14413 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) NOT-FOR-US: D-Link CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in mp ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/ CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/ CVE-2017-14410 (A buffer over-read was discovered in III_i_stereo in layer3.c in mpgli ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/ CVE-2017-14409 (A buffer overflow was discovered in III_dequantize_sample in layer3.c ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/ CVE-2017-14408 (A stack-based buffer over-read was discovered in dct36 in layer3.c in ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/ CVE-2017-14407 (A stack-based buffer over-read was discovered in filterYule in gain_an ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/ + NOTE: Not reproducible with 1.6.2. + NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc CVE-2017-14406 (A NULL pointer dereference was discovered in sync_buffer in interface. ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/ CVE-2017-14405 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote comma ...) @@ -13237,8 +13294,8 @@ CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGIma NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4 CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCa ...) + {DLA-2903-1} - libraw 0.18.5-1 - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <not-affected> (Vulnerable code not present) [wheezy] - libraw <not-affected> (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/100 @@ -13447,8 +13504,8 @@ CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow v NOTE: are addressed with the same patch: NOTE: Patch enforce-maxpacket.patch addresses the issue CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...) + {DLA-2903-1} - libraw 0.18.5-1 - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <not-affected> (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/99 @@ -13497,16 +13554,14 @@ CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/res CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) - [stretch] - libsndfile <ignored> (Minor issue) [wheezy] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) - [stretch] - libsndfile <ignored> (Minor issue) [wheezy] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f @@ -13717,12 +13772,12 @@ CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage( - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506) NOTE: https://github.com/ImageMagick/ImageMagick/issues/715 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c -CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_heade ...) +CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NS ...) {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7 -CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry ...) +CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_i ...) {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> @@ -13760,9 +13815,8 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3. NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/4 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/ CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...) - {DLA-2013-1} + {DLA-2828-1 DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream) NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2 NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3 @@ -13900,7 +13954,7 @@ CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password pag NOT-FOR-US: Maplesoft Maple CVE-2017-14133 RESERVED -CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service (he ...) +CVE-2017-14132 (JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900 ...) {DLA-1583-1} - jasper <removed> (low) [wheezy] - jasper <ignored> (Minor issue) @@ -13940,17 +13994,18 @@ CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR wh CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upl ...) NOT-FOR-US: Zoho ManageEngine CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...) + {DLA-2567-1} - unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 NOTE: Crash in CLI tool, no security impact CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...) + {DLA-2567-1} - unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 NOTE: Crash in CLI tool, no security impact CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...) - {DLA-1091-1} + {DLA-2567-1 DLA-1091-1} - unrar-free 1:0.0.1+cvs20140707-2 (bug #874059) - [stretch] - unrar-free <no-dsa> (Minor issue) [jessie] - unrar-free <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29 @@ -13992,9 +14047,9 @@ CVE-2017-14108 (libgedit.a in GNOME gedit through 3.22.1 allows remote attackers NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=791037 NOTE: negligible security impact CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...) + {DLA-2858-1} [experimental] - libzip 1.3.0+dfsg.1-1 - libzip 1.5.1-3 (low; bug #874010) - [stretch] - libzip <no-dsa> (Minor issue) [jessie] - libzip <no-dsa> (Minor issue) [wheezy] - libzip <no-dsa> (Minor issue) - php5 <removed> (unimportant) @@ -14144,7 +14199,7 @@ CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an E - libav <removed> [jessie] - libav <not-affected> (vulnerable code is not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6 -CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...) +CVE-2017-14058 (In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c d ...) {DSA-3996-1 DLA-1740-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> @@ -14466,18 +14521,18 @@ CVE-2017-13912 RESERVED CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...) NOT-FOR-US: Apple -CVE-2017-13910 - RESERVED -CVE-2017-13909 - RESERVED -CVE-2017-13908 - RESERVED -CVE-2017-13907 - RESERVED -CVE-2017-13906 - RESERVED -CVE-2017-13905 - RESERVED +CVE-2017-13910 (An access issue was addressed with additional sandbox restrictions on ...) + NOT-FOR-US: Apple +CVE-2017-13909 (An issue existed in the storage of sensitive tokens. This issue was ad ...) + NOT-FOR-US: Apple +CVE-2017-13908 (An issue in handling file permissions was addressed with improved vali ...) + NOT-FOR-US: Apple +CVE-2017-13907 (A state management issue was addressed with improved state validation. ...) + NOT-FOR-US: Apple +CVE-2017-13906 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2017-13905 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 i ...) @@ -14502,8 +14557,8 @@ CVE-2017-13894 RESERVED CVE-2017-13893 RESERVED -CVE-2017-13892 - RESERVED +CVE-2017-13892 (An issue existed in the handling of Contact sharing. This issue was ad ...) + NOT-FOR-US: Apple CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...) NOT-FOR-US: Apple CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before 10.13. ...) @@ -14532,8 +14587,8 @@ CVE-2017-13882 RESERVED CVE-2017-13881 RESERVED -CVE-2017-13880 - RESERVED +CVE-2017-13880 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before 10.13. ...) @@ -14628,8 +14683,8 @@ CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before NOT-FOR-US: Apple CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple -CVE-2017-13835 - RESERVED +CVE-2017-13835 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before 10.13. ...) @@ -14970,8 +15025,8 @@ CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in magi - graphicsmagick <unfixed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192 CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw functio ...) + {DLA-2903-1} - libraw 0.18.5-1 (low; bug #874729) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <no-dsa> (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/96 @@ -16926,16 +16981,11 @@ CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in l CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote att ...) NOT-FOR-US: Apache2Triad CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397 + NOTE: Bogus report against historic libsass version CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in eval.c ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335 - NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed - NOTE: with the upstream patch for CVE-2017-11555. + NOTE: Bogus report against historic libsass version CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331 + NOTE: Bogus report against historic libsass version CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in data ...) - pspp 1.0.1-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436 @@ -17103,11 +17153,11 @@ CVE-2017-12914 CVE-2017-12913 RESERVED CVE-2017-12912 (The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU CVE-2017-12911 (The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which resu ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows rem ...) @@ -17244,22 +17294,19 @@ CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and - connman 1.35-1 (bug #872844) NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35) CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875345) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9372 CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::re ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875344) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9371 CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffe ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875342) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9370 CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely stream a users com ...) NOT-FOR-US: Epson "EasyMP" @@ -17270,7 +17317,7 @@ CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in zip_dire ...) - libzip <not-affected> (Vulnerable code introduced later) NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0) - NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 + NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 (rel-1-3-0) CVE-2017-12857 (Polycom SoundStation IP, VVX, and RealPresence Trio that are running s ...) NOT-FOR-US: Polycom CVE-2017-12856 (Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote ...) @@ -17667,9 +17714,9 @@ CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Module NOT-FOR-US: Siemens CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 device ...) NOT-FOR-US: Siemens -CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An attac ...) +CVE-2017-12735 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens -CVE-2017-12734 (A vulnerability has been identified in Siemens LOGO! devices before V1 ...) +CVE-2017-12734 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...) NOT-FOR-US: SiteSentinel @@ -17810,13 +17857,13 @@ CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type p CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater ...) NOT-FOR-US: NexusPHP CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefac ...) + {DLA-2772-1} - taglib 1.11.1+dfsg.1-0.2 (bug #871511) - [stretch] - taglib <no-dsa> (Minor issue) [jessie] - taglib <not-affected> (Vulnerable code not present) [wheezy] - taglib <not-affected> (Vulnerable code not present) - silverjuke <not-affected> (Vulnerable code not present, based on older taglib version) NOTE: https://github.com/taglib/taglib/issues/829 - NOTE: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6#diff-37f706c8696a7c1ca939b169c0a04d97 + NOTE: https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Ang ...) NOT-FOR-US: IdentityServer CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...) @@ -18045,9 +18092,8 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to ...) - airflow <itp> (bug #819700) CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...) - {DLA-1162-1} + {DLA-2897-1 DLA-1162-1} - apr 1.6.3-1 (low; bug #879708) - [stretch] - apr <no-dsa> (Minor issue) [jessie] - apr <no-dsa> (Minor issue) NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E NOTE: Fixed by: https://github.com/apache/apr/commit/ad958385a4180d7a83d90589689fcd36e3bbc57a @@ -18075,28 +18121,24 @@ CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, an NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607 NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1 CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invali ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...) [experimental] - opencv 3.4.4+dfsg-1~exp1 @@ -18106,10 +18148,9 @@ CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d [wheezy] - opencv <ignored> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9311 CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...) [experimental] - opencv 3.4.4+dfsg-1~exp1 @@ -18119,22 +18160,19 @@ CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d [wheezy] - opencv <ignored> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9311 CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) - {DLA-1438-1 DLA-1117-1} + {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...) {DLA-2358-1} @@ -18142,7 +18180,8 @@ CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer ove [jessie] - openexr <no-dsa> (Minor issue) [wheezy] - openexr 1.6.1-6+deb7u1 NOTE: https://github.com/openexr/openexr/issues/238 - NOTE: Upstream fix https://github.com/openexr/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c (v2.3.0) CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dic ...) - qpdf 7.0.0-1 [stretch] - qpdf <no-dsa> (Minor issue) @@ -18619,8 +18658,8 @@ CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before NOTE: The CVE is for the issue when importing a project via crafted SSH URLs, NOTE: which becomes ineffective with a fixed git version itself. CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate in ...) + {DLA-2596-1} - shadow 1:4.5-1 (bug #756630) - [stretch] - shadow <no-dsa> (Minor issue) [jessie] - shadow <no-dsa> (Minor issue) [wheezy] - shadow <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 @@ -20407,11 +20446,14 @@ CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...) {DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020) - [stretch] - imagemagick <postponed> (Minor issue) + [stretch] - imagemagick <ignored> (Minor issue, PoC triggers earlier assertion, fix reverted upstream) NOTE: https://github.com/ImageMagick/ImageMagick/issues/610 - NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb - NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0 - NOTE: Upstream patch is apparently incomplete. POC still triggers segfault. + NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9f1a91d93871cc6a5c0b99e8bacad4d730acf36 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/de8cdeceafdc7bbdfcc55cd08e6a8b0cc979c91c + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/75db34b6a4d642cb6f88c792942de27490c900e0 + NOTE: fix reverted with CVE-2017-18029 + NOTE: triggered by CVE-2017-12877 CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019) @@ -20450,7 +20492,7 @@ CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, caused [wheezy] - lame 3.99.5+repack1-3+deb7u1 NOTE: https://sourceforge.net/p/lame/bugs/460/ NOTE: Duplicate/same as: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/ -CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg th ...) +CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3. ...) {DSA-3957-1} - ffmpeg 7:3.3.3-1 - libav <removed> @@ -20546,8 +20588,8 @@ CVE-2017-11692 (The function "Token& Scanner::peek" in scanner.cpp in yaml-c [jessie] - yaml-cpp <no-dsa> (Minor issue) [wheezy] - yaml-cpp <no-dsa> (Minor issue) - yaml-cpp0.3 <removed> (bug #870327) - [stretch] - yaml-cpp0.3 <no-dsa> (Minor issue) - [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue) + [stretch] - yaml-cpp0.3 <no-dsa> (Minor issue) + [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue) NOTE: https://github.com/jbeder/yaml-cpp/issues/519 NOTE: https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18 CVE-2017-11690 @@ -20892,8 +20934,7 @@ CVE-2017-11607 CVE-2017-11606 RESERVED CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ad ...) - - libsass <undetermined> (bug #870184) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474019 + NOTE: Bogus report against historic libsass version CVE-2017-11604 RESERVED CVE-2017-11603 @@ -21163,9 +21204,8 @@ CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8 CVE-2017-11521 (The SdpContents::Session::Medium::parse function in resip/stack/SdpCon ...) - {DLA-1439-1 DLA-1040-1} + {DLA-2865-1 DLA-1439-1 DLA-1040-1} - resiprocate <removed> (low; bug #869404) - [stretch] - resiprocate <no-dsa> (Minor issue) NOTE: https://github.com/resiprocate/resiprocate/pull/88 NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8 CVE-2017-11520 @@ -21191,15 +21231,15 @@ CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that all ...) NOT-FOR-US: Wanscam's HW0021 network camera CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in Firebir ...) - {DLA-2129-1 DLA-1374-1} + {DLA-2824-1 DLA-2129-1 DLA-1374-1} - firebird3.0 3.0.3.32900.ds4-3 - [stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update) - firebird2.5 <removed> NOTE: https://www.tenable.com/security/research/tra-2017-36 + NOTE: https://github.com/FirebirdSQL/firebird/issues/5787 NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed NOTE: in "any current release". NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix, - NOTE: and might actually be considered more justof a mitigation. + NOTE: and might actually be considered more of just a mitigation. NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...) NOT-FOR-US: SecurityCenter @@ -21697,11 +21737,9 @@ CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHIC [wheezy] - chicken <no-dsa> (Minor issue) NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...) - - libsass <undetermined> (bug #868577) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470722 + NOTE: Bogus report against historic libsass version CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. ...) - - libsass <undetermined> (bug #868577) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714 + NOTE: Bogus report against historic libsass version CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function i ...) - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) NOTE: https://github.com/Exiv2/exiv2/issues/53 @@ -22096,11 +22134,14 @@ CVE-2017-11192 CVE-2017-11191 (** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote auth ...) NOTE: non-issue claimed for freepia CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...) - - unrar-free <unfixed> (unimportant) + - unrar-free 1:0.0.2-0.1 (unimportant; bug #995065) NOTE: Affected debug code not enabled + NOTE: https://gitlab.com/bgermann/unrar-free/-/commit/e4b3d2d974780af12d8221a25165809e611676df CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...) - - unrar-free <unfixed> (unimportant) + - unrar-free 1:0.0.1+cvs20140707-4 (unimportant) NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/0x09AL/my-exploits/blob/master/pocs/unrar-free/dos/DESCRIPTION + NOTE: Same fix as CVE-2017-14121 and possibly to be considered a duplicate CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks t ...) NOT-FOR-US: phpMyFAQ CVE-2017-11186 @@ -22322,6 +22363,7 @@ CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, NOT-FOR-US: ljharb CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in t ...) - rbenv <unfixed> (bug #869702) + [bullseye] - rbenv <no-dsa> (Minor issue) [buster] - rbenv <no-dsa> (Minor issue) [stretch] - rbenv <no-dsa> (Minor issue) [jessie] - rbenv <no-dsa> (Minor issue) @@ -22684,7 +22726,7 @@ CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all An CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: HTC component for Android CVE-2017-11071 - RESERVED + REJECTED CVE-2017-11070 RESERVED CVE-2017-11069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -22786,7 +22828,7 @@ CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all An CVE-2017-11021 RESERVED CVE-2017-11020 - RESERVED + REJECTED CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -23356,11 +23398,14 @@ CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authent NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16 NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1 CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/17921 CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/17914 CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/17898 CVE-2017-10802 RESERVED CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO ...) @@ -23614,8 +23659,8 @@ CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x befo {DSA-4045-1} - vlc 2.2.6-3 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b - NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49 + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49 NOTE: https://trac.videolan.org/vlc/ticket/18467 CVE-2017-10698 RESERVED @@ -23655,8 +23700,7 @@ CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDir NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...) - - libsass <undetermined> (low; bug #866672) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411 + NOTE: Bogus report against historic libsass version CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...) {DLA-1041-1} - nasm 2.13.02-0.1 (bug #867988) @@ -24088,14 +24132,14 @@ CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmwa ...) NOT-FOR-US: Green Packet CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #866020) - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/75 CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #866022) - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/74 @@ -24405,13 +24449,13 @@ CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libt NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b NOTE: The issue is addressed with the same commit as for CVE-2017-9403 CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote atta ...) - - cairo <unfixed> (low; bug #868580) - [buster] - cairo <ignored> (Minor issue) + - cairo 1.16.0-1 (low; bug #868580) [stretch] - cairo <no-dsa> (Minor issue) [jessie] - cairo <no-dsa> (Minor issue) [wheezy] - cairo <no-dsa> (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547 NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/264 + NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/commit/199823938780c8e50099b627d3e9137acba7a263 (1.15.14) CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2017-9812 (The reportId parameter of the getReportStatus action method can be abu ...) @@ -26407,9 +26451,8 @@ CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript G NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1) CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...) - {DLA-1021-1 DLA-1020-1} + {DLA-2661-1 DLA-1021-1 DLA-1020-1} - jetty9 9.2.22-1 (bug #864898) - [stretch] - jetty9 <ignored> (Harmless information leak) - jetty8 <removed> [jessie] - jetty8 <no-dsa> (Minor issue) - jetty <removed> @@ -26916,10 +26959,13 @@ CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-1 ...) - {DLA-1723-1} + {DLA-2801-1 DLA-1723-1} - cron 3.0pl1-129 (bug #864466) - [stretch] - cron <no-dsa> (Minor issue) [wheezy] - cron <no-dsa> (Minor issue) + - systemd-cron 1.5.17-2 (bug #993731) + [bullseye] - systemd-cron <no-dsa> (Minor issue) + [buster] - systemd-cron <no-dsa> (Minor issue) + [stretch] - systemd-cron <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/06/08/3 CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...) NOT-FOR-US: Sophos @@ -26947,15 +26993,15 @@ CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 h NOT-FOR-US: Atlassian Bamboo CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams bef ...) NOT-FOR-US: Atlassian Activity Streams -CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and Crucible ...) +CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible ...) NOT-FOR-US: Atlassian -CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...) +CVE-2017-9511 (The MultiPathResource class in Atlassian Fisheye and Crucible, before ...) NOT-FOR-US: Atlassian -CVE-2017-9510 (The repository changelog resource in Atlassian FishEye before version ...) +CVE-2017-9510 (The repository changelog resource in Atlassian Fisheye before version ...) NOT-FOR-US: Atlassian CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version 4 ...) NOT-FOR-US: Atlassian -CVE-2017-9508 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...) +CVE-2017-9508 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...) NOT-FOR-US: Atlassian CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...) NOT-FOR-US: Atlassian @@ -27243,7 +27289,8 @@ CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ar NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603 NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2 CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/17394 CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allo ...) NOT-FOR-US: Subsonic CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to Po ...) @@ -27638,9 +27685,9 @@ CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulati [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <removed> [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present) - NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77 CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...) - NOT-FOR-US: Laravel + - php-laravel-framework <not-affected> (Fixed before initial upload to Debian) CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: RealPlayer CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...) @@ -27715,7 +27762,8 @@ CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susc CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...) NOT-FOR-US: IDM CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy credentia ...) - - zypper <unfixed> (low) + - zypper <unfixed> (low; bug #988152) + [bullseye] - zypper <ignored> (Minor issue) [buster] - zypper <ignored> (Minor issue) [jessie] - zypper <ignored> (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625 @@ -27725,9 +27773,12 @@ CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositori - libzypp 17.3.1-1 (bug #899065) [jessie] - libzypp <ignored> (Minor issue) CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...) - - open-build-service <unfixed> (low) + - open-build-service 2.9.4-1 (low) [stretch] - open-build-service <no-dsa> (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1045519 + NOTE: https://github.com/openSUSE/open-build-service/pull/3267 + NOTE: https://github.com/openSUSE/open-build-service/pull/3269 + NOTE: https://github.com/openSUSE/open-build-service/commit/b43efe6be46387b16c0b27cf8ee7b9ca53f905ef CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictl ...) NOT-FOR-US: Novell eDirectory CVE-2017-9266 @@ -27939,8 +27990,8 @@ CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a d [wheezy] - systemd <not-affected> (vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/pull/5998 CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscri ...) + {DLA-2796-1} - jbig2dec 0.13-5 (bug #863279) - [stretch] - jbig2dec <no-dsa> (Minor issue) [jessie] - jbig2dec <no-dsa> (Minor issue) [wheezy] - jbig2dec <no-dsa> (Minor issue, can be fixed in a future update) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934 @@ -27948,9 +27999,9 @@ CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghos CVE-2017-9215 RESERVED CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...) + {DLA-2571-1} [experimental] - openvswitch 2.8.1+dfsg1-1 - openvswitch 2.8.1+dfsg1-2 (bug #863228) - [stretch] - openvswitch <no-dsa> (Minor issue) [jessie] - openvswitch <not-affected> (Vulnerable code not present) [wheezy] - openvswitch <not-affected> (Vulnerable code not present) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html @@ -28303,6 +28354,7 @@ CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress fun [jessie] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...) {DSA-4755-1 DLA-2358-1} - openexr 2.5.3-2 (bug #873885) @@ -28310,13 +28362,15 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator fu [wheezy] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...) - {DSA-4755-1 DLA-2358-1} - - openexr 2.5.3-2 (bug #873885) - [jessie] - openexr <no-dsa> (Minor issue) - [wheezy] - openexr <no-dsa> (Minor issue) + {DLA-2358-1 DLA-1083-1} + - openexr 2.2.0-11.1 (bug #864078) + [jessie] - openexr <not-affected> (ImfFastHuf.cpp / DWA compressor introduced v2.2) + [wheezy] - openexr <not-affected> (ImfFastHuf.cpp / DWA compressor introduced v2.2) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...) {DSA-4755-1 DLA-2358-1} - openexr 2.5.3-2 (low; bug #873885) @@ -28324,12 +28378,14 @@ CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadP [wheezy] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...) {DLA-2358-1 DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) [jessie] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...) {DSA-4755-1 DLA-2358-1} - openexr 2.5.3-2 (bug #873885) @@ -28337,12 +28393,14 @@ CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE func [wheezy] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...) {DLA-2358-1 DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) [jessie] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...) - adns 1.6.0-2 (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868 @@ -28427,12 +28485,12 @@ CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files ...) {DSA-3859-1 DLA-948-1} - dropbear 2016.74-5 (bug #862970) - NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 + NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/0d889b068123 CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication ...) {DSA-3859-1} - dropbear 2016.74-5 (bug #862970) [wheezy] - dropbear <not-affected> (Vulnerable code not present) - NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c + NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/c8114a48837c CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...) {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 @@ -28828,9 +28886,9 @@ CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS d NOT-FOR-US: Quest Information Systems Indiana Voters app CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve P-256 ...) - golang-1.8 1.8.3-1 (bug #863307) - [stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable) + [stretch] - golang-1.8 <ignored> (Minor issue, would require rebuilds of affected go-based packages in stable) - golang-1.7 1.7.6-1 (bug #863308) - [stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable) + [stretch] - golang-1.7 <ignored> (Minor issue, would require rebuilds of affected go-based packages in stable) - golang <removed> [wheezy] - golang <not-affected> (Vulnerable code not present, no ASM implementation of the p256 elliptic curve) [jessie] - golang <not-affected> (Vulnerable code not present, no ASM implementation of the p256 elliptic curve) @@ -29002,7 +29060,7 @@ CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9. NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200 NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 CVE-2017-8871 (The cr_parser_parse_selector_core function in cr-parser.c in libcroco ...) - - libcroco <unfixed> (bug #864666; low) + - libcroco <removed> (bug #864666; low) [buster] - libcroco <ignored> (Minor issue) [stretch] - libcroco <ignored> (Minor issue) [jessie] - libcroco <no-dsa> (Minor issue) @@ -29070,8 +29128,8 @@ CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so i NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/ NOTE: Crash in CLI tool, no security implications CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 all ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #863150) - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/71 @@ -29083,8 +29141,8 @@ CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/ NOTE: Crash in CLI tool, no security implications CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #863153) - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/70 @@ -29114,7 +29172,7 @@ CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and ...) NOT-FOR-US: Peplink Balance devices CVE-2017-8834 (The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 a ...) - - libcroco <unfixed> (bug #864666; low) + - libcroco <removed> (bug #864666; low) [buster] - libcroco <ignored> (Minor issue) [stretch] - libcroco <ignored> (Minor issue) [jessie] - libcroco <no-dsa> (Minor issue) @@ -29351,6 +29409,10 @@ CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc throug - ntirpc 1.4.4-1 (bug #861836) NOTE: https://www.openwall.com/lists/oss-security/2017/05/04/1 NOTE: https://github.com/guidovranken/rpcbomb/ + NOTE: For rpcbind, 0.2.3-0.6 upload was based on Guido Vranken 's patch in + NOTE: https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt + NOTE: Upstream patch: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commit;h=7ea36eeece56b59f98e469934e4c20b4da043346 (rpcbind-0_2_5-rc1) + NOTE: Followup for typo: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=c49a7ea639eb700823e174fd605bbbe183e229aa (rpcbind-0_2_5-rc2) CVE-2017-8776 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) NOT-FOR-US: Quick Heal Internet Security CVE-2017-8775 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) @@ -29383,10 +29445,8 @@ CVE-2017-8763 (Cross-site scripting (XSS) vulnerability in modules/Base/Box/chec NOT-FOR-US: EPESI CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits ...) NOT-FOR-US: GenixCMS -CVE-2017-8761 [Swift tempurl middleware reveals signatures in the logfiles] - RESERVED - - swift <unfixed> - [buster] - swift <no-dsa> (Minor issue) +CVE-2017-8761 (In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, ...) + - swift 2.17.0-2 [stretch] - swift <no-dsa> (Minor issue) [jessie] - swift <end-of-life> (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/swift/+bug/1685798 @@ -30464,22 +30524,22 @@ CVE-2017-8313 (Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 d {DSA-3899-1} - vlc 2.2.5-1 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c CVE-2017-8312 (Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...) {DSA-3899-1} - vlc 2.2.6-1~deb9u1 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa + NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa CVE-2017-8311 (Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...) {DSA-3899-1} - vlc 2.2.5-1 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6 + NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6 CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...) {DSA-3899-1} - vlc 2.2.5.1-1~deb9u1 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328 + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328 CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows r ...) {DLA-1497-1 DLA-1071-1 DLA-1070-1} - qemu 1:2.8+dfsg-5 (bug #862280) @@ -30633,7 +30693,7 @@ CVE-2017-8251 (In all Qualcomm products with Android releases from CAF using the CVE-2017-8250 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8249 - RESERVED + REJECTED CVE-2017-8248 (A buffer overflow may occur in the processing of a downlink NAS messag ...) NOT-FOR-US: Qualcomm Telephony CVE-2017-8247 (In all Qualcomm products with Android releases from CAF using the Linu ...) @@ -30669,7 +30729,7 @@ CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out o CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...) NOT-FOR-US: Android driver CVE-2017-8232 - RESERVED + REJECTED CVE-2017-8231 RESERVED CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on th ...) @@ -31565,7 +31625,7 @@ CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading t NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...) - apcupsd <not-affected> (Only APC UPS Daemon on Windows) -CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...) +CVE-2017-7889 (The mm subsystem in the Linux kernel through 3.2 does not properly enf ...) {DSA-3945-1 DLA-1099-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7) @@ -32345,8 +32405,8 @@ CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlie NOTE: https://github.com/matthiaskramm/swftools/pull/19 NOTE: Vulnerable code removed with the 0.9.2+dfs1-2 upload CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_o ...) + {DLA-2845-1} - libsamplerate 0.1.9-1 (bug #860159) - [stretch] - libsamplerate <no-dsa> (Minor issue) [jessie] - libsamplerate <no-dsa> (Minor issue) [wheezy] - libsamplerate <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsamplerate/issues/11 @@ -32489,7 +32549,7 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurat NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667 NOTE: https://github.com/eclipse/jetty.project/commit/a285deea CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...) - {DLA-1972-1} + {DLA-2793-1 DLA-1972-1} - mosquitto 1.5.4-1 (low) [stretch] - mosquitto <no-dsa> (Minor issue) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775 @@ -33001,7 +33061,8 @@ CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-chan CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, version ...) {DSA-4004-1 DLA-2342-1 DLA-2091-1} - jackson-databind 2.9.1-1 (bug #870848) - - libjackson-json-java <unfixed> + - libjackson-json-java 1.9.13-2 + [buster] - libjackson-json-java <no-dsa> (Minor issue) NOTE: https://github.com/FasterXML/jackson-databind/issues/1599 NOTE: For libjackson-json-java: NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31 @@ -33188,8 +33249,8 @@ CVE-2017-7484 (It was found that some selectivity estimation functions in Postgr NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6 CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...) + {DLA-2683-1} - rxvt 1:2.7.10-7.1 (low; bug #861694) - [stretch] - rxvt <no-dsa> (Minor issue) [jessie] - rxvt <no-dsa> (Minor issue) [wheezy] - rxvt <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/01/15 @@ -33198,8 +33259,8 @@ CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decod - linux 4.11.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0 CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...) + {DLA-2535-1} - ansible 2.3.1.0+dfsg-1 (bug #862666) - [stretch] - ansible <no-dsa> (Minor issue) [jessie] - ansible <not-affected> (vulnerable code introduced in version 2.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018 NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 @@ -33242,6 +33303,7 @@ CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with th NOTE: Introduced with 4bc76593 and 4e6e16b3f. CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference relat ...) - cairo <unfixed> (low; bug #870264) + [bullseye] - cairo <ignored> (Minor issue) [buster] - cairo <ignored> (Minor issue) [stretch] - cairo <no-dsa> (Minor issue) [jessie] - cairo <no-dsa> (Minor issue) @@ -34728,19 +34790,18 @@ CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and CVE-2017-6963 RESERVED CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...) + {DLA-2911-1} - apng2gif 1.8-0.1 (bug #854447) - [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release) [jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring) [wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring) CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitizatio ...) + {DLA-2911-1} - apng2gif 1.8-0.1 (bug #854441) - [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release) [jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring) [wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring) CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...) - {DLA-2165-1 DLA-981-1} + {DLA-2911-1 DLA-2165-1 DLA-981-1} - apng2gif 1.8-0.1 (bug #854367) - [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release) CVE-2017-6959 REJECTED CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...) @@ -34887,9 +34948,8 @@ CVE-2017-6894 CVE-2017-6893 RESERVED CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...) - {DLA-985-1} + {DLA-2418-1 DLA-985-1} - libsndfile 1.0.28-1 (bug #864704) - [stretch] - libsndfile <ignored> (Minor issue) [jessie] - libsndfile <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) withi ...) @@ -34903,12 +34963,13 @@ CVE-2017-6890 (A boundary error within the "foveon_load_camf()" function (dcraw_ CVE-2017-6889 (An integer overflow error within the "foveon_load_camf()" function (dc ...) NOT-FOR-US: libraw demosaic extension (not packaged in Debian) CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC ...) + {DLA-2514-1} - flac 1.3.2-2 (low; bug #897015) - [stretch] - flac <no-dsa> (Minor issue) [jessie] - flac <no-dsa> (Minor issue) [wheezy] - flac <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/ - NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67 + NOTE: https://github.com/xiph/flac/commit/4f47b63e9c971e6391590caf00a0f2a5ed612e67 (1.3.3) + NOTE: https://android.googlesource.com/platform/external/flac/+/4f47b63e9c971e6391590caf00a0f2a5ed612e67 CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function (internal/dcra ...) {DSA-3950-1 DLA-1057-1} - libraw 0.18.2-2 (bug #864183) @@ -35682,7 +35743,7 @@ CVE-2017-6542 (The ssh_agent_channel_data function in PuTTY before 0.68 allows r NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 (0.68) NOTE: Bug only exploitable if SSH agent forwarding enabled (not the default) and if - NOTE: the attacker can already be able to connect to the Unix-domain socket + NOTE: the attacker can already be able to connect to the Unix-domain socket NOTE: representing the forwarded agent connection. CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) NOT-FOR-US: webpagetest @@ -36520,6 +36581,7 @@ CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-depende NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...) - gdk-pixbuf 2.36.10-1 (bug #858491; unimportant) + [stretch] - gdk-pixbuf <ignored> (thumbnailer not installed before 2.36.5-3) [jessie] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1) [wheezy] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204 @@ -36664,7 +36726,7 @@ CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx <unfixed> [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported) @@ -36698,7 +36760,7 @@ CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx <unfixed> [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported) @@ -37157,7 +37219,8 @@ CVE-2017-6063 CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...) NOT-FOR-US: SAP CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...) - - mupdf <unfixed> (unimportant) + {DLA-2765-1} + - mupdf 1.12.0+ds1-1 (unimportant) [wheezy] - mupdf <not-affected> (Vulnerable code not present) NOTE: Although jstest_main.c compiled during build and mujstest is created NOTE: it is not included in the produced binary packages @@ -37330,7 +37393,7 @@ CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in vrend - virglrenderer 0.6.0-1 (bug #858255) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438 -CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5 ...) +CVE-2017-5991 (An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9 ...) {DSA-3797-1} - mupdf 1.9a+ds1-4 (low) [wheezy] - mupdf <not-affected> (vulnerable code not present) @@ -37371,7 +37434,7 @@ CVE-2017-5984 (In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() ha CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3. ...) NOT-FOR-US: JIRA Workflow Designer Plugin CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...) - - kodi <unfixed> (bug #855225) + - kodi 2:18.6+dfsg1-1 (bug #855225) [buster] - kodi <ignored> (Minor issue) [stretch] - kodi <ignored> (Minor issue) [jessie] - kodi <ignored> (Minor issue) @@ -37754,7 +37817,7 @@ CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service i CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...) NOT-FOR-US: Unisys ClearPath CVE-2017-5871 (Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...) NOT-FOR-US: ViMbAdmin CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...) @@ -37900,55 +37963,55 @@ CVE-2017-5781 (A CSRF vulnerability in HPE Matrix Operating Environment version CVE-2017-5780 (A remote clickjacking vulnerability in HPE Matrix Operating Environmen ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-5779 - RESERVED + REJECTED CVE-2017-5778 - RESERVED + REJECTED CVE-2017-5777 - RESERVED + REJECTED CVE-2017-5776 - RESERVED + REJECTED CVE-2017-5775 - RESERVED + REJECTED CVE-2017-5774 - RESERVED + REJECTED CVE-2017-5773 - RESERVED + REJECTED CVE-2017-5772 - RESERVED + REJECTED CVE-2017-5771 - RESERVED + REJECTED CVE-2017-5770 - RESERVED + REJECTED CVE-2017-5769 - RESERVED + REJECTED CVE-2017-5768 - RESERVED + REJECTED CVE-2017-5767 - RESERVED + REJECTED CVE-2017-5766 - RESERVED + REJECTED CVE-2017-5765 - RESERVED + REJECTED CVE-2017-5764 - RESERVED + REJECTED CVE-2017-5763 - RESERVED + REJECTED CVE-2017-5762 - RESERVED + REJECTED CVE-2017-5761 - RESERVED + REJECTED CVE-2017-5760 - RESERVED + REJECTED CVE-2017-5759 - RESERVED + REJECTED CVE-2017-5758 - RESERVED + REJECTED CVE-2017-5757 - RESERVED + REJECTED CVE-2017-5756 - RESERVED + REJECTED CVE-2017-5755 - RESERVED + REJECTED CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and indir ...) {DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1} - linux 4.14.12-1 @@ -37990,37 +38053,37 @@ CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and NOTE: Paper: https://spectreattack.com/spectre.pdf NOTE: https://01.org/security/advisories/intel-oss-10002 CVE-2017-5752 - RESERVED + REJECTED CVE-2017-5751 - RESERVED + REJECTED CVE-2017-5750 - RESERVED + REJECTED CVE-2017-5749 - RESERVED + REJECTED CVE-2017-5748 - RESERVED + REJECTED CVE-2017-5747 - RESERVED + REJECTED CVE-2017-5746 - RESERVED + REJECTED CVE-2017-5745 - RESERVED + REJECTED CVE-2017-5744 - RESERVED + REJECTED CVE-2017-5743 - RESERVED + REJECTED CVE-2017-5742 - RESERVED + REJECTED CVE-2017-5741 - RESERVED + REJECTED CVE-2017-5740 - RESERVED + REJECTED CVE-2017-5739 - RESERVED + REJECTED CVE-2017-5738 (Escalation of privilege vulnerability in admin portal for Intel Unite ...) NOT-FOR-US: Intel Unite App CVE-2017-5737 - RESERVED + REJECTED CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform ...) NOT-FOR-US: Intel CVE-2017-5735 @@ -38036,43 +38099,42 @@ CVE-2017-5731 (Bounds checking in Tianocompress before November 7, 2017 may allo NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150 NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html CVE-2017-5730 - RESERVED + REJECTED CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and T ...) NOT-FOR-US: Intel CVE-2017-5728 - RESERVED + REJECTED CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 1 ...) NOT-FOR-US: Intel CVE-2017-5726 - RESERVED + REJECTED CVE-2017-5725 - RESERVED + REJECTED CVE-2017-5724 - RESERVED + REJECTED CVE-2017-5723 - RESERVED + REJECTED CVE-2017-5722 (Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, N ...) NOT-FOR-US: Intel CVE-2017-5721 (Insufficient input validation in system firmware for Intel NUC7i3BNK, ...) NOT-FOR-US: Intel CVE-2017-5720 - RESERVED + REJECTED CVE-2017-5719 (A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows ...) NOT-FOR-US: Intel CVE-2017-5718 - RESERVED + REJECTED CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics Dr ...) NOT-FOR-US: Intel graphics driver CVE-2017-5716 REJECTED CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...) - {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2148-1 DLA-1497-1 DLA-1422-1 DLA-1369-1} + {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2743-1 DLA-2148-1 DLA-1497-1 DLA-1422-1 DLA-1369-1} - linux 4.15.11-1 - intel-microcode 3.20180425.1 [stretch] - intel-microcode 3.20180425.1~deb9u1 [jessie] - intel-microcode 3.20180425.1~deb8u1 - amd64-microcode 3.20180515.1 - [stretch] - amd64-microcode <no-dsa> (Can be fixed via point release) NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html @@ -38107,9 +38169,9 @@ CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and - xen 4.11.1~pre+1.733450b39b-1 [jessie] - xen <ignored> (Too intrusive to backport) CVE-2017-5714 - RESERVED + REJECTED CVE-2017-5713 - RESERVED + REJECTED CVE-2017-5712 (Buffer overflow in Active Management Technology (AMT) in Intel Managea ...) NOT-FOR-US: Intel CVE-2017-5711 (Multiple buffer overflows in Active Management Technology (AMT) in Int ...) @@ -38131,7 +38193,7 @@ CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core Pr CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel platfo ...) NOT-FOR-US: Intel CVE-2017-5702 - RESERVED + REJECTED CVE-2017-5701 (Insecure platform configuration in system firmware for Intel NUC7i3BNK ...) NOT-FOR-US: Intel CVE-2017-5700 (Insufficient protection of password storage in system firmware for Int ...) @@ -38156,13 +38218,13 @@ CVE-2017-5692 (Out-of-bounds read condition in older versions of some Intel Grap CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...) NOT-FOR-US: Intel CPUs CVE-2017-5690 - RESERVED + REJECTED CVE-2017-5689 (An unprivileged network attacker could gain system privileges to provi ...) NOT-FOR-US: Intel AMT CVE-2017-5688 (There is an escalation of privilege vulnerability in the Intel Solid S ...) NOT-FOR-US: Intel Solid State Drive Toolbox CVE-2017-5687 - RESERVED + REJECTED CVE-2017-5686 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...) NOT-FOR-US: BIOS in Intel NUC systems CVE-2017-5685 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...) @@ -38174,7 +38236,7 @@ CVE-2017-5683 (Privilege escalation in IntelHAXM.sys driver in the Intel Hardwar CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, In ...) NOT-FOR-US: Intel PSET CVE-2017-5680 - RESERVED + REJECTED CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...) {DSA-3818-1 DLA-2164-1 DLA-830-1} - gst-plugins-bad1.0 1.10.4-1 (low) @@ -38574,9 +38636,13 @@ CVE-2017-5899 (Directory traversal vulnerability in the setuid root helper binar NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/7 CVE-2017-5628 (An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10 ...) - NOT-FOR-US: MuJS + - mujs <not-affected> (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;h=8f62ea10a0af68e56d5c00720523ebcba13c2e6a + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697496 CVE-2017-5627 (An issue was discovered in Artifex Software, Inc. MuJS before 4006739a ...) - NOT-FOR-US: MuJS + - mujs <not-affected> (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;h=4006739a28367c708dea19aeb19b8a1a9326ce08 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697497 CVE-2017-5617 (The SVG Salamander (aka svgSalamander) library, when used in a web app ...) {DSA-3781-1 DLA-816-1} - svgsalamander 1.1.1+dfsg-2 (bug #853134) @@ -40152,8 +40218,7 @@ CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome pri - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5123 [waitid() not calling access_ok()] - RESERVED +CVE-2017-5123 (Insufficient data validation in waitid allowed an user to escape sandb ...) - linux 4.13.4-2 [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) @@ -40797,20 +40862,20 @@ CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior t CVE-2017-4968 REJECTED CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) + {DLA-2710-1} - rabbitmq-server 3.6.10-1 (low; bug #863586) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) [jessie] - rabbitmq-server <no-dsa> (Minor issue) [wheezy] - rabbitmq-server <no-dsa> (Minor issue) CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) + {DLA-2710-1} - rabbitmq-server 3.6.10-1 (low; bug #863586) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) [jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later) [wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9) NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0) CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) + {DLA-2710-1} - rabbitmq-server 3.6.10-1 (low; bug #863586) - [stretch] - rabbitmq-server <no-dsa> (Minor issue) [jessie] - rabbitmq-server <no-dsa> (Minor issue) [wheezy] - rabbitmq-server <no-dsa> (Minor issue) CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...) @@ -42640,9 +42705,9 @@ CVE-2017-4053 (Command Injection vulnerability in the web interface in McAfee Ad CVE-2017-4052 (Authentication Bypass vulnerability in the web interface in McAfee Adv ...) NOT-FOR-US: McAfee CVE-2017-4051 - RESERVED + REJECTED CVE-2017-4050 - RESERVED + REJECTED CVE-2017-4049 REJECTED CVE-2017-4048 @@ -42670,7 +42735,7 @@ CVE-2017-4038 CVE-2017-4037 REJECTED CVE-2017-4036 - RESERVED + REJECTED CVE-2017-4035 REJECTED CVE-2017-4034 @@ -42750,7 +42815,7 @@ CVE-2017-3998 CVE-2017-3997 REJECTED CVE-2017-3996 - RESERVED + REJECTED CVE-2017-3995 REJECTED CVE-2017-3994 @@ -42766,7 +42831,7 @@ CVE-2017-3990 CVE-2017-3989 REJECTED CVE-2017-3988 - RESERVED + REJECTED CVE-2017-3987 REJECTED CVE-2017-3986 @@ -42802,7 +42867,7 @@ CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web inter CVE-2017-3971 (Cryptanalysis vulnerability in the web interface in McAfee Network Sec ...) NOT-FOR-US: McAfee CVE-2017-3970 - RESERVED + REJECTED CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...) NOT-FOR-US: McAfee CVE-2017-3968 (Session fixation vulnerability in the web interface in McAfee Network ...) @@ -42868,7 +42933,7 @@ CVE-2017-3939 CVE-2017-3938 REJECTED CVE-2017-3937 - RESERVED + REJECTED CVE-2017-3936 (OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO ...) NOT-FOR-US: McAfee CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...) @@ -42878,7 +42943,7 @@ CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerab CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network ...) NOT-FOR-US: McAfee Network Data Loss Prevention CVE-2017-3932 - RESERVED + REJECTED CVE-2017-3931 REJECTED CVE-2017-3930 @@ -42886,63 +42951,63 @@ CVE-2017-3930 CVE-2017-3929 REJECTED CVE-2017-3928 - RESERVED + REJECTED CVE-2017-3927 - RESERVED + REJECTED CVE-2017-3926 - RESERVED + REJECTED CVE-2017-3925 - RESERVED + REJECTED CVE-2017-3924 - RESERVED + REJECTED CVE-2017-3923 - RESERVED + REJECTED CVE-2017-3922 - RESERVED + REJECTED CVE-2017-3921 - RESERVED + REJECTED CVE-2017-3920 - RESERVED + REJECTED CVE-2017-3919 - RESERVED + REJECTED CVE-2017-3918 - RESERVED + REJECTED CVE-2017-3917 - RESERVED + REJECTED CVE-2017-3916 - RESERVED + REJECTED CVE-2017-3915 - RESERVED + REJECTED CVE-2017-3914 - RESERVED + REJECTED CVE-2017-3913 - RESERVED + REJECTED CVE-2017-3912 (Bypassing password security vulnerability in McAfee Application and Ch ...) NOT-FOR-US: McAfee CVE-2017-3911 - RESERVED + REJECTED CVE-2017-3910 - RESERVED + REJECTED CVE-2017-3909 - RESERVED + REJECTED CVE-2017-3908 - RESERVED + REJECTED CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) extensi ...) NOT-FOR-US: McAfee CVE-2017-3906 - RESERVED + REJECTED CVE-2017-3905 - RESERVED + REJECTED CVE-2017-3904 - RESERVED + REJECTED CVE-2017-3903 - RESERVED + REJECTED CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface (UI ...) NOT-FOR-US: Intel Security ePO CVE-2017-3901 - RESERVED + REJECTED CVE-2017-3900 - RESERVED + REJECTED CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense ...) NOT-FOR-US: Intel antivirus CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based ...) @@ -44633,12 +44698,14 @@ CVE-2017-3225 (Das U-Boot is a device bootloader that can read its configuration NOTE: https://www.kb.cert.org/vuls/id/166743 NOTE: Negligible security impact CVE-2017-3224 (Open Shortest Path First (OSPF) protocol implementations may improperl ...) - - quagga <unfixed> (low; bug #871617) + - quagga <removed> (low; bug #871617) [buster] - quagga <no-dsa> (Minor issue) [stretch] - quagga <no-dsa> (Minor issue) [jessie] - quagga <no-dsa> (Minor issue) [wheezy] - quagga <no-dsa> (Minor issue) + - frr <not-affected> (Fixed before initial upload to Debian) NOTE: http://www.kb.cert.org/vuls/id/793496 + NOTE: https://github.com/FRRouting/frr/commit/7791d3deab8f4bbee2ccdd98ea596617536bc681 CVE-2017-3223 (Dahua IP camera products using firmware versions prior to V2.400.0000. ...) NOT-FOR-US: Dahua IP camera products CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers to gain ...) @@ -44822,8 +44889,8 @@ CVE-2017-3144 (A vulnerability stemming from failure to properly clean up closed [wheezy] - isc-dhcp <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918 NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=46767 - NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894 - NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3 + NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/1a6b62fe17a42b00fa234d06b6dfde3d03451894 + NOTE: Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3 CVE-2017-3143 (An attacker who is able to send and receive messages to an authoritati ...) {DSA-3904-1 DLA-1025-1} - bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564) @@ -45342,8 +45409,10 @@ CVE-2017-2912 (An exploitable vulnerability exists in the remote control functio NOT-FOR-US: Circle with Disney CVE-2017-2911 (An exploitable vulnerability exists in the remote control functionalit ...) NOT-FOR-US: Circle with Disney -CVE-2017-2910 - RESERVED +CVE-2017-2910 (An exploitable Out-of-bounds Write vulnerability exists in the xls_add ...) + - r-cran-readxl <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0417 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927234 CVE-2017-2909 (An infinite loop programming error exists in the DNS server functional ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer <not-affected> (Vulnerable code not present) @@ -45456,8 +45525,8 @@ CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore fu CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API daemo ...) NOT-FOR-US: Circle with Disney CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...) + {DLA-2803-1 DLA-1714-2} - libsdl2 2.0.6+dfsg1-4 (bug #878264) - [stretch] - libsdl2 <no-dsa> (Minor issue) [jessie] - libsdl2 <no-dsa> (Minor issue) - libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395 @@ -45507,6 +45576,7 @@ CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the tiff_image ...) {DLA-2043-1} - gdk-pixbuf 2.36.10-1 (unimportant; bug #873787) + [stretch] - gdk-pixbuf <ignored> (Built with GCC in Debian) NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269 @@ -45628,15 +45698,14 @@ CVE-2017-2828 (An exploitable command injection vulnerability exists in the web CVE-2017-2827 (An exploitable command injection vulnerability exists in the web manag ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig proxy re ...) - {DLA-1708-1} - - zabbix <unfixed> (low) - [buster] - zabbix <ignored> (Minor issue, workaround exists) + - zabbix 1:4.0.0+dfsg-1 (low) [stretch] - zabbix <ignored> (Minor issue, workaround exists) + [jessie] - zabbix <ignored> (Minor issue, workaround exists) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327 NOTE: Relates to the information disclosure as mentioned in (but is not the same issue) NOTE: https://support.zabbix.com/browse/ZBX-12076 NOTE: Workaround for Zabbix 3.0 exists: https://www.zabbix.com/documentation/3.0/manual/distributed_monitoring/proxies#configuration - NOTE: using encyrpted connections with the proxy. + NOTE: using encrypted connections with the proxy. CVE-2017-2825 (In the trapper functionality of Zabbix Server 2.4.x, specifically craf ...) {DSA-3937-1} - zabbix 1:3.0.7+dfsg-3 (bug #863584) @@ -45977,7 +46046,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/ NOT-FOR-US: Siemens CVE-2017-2681 (Specially crafted PROFINET DCP packets sent on a local Ethernet segmen ...) NOT-FOR-US: Siemens -CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a Denial- ...) +CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a denial ...) NOT-FOR-US: Siemens CVE-2017-2679 REJECTED @@ -46044,7 +46113,7 @@ CVE-2017-2660 REJECTED CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...) - dropbear 2013.60-1 - NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86 + NOTE: https://hg.ucc.asn.au/dropbear/rev/d7784616409a#l1.86 CVE-2017-2658 (It was discovered that the Dashbuilder login page as used in Red Hat J ...) NOT-FOR-US: JBoss BPMS CVE-2017-2657 @@ -46547,8 +46616,8 @@ CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10. NOT-FOR-US: Apple involving Kernel component CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple involving Intel Graphics Driver -CVE-2017-2488 - RESERVED +CVE-2017-2488 (A cryptographic weakness existed in the authentication protocol of Rem ...) + NOT-FOR-US: Apple CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving FontParser component CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) @@ -46805,8 +46874,8 @@ CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10. CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support -CVE-2017-2375 - RESERVED +CVE-2017-2375 (An issue existed in preventing the uploading of CallKit call history t ...) + NOT-FOR-US: Apple CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before 1 ...) NOT-FOR-US: Apple CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) @@ -49434,27 +49503,27 @@ CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc NOTE: kfreebsd not covered by security support CVE-2017-1080 - RESERVED + REJECTED CVE-2017-1079 - RESERVED + REJECTED CVE-2017-1078 - RESERVED + REJECTED CVE-2017-1077 - RESERVED + REJECTED CVE-2017-1076 - RESERVED + REJECTED CVE-2017-1075 - RESERVED + REJECTED CVE-2017-1074 - RESERVED + REJECTED CVE-2017-1073 - RESERVED + REJECTED CVE-2017-1072 - RESERVED + REJECTED CVE-2017-1071 - RESERVED + REJECTED CVE-2017-1070 - RESERVED + REJECTED CVE-2017-1069 RESERVED CVE-2017-1068 @@ -49824,7 +49893,7 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a po - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later) - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2 NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html @@ -49835,7 +49904,7 @@ CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijack - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later) - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <not-affected> (Vulnerable code introduced later) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html @@ -49846,7 +49915,7 @@ CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specificati - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -49856,7 +49925,7 @@ CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -49866,7 +49935,7 @@ CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously - ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802) - ruby2.1 <removed> (unimportant) - ruby1.9.1 <removed> (unimportant) - - rubygems <removed> (unimportant) + - rubygems 3.2.0~rc.1-1 (unimportant) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -50444,8 +50513,9 @@ CVE-2017-0632 (An information disclosure vulnerability in the Qualcomm sound cod CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...) - - linux <unfixed> + - linux <unfixed> (unimportant) NOTE: https://lore.kernel.org/lkml/20180725202238.165314-1-salyzyn@android.com/ + NOTE: Negligible security impact CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...) @@ -50974,7 +51044,7 @@ CVE-2017-0381 (An information disclosure vulnerability in silk/NLSF_stabilize.c - opus 1.2~alpha2-1 (bug #851612) [jessie] - opus <ignored> (Minor issue, https://bugs.debian.org/851612#10) NOTE: Fixed by: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 (v1.2-alpha) - NOTE: https://git.xiph.org/?p=opus.git;a=commitdiff;h=70a3d641b + NOTE: https://github.com/xiph/opus/commit/70a3d641b760b3d313b6025f82aed93a460720e5 CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...) {DSA-3993-1} - tor 0.3.1.7-1 (bug #876221) @@ -51027,10 +51097,10 @@ CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawik NOTE: https://phabricator.wikimedia.org/T158689 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html -CVE-2017-0371 - RESERVED +CVE-2017-0371 (MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.2 ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T140591 NOTE: https://phabricator.wikimedia.org/T68404 CVE-2017-0370 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam b ...) - mediawiki 1:1.27.2-1 |