[Secure-testing-commits] r57540 - data/CVE
Author: carnil Date: 2017-11-11 07:16:36 + (Sat, 11 Nov 2017) New Revision: 57540 Modified: data/CVE/list Log: Add new cacti issue Modified: data/CVE/list === --- data/CVE/list 2017-11-10 22:38:57 UTC (rev 57539) +++ data/CVE/list 2017-11-11 07:16:36 UTC (rev 57540) @@ -1,3 +1,6 @@ +CVE-2017-16785 [reflected XSS via the PATH_INFO to host.php] + - cacti + NOTE: https://github.com/Cacti/cacti/issues/1071 CVE-2017-16779 RESERVED CVE-2017-16778 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57539 - data
Author: roberto Date: 2017-11-10 22:38:57 + (Fri, 10 Nov 2017) New Revision: 57539 Modified: data/dla-needed.txt Log: Add graphicsmagick back in to dla-needed.txt as there is still an outstanding issue Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-10 21:51:12 UTC (rev 57538) +++ data/dla-needed.txt 2017-11-10 22:38:57 UTC (rev 57539) @@ -16,6 +16,8 @@ -- cacti -- +graphicsmagick (Roberto C. Sánchez) +-- imagemagick (Roberto C. Sánchez) -- irssi (Rhonda D'Vine) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57538 - data/CVE
Author: carnil
Date: 2017-11-10 21:51:12 + (Fri, 10 Nov 2017)
New Revision: 57538
Modified:
data/CVE/list
Log:
Add reference for CVE-2009-4112
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-10 21:39:42 UTC (rev 57537)
+++ data/CVE/list 2017-11-10 21:51:12 UTC (rev 57538)
@@ -196727,6 +196727,7 @@
- cacti (unimportant; bug #561339)
NOTE: 4b0e1566.1070...@moritz-naumann.com in bugtraq
NOTE: as one requires admin access to cacti, upstream will implement a
whitelist
+ NOTE: https://github.com/Cacti/cacti/issues/1072
CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti
0.8.7e ...)
{DSA-1954-1}
- cacti 0.8.7e-1.1 (low; bug #561338)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57537 - data/CVE
Author: carnil Date: 2017-11-10 21:39:42 + (Fri, 10 Nov 2017) New Revision: 57537 Modified: data/CVE/list Log: Process more NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-10 21:23:52 UTC (rev 57536) +++ data/CVE/list 2017-11-10 21:39:42 UTC (rev 57537) @@ -29,15 +29,15 @@ CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...) NOT-FOR-US: D-Link CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) - TODO: check + NOT-FOR-US: django_make_app CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing functionality ...) TODO: check CVE-2017-16762 (Sanic before 0.5.1 allows reading arbitrary files with directory ...) - TODO: check + NOT-FOR-US: Sanic CVE-2017-16761 (An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows ...) - TODO: check + NOT-FOR-US: Inedo BuildMaster CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS. ...) - TODO: check + NOT-FOR-US: Inedo BuildMaster CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote ...) NOT-FOR-US: LibreNMS CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...) @@ -589,7 +589,7 @@ CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...) NOT-FOR-US: MitraStar CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where ...) - TODO: check + NOT-FOR-US: Inedo BuildMaster CVE-2017-16520 RESERVED CVE-2017-16519 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57536 - data/CVE
Author: carnil Date: 2017-11-10 21:23:52 + (Fri, 10 Nov 2017) New Revision: 57536 Modified: data/CVE/list Log: Process one NFU Modified: data/CVE/list === --- data/CVE/list 2017-11-10 21:10:14 UTC (rev 57535) +++ data/CVE/list 2017-11-10 21:23:52 UTC (rev 57536) @@ -27,7 +27,7 @@ CVE-2017-16766 RESERVED CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) TODO: check CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing functionality ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57535 - data/CVE
Author: sectracker
Date: 2017-11-10 21:10:14 + (Fri, 10 Nov 2017)
New Revision: 57535
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-10 20:59:55 UTC (rev 57534)
+++ data/CVE/list 2017-11-10 21:10:14 UTC (rev 57535)
@@ -1,13 +1,43 @@
-CVE-2017-16764
+CVE-2017-16779
RESERVED
-CVE-2017-16763
+CVE-2017-16778
RESERVED
-CVE-2017-16762
+CVE-2017-16777
RESERVED
-CVE-2017-16761
+CVE-2017-16776
RESERVED
-CVE-2017-16760
+CVE-2017-16775
RESERVED
+CVE-2017-16774
+ RESERVED
+CVE-2017-16773
+ RESERVED
+CVE-2017-16772
+ RESERVED
+CVE-2017-16771
+ RESERVED
+CVE-2017-16770
+ RESERVED
+CVE-2017-16769
+ RESERVED
+CVE-2017-16768
+ RESERVED
+CVE-2017-16767
+ RESERVED
+CVE-2017-16766
+ RESERVED
+CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via
cgi-bin/gui.cgi. ...)
+ TODO: check
+CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing
functionality ...)
+ TODO: check
+CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing
functionality ...)
+ TODO: check
+CVE-2017-16762 (Sanic before 0.5.1 allows reading arbitrary files with
directory ...)
+ TODO: check
+CVE-2017-16761 (An Open Redirect vulnerability in Inedo BuildMaster before
5.8.2 allows ...)
+ TODO: check
+CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS. ...)
+ TODO: check
CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows
remote ...)
NOT-FOR-US: LibreNMS
CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...)
@@ -195,6 +225,7 @@
CVE-2017-16670
RESERVED
CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers
to cause ...)
+ {DLA-1168-1}
- graphicsmagick
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/450/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d
@@ -557,8 +588,8 @@
NOT-FOR-US: MitraStar
CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
NOT-FOR-US: MitraStar
-CVE-2017-16521
- RESERVED
+CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where
...)
+ TODO: check
CVE-2017-16520
RESERVED
CVE-2017-16519
@@ -3137,7 +3168,7 @@
CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via
the id ...)
NOT-FOR-US: zorovavi/blog
CVE-2017-15587 (An integer overflow was discovered in
pdf_read_new_xref_section in ...)
- {DSA-4006-1 DLA-1164-1}
+ {DSA-4006-2 DSA-4006-1 DLA-1164-1}
- mupdf 1.11+ds1-2 (bug #879055)
NOTE:
http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57534 - data/CVE
Author: carnil Date: 2017-11-10 20:59:55 + (Fri, 10 Nov 2017) New Revision: 57534 Modified: data/CVE/list Log: CVE-2017-10672: record fix for unstable Modified: data/CVE/list === --- data/CVE/list 2017-11-10 20:49:22 UTC (rev 57533) +++ data/CVE/list 2017-11-10 20:59:55 UTC (rev 57534) @@ -17390,7 +17390,7 @@ NOT-FOR-US: GetSimple CMS CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...) [experimental] - libxml-libxml-perl 2.0128+dfsg-4 - - libxml-libxml-perl (bug #866676) + - libxml-libxml-perl 2.0128+dfsg-5 (bug #866676) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246 NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/9 CVE-2017-10671 (Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57533 - data/DSA
Author: luciano
Date: 2017-11-10 20:49:22 + (Fri, 10 Nov 2017)
New Revision: 57533
Modified:
data/DSA/list
Log:
DSA-4006-2
Modified: data/DSA/list
===
--- data/DSA/list 2017-11-10 20:46:53 UTC (rev 57532)
+++ data/DSA/list 2017-11-10 20:49:22 UTC (rev 57533)
@@ -1,3 +1,7 @@
+[10 Nov 2017] DSA-4006-2 mupdf - security update
+ {CVE-2017-15587}
+ [jessie] - mupdf 1.5-1+deb8u3
+ [stretch] - mupdf 1.9a+ds1-4+deb9u2
[09 Nov 2017] DSA-4030-1 roundcube - security update
{CVE-2017-16651}
[stretch] - roundcube 1.2.3+dfsg.1-4+deb9u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57532 - data/CVE
Author: carnil Date: 2017-11-10 20:46:53 + (Fri, 10 Nov 2017) New Revision: 57532 Modified: data/CVE/list Log: Add CVE-2017-3166/hadoop Modified: data/CVE/list === --- data/CVE/list 2017-11-10 18:53:02 UTC (rev 57531) +++ data/CVE/list 2017-11-10 20:46:53 UTC (rev 57532) @@ -40545,6 +40545,7 @@ - apache2 2.4.25-4 CVE-2017-3166 RESERVED + - hadoop (bug #793644) CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...) NOT-FOR-US: Apache Brooklyn CVE-2017-3164 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57531 - in data: . DLA
Author: roberto
Date: 2017-11-10 18:53:02 + (Fri, 10 Nov 2017)
New Revision: 57531
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1168-1 for graphicsmagick
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-10 17:14:37 UTC (rev 57530)
+++ data/DLA/list 2017-11-10 18:53:02 UTC (rev 57531)
@@ -1,3 +1,6 @@
+[10 Nov 2017] DLA-1168-1 graphicsmagick - security update
+ {CVE-2017-16669}
+ [wheezy] - graphicsmagick 1.3.16-1.1+deb7u14
[08 Nov 2017] DLA-1166-2 tomcat7 - regression update
[wheezy] - tomcat7 7.0.28-4+deb7u17
[08 Nov 2017] DLA-1167-1 ruby-yajl - security update
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-10 17:14:37 UTC (rev 57530)
+++ data/dla-needed.txt 2017-11-10 18:53:02 UTC (rev 57531)
@@ -16,8 +16,6 @@
--
cacti
--
-graphicsmagick (Roberto C. Sánchez)
---
imagemagick (Roberto C. Sánchez)
--
irssi (Rhonda D'Vine)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57530 - data/CVE
Author: jmm Date: 2017-11-10 17:14:37 + (Fri, 10 Nov 2017) New Revision: 57530 Modified: data/CVE/list Log: new webkit issues Modified: data/CVE/list === --- data/CVE/list 2017-11-10 15:46:41 UTC (rev 57529) +++ data/CVE/list 2017-11-10 17:14:37 UTC (rev 57530) @@ -8089,8 +8089,14 @@ RESERVED CVE-2017-13803 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13802 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13801 RESERVED CVE-2017-13800 @@ -8099,36 +8105,69 @@ RESERVED CVE-2017-13798 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13797 RESERVED CVE-2017-13796 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13795 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13794 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13793 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13792 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13791 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13790 RESERVED CVE-2017-13789 RESERVED CVE-2017-13788 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13787 RESERVED CVE-2017-13786 RESERVED CVE-2017-13785 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13784 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13783 RESERVED + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support CVE-2017-13782 RESERVED CVE-2017-13781 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57529 - data
Author: jmm Date: 2017-11-10 15:46:41 + (Fri, 10 Nov 2017) New Revision: 57529 Modified: data/next-oldstable-point-update.txt Log: tablib ospu Modified: data/next-oldstable-point-update.txt === --- data/next-oldstable-point-update.txt2017-11-10 11:25:11 UTC (rev 57528) +++ data/next-oldstable-point-update.txt2017-11-10 15:46:41 UTC (rev 57529) @@ -106,3 +106,5 @@ [jessie] - liblouis 2.5.3-3+deb8u1 CVE-2017-14952 [jessie] - icu 52.1-8+deb8u6 +CVE-2017-2810 + [jessie] - python-tablib 0.9.11-2+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57528 - data
Author: carnil Date: 2017-11-10 11:25:11 + (Fri, 10 Nov 2017) New Revision: 57528 Modified: data/dsa-needed.txt Log: Remove mupdf from dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-10 09:49:11 UTC (rev 57527) +++ data/dsa-needed.txt 2017-11-10 11:25:11 UTC (rev 57528) @@ -29,8 +29,6 @@ linux Wait until more issues have piled up -- -mupdf/oldstable (luciano) --- openjdk-7/oldstable (jmm) -- php-horde-image ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57527 - data/CVE
Author: jmm Date: 2017-11-10 09:49:11 + (Fri, 10 Nov 2017) New Revision: 57527 Modified: data/CVE/list Log: remove exp entry, I got consuded, im7 isn't even in experimental yet Modified: data/CVE/list === --- data/CVE/list 2017-11-10 09:32:03 UTC (rev 57526) +++ data/CVE/list 2017-11-10 09:49:11 UTC (rev 57527) @@ -11062,7 +11062,6 @@ NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5 NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890 CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 ...) - [experimental] - imagemagick (bug #872374) - imagemagick (Specific to Imagemagick 7, 6.x uses fixed pixel cache morphology) NOTE: https://github.com/ImageMagick/ImageMagick/issues/663 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57526 - data/CVE
Author: jmm Date: 2017-11-10 09:32:03 + (Fri, 10 Nov 2017) New Revision: 57526 Modified: data/CVE/list Log: imagemagick n/a NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-10 09:10:26 UTC (rev 57525) +++ data/CVE/list 2017-11-10 09:32:03 UTC (rev 57526) @@ -9,11 +9,11 @@ CVE-2017-16760 RESERVED CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, ...) - TODO: check + NOT-FOR-US: Hola VPN CVE-2017-16756 RESERVED CVE-2017-16755 @@ -11062,8 +11062,8 @@ NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5 NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890 CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 ...) - - imagemagick (bug #872374) - [wheezy] - imagemagick (Vulnerable code not present) + [experimental] - imagemagick (bug #872374) + - imagemagick (Specific to Imagemagick 7, 6.x uses fixed pixel cache morphology) NOTE: https://github.com/ImageMagick/ImageMagick/issues/663 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57523 - data
Author: fgeek-guest Date: 2017-11-10 08:50:33 + (Fri, 10 Nov 2017) New Revision: 57523 Modified: data/dsa-needed.txt Log: Add sssd to DSA needed Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-10 07:52:38 UTC (rev 57522) +++ data/dsa-needed.txt 2017-11-10 08:50:33 UTC (rev 57523) @@ -71,3 +71,5 @@ -- zendframework/oldstable -- +sssd +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57525 - data/CVE
Author: sectracker Date: 2017-11-10 09:10:26 + (Fri, 10 Nov 2017) New Revision: 57525 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-10 08:53:38 UTC (rev 57524) +++ data/CVE/list 2017-11-10 09:10:26 UTC (rev 57525) @@ -1,3 +1,19 @@ +CVE-2017-16764 + RESERVED +CVE-2017-16763 + RESERVED +CVE-2017-16762 + RESERVED +CVE-2017-16761 + RESERVED +CVE-2017-16760 + RESERVED +CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote ...) + TODO: check +CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, ...) + TODO: check CVE-2017-16756 RESERVED CVE-2017-16755 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57524 - data
Author: seb Date: 2017-11-10 08:53:38 + (Fri, 10 Nov 2017) New Revision: 57524 Modified: data/dsa-needed.txt Log: Let's leave what goes or not in dsa-needed at the secteam's discretion Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-10 08:50:33 UTC (rev 57523) +++ data/dsa-needed.txt 2017-11-10 08:53:38 UTC (rev 57524) @@ -71,5 +71,3 @@ -- zendframework/oldstable -- -sssd --- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
