[Secure-testing-commits] r59012 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-29 09:10:20 + (Fri, 29 Dec 2017)
New Revision: 59012

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-29 07:38:05 UTC (rev 59011)
+++ data/CVE/list   2017-12-29 09:10:20 UTC (rev 59012)
@@ -1,3 +1,207 @@
+CVE-2018-3809
+   RESERVED
+CVE-2018-3808
+   RESERVED
+CVE-2018-3807
+   RESERVED
+CVE-2018-3806
+   RESERVED
+CVE-2018-3805
+   RESERVED
+CVE-2018-3804
+   RESERVED
+CVE-2018-3803
+   RESERVED
+CVE-2018-3802
+   RESERVED
+CVE-2018-3801
+   RESERVED
+CVE-2018-3800
+   RESERVED
+CVE-2018-3799
+   RESERVED
+CVE-2018-3798
+   RESERVED
+CVE-2018-3797
+   RESERVED
+CVE-2018-3796
+   RESERVED
+CVE-2018-3795
+   RESERVED
+CVE-2018-3794
+   RESERVED
+CVE-2018-3793
+   RESERVED
+CVE-2018-3792
+   RESERVED
+CVE-2018-3791
+   RESERVED
+CVE-2018-3790
+   RESERVED
+CVE-2018-3789
+   RESERVED
+CVE-2018-3788
+   RESERVED
+CVE-2018-3787
+   RESERVED
+CVE-2018-3786
+   RESERVED
+CVE-2018-3785
+   RESERVED
+CVE-2018-3784
+   RESERVED
+CVE-2018-3783
+   RESERVED
+CVE-2018-3782
+   RESERVED
+CVE-2018-3781
+   RESERVED
+CVE-2018-3780
+   RESERVED
+CVE-2018-3779
+   RESERVED
+CVE-2018-3778
+   RESERVED
+CVE-2018-3777
+   RESERVED
+CVE-2018-3776
+   RESERVED
+CVE-2018-3775
+   RESERVED
+CVE-2018-3774
+   RESERVED
+CVE-2018-3773
+   RESERVED
+CVE-2018-3772
+   RESERVED
+CVE-2018-3771
+   RESERVED
+CVE-2018-3770
+   RESERVED
+CVE-2018-3769
+   RESERVED
+CVE-2018-3768
+   RESERVED
+CVE-2018-3767
+   RESERVED
+CVE-2018-3766
+   RESERVED
+CVE-2018-3765
+   RESERVED
+CVE-2018-3764
+   RESERVED
+CVE-2018-3763
+   RESERVED
+CVE-2018-3762
+   RESERVED
+CVE-2018-3761
+   RESERVED
+CVE-2018-3760
+   RESERVED
+CVE-2018-3759
+   RESERVED
+CVE-2018-3758
+   RESERVED
+CVE-2018-3757
+   RESERVED
+CVE-2018-3756
+   RESERVED
+CVE-2018-3755
+   RESERVED
+CVE-2018-3754
+   RESERVED
+CVE-2018-3753
+   RESERVED
+CVE-2018-3752
+   RESERVED
+CVE-2018-3751
+   RESERVED
+CVE-2018-3750
+   RESERVED
+CVE-2018-3749
+   RESERVED
+CVE-2018-3748
+   RESERVED
+CVE-2018-3747
+   RESERVED
+CVE-2018-3746
+   RESERVED
+CVE-2018-3745
+   RESERVED
+CVE-2018-3744
+   RESERVED
+CVE-2018-3743
+   RESERVED
+CVE-2018-3742
+   RESERVED
+CVE-2018-3741
+   RESERVED
+CVE-2018-3740
+   RESERVED
+CVE-2018-3739
+   RESERVED
+CVE-2018-3738
+   RESERVED
+CVE-2018-3737
+   RESERVED
+CVE-2018-3736
+   RESERVED
+CVE-2018-3735
+   RESERVED
+CVE-2018-3734
+   RESERVED
+CVE-2018-3733
+   RESERVED
+CVE-2018-3732
+   RESERVED
+CVE-2018-3731
+   RESERVED
+CVE-2018-3730
+   RESERVED
+CVE-2018-3729
+   RESERVED
+CVE-2018-3728
+   RESERVED
+CVE-2018-3727
+   RESERVED
+CVE-2018-3726
+   RESERVED
+CVE-2018-3725
+   RESERVED
+CVE-2018-3724
+   RESERVED
+CVE-2018-3723
+   RESERVED
+CVE-2018-3722
+   RESERVED
+CVE-2018-3721
+   RESERVED
+CVE-2018-3720
+   RESERVED
+CVE-2018-3719
+   RESERVED
+CVE-2018-3718
+   RESERVED
+CVE-2018-3717
+   RESERVED
+CVE-2018-3716
+   RESERVED
+CVE-2018-3715
+   RESERVED
+CVE-2018-3714
+   RESERVED
+CVE-2018-3713
+   RESERVED
+CVE-2018-3712
+   RESERVED
+CVE-2018-3711
+   RESERVED
+CVE-2018-3710
+   RESERVED
+CVE-2017-17970
+   RESERVED
+CVE-2017-17969
+   RESERVED
 CVE-2018-3709
RESERVED
 CVE-2018-3708


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r59006 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-28 21:10:14 + (Thu, 28 Dec 2017)
New Revision: 59006

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-28 20:44:59 UTC (rev 59005)
+++ data/CVE/list   2017-12-28 21:10:14 UTC (rev 59006)
@@ -1,3 +1,249 @@
+CVE-2018-3709
+   RESERVED
+CVE-2018-3708
+   RESERVED
+CVE-2018-3707
+   RESERVED
+CVE-2018-3706
+   RESERVED
+CVE-2018-3705
+   RESERVED
+CVE-2018-3704
+   RESERVED
+CVE-2018-3703
+   RESERVED
+CVE-2018-3702
+   RESERVED
+CVE-2018-3701
+   RESERVED
+CVE-2018-3700
+   RESERVED
+CVE-2018-3699
+   RESERVED
+CVE-2018-3698
+   RESERVED
+CVE-2018-3697
+   RESERVED
+CVE-2018-3696
+   RESERVED
+CVE-2018-3695
+   RESERVED
+CVE-2018-3694
+   RESERVED
+CVE-2018-3693
+   RESERVED
+CVE-2018-3692
+   RESERVED
+CVE-2018-3691
+   RESERVED
+CVE-2018-3690
+   RESERVED
+CVE-2018-3689
+   RESERVED
+CVE-2018-3688
+   RESERVED
+CVE-2018-3687
+   RESERVED
+CVE-2018-3686
+   RESERVED
+CVE-2018-3685
+   RESERVED
+CVE-2018-3684
+   RESERVED
+CVE-2018-3683
+   RESERVED
+CVE-2018-3682
+   RESERVED
+CVE-2018-3681
+   RESERVED
+CVE-2018-3680
+   RESERVED
+CVE-2018-3679
+   RESERVED
+CVE-2018-3678
+   RESERVED
+CVE-2018-3677
+   RESERVED
+CVE-2018-3676
+   RESERVED
+CVE-2018-3675
+   RESERVED
+CVE-2018-3674
+   RESERVED
+CVE-2018-3673
+   RESERVED
+CVE-2018-3672
+   RESERVED
+CVE-2018-3671
+   RESERVED
+CVE-2018-3670
+   RESERVED
+CVE-2018-3669
+   RESERVED
+CVE-2018-3668
+   RESERVED
+CVE-2018-3667
+   RESERVED
+CVE-2018-3666
+   RESERVED
+CVE-2018-3665
+   RESERVED
+CVE-2018-3664
+   RESERVED
+CVE-2018-3663
+   RESERVED
+CVE-2018-3662
+   RESERVED
+CVE-2018-3661
+   RESERVED
+CVE-2018-3660
+   RESERVED
+CVE-2018-3659
+   RESERVED
+CVE-2018-3658
+   RESERVED
+CVE-2018-3657
+   RESERVED
+CVE-2018-3656
+   RESERVED
+CVE-2018-3655
+   RESERVED
+CVE-2018-3654
+   RESERVED
+CVE-2018-3653
+   RESERVED
+CVE-2018-3652
+   RESERVED
+CVE-2018-3651
+   RESERVED
+CVE-2018-3650
+   RESERVED
+CVE-2018-3649
+   RESERVED
+CVE-2018-3648
+   RESERVED
+CVE-2018-3647
+   RESERVED
+CVE-2018-3646
+   RESERVED
+CVE-2018-3645
+   RESERVED
+CVE-2018-3644
+   RESERVED
+CVE-2018-3643
+   RESERVED
+CVE-2018-3642
+   RESERVED
+CVE-2018-3641
+   RESERVED
+CVE-2018-3640
+   RESERVED
+CVE-2018-3639
+   RESERVED
+CVE-2018-3638
+   RESERVED
+CVE-2018-3637
+   RESERVED
+CVE-2018-3636
+   RESERVED
+CVE-2018-3635
+   RESERVED
+CVE-2018-3634
+   RESERVED
+CVE-2018-3633
+   RESERVED
+CVE-2018-3632
+   RESERVED
+CVE-2018-3631
+   RESERVED
+CVE-2018-3630
+   RESERVED
+CVE-2018-3629
+   RESERVED
+CVE-2018-3628
+   RESERVED
+CVE-2018-3627
+   RESERVED
+CVE-2018-3626
+   RESERVED
+CVE-2018-3625
+   RESERVED
+CVE-2018-3624
+   RESERVED
+CVE-2018-3623
+   RESERVED
+CVE-2018-3622
+   RESERVED
+CVE-2018-3621
+   RESERVED
+CVE-2018-3620
+   RESERVED
+CVE-2018-3619
+   RESERVED
+CVE-2018-3618
+   RESERVED
+CVE-2018-3617
+   RESERVED
+CVE-2018-3616
+   RESERVED
+CVE-2018-3615
+   RESERVED
+CVE-2018-3614
+   RESERVED
+CVE-2018-3613
+   RESERVED
+CVE-2018-3612
+   RESERVED
+CVE-2018-3611
+   RESERVED
+CVE-2018-3610
+   RESERVED
+CVE-2017-17968
+   RESERVED
+CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote 
...)
+   TODO: check
+CVE-2017-17966
+   RESERVED
+CVE-2017-17965
+   RESERVED
+CVE-2017-17964
+   RESERVED
+CVE-2017-17963
+   RESERVED
+CVE-2017-17962
+   RESERVED
+CVE-2017-17961
+   RESERVED
+CVE-2017-17960 (PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via ...)
+   TODO: check
+CVE-2017-17959 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection 
via the ...)
+   TODO: check
+CVE-2017-17958 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+   TODO: check
+CVE-2017-17957 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection 
via the ...)
+   TODO: check
+CVE-2017-17956 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+   TODO: check
+CVE-2017-17955 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+   TODO: check
+CVE-2017-17954 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+   TODO: check
+CVE-2017-17953 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the 
category.php ...)
+   TODO: check
+CVE-2017-17952 (PHP Scripts Mall PHP Multivendor Ecommerce has a predicable 
...)
+   TODO: check
+CVE-2017-17951 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection 
via the ...)
+   TODO: check
+CVE-2017-17950 (Cells Blog 3.5 

[Secure-testing-commits] r58987 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-28 09:10:14 + (Thu, 28 Dec 2017)
New Revision: 58987

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-28 09:06:37 UTC (rev 58986)
+++ data/CVE/list   2017-12-28 09:10:14 UTC (rev 58987)
@@ -1,3 +1,25 @@
+CVE-2017-17946
+   RESERVED
+CVE-2017-17945
+   RESERVED
+CVE-2017-17944
+   RESERVED
+CVE-2017-17943
+   RESERVED
+CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in 
the ...)
+   TODO: check
+CVE-2017-17941 (PHP Scripts Mall Single Theater Booking has SQL Injection via 
the ...)
+   TODO: check
+CVE-2017-17940 (PHP Scripts Mall Single Theater Booking has XSS via the title 
parameter ...)
+   TODO: check
+CVE-2017-17939 (PHP Scripts Mall Single Theater Booking has CSRF via ...)
+   TODO: check
+CVE-2017-17938 (PHP Scripts Mall Single Theater Booking has XSS via the ...)
+   TODO: check
+CVE-2017-17937 (Vanguard Marketplace Digital Products PHP has XSS via the 
phps_query ...)
+   TODO: check
+CVE-2017-17936 (Vanguard Marketplace Digital Products PHP has CSRF via 
/search. ...)
+   TODO: check
 CVE-2018-3609
RESERVED
 CVE-2018-3608
@@ -32,8 +54,8 @@
NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2
 CVE-2017-17933
RESERVED
-CVE-2017-17932
-   RESERVED
+CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in 
ALLPlayer ...)
+   TODO: check
 CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the 
...)
NOT-FOR-US: PHP Scripts Mall Resume Clone Script
 CVE-2017-17930 (PHP Scripts Mall Professional Service Script has CSRF via ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58969 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-27 21:10:22 + (Wed, 27 Dec 2017)
New Revision: 58969

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-27 18:53:50 UTC (rev 58968)
+++ data/CVE/list   2017-12-27 21:10:22 UTC (rev 58969)
@@ -1,3 +1,73 @@
+CVE-2018-3609
+   RESERVED
+CVE-2018-3608
+   RESERVED
+CVE-2018-3607
+   RESERVED
+CVE-2018-3606
+   RESERVED
+CVE-2018-3605
+   RESERVED
+CVE-2018-3604
+   RESERVED
+CVE-2018-3603
+   RESERVED
+CVE-2018-3602
+   RESERVED
+CVE-2018-3601
+   RESERVED
+CVE-2018-3600
+   RESERVED
+CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in 
Wireshark ...)
+   TODO: check
+CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in 
coders/msl.c, ...)
+   TODO: check
+CVE-2017-17933
+   RESERVED
+CVE-2017-17932
+   RESERVED
+CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the 
...)
+   TODO: check
+CVE-2017-17930 (PHP Scripts Mall Professional Service Script has CSRF via ...)
+   TODO: check
+CVE-2017-17929 (PHP Scripts Mall Professional Service Script has XSS via the 
...)
+   TODO: check
+CVE-2017-17928 (PHP Scripts Mall Professional Service Script has SQL injection 
via the ...)
+   TODO: check
+CVE-2017-17927 (PHP Scripts Mall Professional Service Script allows remote 
attackers to ...)
+   TODO: check
+CVE-2017-17926 (PHP Scripts Mall Professional Service Script has a predicable 
...)
+   TODO: check
+CVE-2017-17925 (PHP Scripts Mall Professional Service Script has XSS via the 
...)
+   TODO: check
+CVE-2017-17924 (PHP Scripts Mall Professional Service Script allows remote 
attackers to ...)
+   TODO: check
+CVE-2017-17923
+   RESERVED
+CVE-2017-17922
+   RESERVED
+CVE-2017-17921
+   RESERVED
+CVE-2017-17920
+   RESERVED
+CVE-2017-17919
+   RESERVED
+CVE-2017-17918
+   RESERVED
+CVE-2017-17917
+   RESERVED
+CVE-2017-17916
+   RESERVED
+CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a 
heap-based ...)
+   TODO: check
+CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the 
function ...)
+   TODO: check
+CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a 
stack-based ...)
+   TODO: check
+CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a 
heap-based ...)
+   TODO: check
+CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the 
referer ...)
+   TODO: check
 CVE-2017-17910
RESERVED
 CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the 
...)
@@ -107,10 +177,10 @@
NOT-FOR-US: Valve Steam Link
 CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When 
the SSH ...)
NOT-FOR-US: Valve Steam Link
-CVE-2017-17876
-   RESERVED
-CVE-2017-17875
-   RESERVED
+CVE-2017-17876 (Biometric Shift Employee Management System 3.0 allows remote 
attackers ...)
+   TODO: check
+CVE-2017-17875 (The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL 
Injection via the ...)
+   TODO: check
 CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary 
file ...)
NOT-FOR-US: Vanguard Marketplace Digital Products PHP
 CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL 
Injection via the ...)
@@ -10608,8 +10678,8 @@
RESERVED
 CVE-2017-16769
RESERVED
-CVE-2017-16768
-   RESERVED
+CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor 
in ...)
+   TODO: check
 CVE-2017-16767
RESERVED
 CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in 
Synology ...)
@@ -21074,8 +21144,8 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/666
 CVE-2017-13057
RESERVED
-CVE-2017-13056
-   RESERVED
+CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) 
might ...)
+   TODO: check
 CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer 
over-read in ...)
{DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
@@ -25352,32 +25422,28 @@
RESERVED
 CVE-2017-11699
RESERVED
-CVE-2017-11698 [heap-buffer-overflow (write of size 2) in __get_page 
(lib/dbm/src/h_page.c:704)]
-   RESERVED
+CVE-2017-11698 (Heap-based buffer overflow in the __get_page function in ...)
- nss  (bug #873259; unimportant)
NOTE: Issues triggered by crafted DBM databases, which would
NOTE: require local user access to a machine running NSS and
NOTE: crafting the local DBM files.
NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779
-CVE-2017-11697 [Floating Point Exception in __hash_open (hash.c:229)]
-   RESERVED
+CVE-2017-11697 

[Secure-testing-commits] r58927 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-26 09:10:19 + (Tue, 26 Dec 2017)
New Revision: 58927

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-26 08:01:08 UTC (rev 58926)
+++ data/CVE/list   2017-12-26 09:10:19 UTC (rev 58927)
@@ -1,3 +1,5 @@
+CVE-2017-17910
+   RESERVED
 CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the 
...)
NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script
 CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via ...)
@@ -18946,8 +18948,8 @@
RESERVED
 CVE-2017-13904
RESERVED
-CVE-2017-13903
-   RESERVED
+CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 
11.2.1 ...)
+   TODO: check
 CVE-2017-13902
RESERVED
 CVE-2017-13901
@@ -18986,73 +18988,70 @@
RESERVED
 CVE-2017-13884
RESERVED
-CVE-2017-13883
-   RESERVED
+CVE-2017-13883 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
 CVE-2017-13882
RESERVED
 CVE-2017-13881
RESERVED
 CVE-2017-13880
RESERVED
-CVE-2017-13879
-   RESERVED
-CVE-2017-13878
-   RESERVED
+CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
+CVE-2017-13878 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
 CVE-2017-13877
RESERVED
-CVE-2017-13876
-   RESERVED
-CVE-2017-13875
-   RESERVED
-CVE-2017-13874
-   RESERVED
+CVE-2017-13876 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
+CVE-2017-13875 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13874 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
 CVE-2017-13873
RESERVED
 CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High 
Sierra ...)
NOT-FOR-US: Apple
-CVE-2017-13871
-   RESERVED
-CVE-2017-13870
-   RESERVED
+CVE-2017-13871 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13870 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
- webkit2gtk 2.18.4-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
NOTE: Not covered by security support
-CVE-2017-13869
-   RESERVED
-CVE-2017-13868
-   RESERVED
-CVE-2017-13867
-   RESERVED
-CVE-2017-13866
-   RESERVED
+CVE-2017-13869 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
+CVE-2017-13868 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
+CVE-2017-13867 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
+CVE-2017-13866 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
- webkit2gtk 2.18.4-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
NOTE: Not covered by security support
-CVE-2017-13865
-   RESERVED
-CVE-2017-13864
-   RESERVED
+CVE-2017-13865 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
+CVE-2017-13864 (An issue was discovered in certain Apple products. iCloud 
before 7.2 ...)
+   TODO: check
 CVE-2017-13863
RESERVED
-CVE-2017-13862
-   RESERVED
-CVE-2017-13861
-   RESERVED
-CVE-2017-13860
-   RESERVED
+CVE-2017-13862 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
+CVE-2017-13861 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
+CVE-2017-13860 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
 CVE-2017-13859
RESERVED
-CVE-2017-13858
-   RESERVED
+CVE-2017-13858 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
 CVE-2017-13857
RESERVED
-CVE-2017-13856
-   RESERVED
+CVE-2017-13856 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
- webkit2gtk 2.18.4-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
NOTE: Not covered by security support
-CVE-2017-13855
-   RESERVED
+CVE-2017-13855 (An issue was discovered in certain Apple products. iOS before 
11.2 is ...)
+   TODO: check
 CVE-2017-13854
RESERVED
 CVE-2017-13853
@@ -19065,10 +19064,10 @@
RESERVED
 CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 
11.1 is ...)
NOT-FOR-US: Apple
-CVE-2017-13848
-   RESERVED
-CVE-2017-13847
-   RESERVED
+CVE-2017-13848 (An issue was discovered in certain Apple products. 

[Secure-testing-commits] r58916 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-25 21:10:15 + (Mon, 25 Dec 2017)
New Revision: 58916

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-25 20:34:23 UTC (rev 58915)
+++ data/CVE/list   2017-12-25 21:10:15 UTC (rev 58916)
@@ -1,3 +1,17 @@
+CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the 
...)
+   TODO: check
+CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via ...)
+   TODO: check
+CVE-2017-17907 (PHP Scripts Mall Car Rental Script has XSS via the 
admin/areaedit.php ...)
+   TODO: check
+CVE-2017-17906 (PHP Scripts Mall Car Rental Script has SQL Injection via the 
...)
+   TODO: check
+CVE-2017-17905 (PHP Scripts Mall Car Rental Script has CSRF via 
admin/sitesettings.php. ...)
+   TODO: check
+CVE-2017-17904 (FS Lynda Clone has XSS via the keywords parameter to tutorial/ 
or the ...)
+   TODO: check
+CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated 
by ...)
+   TODO: check
 CVE-2017-17902
RESERVED
 CVE-2017-17901


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58908 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-25 09:10:18 + (Mon, 25 Dec 2017)
New Revision: 58908

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-25 08:32:05 UTC (rev 58907)
+++ data/CVE/list   2017-12-25 09:10:18 UTC (rev 58908)
@@ -1,3 +1,5 @@
+CVE-2017-17902
+   RESERVED
 CVE-2017-17901
RESERVED
 CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr 
ERP/CRM ...)
@@ -106,7 +108,7 @@
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public)
 CVE-2017-17865
RESERVED
-CVE-2017-17864 (kernel/bpf/verifier.c in the Linux kernel before 4.14 
mishandles ...)
+CVE-2017-17864 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 
mishandles ...)
{DSA-4073-1}
- linux 4.14.7-1
[jessie] - linux  (Vulnerable code not present)
@@ -7968,7 +7970,7 @@
NOTE: 
https://github.com/erlang/otp/commit/3b4386dd19b7e669f557c95ace8d7ba228291927 
(OTP-19.3.6.4)
NOTE: 
https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0 
(OTP-18.3.4.7)
NOTE: https://robotattack.org/
-CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a 
Directory ...)
+CVE-2017-17058 (** DISPUTED ** The WooCommerce plugin through 3.x for 
WordPress has a ...)
NOT-FOR-US: WooCommerce plugin for WordPress
 CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 
2.0.1.12280. The ...)
NOT-FOR-US: ZKTeco ZKTime Web Software


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58906 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-24 21:10:13 + (Sun, 24 Dec 2017)
New Revision: 58906

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-24 19:57:27 UTC (rev 58905)
+++ data/CVE/list   2017-12-24 21:10:13 UTC (rev 58906)
@@ -1,3 +1,31 @@
+CVE-2017-17901
+   RESERVED
+CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr 
ERP/CRM ...)
+   TODO: check
+CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php 
in ...)
+   TODO: check
+CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests 
to ...)
+   TODO: check
+CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr 
ERP/CRM ...)
+   TODO: check
+CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to 
the /job ...)
+   TODO: check
+CVE-2017-17895 (Readymade Job Site Script has SQL Injection via the 
location_name array ...)
+   TODO: check
+CVE-2017-17894 (Readymade Job Site Script has CSRF via the /job URI. ...)
+   TODO: check
+CVE-2017-17893 (Readymade Video Sharing Script has XSS via the 
search_video.php search ...)
+   TODO: check
+CVE-2017-17892 (Readymade Video Sharing Script has SQL Injection via the 
viewsubs.php ...)
+   TODO: check
+CVE-2017-17891 (Readymade Video Sharing Script has CSRF via 
user-profile-edit.php. ...)
+   TODO: check
+CVE-2017-17890
+   RESERVED
+CVE-2017-17889
+   RESERVED
+CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on 
NetBiter / HMS, ...)
+   TODO: check
 CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was 
found in ...)
- imagemagick  (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
@@ -105,8 +133,8 @@
- asterisk  (bug #885072)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480
-CVE-2017-17849
-   RESERVED
+CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 
5.3.0.2712 ...)
+   TODO: check
 CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in 
the Linux ...)
- linux 4.14.7-1
[stretch] - linux  (Vulnerable code introdued later)
@@ -392,6 +420,7 @@
 CVE-2017-17791
RESERVED
 CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 
2.4.3 ...)
+   {DLA-1222-1 DLA-1221-1}
- ruby2.5  (bug #884878)
- ruby2.3  (bug #884879)
[stretch] - ruby2.3  (Minor issue, can be fixed along in 
future DSA)
@@ -6314,6 +6343,7 @@
 CVE-2017-17406
RESERVED
 CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. 
Net::FTP#get, ...)
+   {DLA-1222-1 DLA-1221-1}
- ruby2.5 2.5.0~rc1-1 (bug #884437)
- ruby2.3 2.3.6-1 (bug #884438)
[stretch] - ruby2.3  (Minor issue, can be fixed along in a 
future update)
@@ -36824,14 +36854,17 @@
NOT-FOR-US: Nessus
 CVE-2017-7848
RESERVED
+   {DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848
 CVE-2017-7847
RESERVED
+   {DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847
 CVE-2017-7846
RESERVED
+   {DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846
 CVE-2017-7845
@@ -36911,6 +36944,7 @@
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830
 CVE-2017-7829
RESERVED
+   {DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
 CVE-2017-7828


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58885 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-24 09:10:14 + (Sun, 24 Dec 2017)
New Revision: 58885

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-24 08:39:29 UTC (rev 58884)
+++ data/CVE/list   2017-12-24 09:10:14 UTC (rev 58885)
@@ -1,3 +1,45 @@
+CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was 
found in ...)
+   TODO: check
+CVE-2017-17886 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+   TODO: check
+CVE-2017-17885 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+   TODO: check
+CVE-2017-17884 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was 
found in ...)
+   TODO: check
+CVE-2017-17883 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+   TODO: check
+CVE-2017-17882 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+   TODO: check
+CVE-2017-17881 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was 
found in ...)
+   TODO: check
+CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a 
stack-based ...)
+   TODO: check
+CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a 
heap-based ...)
+   TODO: check
+CVE-2017-17878 (An issue was discovered in Valve Steam Link build 643. Root 
passwords ...)
+   TODO: check
+CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When 
the SSH ...)
+   TODO: check
+CVE-2017-17876
+   RESERVED
+CVE-2017-17875
+   RESERVED
+CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary 
file ...)
+   TODO: check
+CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL 
Injection via the ...)
+   TODO: check
+CVE-2017-17872 (The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL 
Injection ...)
+   TODO: check
+CVE-2017-17871 (The JEXTN Question And Answer extension 3.1.0 for 
Joomla! has SQL ...)
+   TODO: check
+CVE-2017-17870 (The JBuildozer extension 1.4.1 for Joomla! has SQL Injection 
via the ...)
+   TODO: check
+CVE-2017-17869 (The mgl-instagram-gallery plugin for WordPress has XSS via the 
...)
+   TODO: check
+CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public 
Render ...)
+   TODO: check
+CVE-2017-17867
+   RESERVED
 CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles 
certain ...)
- mupdf  (bug #885120)
NOTE: Fixed by: 
http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
@@ -26,8 +68,8 @@
RESERVED
 CVE-2017-17860
RESERVED
-CVE-2017-17859
-   RESERVED
+CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to 
bypass ...)
+   TODO: check
 CVE-2017-17858
RESERVED
 CVE-2017-17851
@@ -9617,8 +9659,8 @@
 CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming 
v0.4.8 or ...)
- ming 
NOTE: https://github.com/libming/libming/issues/75
-CVE-2017-16897
-   RESERVED
+CVE-2017-16897 (A vulnerability has been discovered in the Auth0 
passport-wsfed-saml2 ...)
+   TODO: check
 CVE-2017-16896 (A SQL injection in classes/handler/public.php in the 
forgotpass ...)
- tt-rss  (bug #882543)
NOTE: 
https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58878 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-23 21:10:15 + (Sat, 23 Dec 2017)
New Revision: 58878

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-23 20:12:20 UTC (rev 58877)
+++ data/CVE/list   2017-12-23 21:10:15 UTC (rev 58878)
@@ -1,13 +1,20 @@
-CVE-2017-17864 [bpf/verifier: Fix states_equal() comparison of pointer and 
UNKNOWN]
+CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles 
certain ...)
+   TODO: check
+CVE-2017-17865
+   RESERVED
+CVE-2017-17864 (kernel/bpf/verifier.c in the Linux kernel before 4.14 
mishandles ...)
+   {DSA-4073-1}
- linux 
[jessie] - linux  (Vulnerable code not present)
[wheezy] - linux  (Vulnerable code not present)
-CVE-2017-17863 [bpf: reject out-of-bounds stack pointer calculation]
+CVE-2017-17863 (kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 
does not ...)
+   {DSA-4073-1}
- linux 
[jessie] - linux  (Vulnerable code not present)
[wheezy] - linux  (Vulnerable code not present)
NOTE: https://www.spinics.net/lists/stable/msg206985.html
-CVE-2017-17862 [bpf: fix branch pruning logic]
+CVE-2017-17862 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 
ignores ...)
+   {DSA-4073-1}
- linux 
[jessie] - linux  (Vulnerable code not present)
[wheezy] - linux  (Vulnerable code not present)
@@ -98,27 +105,27 @@
 CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a 
...)
TODO: check
 CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows 
remote ...)
-   {DSA-4070-1}
+   {DSA-4070-1 DLA-1219-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
 CVE-2017-17844 (An issue was discovered in Enigmail before 1.9.9. A remote 
attacker can ...)
-   {DSA-4070-1}
+   {DSA-4070-1 DLA-1219-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
 CVE-2017-17845 (An issue was discovered in Enigmail before 1.9.9. Improper 
Random ...)
-   {DSA-4070-1}
+   {DSA-4070-1 DLA-1219-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
 CVE-2017-17846 (An issue was discovered in Enigmail before 1.9.9. Regular 
expressions ...)
-   {DSA-4070-1}
+   {DSA-4070-1 DLA-1219-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
 CVE-2017-17847 (An issue was discovered in Enigmail before 1.9.9. Signature 
spoofing is ...)
-   {DSA-4070-1}
+   {DSA-4070-1 DLA-1219-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
 CVE-2017-17848 (An issue was discovered in Enigmail before 1.9.9. In a variant 
of ...)
-   {DSA-4070-1}
+   {DSA-4070-1 DLA-1219-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
 CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute 
...)
@@ -274,12 +281,15 @@
 CVE-2018-3560
RESERVED
 CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted 
an ...)
+   {DSA-4073-1}
- linux 4.14.7-1
NOTE: Fixed by: 
https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b 
(v4.15-rc3)
 CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel 
before ...)
+   {DSA-4073-1}
- linux 4.14.7-1
NOTE: Fixed by: 
https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 
(v4.15-rc4)
 CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 
4.14.8 does ...)
+   {DSA-4073-1}
- linux 4.14.7-1
NOTE: Fixed by: 
https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
 CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) 
allows ...)
@@ -380,12 +390,14 @@
NOTE: OTRS-5: 
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
NOTE: OTRS-4: 
https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
 CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the 
...)
+   {DLA-1220-1}
- gimp  (bug #884836)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
NOTE: 
https://git.gnome.org/browse/gimp/commit/?id=edb251a7ef1602d20a5afcbf23f24afb163de63b
 (master)
NOTE: 
https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54
 (gimp-2-8)
NOTE: Can be reproduced (at least in wheezy) 

[Secure-testing-commits] r58860 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-23 09:10:23 + (Sat, 23 Dec 2017)
New Revision: 58860

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-23 08:31:21 UTC (rev 58859)
+++ data/CVE/list   2017-12-23 09:10:23 UTC (rev 58860)
@@ -1,34 +1,48 @@
-CVE-2017-17857 [bpf: fix missing error return in check_stack_boundary()]
+CVE-2017-17861
+   RESERVED
+CVE-2017-17860
+   RESERVED
+CVE-2017-17859
+   RESERVED
+CVE-2017-17858
+   RESERVED
+CVE-2017-17851
+   RESERVED
+CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 
and ...)
+   TODO: check
+CVE-2017-17849
+   RESERVED
+CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in 
the Linux ...)
- linux 4.14.7-1
[stretch] - linux  (Vulnerable code introdued later)
[jessie] - linux  (Vulnerable code introdued later)
[wheezy] - linux  (Vulnerable code introdued later)
NOTE: Fixed by: 
https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469
-CVE-2017-17856 [bpf: force strict alignment checks for stack pointers]
+CVE-2017-17856 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 
allows local ...)
- linux 4.14.7-1
[stretch] - linux  (Vulnerable code introdued later)
[jessie] - linux  (Vulnerable code introdued later)
[wheezy] - linux  (Vulnerable code introdued later)
NOTE: Fixed by: 
https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f
-CVE-2017-17855 [bpf: don't prune branches when a scalar is replaced with a 
pointer]
+CVE-2017-17855 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 
allows local ...)
- linux 4.14.7-1
[stretch] - linux  (Vulnerable code introdued later)
[jessie] - linux  (Vulnerable code introdued later)
[wheezy] - linux  (Vulnerable code introdued later)
NOTE: Fixed by: 
https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14
-CVE-2017-17854 [bpf: fix integer overflows]
+CVE-2017-17854 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 
allows local ...)
- linux 4.14.7-1
[stretch] - linux  (Vulnerable code introdued later)
[jessie] - linux  (Vulnerable code introdued later)
[wheezy] - linux  (Vulnerable code introdued later)
NOTE: Fixed by: 
https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03
-CVE-2017-17853 [bpf/verifier: fix bounds calculation on BPF_RSH]
+CVE-2017-17853 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 
allows local ...)
- linux 4.14.7-1
[stretch] - linux  (Vulnerable code introdued later)
[jessie] - linux  (Vulnerable code introdued later)
[wheezy] - linux  (Vulnerable code introdued later)
NOTE: Fixed by: 
https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941
-CVE-2017-17852 [bpf: fix 32-bit ALU op verification]
+CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 
allows local ...)
- linux 4.14.7-1
[stretch] - linux  (Vulnerable code introdued later)
[jessie] - linux  (Vulnerable code introdued later)
@@ -64,22 +78,28 @@
RESERVED
 CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a 
...)
TODO: check
-CVE-2017-17843
+CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows 
remote ...)
+   {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17844
+CVE-2017-17844 (An issue was discovered in Enigmail before 1.9.9. A remote 
attacker can ...)
+   {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17845
+CVE-2017-17845 (An issue was discovered in Enigmail before 1.9.9. Improper 
Random ...)
+   {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17846
+CVE-2017-17846 (An issue was discovered in Enigmail before 1.9.9. Regular 
expressions ...)
+   {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17847
+CVE-2017-17847 (An issue was discovered in Enigmail before 1.9.9. Signature 
spoofing is ...)
+   {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE: 
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-CVE-2017-17848
+CVE-2017-17848 (An issue was discovered in Enigmail before 1.9.9. In a variant 
of ...)
+   {DSA-4070-1}
- enigmail 2:1.9.9-1
NOTE: 

[Secure-testing-commits] r58850 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-22 21:10:13 + (Fri, 22 Dec 2017)
New Revision: 58850

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-22 20:17:24 UTC (rev 58849)
+++ data/CVE/list   2017-12-22 21:10:13 UTC (rev 58850)
@@ -1,5 +1,25 @@
-CVE-2017-17832
+CVE-2017-17842
RESERVED
+CVE-2017-17841
+   RESERVED
+CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local 
attacker ...)
+   TODO: check
+CVE-2017-17839
+   RESERVED
+CVE-2017-17838
+   RESERVED
+CVE-2017-17837
+   RESERVED
+CVE-2017-17836
+   RESERVED
+CVE-2017-17835
+   RESERVED
+CVE-2017-17834
+   RESERVED
+CVE-2017-17833
+   RESERVED
+CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a 
...)
+   TODO: check
 CVE-2017- [Multiple Enigmail issues]
- enigmail 2:1.9.9-1
[stretch] - enigmail 2:1.9.9-1~deb9u1
@@ -8325,8 +8345,8 @@
RESERVED
 CVE-2017-17011
RESERVED
-CVE-2017-17010
-   RESERVED
+CVE-2017-17010 (Untrusted search path vulnerability in Content Manager 
Assistant for ...)
+   TODO: check
 CVE-2017-17009
RESERVED
 CVE-2017-17008
@@ -8359,15 +8379,13 @@
[wheezy] - eglibc  (Minor issue)
NOTE: Upstream bug: 
https://sourceware.org/bugzilla/show_bug.cgi?id=22625
NOTE: Proposed patch: 
https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html
-CVE-2017-16996
-   RESERVED
+CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 
allows local ...)
- linux 4.14.7-1
[stretch] - linux  (Vulnerable code introduced later)
[jessie] - linux  (Vulnerable code introduced later)
[wheezy] - linux  (Vulnerable code introduced later)
NOTE: 
https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958
-CVE-2017-16995
-   RESERVED
+CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the 
Linux kernel ...)
- linux 4.14.7-1
[jessie] - linux  (Vulnerable code introduced later)
[wheezy] - linux  (Vulnerable code introduced later)
@@ -10307,8 +10325,8 @@
RESERVED
 CVE-2017-16767
RESERVED
-CVE-2017-16766
-   RESERVED
+CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in 
Synology ...)
+   TODO: check
 CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via 
cgi-bin/gui.cgi. ...)
NOT-FOR-US: D-Link
 CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing 
functionality ...)
@@ -14306,50 +14324,50 @@
RESERVED
 CVE-2017-15329
RESERVED
-CVE-2017-15328
-   RESERVED
+CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an 
...)
+   TODO: check
 CVE-2017-15327
RESERVED
 CVE-2017-15326
RESERVED
 CVE-2017-15325
RESERVED
-CVE-2017-15324
-   RESERVED
+CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01, 
V200R007C20, ...)
+   TODO: check
 CVE-2017-15323
RESERVED
-CVE-2017-15322
-   RESERVED
-CVE-2017-15321
-   RESERVED
-CVE-2017-15320
-   RESERVED
-CVE-2017-15319
-   RESERVED
-CVE-2017-15318
-   RESERVED
-CVE-2017-15317
-   RESERVED
-CVE-2017-15316
-   RESERVED
+CVE-2017-15322 (Some Huawei smartphones with software of 
BGO-L03C158B003CUSTC158D001 ...)
+   TODO: check
+CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an 
...)
+   TODO: check
+CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, 
...)
+   TODO: check
+CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, 
...)
+   TODO: check
+CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, 
...)
+   TODO: check
+CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; 
AR1200 ...)
+   TODO: check
+CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software 
before ...)
+   TODO: check
 CVE-2017-15315
RESERVED
 CVE-2017-15314
RESERVED
-CVE-2017-15313
-   RESERVED
-CVE-2017-15312
-   RESERVED
-CVE-2017-15311
-   RESERVED
-CVE-2017-15310
-   RESERVED
-CVE-2017-15309
-   RESERVED
-CVE-2017-15308
-   RESERVED
-CVE-2017-15307
-   RESERVED
+CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection 
vulnerability. An ...)
+   TODO: check
+CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site 
scripting) ...)
+   TODO: check
+CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 
Pro ...)
+   TODO: check
+CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file 
deletion ...)
+   TODO: check
+CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal 
vulnerability ...)
+   TODO: check
+CVE-2017-15308 (Huawei 

[Secure-testing-commits] r58834 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-22 09:10:16 + (Fri, 22 Dec 2017)
New Revision: 58834

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-22 08:55:48 UTC (rev 58833)
+++ data/CVE/list   2017-12-22 09:10:16 UTC (rev 58834)
@@ -10387,8 +10387,8 @@
RESERVED
 CVE-2017-16728
RESERVED
-CVE-2017-16727
-   RESERVED
+CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort 
W2150A ...)
+   TODO: check
 CVE-2017-16726
RESERVED
 CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai 
...)
@@ -17343,8 +17343,8 @@
RESERVED
 CVE-2017-14364
RESERVED
-CVE-2017-14363
-   RESERVED
+CVE-2017-14363 (Cross-Site Scripting (XSS) vulnerability has been identified 
in Micro ...)
+   TODO: check
 CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus 
Project and ...)
NOT-FOR-US: Micro Focus Project and Portfolio Management Center
 CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and 
Portfolio ...)
@@ -20624,6 +20624,7 @@
NOTE: https://github.com/wolfSSL/wolfssl/pull/1229
NOTE: https://robotattack.org/
 CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to 
use the ...)
+   {DSA-4072-1}
- bouncycastle 1.58-1 (bug #884241)
[jessie] - bouncycastle  (Vulnerable code introduced in 
1.56 with tls API addition)
[wheezy] - bouncycastle  (Vulnerable code not present)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58823 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-21 21:10:19 + (Thu, 21 Dec 2017)
New Revision: 58823

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-21 20:20:47 UTC (rev 58822)
+++ data/CVE/list   2017-12-21 21:10:19 UTC (rev 58823)
@@ -1,3 +1,5 @@
+CVE-2017-17832
+   RESERVED
 CVE-2017- [Multiple Enigmail issues]
- enigmail 2:1.9.9-1
[jessie] - enigmail 2:1.9.9-1~deb8u1
@@ -2849,8 +2851,8 @@
NOT-FOR-US: Techno - Portfolio Management Panel
 CVE-2017-17693 (Techno - Portfolio Management Panel through 2017-11-16 does 
not check ...)
NOT-FOR-US: Techno - Portfolio Management Panel
-CVE-2017-17692
-   RESERVED
+CVE-2017-17692 (Samsung Internet Browser 5.4.02.3 allows remote attackers to 
bypass ...)
+   TODO: check
 CVE-2017-17691
RESERVED
 CVE-2017-17690
@@ -5355,7 +5357,7 @@
NOTE: 
https://sources.debian.org/src/texlive-bin/2016.20160513.41080.dfsg-2/texk/texlive/linked_scripts/context/stubs/unix/mtxrun/#L3004
NOTE: 
https://sources.debian.org/src/context/2017.05.15.20170613-2/texmf-dist/scripts/context/stubs/mswin/mtxrun.lua/?hl=3424#L3424
 CVE-2017-17512 (sensible-browser in sensible-utils before 0.0.11 does not 
validate ...)
-   {DLA-1209-1}
+   {DSA-4071-1 DLA-1209-1}
- sensible-utils 0.0.11 (bug #881767)
NOTE: 
https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5
 CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching 
the program ...)
@@ -6086,14 +6088,14 @@
RESERVED
 CVE-2017-17412
RESERVED
-CVE-2017-17411
-   RESERVED
-CVE-2017-17410
-   RESERVED
-CVE-2017-17409
-   RESERVED
-CVE-2017-17408
-   RESERVED
+CVE-2017-17411 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+   TODO: check
+CVE-2017-17410 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+   TODO: check
+CVE-2017-17409 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+   TODO: check
+CVE-2017-17408 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+   TODO: check
 CVE-2017-17407
RESERVED
 CVE-2017-17406
@@ -7583,18 +7585,22 @@
 CVE-2017-17089
RESERVED
 CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the 
newbloguser ...)
+   {DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
NOTE: 
https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
 CVE-2017-17093 (wp-includes/general-template.php in WordPress before 4.9.1 
does not ...)
+   {DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
NOTE: 
https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
 CVE-2017-17094 (wp-includes/feed.php in WordPress before 4.9.1 does not 
properly ...)
+   {DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
NOTE: 
https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
 CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not 
require ...)
+   {DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
NOTE: 
https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
@@ -7822,20 +7828,20 @@
RESERVED
 CVE-2017-17034
RESERVED
-CVE-2017-17033
-   RESERVED
-CVE-2017-17032
-   RESERVED
-CVE-2017-17031
-   RESERVED
-CVE-2017-17030
-   RESERVED
-CVE-2017-17029
-   RESERVED
-CVE-2017-17028
-   RESERVED
-CVE-2017-17027
-   RESERVED
+CVE-2017-17033 (A buffer overflow vulnerability in password function in QNAP 
QTS ...)
+   TODO: check
+CVE-2017-17032 (A buffer overflow vulnerability in password function in QNAP 
QTS ...)
+   TODO: check
+CVE-2017-17031 (A buffer overflow vulnerability in password function in QNAP 
QTS ...)
+   TODO: check
+CVE-2017-17030 (A buffer overflow vulnerability in login function in QNAP QTS 
version ...)
+   TODO: check
+CVE-2017-17029 (A buffer overflow vulnerability in login function in QNAP QTS 
version ...)
+   TODO: check
+CVE-2017-17028 (A buffer overflow vulnerability in external device function in 
QNAP ...)
+   TODO: check
+CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS 
version ...)
+   TODO: check
 CVE-2017-17045 (An issue was discovered in Xen through 

[Secure-testing-commits] r58770 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-21 09:10:13 + (Thu, 21 Dec 2017)
New Revision: 58770

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-21 09:04:18 UTC (rev 58769)
+++ data/CVE/list   2017-12-21 09:10:13 UTC (rev 58770)
@@ -1,3 +1,51 @@
+CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute 
...)
+   TODO: check
+CVE-2017-17830 (Bus Booking Script has CSRF via admin/new_master.php. ...)
+   TODO: check
+CVE-2017-17829 (Bus Booking Script has SQL Injection via the 
admin/view_seatseller.php ...)
+   TODO: check
+CVE-2017-17828 (Bus Booking Script has XSS via the results.php datepicker 
parameter or ...)
+   TODO: check
+CVE-2017-17827 (Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via 
...)
+   TODO: check
+CVE-2017-17826 (The Configuration component of Piwigo 2.9.2 is vulnerable to 
Persistent ...)
+   TODO: check
+CVE-2017-17825 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to 
Persistent ...)
+   TODO: check
+CVE-2017-17824 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to 
SQL ...)
+   TODO: check
+CVE-2017-17823 (The Configuration component of Piwigo 2.9.2 is vulnerable to 
SQL ...)
+   TODO: check
+CVE-2017-17822 (The List Users API of Piwigo 2.9.2 is vulnerable to SQL 
Injection via ...)
+   TODO: check
+CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari 
Technology ...)
+   TODO: check
+CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in ...)
+   TODO: check
+CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal 
address access ...)
+   TODO: check
+CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based 
buffer ...)
+   TODO: check
+CVE-2017-17817 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in ...)
+   TODO: check
+CVE-2017-17816 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in ...)
+   TODO: check
+CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal 
address access ...)
+   TODO: check
+CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in ...)
+   TODO: check
+CVE-2017-17813 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in the ...)
+   TODO: check
+CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based 
buffer ...)
+   TODO: check
+CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based 
buffer ...)
+   TODO: check
+CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a SEGV on 
unknown ...)
+   TODO: check
+CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the 
vyprvpnservice ...)
+   TODO: check
+CVE-2017-17808
+   RESERVED
 CVE-2018-3599
RESERVED
 CVE-2018-3598
@@ -78,13 +126,13 @@
RESERVED
 CVE-2018-3560
RESERVED
-CVE-2017-17807 [KEYS: add missing permission check for request_key() 
destination]
+CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted 
an ...)
- linux 
NOTE: Fixed by: 
https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b 
(v4.15-rc3)
-CVE-2017-17806 [crypto: hmac - require that the underlying hash algorithm is 
unkeyed]
+CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel 
before ...)
- linux 
NOTE: Fixed by: 
https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 
(v4.15-rc4)
-CVE-2017-17805 [crypto: salsa20 - fix blkcipher_walk API usage]
+CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 
4.14.8 does ...)
- linux 
NOTE: Fixed by: 
https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
 CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) 
allows ...)
@@ -178,7 +226,7 @@
 CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. 
The device ...)
NOT-FOR-US: Ichano AtHome IP Camera
 CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x 
before ...)
-   {DSA-4069-1}
+   {DSA-4069-1 DLA-1215-1}
- otrs2 6.0.3-1 (bug #884801)
NOTE: 
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
NOTE: OTRS-6: 
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
@@ -5885,7 +5933,7 @@
[wheezy] - eglibc  (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
 CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack 
packets, ...)
-   {DSA-4067-1}
+   {DSA-4067-1 DLA-1213-1}
- openafs 1.6.22-1 (bug #883602)
NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
 CVE-2018-1180
@@ -9913,7 +9961,8 @@
 

[Secure-testing-commits] r58740 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-20 21:10:12 + (Wed, 20 Dec 2017)
New Revision: 58740

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-20 20:37:38 UTC (rev 58739)
+++ data/CVE/list   2017-12-20 21:10:12 UTC (rev 58740)
@@ -78,42 +78,42 @@
RESERVED
 CVE-2018-3560
RESERVED
-CVE-2017-17804
-   RESERVED
-CVE-2017-17803
-   RESERVED
-CVE-2017-17802
-   RESERVED
-CVE-2017-17801
-   RESERVED
-CVE-2017-17800
-   RESERVED
-CVE-2017-17799
-   RESERVED
-CVE-2017-17798
-   RESERVED
-CVE-2017-17797
-   RESERVED
-CVE-2017-17796
-   RESERVED
-CVE-2017-17795
-   RESERVED
-CVE-2017-17794
-   RESERVED
-CVE-2017-17793
-   RESERVED
-CVE-2017-17792
-   RESERVED
+CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) 
allows ...)
+   TODO: check
+CVE-2017-17803 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file 
(VIRAGTLT.SYS) ...)
+   TODO: check
+CVE-2017-17802 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file 
(VIRAGTLT.SYS) ...)
+   TODO: check
+CVE-2017-17801 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file 
(VIRAGTLT.SYS) ...)
+   TODO: check
+CVE-2017-17800 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file 
(VIRAGTLT.SYS) ...)
+   TODO: check
+CVE-2017-17799 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file 
(VIRAGTLT.SYS) ...)
+   TODO: check
+CVE-2017-17798 (In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file 
(VIRAGTLT.SYS) ...)
+   TODO: check
+CVE-2017-17797 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) 
allows ...)
+   TODO: check
+CVE-2017-17796 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file 
(VIRAGTLT.SYS) ...)
+   TODO: check
+CVE-2017-17795 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) 
allows ...)
+   TODO: check
+CVE-2017-17794 (validate_form_preferences in admin/preferences.php in 
BlogoText through ...)
+   TODO: check
+CVE-2017-17793 (Information Disclosure vulnerability in creer_fichier_zip in 
...)
+   TODO: check
+CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the 
markup_clean_href ...)
+   TODO: check
 CVE-2017-17791
RESERVED
-CVE-2017-17790
-   RESERVED
-CVE-2017-17783
-   RESERVED
-CVE-2017-17782
-   RESERVED
-CVE-2017-17781
-   RESERVED
+CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 
2.4.3 ...)
+   TODO: check
+CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in 
ReadPALMImage ...)
+   TODO: check
+CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer 
over-read in ...)
+   TODO: check
+CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via 
the group ...)
+   TODO: check
 CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS 
via a ...)
NOT-FOR-US: Clockwork SMS plugins for WordPress
 CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the 
referrals.php id ...)
@@ -154,20 +154,18 @@
RESERVED
 CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. 
The device ...)
NOT-FOR-US: Ichano AtHome IP Camera
-CVE-2017-17476 [OSA-2017-10: Session hijacking]
-   RESERVED
+CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x 
before ...)
+   {DSA-4069-1}
- otrs2 6.0.3-1 (bug #884801)
NOTE: 
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
NOTE: OTRS-6: 
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
NOTE: OTRS-5: 
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
NOTE: OTRS-4: 
https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
-CVE-2017-17785 [gimp: Heap overflow in FLI import]
-   RESERVED
+CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the 
...)
- gimp  (bug #884836)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
NOTE: Can be reproduced (at least in wheezy) with "valgrind 
--trace-children=yes gimp "
-CVE-2017-17786 [gimp: OOB read in TGA]
-   RESERVED
+CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in 
ReadImage in ...)
- gimp  (unimportant; bug #884862)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134
NOTE: 
https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b
 (master)
@@ -175,27 +173,23 @@
NOTE: 
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8=ef9c821fff8b637a2178eab1c78cae6764c50e12
 (gimp-2-8)
NOTE: 
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8=22e2571c25425f225abdb11a566cc281fca6f366
 (gimp-2-8)
NOTE: Crash in desktop tool, no/negligable security impact

[Secure-testing-commits] r58716 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-20 09:10:13 + (Wed, 20 Dec 2017)
New Revision: 58716

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-20 05:56:12 UTC (rev 58715)
+++ data/CVE/list   2017-12-20 09:10:13 UTC (rev 58716)
@@ -1,3 +1,159 @@
+CVE-2018-3599
+   RESERVED
+CVE-2018-3598
+   RESERVED
+CVE-2018-3597
+   RESERVED
+CVE-2018-3596
+   RESERVED
+CVE-2018-3595
+   RESERVED
+CVE-2018-3594
+   RESERVED
+CVE-2018-3593
+   RESERVED
+CVE-2018-3592
+   RESERVED
+CVE-2018-3591
+   RESERVED
+CVE-2018-3590
+   RESERVED
+CVE-2018-3589
+   RESERVED
+CVE-2018-3588
+   RESERVED
+CVE-2018-3587
+   RESERVED
+CVE-2018-3586
+   RESERVED
+CVE-2018-3585
+   RESERVED
+CVE-2018-3584
+   RESERVED
+CVE-2018-3583
+   RESERVED
+CVE-2018-3582
+   RESERVED
+CVE-2018-3581
+   RESERVED
+CVE-2018-3580
+   RESERVED
+CVE-2018-3579
+   RESERVED
+CVE-2018-3578
+   RESERVED
+CVE-2018-3577
+   RESERVED
+CVE-2018-3576
+   RESERVED
+CVE-2018-3575
+   RESERVED
+CVE-2018-3574
+   RESERVED
+CVE-2018-3573
+   RESERVED
+CVE-2018-3572
+   RESERVED
+CVE-2018-3571
+   RESERVED
+CVE-2018-3570
+   RESERVED
+CVE-2018-3569
+   RESERVED
+CVE-2018-3568
+   RESERVED
+CVE-2018-3567
+   RESERVED
+CVE-2018-3566
+   RESERVED
+CVE-2018-3565
+   RESERVED
+CVE-2018-3564
+   RESERVED
+CVE-2018-3563
+   RESERVED
+CVE-2018-3562
+   RESERVED
+CVE-2018-3561
+   RESERVED
+CVE-2018-3560
+   RESERVED
+CVE-2017-17804
+   RESERVED
+CVE-2017-17803
+   RESERVED
+CVE-2017-17802
+   RESERVED
+CVE-2017-17801
+   RESERVED
+CVE-2017-17800
+   RESERVED
+CVE-2017-17799
+   RESERVED
+CVE-2017-17798
+   RESERVED
+CVE-2017-17797
+   RESERVED
+CVE-2017-17796
+   RESERVED
+CVE-2017-17795
+   RESERVED
+CVE-2017-17794
+   RESERVED
+CVE-2017-17793
+   RESERVED
+CVE-2017-17792
+   RESERVED
+CVE-2017-17791
+   RESERVED
+CVE-2017-17790
+   RESERVED
+CVE-2017-17783
+   RESERVED
+CVE-2017-17782
+   RESERVED
+CVE-2017-17781
+   RESERVED
+CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS 
via a ...)
+   TODO: check
+CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the 
referrals.php id ...)
+   TODO: check
+CVE-2017-17778 (Paid To Read Script 2.0.5 has XSS via the referrals.php tier 
parameter ...)
+   TODO: check
+CVE-2017-1 (Paid To Read Script 2.0.5 has authentication bypass in the 
admin panel ...)
+   TODO: check
+CVE-2017-17776 (Paid To Read Script 2.0.5 has full path disclosure via an 
invalid ...)
+   TODO: check
+CVE-2017-17775 (Piwigo 2.9.2 has XSS via the name parameter in an ...)
+   TODO: check
+CVE-2017-17774 (admin/configuration.php in Piwigo 2.9.2 has CSRF. ...)
+   TODO: check
+CVE-2017-17773
+   RESERVED
+CVE-2017-17772
+   RESERVED
+CVE-2017-17771
+   RESERVED
+CVE-2017-17770
+   RESERVED
+CVE-2017-17769
+   RESERVED
+CVE-2017-17768
+   RESERVED
+CVE-2017-17767
+   RESERVED
+CVE-2017-17766
+   RESERVED
+CVE-2017-17765
+   RESERVED
+CVE-2017-17764
+   RESERVED
+CVE-2017-17763 (SuperBeam through 4.1.3, when using the LAN or WiFi Direct 
Share ...)
+   TODO: check
+CVE-2017-17762
+   RESERVED
+CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. 
The device ...)
+   TODO: check
 CVE-2017-17476 [OSA-2017-10: Session hijacking]
RESERVED
- otrs2  (bug #884801)
@@ -6,24 +162,30 @@
NOTE: OTRS-5: 
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
NOTE: OTRS-4: 
https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
 CVE-2017-17785 [gimp: Heap overflow in FLI import]
+   RESERVED
- gimp 
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
 CVE-2017-17786 [gimp: OOB read in TGA]
+   RESERVED
- gimp  (unimportant)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134
NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17788 [gimp: OOB read in XCF]
+   RESERVED
- gimp  (unimportant)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783
NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17784 [gimp: OOB read in GBR]
+   RESERVED
- gimp  (unimportant)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784
NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17789 [gimp: Heap overflow in PSP]
+   RESERVED
- gimp 
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849
 CVE-2017-17787 [gimp: OOB read in PSP]
+   RESERVED
- gimp  (unimportant)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853

[Secure-testing-commits] r58704 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-19 21:10:14 + (Tue, 19 Dec 2017)
New Revision: 58704

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-19 21:07:14 UTC (rev 58703)
+++ data/CVE/list   2017-12-19 21:10:14 UTC (rev 58704)
@@ -1,4 +1,5 @@
 CVE-2017-17476 [OSA-2017-10: Session hijacking]
+   RESERVED
- otrs2  (bug #884801)
NOTE: 
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
NOTE: OTRS-6: 
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
@@ -40,8 +41,8 @@
RESERVED
 CVE-2017-17754
RESERVED
-CVE-2017-17753
-   RESERVED
+CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+   TODO: check
 CVE-2017-17752
RESERVED
 CVE-2017-17751
@@ -58,8 +59,8 @@
RESERVED
 CVE-2017-17745
RESERVED
-CVE-2017-17744
-   RESERVED
+CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map 
plugin ...)
+   TODO: check
 CVE-2017-17743
RESERVED
 CVE-2017-17742
@@ -111,8 +112,8 @@
NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
 CVE-2017-17720
RESERVED
-CVE-2017-17719
-   RESERVED
+CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours 
plugin ...)
+   TODO: check
 CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has 
Missing SSL ...)
- ruby-net-ldap  (bug #884693)
[jessie] - ruby-net-ldap  (Doc always said that there is no 
validation)
@@ -4976,7 +4977,7 @@
 CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before 
...)
- mensis  (unimportant)
NOTE: 
https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
-CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before 
launching ...)
+CVE-2017-17533 (** DISPUTED ** default.tcl in Tkabber 1.1 does not validate 
strings ...)
- tkabber 
NOTE: 
https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
NOTE: TCL's exec call does not involve the shell. It does its own 
argument parsing which safely forwards the content of any variable. No command 
injection is thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm
@@ -7316,8 +7317,8 @@
- tiff3  (unimportant)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
NOTE: Crash in CLI tool not treated as a security issue
-CVE-2017-17088
-   RESERVED
+CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is 
affected ...)
+   TODO: check
 CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of 
a .swp ...)
- vim 
[stretch] - vim  (Minor issue)
@@ -9096,7 +9097,7 @@
 CVE-2017-16922
RESERVED
 CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and 
including ...)
-   {DSA-4066-1}
+   {DSA-4066-1 DLA-1212-1}
- otrs2 6.0.2-1 (bug #883774)
NOTE: 
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
@@ -9721,7 +9722,7 @@
 CVE-2017-16855 (Ipsilon before 2.1.0 has a SAML2 multi-session 
vulnerability. ...)
- ipsilon  (bug #826838)
 CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 
4.0.26, ...)
-   {DSA-4066-1}
+   {DSA-4066-1 DLA-1212-1}
- otrs2 6.0.2-1
NOTE: 
https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
@@ -9959,8 +9960,8 @@
TODO: check
 CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with 
...)
TODO: check
-CVE-2017-16786
-   RESERVED
+CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with 
...)
+   TODO: check
 CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...)
NOT-FOR-US: CMS Made Simple
 CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template 
Injection via ...)
@@ -10229,7 +10230,7 @@
 CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to 
a ...)
NOT-FOR-US: RemObjects Remoting SDK
 CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open 
Ticket ...)
-   {DSA-4047-1}
+   {DSA-4047-1 DLA-1212-1}
- otrs2 5.0.24-1 (bug #882370)
NOTE: 
https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
NOTE: OTRS 5: 
https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -12609,6 +12610,7 @@
 CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as 
used in ...)
- frr  (bug #863249)
 CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 
3.3.x ...)
+   {DLA-1212-1}
- 

[Secure-testing-commits] r58639 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-17 09:10:16 + (Sun, 17 Dec 2017)
New Revision: 58639

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-17 08:30:31 UTC (rev 58638)
+++ data/CVE/list   2017-12-17 09:10:16 UTC (rev 58639)
@@ -8838,8 +8838,8 @@
NOT-FOR-US: K-Multimedia Player
 CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a 
denial ...)
NOT-FOR-US: Winamp
-CVE-2017-16950
-   RESERVED
+CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server 
before ...)
+   TODO: check
 CVE-2017-16949
RESERVED
 CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58564 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-14 09:10:20 + (Thu, 14 Dec 2017)
New Revision: 58564

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-14 08:57:08 UTC (rev 58563)
+++ data/CVE/list   2017-12-14 09:10:20 UTC (rev 58564)
@@ -1,3 +1,2039 @@
+CVE-2018-2359
+   RESERVED
+CVE-2018-2358
+   RESERVED
+CVE-2018-2357
+   RESERVED
+CVE-2018-2356
+   RESERVED
+CVE-2018-2355
+   RESERVED
+CVE-2018-2354
+   RESERVED
+CVE-2018-2353
+   RESERVED
+CVE-2018-2352
+   RESERVED
+CVE-2018-2351
+   RESERVED
+CVE-2018-2350
+   RESERVED
+CVE-2018-2349
+   RESERVED
+CVE-2018-2348
+   RESERVED
+CVE-2018-2347
+   RESERVED
+CVE-2018-2346
+   RESERVED
+CVE-2018-2345
+   RESERVED
+CVE-2018-2344
+   RESERVED
+CVE-2018-2343
+   RESERVED
+CVE-2018-2342
+   RESERVED
+CVE-2018-2341
+   RESERVED
+CVE-2018-2340
+   RESERVED
+CVE-2018-2339
+   RESERVED
+CVE-2018-2338
+   RESERVED
+CVE-2018-2337
+   RESERVED
+CVE-2018-2336
+   RESERVED
+CVE-2018-2335
+   RESERVED
+CVE-2018-2334
+   RESERVED
+CVE-2018-2333
+   RESERVED
+CVE-2018-2332
+   RESERVED
+CVE-2018-2331
+   RESERVED
+CVE-2018-2330
+   RESERVED
+CVE-2018-2329
+   RESERVED
+CVE-2018-2328
+   RESERVED
+CVE-2018-2327
+   RESERVED
+CVE-2018-2326
+   RESERVED
+CVE-2018-2325
+   RESERVED
+CVE-2018-2324
+   RESERVED
+CVE-2018-2323
+   RESERVED
+CVE-2018-2322
+   RESERVED
+CVE-2018-2321
+   RESERVED
+CVE-2018-2320
+   RESERVED
+CVE-2018-2319
+   RESERVED
+CVE-2018-2318
+   RESERVED
+CVE-2018-2317
+   RESERVED
+CVE-2018-2316
+   RESERVED
+CVE-2018-2315
+   RESERVED
+CVE-2018-2314
+   RESERVED
+CVE-2018-2313
+   RESERVED
+CVE-2018-2312
+   RESERVED
+CVE-2018-2311
+   RESERVED
+CVE-2018-2310
+   RESERVED
+CVE-2018-2309
+   RESERVED
+CVE-2018-2308
+   RESERVED
+CVE-2018-2307
+   RESERVED
+CVE-2018-2306
+   RESERVED
+CVE-2018-2305
+   RESERVED
+CVE-2018-2304
+   RESERVED
+CVE-2018-2303
+   RESERVED
+CVE-2018-2302
+   RESERVED
+CVE-2018-2301
+   RESERVED
+CVE-2018-2300
+   RESERVED
+CVE-2018-2299
+   RESERVED
+CVE-2018-2298
+   RESERVED
+CVE-2018-2297
+   RESERVED
+CVE-2018-2296
+   RESERVED
+CVE-2018-2295
+   RESERVED
+CVE-2018-2294
+   RESERVED
+CVE-2018-2293
+   RESERVED
+CVE-2018-2292
+   RESERVED
+CVE-2018-2291
+   RESERVED
+CVE-2018-2290
+   RESERVED
+CVE-2018-2289
+   RESERVED
+CVE-2018-2288
+   RESERVED
+CVE-2018-2287
+   RESERVED
+CVE-2018-2286
+   RESERVED
+CVE-2018-2285
+   RESERVED
+CVE-2018-2284
+   RESERVED
+CVE-2018-2283
+   RESERVED
+CVE-2018-2282
+   RESERVED
+CVE-2018-2281
+   RESERVED
+CVE-2018-2280
+   RESERVED
+CVE-2018-2279
+   RESERVED
+CVE-2018-2278
+   RESERVED
+CVE-2018-2277
+   RESERVED
+CVE-2018-2276
+   RESERVED
+CVE-2018-2275
+   RESERVED
+CVE-2018-2274
+   RESERVED
+CVE-2018-2273
+   RESERVED
+CVE-2018-2272
+   RESERVED
+CVE-2018-2271
+   RESERVED
+CVE-2018-2270
+   RESERVED
+CVE-2018-2269
+   RESERVED
+CVE-2018-2268
+   RESERVED
+CVE-2018-2267
+   RESERVED
+CVE-2018-2266
+   RESERVED
+CVE-2018-2265
+   RESERVED
+CVE-2018-2264
+   RESERVED
+CVE-2018-2263
+   RESERVED
+CVE-2018-2262
+   RESERVED
+CVE-2018-2261
+   RESERVED
+CVE-2018-2260
+   RESERVED
+CVE-2018-2259
+   RESERVED
+CVE-2018-2258
+   RESERVED
+CVE-2018-2257
+   RESERVED
+CVE-2018-2256
+   RESERVED
+CVE-2018-2255
+   RESERVED
+CVE-2018-2254
+   RESERVED
+CVE-2018-2253
+   RESERVED
+CVE-2018-2252
+   RESERVED
+CVE-2018-2251
+   RESERVED
+CVE-2018-2250
+   RESERVED
+CVE-2018-2249
+   RESERVED
+CVE-2018-2248
+   RESERVED
+CVE-2018-2247
+   RESERVED
+CVE-2018-2246
+   RESERVED
+CVE-2018-2245
+   RESERVED
+CVE-2018-2244
+   RESERVED
+CVE-2018-2243
+   RESERVED
+CVE-2018-2242
+   RESERVED
+CVE-2018-2241
+   RESERVED
+CVE-2018-2240
+   RESERVED
+CVE-2018-2239
+   RESERVED
+CVE-2018-2238
+   RESERVED
+CVE-2018-2237
+   RESERVED
+CVE-2018-2236
+   RESERVED
+CVE-2018-2235
+   RESERVED
+CVE-2018-2234
+   RESERVED
+CVE-2018-2233
+   RESERVED
+CVE-2018-2232
+   RESERVED
+CVE-2018-2231
+   RESERVED
+CVE-2018-2230
+   RESERVED
+CVE-2018-2229
+   RESERVED
+CVE-2018-2228
+   RESERVED
+CVE-2018-2227
+   RESERVED
+CVE-2018-2226
+   RESERVED
+CVE-2018-2225
+   RESERVED
+CVE-2018-2224
+   RESERVED
+CVE-2018-2223
+   RESERVED
+CVE-2018-
+   RESERVED
+CVE-2018-2221
+   RESERVED
+CVE-2018-2220
+   RESERVED
+CVE-2018-2219
+   RESERVED
+CVE-2018-2218
+   RESERVED
+CVE-2018-2217
+   RESERVED
+CVE-2018-2216
+   RESERVED
+CVE-2018-2215
+   

[Secure-testing-commits] r58534 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-13 21:10:13 + (Wed, 13 Dec 2017)
New Revision: 58534

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-13 21:09:49 UTC (rev 58533)
+++ data/CVE/list   2017-12-13 21:10:13 UTC (rev 58534)
@@ -1,9 +1,201 @@
-CVE-2017-17569
+CVE-2017-17665 (In Octopus Deploy before 4.1.3, the machine update process 
doesn't ...)
+   TODO: check
+CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 
13.x before ...)
+   TODO: check
+CVE-2017-17663
RESERVED
-CVE-2017-17568
+CVE-2017-17662
RESERVED
-CVE-2017-17567
+CVE-2017-17661
RESERVED
+CVE-2017-17660
+   RESERVED
+CVE-2017-17659
+   RESERVED
+CVE-2017-17658
+   RESERVED
+CVE-2017-17657
+   RESERVED
+CVE-2017-17656
+   RESERVED
+CVE-2017-17655
+   RESERVED
+CVE-2017-17654
+   RESERVED
+CVE-2017-17653
+   RESERVED
+CVE-2017-17652
+   RESERVED
+CVE-2017-17651
+   RESERVED
+CVE-2017-17650
+   RESERVED
+CVE-2017-17649
+   RESERVED
+CVE-2017-17648 (Entrepreneur Dating Script 2.0.1 has SQL Injection via the ...)
+   TODO: check
+CVE-2017-17647
+   RESERVED
+CVE-2017-17646
+   RESERVED
+CVE-2017-17645
+   RESERVED
+CVE-2017-17644
+   RESERVED
+CVE-2017-17643
+   RESERVED
+CVE-2017-17642 (Basic Job Site Script 2.0.5 has SQL Injection via the keyword 
parameter ...)
+   TODO: check
+CVE-2017-17641 (Resume Clone Script 2.0.5 has SQL Injection via the 
preview.php id ...)
+   TODO: check
+CVE-2017-17640 (Advanced World Database 2.0.5 has SQL Injection via the 
city.php ...)
+   TODO: check
+CVE-2017-17639 (Muslim Matrimonial Script 3.02 has SQL Injection via the ...)
+   TODO: check
+CVE-2017-17638 (Groupon Clone Script 3.01 has SQL Injection via the 
city_ajax.php ...)
+   TODO: check
+CVE-2017-17637 (Car Rental Script 2.0.4 has SQL Injection via the 
countrycode1.php val ...)
+   TODO: check
+CVE-2017-17636 (MLM Forced Matrix 2.0.9 has SQL Injection via the 
news-detail.php newid ...)
+   TODO: check
+CVE-2017-17635 (MLM Forex Market Plan Script 2.0.4 has SQL Injection via the 
...)
+   TODO: check
+CVE-2017-17634 (Single Theater Booking Script 3.2.1 has SQL Injection via the 
...)
+   TODO: check
+CVE-2017-17633 (Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection 
via the ...)
+   TODO: check
+CVE-2017-17632 (Responsive Events And Movie Ticket Booking Script 3.2.1 has 
SQL ...)
+   TODO: check
+CVE-2017-17631 (Multireligion Responsive Matrimonial 4.7.2 has SQL Injection 
via the ...)
+   TODO: check
+CVE-2017-17630 (Yoga Class Script 1.0 has SQL Injection via the /list city 
parameter. ...)
+   TODO: check
+CVE-2017-17629 (Secure E-commerce Script 2.0.1 has SQL Injection via the 
category.php ...)
+   TODO: check
+CVE-2017-17628 (Responsive Realestate Script 3.2 has SQL Injection via the ...)
+   TODO: check
+CVE-2017-17627 (Readymade Video Sharing Script 3.2 has SQL Injection via the 
...)
+   TODO: check
+CVE-2017-17626 (Readymade PHP Classified Script 3.3 has SQL Injection via the 
...)
+   TODO: check
+CVE-2017-17625 (Professional Service Script 1.0 has SQL Injection via the 
service-list ...)
+   TODO: check
+CVE-2017-17624 (PHP Multivendor Ecommerce 1.0 has SQL Injection via the ...)
+   TODO: check
+CVE-2017-17623 (Opensource Classified Ads Script 3.2 has SQL Injection via the 
...)
+   TODO: check
+CVE-2017-17622 (Online Exam Test Application Script 1.6 has SQL Injection via 
the ...)
+   TODO: check
+CVE-2017-17621 (Multivendor Penny Auction Clone Script 1.0 has SQL Injection 
via the ...)
+   TODO: check
+CVE-2017-17620 (Lawyer Search Script 1.1 has SQL Injection via the 
/lawyer-list city ...)
+   TODO: check
+CVE-2017-17619 (Laundry Booking Script 1.0 has SQL Injection via the /list 
city ...)
+   TODO: check
+CVE-2017-17618 (Kickstarter Clone Script 2.0 has SQL Injection via the 
investcalc.php ...)
+   TODO: check
+CVE-2017-17617 (Foodspotting Clone Script 1.0 has SQL Injection via the 
quicksearch.php ...)
+   TODO: check
+CVE-2017-17616 (Event Search Script 1.0 has SQL Injection via the /event-list 
city ...)
+   TODO: check
+CVE-2017-17615 (Facebook Clone Script 1.0 has SQL Injection via the 
friend-profile.php ...)
+   TODO: check
+CVE-2017-17614 (Food Order Script 1.0 has SQL Injection via the /list city 
parameter. ...)
+   TODO: check
+CVE-2017-17613 (Freelance Website Script 2.0.6 has SQL Injection via the 
jobdetails.php ...)
+   TODO: check
+CVE-2017-17612 (Hot Scripts Clone 3.1 has SQL Injection via the /categories 
subctid or ...)
+   TODO: check
+CVE-2017-17611 (Doctor Search Script 1.0 has SQL Injection via the /list city 
...)
+   TODO: check
+CVE-2017-17610 (E-commerce MLM Software 1.0 has SQL Injection via the ...)
+   

[Secure-testing-commits] r58410 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-10 09:10:18 + (Sun, 10 Dec 2017)
New Revision: 58410

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-10 07:19:30 UTC (rev 58409)
+++ data/CVE/list   2017-12-10 09:10:18 UTC (rev 58410)
@@ -1,3 +1,5 @@
+CVE-2017-17483
+   RESERVED
 CVE-2017-17482
RESERVED
 CVE-2017-17481
@@ -6106,8 +6108,8 @@
[stretch] - libcatalyst-plugin-static-simple-perl  (Minor issue)
[jessie] - libcatalyst-plugin-static-simple-perl  (Minor issue)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558
-CVE-2017-16241
-   RESERVED
+CVE-2017-16241 (Incorrect access control in AMAG Symmetry Door Edge Network 
Controllers ...)
+   TODO: check
 CVE-2017-16240
RESERVED
 CVE-2017-17051 (An issue was discovered in the default FilterScheduler in 
OpenStack ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58381 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-09 09:10:18 + (Sat, 09 Dec 2017)
New Revision: 58381

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-09 09:06:37 UTC (rev 58380)
+++ data/CVE/list   2017-12-09 09:10:18 UTC (rev 58381)
@@ -1,3 +1,7 @@
+CVE-2017-17482
+   RESERVED
+CVE-2017-17481
+   RESERVED
 CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was 
discovered in the ...)
- openjpeg2 
NOTE: https://github.com/uclouvain/openjpeg/issues/1044
@@ -5632,128 +5636,128 @@
RESERVED
 CVE-2017-16421
RESERVED
-CVE-2017-16420
-   RESERVED
-CVE-2017-16419
-   RESERVED
-CVE-2017-16418
-   RESERVED
-CVE-2017-16417
-   RESERVED
-CVE-2017-16416
-   RESERVED
-CVE-2017-16415
-   RESERVED
-CVE-2017-16414
-   RESERVED
-CVE-2017-16413
-   RESERVED
-CVE-2017-16412
-   RESERVED
-CVE-2017-16411
-   RESERVED
-CVE-2017-16410
-   RESERVED
-CVE-2017-16409
-   RESERVED
-CVE-2017-16408
-   RESERVED
-CVE-2017-16407
-   RESERVED
-CVE-2017-16406
-   RESERVED
-CVE-2017-16405
-   RESERVED
-CVE-2017-16404
-   RESERVED
-CVE-2017-16403
-   RESERVED
-CVE-2017-16402
-   RESERVED
-CVE-2017-16401
-   RESERVED
-CVE-2017-16400
-   RESERVED
-CVE-2017-16399
-   RESERVED
-CVE-2017-16398
-   RESERVED
-CVE-2017-16397
-   RESERVED
-CVE-2017-16396
-   RESERVED
-CVE-2017-16395
-   RESERVED
-CVE-2017-16394
-   RESERVED
-CVE-2017-16393
-   RESERVED
-CVE-2017-16392
-   RESERVED
-CVE-2017-16391
-   RESERVED
-CVE-2017-16390
-   RESERVED
-CVE-2017-16389
-   RESERVED
-CVE-2017-16388
-   RESERVED
-CVE-2017-16387
-   RESERVED
-CVE-2017-16386
-   RESERVED
-CVE-2017-16385
-   RESERVED
-CVE-2017-16384
-   RESERVED
-CVE-2017-16383
-   RESERVED
-CVE-2017-16382
-   RESERVED
-CVE-2017-16381
-   RESERVED
-CVE-2017-16380
-   RESERVED
-CVE-2017-16379
-   RESERVED
-CVE-2017-16378
-   RESERVED
-CVE-2017-16377
-   RESERVED
-CVE-2017-16376
-   RESERVED
-CVE-2017-16375
-   RESERVED
-CVE-2017-16374
-   RESERVED
-CVE-2017-16373
-   RESERVED
-CVE-2017-16372
-   RESERVED
-CVE-2017-16371
-   RESERVED
-CVE-2017-16370
-   RESERVED
-CVE-2017-16369
-   RESERVED
-CVE-2017-16368
-   RESERVED
-CVE-2017-16367
-   RESERVED
-CVE-2017-16366
-   RESERVED
-CVE-2017-16365
-   RESERVED
-CVE-2017-16364
-   RESERVED
-CVE-2017-16363
-   RESERVED
-CVE-2017-16362
-   RESERVED
-CVE-2017-16361
-   RESERVED
-CVE-2017-16360
-   RESERVED
+CVE-2017-16420 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16419 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16418 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16417 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16416 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16415 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16414 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16413 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16412 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16411 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16410 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16409 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16408 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16407 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16406 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16405 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16404 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16403 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16402 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: check
+CVE-2017-16401 (An issue was discovered in Adobe Acrobat and Reader: 
2017.012.20098 and ...)
+   TODO: 

[Secure-testing-commits] r58369 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-08 21:10:25 + (Fri, 08 Dec 2017)
New Revision: 58369

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-08 19:20:32 UTC (rev 58368)
+++ data/CVE/list   2017-12-08 21:10:25 UTC (rev 58369)
@@ -1,3 +1,13 @@
+CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was 
discovered in the ...)
+   TODO: check
+CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was 
discovered in the ...)
+   TODO: check
+CVE-2017-17478
+   RESERVED
+CVE-2017-17477
+   RESERVED
+CVE-2017-17476
+   RESERVED
 CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
 CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
@@ -3770,7 +3780,7 @@
- linux 4.13.13-1
NOTE: Fixed by: 
https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote 
attackers to ...)
-   {DLA-1196-1}
+   {DSA-4058-1 DLA-1196-1}
- optipng 0.7.6-1.1 (bug #878839)
NOTE: https://sourceforge.net/p/optipng/bugs/69/
 CVE-2017-16937
@@ -3831,8 +3841,7 @@
NOT-FOR-US: Shenzhen Tenda
 CVE-2017-16922
RESERVED
-CVE-2017-16921 [OSA-2017-09: Remote code execution]
-   RESERVED
+CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and 
including ...)
- otrs2 6.0.2-1 (bug #883774)
NOTE: 
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
@@ -4158,7 +4167,7 @@
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
NOTE: 
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of 
optipng 0.7.6 ...)
-   {DLA-1184-1}
+   {DSA-4058-1 DLA-1184-1}
- optipng 0.7.6-1.1 (bug #882032)
NOTE: https://sourceforge.net/p/optipng/bugs/65/
NOTE: Proposed patch: 
https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
@@ -4441,8 +4450,7 @@
NOT-FOR-US: Atlassian Confluence
 CVE-2017-16855 (Ipsilon before 2.1.0 has a SAML2 multi-session 
vulnerability. ...)
- ipsilon  (bug #826838)
-CVE-2017-16854 [OSA-2017-08: Information Disclosure]
-   RESERVED
+CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 
4.0.26, ...)
- otrs2 6.0.2-1
NOTE: 
https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
@@ -5099,6 +5107,7 @@
- swauth 1.2.0-4 (bug #882314)
NOTE: https://bugs.launchpad.net/swift/+bug/1655781
 CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that 
could lead ...)
+   {DSA-4059-1}
- libxcursor  (bug #883792)
NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
NOTE: 
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
@@ -7196,16 +7205,16 @@
RESERVED
 CVE-2017-15896
RESERVED
-CVE-2017-15895
-   RESERVED
-CVE-2017-15894
-   RESERVED
-CVE-2017-15893
-   RESERVED
+CVE-2017-15895 (Directory traversal vulnerability in the 
SYNO.FileStation.Extract in ...)
+   TODO: check
+CVE-2017-15894 (Directory traversal vulnerability in the 
SYNO.FileStation.Extract in ...)
+   TODO: check
+CVE-2017-15893 (Directory traversal vulnerability in the 
SYNO.FileStation.Extract in ...)
+   TODO: check
 CVE-2017-15892
RESERVED
-CVE-2017-15891
-   RESERVED
+CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in 
...)
+   TODO: check
 CVE-2017-15890
RESERVED
 CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology 
DiskStation ...)
@@ -16281,8 +16290,8 @@
RESERVED
 CVE-2017-12824 (Special crafted InPage document leads to arbitrary code 
execution in ...)
NOT-FOR-US: InPage
-CVE-2017-12823
-   RESERVED
+CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky 
Embedded ...)
+   TODO: check
 CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's 
HASP SRM, ...)
NOT-FOR-US: Gemalto
 CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and 
Sentinel ...)
@@ -18629,8 +18638,8 @@
RESERVED
 CVE-2017-11941
RESERVED
-CVE-2017-11940
-   RESERVED
+CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft 
Forefront ...)
+   TODO: check
 CVE-2017-11939
RESERVED
 CVE-2017-11938
@@ -20019,12 +20028,12 @@
RESERVED
 

[Secure-testing-commits] r58354 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-08 09:10:15 + (Fri, 08 Dec 2017)
New Revision: 58354

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-08 08:27:16 UTC (rev 58353)
+++ data/CVE/list   2017-12-08 09:10:15 UTC (rev 58354)
@@ -1,3 +1,35 @@
+CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17473 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17472 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17471 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17470 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17469 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17468 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain 
...)
+   TODO: check
+CVE-2017-17467 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17466 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain 
...)
+   TODO: check
+CVE-2017-17465 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL 
pointer ...)
+   TODO: check
+CVE-2017-17464 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL 
pointer ...)
+   TODO: check
+CVE-2017-17463 (Vivo modems allow remote attackers to obtain sensitive 
information by ...)
+   TODO: check
+CVE-2017-17462
+   RESERVED
+CVE-2017-17461 (A Regular expression Denial of Service (ReDoS) vulnerability 
in the ...)
+   TODO: check
+CVE-2017-17460
+   RESERVED
 CVE-2018-1340
RESERVED
 CVE-2018-1339
@@ -2139,6 +2171,7 @@
NOT-FOR-US: WordPress plugin wp-thumb-post
 CVE-2017-1000385 [TLS server vunlerable to Adaptive Chosen Ciphertext attack 
allowing plaintext recovery ot MITM attack]
RESERVED
+   {DSA-4057-1}
- erlang 1:20.1.7+dfsg-1
NOTE: 
https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM
NOTE: 
https://github.com/erlang/otp/commit/38b07caa2a1c6cd3537eadd36770afa54f067562 
(OTP-20.1.7)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58340 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-07 21:10:12 + (Thu, 07 Dec 2017)
New Revision: 58340

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-07 20:59:36 UTC (rev 58339)
+++ data/CVE/list   2017-12-07 21:10:12 UTC (rev 58340)
@@ -1,3 +1,131 @@
+CVE-2018-1340
+   RESERVED
+CVE-2018-1339
+   RESERVED
+CVE-2018-1338
+   RESERVED
+CVE-2018-1337
+   RESERVED
+CVE-2018-1336
+   RESERVED
+CVE-2018-1335
+   RESERVED
+CVE-2018-1334
+   RESERVED
+CVE-2018-1333
+   RESERVED
+CVE-2018-1332
+   RESERVED
+CVE-2018-1331
+   RESERVED
+CVE-2018-1330
+   RESERVED
+CVE-2018-1329
+   RESERVED
+CVE-2018-1328
+   RESERVED
+CVE-2018-1327
+   RESERVED
+CVE-2018-1326
+   RESERVED
+CVE-2018-1325
+   RESERVED
+CVE-2018-1324
+   RESERVED
+CVE-2018-1323
+   RESERVED
+CVE-2018-1322
+   RESERVED
+CVE-2018-1321
+   RESERVED
+CVE-2018-1320
+   RESERVED
+CVE-2018-1319
+   RESERVED
+CVE-2018-1318
+   RESERVED
+CVE-2018-1317
+   RESERVED
+CVE-2018-1316
+   RESERVED
+CVE-2018-1315
+   RESERVED
+CVE-2018-1314
+   RESERVED
+CVE-2018-1313
+   RESERVED
+CVE-2018-1312
+   RESERVED
+CVE-2018-1311
+   RESERVED
+CVE-2018-1310
+   RESERVED
+CVE-2018-1309
+   RESERVED
+CVE-2018-1308
+   RESERVED
+CVE-2018-1307
+   RESERVED
+CVE-2018-1306
+   RESERVED
+CVE-2018-1305
+   RESERVED
+CVE-2018-1304
+   RESERVED
+CVE-2018-1303
+   RESERVED
+CVE-2018-1302
+   RESERVED
+CVE-2018-1301
+   RESERVED
+CVE-2018-1300
+   RESERVED
+CVE-2018-1299
+   RESERVED
+CVE-2018-1298
+   RESERVED
+CVE-2018-1297
+   RESERVED
+CVE-2018-1296
+   RESERVED
+CVE-2018-1295
+   RESERVED
+CVE-2018-1294
+   RESERVED
+CVE-2018-1293
+   RESERVED
+CVE-2018-1292
+   RESERVED
+CVE-2018-1291
+   RESERVED
+CVE-2018-1290
+   RESERVED
+CVE-2018-1289
+   RESERVED
+CVE-2018-1288
+   RESERVED
+CVE-2018-1287
+   RESERVED
+CVE-2018-1286
+   RESERVED
+CVE-2018-1285
+   RESERVED
+CVE-2018-1284
+   RESERVED
+CVE-2018-1283
+   RESERVED
+CVE-2018-1282
+   RESERVED
+CVE-2018-1281
+   RESERVED
+CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync 
protocol is ...)
+   TODO: check
+CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially 
malformed ...)
+   TODO: check
+CVE-2017-1002102
+   RESERVED
+CVE-2017-1002101
+   RESERVED
 CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 
may lead ...)
- libsndfile  (low)
[stretch] - libsndfile  (Minor issue)
@@ -290,7 +418,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22375
NOTE: Introduced by: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc
NOTE: Fixed by: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
-CVE-2017-1000410 [Info Leak in the Linux Kernel via Bluetooth]
+CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a 
...)
- linux 
NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
 CVE-2017-1000409
@@ -5856,6 +5984,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/12/05/5
NOTE: https://launchpad.net/bugs/1732976
 CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 
16.x through ...)
+   {DSA-4056-1}
- nova 2:16.0.3-1 (bug #882009)
[jessie] - nova  (Vulnerble code introduced later)
[wheezy] - nova  (Vulnerble code introduced later)
@@ -11363,8 +11492,8 @@
NOT-FOR-US: Cloud Foundry Foundation GrootFS
 CVE-2017-14387
RESERVED
-CVE-2017-14386
-   RESERVED
+CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction 
Laser ...)
+   TODO: check
 CVE-2017-14385
RESERVED
 CVE-2017-14384
@@ -18455,8 +18584,8 @@
RESERVED
 CVE-2017-11938
RESERVED
-CVE-2017-11937
-   RESERVED
+CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft 
Forefront ...)
+   TODO: check
 CVE-2017-11936
RESERVED
 CVE-2017-11935
@@ -43487,15 +43616,13 @@
NOT-FOR-US: Lenovo
 CVE-2017-3739
RESERVED
-CVE-2017-3738 [rsaz_1024_mul_avx2 overflow bug on x86_64]
-   RESERVED
+CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication 
...)
- openssl 
- openssl1.0 
NOTE: https://www.openssl.org/news/secadv/20171207.txt
NOTE: OpenSSL_1_1_0-stable: 
https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
NOTE: OpenSSL_1_0_2-stable: 
https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
-CVE-2017-3737 [Read/write after SSL object in error state]
-  

[Secure-testing-commits] r58316 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-07 09:10:16 + (Thu, 07 Dec 2017)
New Revision: 58316

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-07 09:10:07 UTC (rev 58315)
+++ data/CVE/list   2017-12-07 09:10:16 UTC (rev 58316)
@@ -1,3 +1,23 @@
+CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 
may lead ...)
+   TODO: check
+CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 
may lead ...)
+   TODO: check
+CVE-2017-17455
+   RESERVED
+CVE-2017-17454
+   RESERVED
+CVE-2017-17453
+   RESERVED
+CVE-2017-17452
+   RESERVED
+CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in 
the ...)
+   TODO: check
+CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does 
not ...)
+   TODO: check
+CVE-2017-17449 (The __netlink_deliver_tap_skb function in 
net/netlink/af_netlink.c in ...)
+   TODO: check
+CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 
4.14.4 ...)
+   TODO: check
 CVE-2018-1280
RESERVED
 CVE-2018-1279
@@ -223,6 +243,7 @@
[jessie] - libextractor  (Minor issue)
NOTE: Fixed by: 
https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
 CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are 
able to ...)
+   {DSA-4055-1}
- heimdal  (bug #878144)
[jessie] - heimdal  (Vulnerability introduced in 7.0)
[wheezy] - heimdal  (Vulnerability introduced in 7.0)
@@ -233,10 +254,10 @@
RESERVED
 CVE-2017-17437
RESERVED
-CVE-2017-17436
-   RESERVED
-CVE-2017-17435
-   RESERVED
+CVE-2017-17436 (An issue was discovered in the software on Vaultek Gun Safe 
VT20i ...)
+   TODO: check
+CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe 
VT20i ...)
+   TODO: check
 CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 
2017-12-03, ...)
- rsync  (bug #883665)
NOTE: 
https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1
@@ -246,8 +267,8 @@
NOTE: 
https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
 CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, 
status, ...)
NOT-FOR-US: GeniXCMS
-CVE-2017-17430
-   RESERVED
+CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before 
2.3.12-80-GA allows ...)
+   TODO: check
 CVE-2017-17429
RESERVED
 CVE-2017-17428
@@ -432,8 +453,8 @@
RESERVED
 CVE-2017-17385
RESERVED
-CVE-2017-17384
-   RESERVED
+CVE-2017-17384 (ISPConfig 3.x before 3.1.9 allows remote authenticated users 
to obtain ...)
+   TODO: check
 CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated 
administrators to ...)
- jenkins 
 CVE-2017-17382
@@ -2629,7 +2650,7 @@
NOT-FOR-US: GitPHP
 CVE-2017-1000207 (A vulnerability in Swagger-Parser's version = 1.0.30 and 
Swagger ...)
NOT-FOR-US: Swagger-Parser
-CVE-2017-1000159 (Command injection in evince 3.24.8 via filename when 
printing to PDF ...)
+CVE-2017-1000159 (Command injection in evince via filename when printing to 
PDF. This ...)
- evince 3.25.92-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947
NOTE: Introduced by: 
https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99
 (EVINCE_0_9_1)
@@ -169200,7 +169221,7 @@
NOT-FOR-US: Opera
 CVE-2002-2483
- linux-2.6 2.4.20
-CVE-2012-1002 (Unspecified vulnerability in OpenConf 4.x before 4.12 has 
unknown ...)
+CVE-2012-1002 (SQL injection vulnerability in author/edit.php in OpenConf 4.x 
before ...)
NOT-FOR-US: OpenConf
 CVE-2012-1001
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58309 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-06 21:10:18 + (Wed, 06 Dec 2017)
New Revision: 58309

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-06 20:35:55 UTC (rev 58308)
+++ data/CVE/list   2017-12-06 21:10:18 UTC (rev 58309)
@@ -1,12 +1,224 @@
-CVE-2017-17446
+CVE-2018-1280
+   RESERVED
+CVE-2018-1279
+   RESERVED
+CVE-2018-1278
+   RESERVED
+CVE-2018-1277
+   RESERVED
+CVE-2018-1276
+   RESERVED
+CVE-2018-1275
+   RESERVED
+CVE-2018-1274
+   RESERVED
+CVE-2018-1273
+   RESERVED
+CVE-2018-1272
+   RESERVED
+CVE-2018-1271
+   RESERVED
+CVE-2018-1270
+   RESERVED
+CVE-2018-1269
+   RESERVED
+CVE-2018-1268
+   RESERVED
+CVE-2018-1267
+   RESERVED
+CVE-2018-1266
+   RESERVED
+CVE-2018-1265
+   RESERVED
+CVE-2018-1264
+   RESERVED
+CVE-2018-1263
+   RESERVED
+CVE-2018-1262
+   RESERVED
+CVE-2018-1261
+   RESERVED
+CVE-2018-1260
+   RESERVED
+CVE-2018-1259
+   RESERVED
+CVE-2018-1258
+   RESERVED
+CVE-2018-1257
+   RESERVED
+CVE-2018-1256
+   RESERVED
+CVE-2018-1255
+   RESERVED
+CVE-2018-1254
+   RESERVED
+CVE-2018-1253
+   RESERVED
+CVE-2018-1252
+   RESERVED
+CVE-2018-1251
+   RESERVED
+CVE-2018-1250
+   RESERVED
+CVE-2018-1249
+   RESERVED
+CVE-2018-1248
+   RESERVED
+CVE-2018-1247
+   RESERVED
+CVE-2018-1246
+   RESERVED
+CVE-2018-1245
+   RESERVED
+CVE-2018-1244
+   RESERVED
+CVE-2018-1243
+   RESERVED
+CVE-2018-1242
+   RESERVED
+CVE-2018-1241
+   RESERVED
+CVE-2018-1240
+   RESERVED
+CVE-2018-1239
+   RESERVED
+CVE-2018-1238
+   RESERVED
+CVE-2018-1237
+   RESERVED
+CVE-2018-1236
+   RESERVED
+CVE-2018-1235
+   RESERVED
+CVE-2018-1234
+   RESERVED
+CVE-2018-1233
+   RESERVED
+CVE-2018-1232
+   RESERVED
+CVE-2018-1231
+   RESERVED
+CVE-2018-1230
+   RESERVED
+CVE-2018-1229
+   RESERVED
+CVE-2018-1228
+   RESERVED
+CVE-2018-1227
+   RESERVED
+CVE-2018-1226
+   RESERVED
+CVE-2018-1225
+   RESERVED
+CVE-2018-1224
+   RESERVED
+CVE-2018-1223
+   RESERVED
+CVE-2018-1222
+   RESERVED
+CVE-2018-1221
+   RESERVED
+CVE-2018-1220
+   RESERVED
+CVE-2018-1219
+   RESERVED
+CVE-2018-1218
+   RESERVED
+CVE-2018-1217
+   RESERVED
+CVE-2018-1216
+   RESERVED
+CVE-2018-1215
+   RESERVED
+CVE-2018-1214
+   RESERVED
+CVE-2018-1213
+   RESERVED
+CVE-2018-1212
+   RESERVED
+CVE-2018-1211
+   RESERVED
+CVE-2018-1210
+   RESERVED
+CVE-2018-1209
+   RESERVED
+CVE-2018-1208
+   RESERVED
+CVE-2018-1207
+   RESERVED
+CVE-2018-1206
+   RESERVED
+CVE-2018-1205
+   RESERVED
+CVE-2018-1204
+   RESERVED
+CVE-2018-1203
+   RESERVED
+CVE-2018-1202
+   RESERVED
+CVE-2018-1201
+   RESERVED
+CVE-2018-1200
+   RESERVED
+CVE-2018-1199
+   RESERVED
+CVE-2018-1198
+   RESERVED
+CVE-2018-1197
+   RESERVED
+CVE-2018-1196
+   RESERVED
+CVE-2018-1195
+   RESERVED
+CVE-2018-1194
+   RESERVED
+CVE-2018-1193
+   RESERVED
+CVE-2018-1192
+   RESERVED
+CVE-2018-1191
+   RESERVED
+CVE-2018-1190
+   RESERVED
+CVE-2018-1189
+   RESERVED
+CVE-2018-1188
+   RESERVED
+CVE-2018-1187
+   RESERVED
+CVE-2018-1186
+   RESERVED
+CVE-2018-1185
+   RESERVED
+CVE-2018-1184
+   RESERVED
+CVE-2018-1183
+   RESERVED
+CVE-2018-1182
+   RESERVED
+CVE-2018-1181
+   RESERVED
+CVE-2017-17447
+   RESERVED
+CVE-2017-17445
+   RESERVED
+CVE-2017-17444
+   RESERVED
+CVE-2017-17443
+   RESERVED
+CVE-2017-17442
+   RESERVED
+CVE-2017-17441
+   RESERVED
+CVE-2017-17446 (The Mem_File_Reader::read_avail function in Data_Reader.cpp in 
the ...)
- game-music-emu  (bug #883691)
[stretch] - game-music-emu  (Minor issue)
[jessie] - game-music-emu  (Minor issue)
NOTE: 
https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
-CVE-2017-17440 [various null pointer dereferences in GIF, IT, NSFE, S3M, SID 
and XM plugins]
+CVE-2017-17440 (GNU Libextractor 1.6 allows remote attackers to cause a denial 
of ...)
- libextractor  (bug #883528)
NOTE: Fixed by: 
https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
-CVE-2017-17439 [Remote unauthenticated DoS in Heimdal-KDC]
+CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are 
able to ...)
- heimdal  (bug #878144)
[jessie] - heimdal  (Vulnerability introduced in 7.0)
[wheezy] - heimdal  (Vulnerability introduced in 7.0)
@@ -223,8 +435,7 @@
- jenkins 
 CVE-2017-17382
RESERVED
-CVE-2017-17381 [virtio: divide by zero exception while updating rings]
-   RESERVED
+CVE-2017-17381 (The Virtio Vring implementation in QEMU allows 

[Secure-testing-commits] r58288 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-06 09:10:24 + (Wed, 06 Dec 2017)
New Revision: 58288

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-06 07:56:02 UTC (rev 58287)
+++ data/CVE/list   2017-12-06 09:10:24 UTC (rev 58288)
@@ -1,3 +1,17 @@
+CVE-2017-17438
+   RESERVED
+CVE-2017-17437
+   RESERVED
+CVE-2017-17436
+   RESERVED
+CVE-2017-17435
+   RESERVED
+CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 
2017-12-03, ...)
+   TODO: check
+CVE-2017-17433 (The recv_files function in receiver.c in the daemon in rsync 
3.1.2, and ...)
+   TODO: check
+CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, 
status, ...)
+   TODO: check
 CVE-2017-17430
RESERVED
 CVE-2017-17429
@@ -17,7 +31,7 @@
RESERVED
 CVE-2017-1000408
RESERVED
-CVE-2017-17432 [OPENAFS-SA-2017-001: Rx assertion failure from insufficient 
input validation]
+CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack 
packets, ...)
- openafs 1.6.22-1 (bug #883602)
NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
 CVE-2018-1180
@@ -184,8 +198,8 @@
RESERVED
 CVE-2017-17384
RESERVED
-CVE-2017-17383
-   RESERVED
+CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated 
administrators to ...)
+   TODO: check
 CVE-2017-17382
RESERVED
 CVE-2017-17381 [virtio: divide by zero exception while updating rings]
@@ -1702,8 +1716,8 @@
RESERVED
 CVE-2017-17070
RESERVED
-CVE-2017-17069
-   RESERVED
+CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 
2017 ...)
+   TODO: check
 CVE-2017-17068
RESERVED
 CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x 
before ...)
@@ -6772,8 +6786,7 @@
RESERVED
 CVE-2017-15869
RESERVED
-CVE-2017-15868 [Bluetooth: bnep: bnep_add_connection() should verify that it's 
dealing with l2cap socket]
-   RESERVED
+CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c 
in the ...)
- linux 4.0.2-1
NOTE: Fixed by: 
https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 
(v3.19-rc3)
 CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -11024,8 +11037,8 @@
NOT-FOR-US: EMC AppSync Server
 CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior 
to ...)
NOT-FOR-US: EMC
-CVE-2017-14374
-   RESERVED
+CVE-2017-14374 (The SMI-S service in Dell Storage Manager versions earlier 
than 16.3.20 ...)
+   TODO: check
 CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains 
a ...)
NOT-FOR-US: RSA Authentication Manager
 CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by 
reflected ...)
@@ -11062,8 +11075,8 @@
NOT-FOR-US: HP ArcSight
 CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP 
ArcSight ESM ...)
NOT-FOR-US: HP ArcSight
-CVE-2017-14355
-   RESERVED
+CVE-2017-14355 (A potential security vulnerability has been identified in HPE 
...)
+   TODO: check
 CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB 
Foundation ...)
NOT-FOR-US: HP UCMDB Foundation
 CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation 
Software ...)
@@ -12129,8 +12142,8 @@
NOT-FOR-US: AutomationDirect
 CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in 
Progea ...)
NOT-FOR-US: Progea Movicon
-CVE-2017-14018
-   RESERVED
+CVE-2017-14018 (An improper authentication issue was discovered in Johnson 
 Johnson ...)
+   TODO: check
 CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in 
Progea ...)
NOT-FOR-US: Progea Movicon
 CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in 
Advantech ...)
@@ -40610,8 +40623,8 @@
NOT-FOR-US: VMware
 CVE-2017-4921 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an 
insecure ...)
NOT-FOR-US: VMware
-CVE-2017-4920
-   RESERVED
+CVE-2017-4920 (The implementation of the OSPF protocol in VMware NSX-V Edge 
6.2.x ...)
+   TODO: check
 CVE-2017-4919 (VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with 
certain, ...)
NOT-FOR-US: VMware vCenter Server
 CVE-2017-4918 (VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) 
contains ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58277 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-05 21:10:17 + (Tue, 05 Dec 2017)
New Revision: 58277

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-05 21:08:45 UTC (rev 58276)
+++ data/CVE/list   2017-12-05 21:10:17 UTC (rev 58277)
@@ -1,3 +1,17 @@
+CVE-2017-17430
+   RESERVED
+CVE-2017-17429
+   RESERVED
+CVE-2017-17428
+   RESERVED
+CVE-2017-17427
+   RESERVED
+CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 
2.26 ...)
+   TODO: check
+CVE-2017-1000409
+   RESERVED
+CVE-2017-1000408
+   RESERVED
 CVE-2017- [OPENAFS-SA-2017-001: Rx assertion failure from insufficient 
input validation]
- openafs 1.6.22-1 (bug #883602)
NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
@@ -1689,8 +1703,8 @@
RESERVED
 CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x 
before ...)
NOT-FOR-US: Splunk Web
-CVE-2017-17066
-   RESERVED
+CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha 
implementations of the ...)
+   TODO: check
 CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...)
NOT-FOR-US: D-Link
 CVE-2017-17064
@@ -3335,10 +3349,10 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956
NOTE: 
https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and 
CVE-2017-9050
-CVE-2017-16930
-   RESERVED
-CVE-2017-16929
-   RESERVED
+CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 
10.1 ...)
+   TODO: check
+CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 
10.1 is ...)
+   TODO: check
 CVE-2017-16928
RESERVED
 CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in 
the session ...)
@@ -3446,6 +3460,7 @@
 CVE-2017-16885
RESERVED
 CVE-2017-1000407 [DoS via write flood to I/O port 0x80]
+   RESERVED
- linux 
NOTE: https://www.spinics.net/lists/kvm/msg159809.html
 CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache 
after a ...)
@@ -3623,9 +3638,9 @@
- pjproject 2.7.1~dfsg-1
NOTE: https://trac.pjsip.org/repos/ticket/2056
NOTE: https://trac.pjsip.org/repos/changeset/5682
-CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows 
remote PHP ...)
+CVE-2017-16871 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for 
WordPress ...)
NOT-FOR-US: UpdraftPlus plugin for WordPress
-CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF 
in the ...)
+CVE-2017-16870 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for 
WordPress ...)
NOT-FOR-US: UpdraftPlus plugin for WordPress
 CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers 
to cause ...)
- upx-ucl  (bug #882041; unimportant)
@@ -3942,10 +3957,10 @@
RESERVED
 CVE-2017-16858
RESERVED
-CVE-2017-16857
-   RESERVED
-CVE-2017-16856
-   RESERVED
+CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin 
via ...)
+   TODO: check
+CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 
6.5.2 allows ...)
+   TODO: check
 CVE-2017-16855 (Ipsilon before 2.1.0 has a SAML2 multi-session 
vulnerability. ...)
- ipsilon  (bug #826838)
 CVE-2017-16854
@@ -5513,7 +5528,7 @@
RESERVED
 CVE-2017-16240
RESERVED
-CVE-2017-17051 [Regression introduced with the fix for OSSA-2017-005 
(CVE-2017-16239)]
+CVE-2017-17051 (An issue was discovered in the default FilterScheduler in 
OpenStack ...)
- nova  (bug #883621)
[stretch] - nova  (Fix for CVE-2017-16239 not applied and 
not affecting 14.x.y)
[jessie] - nova  (Vulnerable code not present)
@@ -6873,8 +6888,8 @@
RESERVED
 CVE-2017-15814
RESERVED
-CVE-2017-15813
-   RESERVED
+CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
+   TODO: check
 CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has 
XSS via a ...)
NOT-FOR-US: Wordpress plugin
 CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS 
via the ...)
@@ -9458,16 +9473,16 @@
- nodejs  (unimportant)
NOTE: Debian doesn't use zlib 1.2.9 yet
NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
-CVE-2017-14918
-   RESERVED
-CVE-2017-14917
-   RESERVED
-CVE-2017-14916
-   RESERVED
+CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
+   TODO: check
+CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
+   TODO: check
+CVE-2017-14916 (In Android for 

[Secure-testing-commits] r58264 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-05 09:10:17 + (Tue, 05 Dec 2017)
New Revision: 58264

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-05 07:43:45 UTC (rev 58263)
+++ data/CVE/list   2017-12-05 09:10:17 UTC (rev 58264)
@@ -1,3 +1,165 @@
+CVE-2018-1180
+   RESERVED
+CVE-2018-1179
+   RESERVED
+CVE-2018-1178
+   RESERVED
+CVE-2018-1177
+   RESERVED
+CVE-2018-1176
+   RESERVED
+CVE-2018-1175
+   RESERVED
+CVE-2018-1174
+   RESERVED
+CVE-2018-1173
+   RESERVED
+CVE-2018-1172
+   RESERVED
+CVE-2018-1171
+   RESERVED
+CVE-2018-1170
+   RESERVED
+CVE-2018-1169
+   RESERVED
+CVE-2018-1168
+   RESERVED
+CVE-2018-1167
+   RESERVED
+CVE-2018-1166
+   RESERVED
+CVE-2018-1165
+   RESERVED
+CVE-2018-1164
+   RESERVED
+CVE-2018-1163
+   RESERVED
+CVE-2018-1162
+   RESERVED
+CVE-2018-1161
+   RESERVED
+CVE-2018-1160
+   RESERVED
+CVE-2018-1159
+   RESERVED
+CVE-2018-1158
+   RESERVED
+CVE-2018-1157
+   RESERVED
+CVE-2018-1156
+   RESERVED
+CVE-2018-1155
+   RESERVED
+CVE-2018-1154
+   RESERVED
+CVE-2018-1153
+   RESERVED
+CVE-2018-1152
+   RESERVED
+CVE-2018-1151
+   RESERVED
+CVE-2018-1150
+   RESERVED
+CVE-2018-1149
+   RESERVED
+CVE-2018-1148
+   RESERVED
+CVE-2018-1147
+   RESERVED
+CVE-2018-1146
+   RESERVED
+CVE-2018-1145
+   RESERVED
+CVE-2018-1144
+   RESERVED
+CVE-2018-1143
+   RESERVED
+CVE-2018-1142
+   RESERVED
+CVE-2018-1141
+   RESERVED
+CVE-2017-17425
+   RESERVED
+CVE-2017-17424
+   RESERVED
+CVE-2017-17423
+   RESERVED
+CVE-2017-17422
+   RESERVED
+CVE-2017-17421
+   RESERVED
+CVE-2017-17420
+   RESERVED
+CVE-2017-17419
+   RESERVED
+CVE-2017-17418
+   RESERVED
+CVE-2017-17417
+   RESERVED
+CVE-2017-17416
+   RESERVED
+CVE-2017-17415
+   RESERVED
+CVE-2017-17414
+   RESERVED
+CVE-2017-17413
+   RESERVED
+CVE-2017-17412
+   RESERVED
+CVE-2017-17411
+   RESERVED
+CVE-2017-17410
+   RESERVED
+CVE-2017-17409
+   RESERVED
+CVE-2017-17408
+   RESERVED
+CVE-2017-17407
+   RESERVED
+CVE-2017-17406
+   RESERVED
+CVE-2017-17405
+   RESERVED
+CVE-2017-17404
+   RESERVED
+CVE-2017-17403
+   RESERVED
+CVE-2017-17402
+   RESERVED
+CVE-2017-17401
+   RESERVED
+CVE-2017-17400
+   RESERVED
+CVE-2017-17399
+   RESERVED
+CVE-2017-17398
+   RESERVED
+CVE-2017-17397
+   RESERVED
+CVE-2017-17396
+   RESERVED
+CVE-2017-17395
+   RESERVED
+CVE-2017-17394
+   RESERVED
+CVE-2017-17393
+   RESERVED
+CVE-2017-17392
+   RESERVED
+CVE-2017-17391
+   RESERVED
+CVE-2017-17390
+   RESERVED
+CVE-2017-17389
+   RESERVED
+CVE-2017-17388
+   RESERVED
+CVE-2017-17387
+   RESERVED
+CVE-2017-17386
+   RESERVED
+CVE-2017-17385
+   RESERVED
 CVE-2017-17384
RESERVED
 CVE-2017-17383


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58254 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-04 21:10:19 + (Mon, 04 Dec 2017)
New Revision: 58254

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-04 20:52:15 UTC (rev 58253)
+++ data/CVE/list   2017-12-04 21:10:19 UTC (rev 58254)
@@ -1,3 +1,11 @@
+CVE-2017-17384
+   RESERVED
+CVE-2017-17383
+   RESERVED
+CVE-2017-17382
+   RESERVED
+CVE-2017-17381
+   RESERVED
 CVE-2018-1140
RESERVED
 CVE-2018-1139
@@ -1533,10 +1541,10 @@
RESERVED
 CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a 
Directory ...)
NOT-FOR-US: WooCommerce plugin for WordPress
-CVE-2017-17057
-   RESERVED
-CVE-2017-17056
-   RESERVED
+CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 
2.0.1.12280. The ...)
+   TODO: check
+CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator 
to ...)
+   TODO: check
 CVE-2017-17055
RESERVED
 CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function 
...)
@@ -4118,8 +4126,8 @@
RESERVED
 CVE-2017-16722
RESERVED
-CVE-2017-16721
-   RESERVED
+CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance 
SCADA ...)
+   TODO: check
 CVE-2017-16720
RESERVED
 CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 
2.2, NPort ...)
@@ -6431,6 +6439,7 @@
- konversation 1.7.3-1 (bug #881586)
NOTE: 
https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the 
...)
+   {DLA-1198-1}
- libextractor  (low; bug #880016)
NOTE: 
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg8.html
NOTE: Fixed by: 
https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117
@@ -6508,8 +6517,8 @@
RESERVED
 CVE-2017-15890
RESERVED
-CVE-2017-15889
-   RESERVED
+CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology 
DiskStation ...)
+   TODO: check
 CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet 
Radio List ...)
NOT-FOR-US: Synology
 CVE-2017-15887 (An improper restriction of excessive authentication attempts 
...)
@@ -6931,7 +6940,7 @@
RESERVED
 CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is 
configured ...)
- qpid-java  (bug #840131)
-CVE-2017-15701 (In Apache Qpid Broker-J before 6.1.x before 6.1.5, the broker 
does not ...)
+CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 
(inclusive) the ...)
- qpid-java  (bug #840131)
 CVE-2017-15700
RESERVED
@@ -7172,14 +7181,17 @@
 CVE-2017-15603
RESERVED
 CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error 
for the ...)
+   {DLA-1198-1}
- libextractor 1:1.6-1
NOTE: 
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg5.html
NOTE: Fixed by 
https://gnunet.org/git/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc
 CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow 
in the ...)
+   {DLA-1198-1}
- libextractor 1:1.6-1
NOTE: 
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg6.html
NOTE: Fixed by 
https://gnunet.org/git/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091
 CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference 
in the ...)
+   {DLA-1198-1}
- libextractor 1:1.6-1
NOTE: 
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg4.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695
@@ -8064,6 +8076,7 @@
NOTE: https://bugs.launchpad.net/bugs/1718964
NOTE: Fixed by: 
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493
 CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference 
in ...)
+   {DLA-1198-1}
- libextractor 1:1.6-1 (bug #878314)
[stretch] - libextractor  (Minor issue)
[jessie] - libextractor  (Minor issue)
@@ -8072,6 +8085,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600
NOTE: Fixed by: 
https://gnunet.org/git/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2
 CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...)
+   {DLA-1198-1}
- libextractor 1:1.6-1 (bug #878314)
[stretch] - libextractor  (Minor issue)
[jessie] - libextractor  (Minor issue)
@@ -17566,10 +17580,10 @@
RESERVED
 CVE-2017-12081
RESERVED
-CVE-2017-12080
-   RESERVED
-CVE-2017-12079
-   RESERVED
+CVE-2017-12080 (An information exposure vulnerability in 

[Secure-testing-commits] r58236 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-04 09:10:21 + (Mon, 04 Dec 2017)
New Revision: 58236

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-03 23:07:15 UTC (rev 58235)
+++ data/CVE/list   2017-12-04 09:10:21 UTC (rev 58236)
@@ -1,7 +1,767 @@
+CVE-2018-1140
+   RESERVED
+CVE-2018-1139
+   RESERVED
+CVE-2018-1138
+   RESERVED
+CVE-2018-1137
+   RESERVED
+CVE-2018-1136
+   RESERVED
+CVE-2018-1135
+   RESERVED
+CVE-2018-1134
+   RESERVED
+CVE-2018-1133
+   RESERVED
+CVE-2018-1132
+   RESERVED
+CVE-2018-1131
+   RESERVED
+CVE-2018-1130
+   RESERVED
+CVE-2018-1129
+   RESERVED
+CVE-2018-1128
+   RESERVED
+CVE-2018-1127
+   RESERVED
+CVE-2018-1126
+   RESERVED
+CVE-2018-1125
+   RESERVED
+CVE-2018-1124
+   RESERVED
+CVE-2018-1123
+   RESERVED
+CVE-2018-1122
+   RESERVED
+CVE-2018-1121
+   RESERVED
+CVE-2018-1120
+   RESERVED
+CVE-2018-1119
+   RESERVED
+CVE-2018-1118
+   RESERVED
+CVE-2018-1117
+   RESERVED
+CVE-2018-1116
+   RESERVED
+CVE-2018-1115
+   RESERVED
+CVE-2018-1114
+   RESERVED
+CVE-2018-1113
+   RESERVED
+CVE-2018-1112
+   RESERVED
+CVE-2018-
+   RESERVED
+CVE-2018-1110
+   RESERVED
+CVE-2018-1109
+   RESERVED
+CVE-2018-1108
+   RESERVED
+CVE-2018-1107
+   RESERVED
+CVE-2018-1106
+   RESERVED
+CVE-2018-1105
+   RESERVED
+CVE-2018-1104
+   RESERVED
+CVE-2018-1103
+   RESERVED
+CVE-2018-1102
+   RESERVED
+CVE-2018-1101
+   RESERVED
+CVE-2018-1100
+   RESERVED
+CVE-2018-1099
+   RESERVED
+CVE-2018-1098
+   RESERVED
+CVE-2018-1097
+   RESERVED
+CVE-2018-1096
+   RESERVED
+CVE-2018-1095
+   RESERVED
+CVE-2018-1094
+   RESERVED
+CVE-2018-1093
+   RESERVED
+CVE-2018-1092
+   RESERVED
+CVE-2018-1091
+   RESERVED
+CVE-2018-1090
+   RESERVED
+CVE-2018-1089
+   RESERVED
+CVE-2018-1088
+   RESERVED
+CVE-2018-1087
+   RESERVED
+CVE-2018-1086
+   RESERVED
+CVE-2018-1085
+   RESERVED
+CVE-2018-1084
+   RESERVED
+CVE-2018-1083
+   RESERVED
+CVE-2018-1082
+   RESERVED
+CVE-2018-1081
+   RESERVED
+CVE-2018-1080
+   RESERVED
+CVE-2018-1079
+   RESERVED
+CVE-2018-1078
+   RESERVED
+CVE-2018-1077
+   RESERVED
+CVE-2018-1076
+   RESERVED
+CVE-2018-1075
+   RESERVED
+CVE-2018-1074
+   RESERVED
+CVE-2018-1073
+   RESERVED
+CVE-2018-1072
+   RESERVED
+CVE-2018-1071
+   RESERVED
+CVE-2018-1070
+   RESERVED
+CVE-2018-1069
+   RESERVED
+CVE-2018-1068
+   RESERVED
+CVE-2018-1067
+   RESERVED
+CVE-2018-1066
+   RESERVED
+CVE-2018-1065
+   RESERVED
+CVE-2018-1064
+   RESERVED
+CVE-2018-1063
+   RESERVED
+CVE-2018-1062
+   RESERVED
+CVE-2018-1061
+   RESERVED
+CVE-2018-1060
+   RESERVED
+CVE-2018-1059
+   RESERVED
+CVE-2018-1058
+   RESERVED
+CVE-2018-1057
+   RESERVED
+CVE-2018-1056
+   RESERVED
+CVE-2018-1055
+   RESERVED
+CVE-2018-1054
+   RESERVED
+CVE-2018-1053
+   RESERVED
+CVE-2018-1052
+   RESERVED
+CVE-2018-1051
+   RESERVED
+CVE-2018-1050
+   RESERVED
+CVE-2018-1049
+   RESERVED
+CVE-2018-1048
+   RESERVED
+CVE-2018-1047
+   RESERVED
+CVE-2018-1046
+   RESERVED
+CVE-2018-1045
+   RESERVED
+CVE-2018-1044
+   RESERVED
+CVE-2018-1043
+   RESERVED
+CVE-2018-1042
+   RESERVED
+CVE-2018-1041
+   RESERVED
+CVE-2017-17380
+   RESERVED
+CVE-2017-17379
+   RESERVED
+CVE-2017-17378
+   RESERVED
+CVE-2017-17377
+   RESERVED
+CVE-2017-17376
+   RESERVED
+CVE-2017-17375
+   RESERVED
+CVE-2017-17374
+   RESERVED
+CVE-2017-17373
+   RESERVED
+CVE-2017-17372
+   RESERVED
+CVE-2017-17371
+   RESERVED
+CVE-2017-17370
+   RESERVED
+CVE-2017-17369
+   RESERVED
+CVE-2017-17368
+   RESERVED
+CVE-2017-17367
+   RESERVED
+CVE-2017-17366
+   RESERVED
+CVE-2017-17365
+   RESERVED
+CVE-2017-17364
+   RESERVED
+CVE-2017-17363
+   RESERVED
+CVE-2017-17362
+   RESERVED
+CVE-2017-17361
+   RESERVED
+CVE-2017-17360
+   RESERVED
+CVE-2017-17359
+   RESERVED
+CVE-2017-17358
+   RESERVED
+CVE-2017-17357
+   RESERVED
+CVE-2017-17356
+   RESERVED
+CVE-2017-17355
+   RESERVED
+CVE-2017-17354
+   RESERVED
+CVE-2017-17353
+   RESERVED
+CVE-2017-17352
+   RESERVED
+CVE-2017-17351
+   RESERVED
+CVE-2017-17350
+   RESERVED
+CVE-2017-17349
+   RESERVED
+CVE-2017-17348
+   RESERVED
+CVE-2017-17347
+   RESERVED
+CVE-2017-17346
+   RESERVED
+CVE-2017-17345
+   RESERVED
+CVE-2017-17344
+   RESERVED
+CVE-2017-17343
+   RESERVED
+CVE-2017-17342
+   RESERVED
+CVE-2017-17341
+   RESERVED
+CVE-2017-17340
+   RESERVED
+CVE-2017-17339
+   RESERVED
+CVE-2017-17338
+   RESERVED

[Secure-testing-commits] r58233 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-03 21:10:18 + (Sun, 03 Dec 2017)
New Revision: 58233

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-03 18:52:55 UTC (rev 58232)
+++ data/CVE/list   2017-12-03 21:10:18 UTC (rev 58233)
@@ -1,3 +1,13 @@
+CVE-2017-17100
+   RESERVED
+CVE-2017-17099
+   RESERVED
+CVE-2017-17098
+   RESERVED
+CVE-2017-17097
+   RESERVED
+CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards 
plugin ...)
+   TODO: check
 CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open 
Source ...)
- asterisk  (bug #883342)
NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html
@@ -26453,22 +26463,27 @@
 CVE-2017-8824
RESERVED
 CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
+   {DSA-4054-1}
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/24313
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
 CVE-2017-8822 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
+   {DSA-4054-1}
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/21534
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
 CVE-2017-8821 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
+   {DSA-4054-1}
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/24246
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
 CVE-2017-8820 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
+   {DSA-4054-1}
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/24245
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
 CVE-2017-8819 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
+   {DSA-4054-1}
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/24244
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58223 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-03 09:10:31 + (Sun, 03 Dec 2017)
New Revision: 58223

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-03 08:03:43 UTC (rev 58222)
+++ data/CVE/list   2017-12-03 09:10:31 UTC (rev 58223)
@@ -651,7 +651,7 @@
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html
 CVE-2017-17082
-   RESERVED
+   REJECTED
 CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in 
FFmpeg 3.4 ...)
- ffmpeg 
[stretch] - ffmpeg  (Can wait for the next 3.2.x release)
@@ -9580,8 +9580,8 @@
[jessie] - poppler  (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102687
NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=476394e7a025e02e4897da2e765df2c895d0708f
-CVE-2017-14516
-   RESERVED
+CVE-2017-14516 (Cross-Site Scripting (XSS) exists in SAP Business Objects 
Financial ...)
+   TODO: check
 CVE-2017-14515 (Heap-based Buffer Overflow on Tenda W15E devices before 
15.11.0.14 ...)
NOT-FOR-US: Tenda W15E devices
 CVE-2017-14514 (Directory Traversal on Tenda W15E devices before 15.11.0.14 
allows ...)
@@ -26449,28 +26449,23 @@
NOTE: https://github.com/dinhviethoa/libetpan/issues/274
 CVE-2017-8824
RESERVED
-CVE-2017-8823 [TROVE-2017-013: Use-after-free in onion service v2]
-   RESERVED
+CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/24313
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
-CVE-2017-8822 [TROVE-2017-012: Relays can pick themselves in a circuit path]
-   RESERVED
+CVE-2017-8822 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/21534
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
-CVE-2017-8821 [TROVE-2017-011: An attacker can make Tor ask for a password]
-   RESERVED
+CVE-2017-8821 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/24246
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
-CVE-2017-8820 [TROVE-2017-010: Remote DoS attack against directory authorities]
-   RESERVED
+CVE-2017-8820 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/24245
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
-CVE-2017-8819 [TROVE-2017-009: Replay-cache ineffective for v2 onion services]
-   RESERVED
+CVE-2017-8819 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 
0.2.9 ...)
- tor 0.3.1.9-1
NOTE: https://bugs.torproject.org/24244
NOTE: 
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58209 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-02 09:10:16 + (Sat, 02 Dec 2017)
New Revision: 58209

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-02 08:42:31 UTC (rev 58208)
+++ data/CVE/list   2017-12-02 09:10:16 UTC (rev 58209)
@@ -1,3 +1,5 @@
+CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open 
Source ...)
+   TODO: check
 CVE-2018-1040
RESERVED
 CVE-2018-1039
@@ -600,23 +602,23 @@
RESERVED
 CVE-2017-17089
RESERVED
-CVE-2017-17091 [Use a properly generated hash for the 'newbloguser' key 
instead of a determinate substring]
+CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the 
newbloguser ...)
- wordpress 
NOTE: 
https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
-CVE-2017-17093 [Add escaping to the language attributes used on 'html' 
elements]
+CVE-2017-17093 (wp-includes/general-template.php in WordPress before 4.9.1 
does not ...)
- wordpress 
NOTE: 
https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
-CVE-2017-17094 [Ensure the attributes of enclosures are correctly escaped in 
RSS and Atom feeds]
+CVE-2017-17094 (wp-includes/feed.php in WordPress before 4.9.1 does not 
properly ...)
- wordpress 
NOTE: 
https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
-CVE-2017-17092 [Remove the ability to upload JavaScript files for users who do 
not have the 'unfiltered_html' capability]
+CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not 
require ...)
- wordpress 
NOTE: 
https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
NOTE: 
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
-CVE-2017-17095 [heap-based buffer overflow in the pal2rgb tool]
+CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote 
attackers to ...)
- tiff  (unimportant)
- tiff3  (unimportant)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58195 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-01 21:10:21 + (Fri, 01 Dec 2017)
New Revision: 58195

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-01 19:56:17 UTC (rev 58194)
+++ data/CVE/list   2017-12-01 21:10:21 UTC (rev 58195)
@@ -1,3 +1,605 @@
+CVE-2018-1040
+   RESERVED
+CVE-2018-1039
+   RESERVED
+CVE-2018-1038
+   RESERVED
+CVE-2018-1037
+   RESERVED
+CVE-2018-1036
+   RESERVED
+CVE-2018-1035
+   RESERVED
+CVE-2018-1034
+   RESERVED
+CVE-2018-1033
+   RESERVED
+CVE-2018-1032
+   RESERVED
+CVE-2018-1031
+   RESERVED
+CVE-2018-1030
+   RESERVED
+CVE-2018-1029
+   RESERVED
+CVE-2018-1028
+   RESERVED
+CVE-2018-1027
+   RESERVED
+CVE-2018-1026
+   RESERVED
+CVE-2018-1025
+   RESERVED
+CVE-2018-1024
+   RESERVED
+CVE-2018-1023
+   RESERVED
+CVE-2018-1022
+   RESERVED
+CVE-2018-1021
+   RESERVED
+CVE-2018-1020
+   RESERVED
+CVE-2018-1019
+   RESERVED
+CVE-2018-1018
+   RESERVED
+CVE-2018-1017
+   RESERVED
+CVE-2018-1016
+   RESERVED
+CVE-2018-1015
+   RESERVED
+CVE-2018-1014
+   RESERVED
+CVE-2018-1013
+   RESERVED
+CVE-2018-1012
+   RESERVED
+CVE-2018-1011
+   RESERVED
+CVE-2018-1010
+   RESERVED
+CVE-2018-1009
+   RESERVED
+CVE-2018-1008
+   RESERVED
+CVE-2018-1007
+   RESERVED
+CVE-2018-1006
+   RESERVED
+CVE-2018-1005
+   RESERVED
+CVE-2018-1004
+   RESERVED
+CVE-2018-1003
+   RESERVED
+CVE-2018-1002
+   RESERVED
+CVE-2018-1001
+   RESERVED
+CVE-2018-1000
+   RESERVED
+CVE-2018-0999
+   RESERVED
+CVE-2018-0998
+   RESERVED
+CVE-2018-0997
+   RESERVED
+CVE-2018-0996
+   RESERVED
+CVE-2018-0995
+   RESERVED
+CVE-2018-0994
+   RESERVED
+CVE-2018-0993
+   RESERVED
+CVE-2018-0992
+   RESERVED
+CVE-2018-0991
+   RESERVED
+CVE-2018-0990
+   RESERVED
+CVE-2018-0989
+   RESERVED
+CVE-2018-0988
+   RESERVED
+CVE-2018-0987
+   RESERVED
+CVE-2018-0986
+   RESERVED
+CVE-2018-0985
+   RESERVED
+CVE-2018-0984
+   RESERVED
+CVE-2018-0983
+   RESERVED
+CVE-2018-0982
+   RESERVED
+CVE-2018-0981
+   RESERVED
+CVE-2018-0980
+   RESERVED
+CVE-2018-0979
+   RESERVED
+CVE-2018-0978
+   RESERVED
+CVE-2018-0977
+   RESERVED
+CVE-2018-0976
+   RESERVED
+CVE-2018-0975
+   RESERVED
+CVE-2018-0974
+   RESERVED
+CVE-2018-0973
+   RESERVED
+CVE-2018-0972
+   RESERVED
+CVE-2018-0971
+   RESERVED
+CVE-2018-0970
+   RESERVED
+CVE-2018-0969
+   RESERVED
+CVE-2018-0968
+   RESERVED
+CVE-2018-0967
+   RESERVED
+CVE-2018-0966
+   RESERVED
+CVE-2018-0965
+   RESERVED
+CVE-2018-0964
+   RESERVED
+CVE-2018-0963
+   RESERVED
+CVE-2018-0962
+   RESERVED
+CVE-2018-0961
+   RESERVED
+CVE-2018-0960
+   RESERVED
+CVE-2018-0959
+   RESERVED
+CVE-2018-0958
+   RESERVED
+CVE-2018-0957
+   RESERVED
+CVE-2018-0956
+   RESERVED
+CVE-2018-0955
+   RESERVED
+CVE-2018-0954
+   RESERVED
+CVE-2018-0953
+   RESERVED
+CVE-2018-0952
+   RESERVED
+CVE-2018-0951
+   RESERVED
+CVE-2018-0950
+   RESERVED
+CVE-2018-0949
+   RESERVED
+CVE-2018-0948
+   RESERVED
+CVE-2018-0947
+   RESERVED
+CVE-2018-0946
+   RESERVED
+CVE-2018-0945
+   RESERVED
+CVE-2018-0944
+   RESERVED
+CVE-2018-0943
+   RESERVED
+CVE-2018-0942
+   RESERVED
+CVE-2018-0941
+   RESERVED
+CVE-2018-0940
+   RESERVED
+CVE-2018-0939
+   RESERVED
+CVE-2018-0938
+   RESERVED
+CVE-2018-0937
+   RESERVED
+CVE-2018-0936
+   RESERVED
+CVE-2018-0935
+   RESERVED
+CVE-2018-0934
+   RESERVED
+CVE-2018-0933
+   RESERVED
+CVE-2018-0932
+   RESERVED
+CVE-2018-0931
+   RESERVED
+CVE-2018-0930
+   RESERVED
+CVE-2018-0929
+   RESERVED
+CVE-2018-0928
+   RESERVED
+CVE-2018-0927
+   RESERVED
+CVE-2018-0926
+   RESERVED
+CVE-2018-0925
+   RESERVED
+CVE-2018-0924
+   RESERVED
+CVE-2018-0923
+   RESERVED
+CVE-2018-0922
+   RESERVED
+CVE-2018-0921
+   RESERVED
+CVE-2018-0920
+   RESERVED
+CVE-2018-0919
+   RESERVED
+CVE-2018-0918
+   RESERVED
+CVE-2018-0917
+   RESERVED
+CVE-2018-0916
+   RESERVED
+CVE-2018-0915
+   RESERVED
+CVE-2018-0914
+   RESERVED
+CVE-2018-0913
+   RESERVED
+CVE-2018-0912
+   RESERVED
+CVE-2018-0911
+   RESERVED
+CVE-2018-0910
+   RESERVED
+CVE-2018-0909
+   RESERVED
+CVE-2018-0908
+   RESERVED
+CVE-2018-0907
+   RESERVED
+CVE-2018-0906
+   RESERVED
+CVE-2018-0905
+   RESERVED
+CVE-2018-0904
+   RESERVED
+CVE-2018-0903
+   RESERVED
+CVE-2018-0902
+   RESERVED
+CVE-2018-0901
+   RESERVED
+CVE-2018-0900
+   RESERVED
+CVE-2018-0899
+   RESERVED
+CVE-2018-0898
+   RESERVED
+CVE-2018-0897
+   RESERVED
+CVE-2018-0896
+

[Secure-testing-commits] r58166 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-12-01 09:10:17 + (Fri, 01 Dec 2017)
New Revision: 58166

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-12-01 07:38:45 UTC (rev 58165)
+++ data/CVE/list   2017-12-01 09:10:17 UTC (rev 58166)
@@ -1,3 +1,21 @@
+CVE-2017-17088
+   RESERVED
+CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of 
a .swp ...)
+   TODO: check
+CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a 
/script substring in an ...)
+   TODO: check
+CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP 
Safety ...)
+   TODO: check
+CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA 
...)
+   TODO: check
+CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS 
dissector ...)
+   TODO: check
+CVE-2017-17082
+   RESERVED
+CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in 
FFmpeg 3.4 ...)
+   TODO: check
+CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka 
libbfd), as ...)
+   TODO: check
 CVE-2018-0740
RESERVED
 CVE-2018-0739
@@ -1793,10 +1811,9 @@
RESERVED
 CVE-2017-16885
RESERVED
-CVE-2017-1000406
+CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache 
after a ...)
NOT-FOR-US: OpenDayLight
-CVE-2017-1000405 ["Dirty COW" variant on transparent huge pages]
-   RESERVED
+CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a 
problematic use ...)
- linux 4.14.2-1
NOTE: Fixed by: 
https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
@@ -5609,6 +5626,7 @@
[jessie] - musl  (Minor issue)
NOTE: 
https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
 CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, 
there is ...)
+   {DLA-1197-1}
- sox 14.4.2-2 (bug #882144)
[stretch] - sox  (Minor issue)
[jessie] - sox  (Minor issue)
@@ -5689,8 +5707,8 @@
NOT-FOR-US: Octopus Deploy
 CVE-2017-15608
RESERVED
-CVE-2017-15607
-   RESERVED
+CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in 
filesystem-based ...)
+   TODO: check
 CVE-2017-15606
RESERVED
 CVE-2017-15605
@@ -6274,6 +6292,7 @@
 CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to ...)
NOT-FOR-US: E-Sic
 CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
+   {DLA-1197-1}
- sox 14.4.2-2 (bug #878808)
[stretch] - sox  (Minor issue)
[jessie] - sox  (Minor issue)
@@ -18354,19 +18373,17 @@
RESERVED
 CVE-2017-11287
RESERVED
-CVE-2017-11286
-   RESERVED
-CVE-2017-11285
-   RESERVED
-CVE-2017-11284
-   RESERVED
-CVE-2017-11283
-   RESERVED
-CVE-2017-11282
-   RESERVED
+CVE-2017-11286 (Adobe ColdFusion has an XML external entity (XXE) injection 
...)
+   TODO: check
+CVE-2017-11285 (Adobe ColdFusion has a cross-site scripting (XSS) 
vulnerability. This ...)
+   TODO: check
+CVE-2017-11284 (Adobe ColdFusion has an Untrusted Data Deserialization 
vulnerability. ...)
+   TODO: check
+CVE-2017-11283 (Adobe ColdFusion has an Untrusted Data Deserialization 
vulnerability. ...)
+   TODO: check
+CVE-2017-11282 (Adobe Flash Player has an exploitable memory corruption 
vulnerability ...)
NOT-FOR-US: Adobe
-CVE-2017-11281
-   RESERVED
+CVE-2017-11281 (Adobe Flash Player has an exploitable memory corruption 
vulnerability ...)
NOT-FOR-US: Adobe
 CVE-2017-11280 (Adobe Digital Editions 4.5.4 and earlier has an exploitable 
memory ...)
NOT-FOR-US: Adobe
@@ -43632,10 +43649,10 @@
NOT-FOR-US: Adobe
 CVE-2017-3106 (Adobe Flash Player versions 26.0.0.137 and earlier have an 
exploitable ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2017-3105
-   RESERVED
-CVE-2017-3104
-   RESERVED
+CVE-2017-3105 (Adobe RoboHelp has an Open Redirect vulnerability. This affects 
...)
+   TODO: check
+CVE-2017-3104 (Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. 
This ...)
+   TODO: check
 CVE-2017-3103 (Adobe Connect versions 9.6.1 and earlier have a stored 
cross-site ...)
NOT-FOR-US: Adobe Connect
 CVE-2017-3102 (Adobe Connect versions 9.6.1 and earlier have a reflected 
cross-site ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58158 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-30 21:10:21 + (Thu, 30 Nov 2017)
New Revision: 58158

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-30 21:08:48 UTC (rev 58157)
+++ data/CVE/list   2017-11-30 21:10:21 UTC (rev 58158)
@@ -1,3 +1,47 @@
+CVE-2018-0740
+   RESERVED
+CVE-2018-0739
+   RESERVED
+CVE-2018-0738
+   RESERVED
+CVE-2018-0737
+   RESERVED
+CVE-2018-0736
+   RESERVED
+CVE-2018-0735
+   RESERVED
+CVE-2018-0734
+   RESERVED
+CVE-2018-0733
+   RESERVED
+CVE-2018-0732
+   RESERVED
+CVE-2018-0731
+   RESERVED
+CVE-2017-17079
+   RESERVED
+CVE-2017-17078
+   RESERVED
+CVE-2017-17077
+   RESERVED
+CVE-2017-17076
+   RESERVED
+CVE-2017-17075
+   RESERVED
+CVE-2017-17074
+   RESERVED
+CVE-2017-17073
+   RESERVED
+CVE-2017-17072
+   RESERVED
+CVE-2017-17071
+   RESERVED
+CVE-2017-17070
+   RESERVED
+CVE-2017-17069
+   RESERVED
+CVE-2017-17068
+   RESERVED
 CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x 
before ...)
TODO: check
 CVE-2017-17066
@@ -2,4 +46,4 @@
RESERVED
-CVE-2017-17065
-   RESERVED
+CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...)
+   TODO: check
 CVE-2017-17064
@@ -1603,6 +1647,7 @@
- linux 4.13.13-1
NOTE: Fixed by: 
https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote 
attackers to ...)
+   {DLA-1196-1}
- optipng  (bug #878839)
NOTE: https://sourceforge.net/p/optipng/bugs/69/
 CVE-2017-16937
@@ -1624,12 +1669,14 @@
NOTE: 
https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846
NOTE: Fix for the incomplete fix for CVE-2016-2313
 CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite 
recursion in ...)
+   {DLA-1194-1}
- libxml2  (bug #882613)
[stretch] - libxml2  (Minor issue)
[jessie] - libxml2  (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
NOTE: 
https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
 CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity 
references ...)
+   {DLA-1194-1}
- libxml2 2.9.4+dfsg1-3.1
[stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
[jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
@@ -6232,11 +6279,13 @@
[jessie] - sox  (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
 CVE-2017-15371 (There is a reachable assertion abort in the function ...)
+   {DLA-1197-1}
- sox 14.4.2-2 (bug #878809)
[stretch] - sox  (Minor issue)
[jessie] - sox  (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS 
function of ...)
+   {DLA-1197-1}
- sox 14.4.2-2 (bug #878810)
[stretch] - sox  (Minor issue)
[jessie] - sox  (Minor issue)
@@ -6935,8 +6984,8 @@
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
 CVE-2017-15117
REJECTED
-CVE-2017-15116
-   RESERVED
+CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel 
before ...)
+   TODO: check
 CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux 
kernel ...)
- linux 4.13.13-1
NOTE: 
https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 
(v4.14-rc6)
@@ -7596,8 +7645,8 @@
NOT-FOR-US: Wordpress plugin
 CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with 
PayPal) ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-14949
-   RESERVED
+CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to 
access ...)
+   TODO: check
 CVE-2017-14948
RESERVED
 CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute 
...)
@@ -7824,8 +7873,7 @@
RESERVED
 CVE-2017-14869
RESERVED
-CVE-2017-14868
-   RESERVED
+CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, 
allows ...)
- restlet  (bug #596472)
 CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data 
function of ...)
[experimental] - exiv2  (bug #880015)
@@ -14524,8 +14572,7 @@
NOT-FOR-US: Apache Camel
 CVE-2017-12632
RESERVED
-CVE-2017-12631
-   RESERVED
+CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific 
plugins to ...)
NOT-FOR-US: Apache CXF
 CVE-2017-12630
RESERVED
@@ -15263,96 +15310,96 @@
RESERVED
 CVE-2017-12373
RESERVED
-CVE-2017-12372
-   RESERVED
-CVE-2017-12371
-   RESERVED
-CVE-2017-12370
-   RESERVED
-CVE-2017-12369
-

[Secure-testing-commits] r58135 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-30 09:10:14 + (Thu, 30 Nov 2017)
New Revision: 58135

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-30 07:48:36 UTC (rev 58134)
+++ data/CVE/list   2017-11-30 09:10:14 UTC (rev 58135)
@@ -1,3 +1,5 @@
+CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x 
before ...)
+   TODO: check
 CVE-2017-17066
RESERVED
 CVE-2017-17065
@@ -1575,6 +1577,7 @@
[wheezy] - libsndfile  (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/341
 CVE-2017-16944 (The receive_msg function in receive.c in the SMTP daemon in 
Exim 4.88 ...)
+   {DSA-4053-1}
- exim4 4.89-13 (bug #882671)
[jessie] - exim4  (ESMTP CHUNKING extension introduced in 
4.88)
[wheezy] - exim4  (ESMTP CHUNKING extension introduced in 
4.88)
@@ -1583,6 +1586,7 @@
NOTE: 
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
NOTE: 4.89-10 adds a workaround which disables the affected code by 
default
 CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in 
Exim 4.88 ...)
+   {DSA-4053-1}
- exim4 4.89-12 (bug #882648)
[jessie] - exim4  (ESMTP CHUNKING extension introduced in 
4.88)
[wheezy] - exim4  (ESMTP CHUNKING extension introduced in 
4.88)
@@ -1745,6 +1749,7 @@
 CVE-2017-1000406
NOT-FOR-US: OpenDayLight
 CVE-2017-1000405 ["Dirty COW" variant on transparent huge pages]
+   RESERVED
- linux 
NOTE: Fixed by: 
https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
@@ -8650,8 +8655,8 @@
RESERVED
 CVE-2017-14592
RESERVED
-CVE-2017-14591
-   RESERVED
+CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and 
version ...)
+   TODO: check
 CVE-2017-14590
RESERVED
 CVE-2017-14589
@@ -9762,12 +9767,12 @@
RESERVED
 CVE-2017-14199
RESERVED
-CVE-2017-14198
-   RESERVED
-CVE-2017-14197
-   RESERVED
-CVE-2017-14196
-   RESERVED
+CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 
5.4.x before ...)
+   TODO: check
+CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 
5.4.x before ...)
+   TODO: check
+CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 
5.3.6.1 and ...)
+   TODO: check
 CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui 
FineCms 5.0.11 ...)
NOT-FOR-US: dayrui FineCms
 CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui 
FineCms ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58123 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-29 21:10:19 + (Wed, 29 Nov 2017)
New Revision: 58123

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-29 19:50:37 UTC (rev 58122)
+++ data/CVE/list   2017-11-29 21:10:19 UTC (rev 58123)
@@ -1,3 +1,21 @@
+CVE-2017-17066
+   RESERVED
+CVE-2017-17065
+   RESERVED
+CVE-2017-17064
+   RESERVED
+CVE-2017-17063
+   RESERVED
+CVE-2017-17062
+   RESERVED
+CVE-2017-17061
+   RESERVED
+CVE-2017-17060
+   RESERVED
+CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka 
amtyThumb posts ...)
+   TODO: check
+CVE-2017-1000385
+   RESERVED
 CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a 
Directory ...)
NOT-FOR-US: WooCommerce plugin for WordPress
 CVE-2017-17057
@@ -1727,42 +1745,61 @@
 CVE-2017-1000406
NOT-FOR-US: OpenDayLight
 CVE-2017-1000404
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000403
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000402
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000401
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000400
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000399
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000398
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000397
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000396
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000395
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000394
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000393
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000392
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000391
+   RESERVED
NOT-FOR-US: Jenkins
 CVE-2017-1000390
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000389
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000388
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000387
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000386
+   RESERVED
NOT-FOR-US: Jenkins plugin
 CVE-2017-16884
RESERVED
@@ -3737,6 +3774,7 @@
 CVE-2017-16242
RESERVED
 CVE-2017-1000384 [Arbitrary file read]
+   RESERVED
- passenger 
- ruby-passenger 
[jessie] - ruby-passenger  (Minor issue)
@@ -9203,10 +9241,10 @@
RESERVED
 CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a 
cross-site ...)
NOT-FOR-US: EMC
-CVE-2017-14378
-   RESERVED
-CVE-2017-14377
-   RESERVED
+CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA 
Authentication Agent ...)
+   TODO: check
+CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server 
version 8.0 and ...)
+   TODO: check
 CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts 
with ...)
NOT-FOR-US: EMC AppSync Server
 CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior 
to ...)
@@ -9733,14 +9771,14 @@
RESERVED
 CVE-2017-14190
RESERVED
-CVE-2017-14189
-   RESERVED
+CVE-2017-14189 (An improper access control vulnerability in Fortinet 
FortiWebManager ...)
+   TODO: check
 CVE-2017-14188
RESERVED
 CVE-2017-14187
RESERVED
-CVE-2017-14186
-   RESERVED
+CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 
5.6.0 ...)
+   TODO: check
 CVE-2017-14185
RESERVED
 CVE-2017-14184
@@ -9836,7 +9874,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
 CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows 
remote ...)
-   {DLA-1107-1}
+   {DSA-4052-1 DLA-1107-1}
- bzr 2.7.0+bzr6622-7 (bug #874429)
NOTE: https://bugs.launchpad.net/bzr/+bug/1710979
 CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after 
dropping ...)
@@ -10608,8 +10646,8 @@
RESERVED
 CVE-2017-13873
RESERVED
-CVE-2017-13872
-   RESERVED
+CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High 
Sierra ...)
+   TODO: check
 CVE-2017-13871
RESERVED
 CVE-2017-13870
@@ -25627,21 +25665,20 @@
RESERVED
 CVE-2017-8819
RESERVED
-CVE-2017-8818 [SSL out of buffer access]
-   RESERVED
+CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow 
attackers to ...)
- curl 
[stretch] - curl  (Vulnerable code not present)
[jessie] - curl  (Vulnerable code not present)
[wheezy] - curl  (Vulnerable code not present)
NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html
NOTE: https://curl.haxx.se/CVE-2017-8818.patch
-CVE-2017-8817 [FTP wildcard out of bounds read]
-   RESERVED
+CVE-2017-8817 (The 

[Secure-testing-commits] r58105 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-29 09:10:23 + (Wed, 29 Nov 2017)
New Revision: 58105

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-29 08:37:04 UTC (rev 58104)
+++ data/CVE/list   2017-11-29 09:10:23 UTC (rev 58105)
@@ -1,10 +1,32 @@
-CVE-2017-17053 [x86/mm: Fix use-after-free of ldt_struct]
+CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a 
Directory ...)
+   TODO: check
+CVE-2017-17057
+   RESERVED
+CVE-2017-17056
+   RESERVED
+CVE-2017-17055
+   RESERVED
+CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function 
...)
+   TODO: check
+CVE-2017-17051
+   RESERVED
+CVE-2017-17050 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17049 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
+   TODO: check
+CVE-2017-17048
+   RESERVED
+CVE-2017-17047
+   RESERVED
+CVE-2017-17043 (The Emag Marketplace Connector plugin 1.0.0 for WordPress has 
reflected ...)
+   TODO: check
+CVE-2017-17053 (The init_new_context function in 
arch/x86/include/asm/mmu_context.h in ...)
- linux 4.12.12-1
[stretch] - linux 4.9.47-1
[jessie] - linux  (Vulnerable code not present)
[wheezy] - linux  (Vulnerable code not present)
NOTE: Fixed by: 
https://git.kernel.org/linus/ccd5b3235180eef3cfec337df1c8554ab151b5cc
-CVE-2017-17052 [fork: fix incorrect fput of ->exe_file causing use-after-free]
+CVE-2017-17052 (The mm_init function in kernel/fork.c in the Linux kernel 
before ...)
- linux 4.12.12-1
[stretch] - linux 4.9.47-1
[jessie] - linux  (Vulnerable code not present)
@@ -93,13 +115,16 @@
RESERVED
 CVE-2017-17027
RESERVED
-CVE-2017-17045 [XSA-247: Missing p2m error checking in PoD code]
+CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM 
guest OS ...)
+   {DSA-4050-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-247.html
-CVE-2017-17044 [XSA-246: x86: infinite loop due to missing PoD error checking]
+CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM 
guest OS ...)
+   {DSA-4050-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-246.html
-CVE-2017-17046 [XSA-245: ARM: Some memory not scrubbed at boot]
+CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM 
platform ...)
+   {DSA-4050-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-245.html
 CVE-2018-0705


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58096 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-28 21:10:17 + (Tue, 28 Nov 2017)
New Revision: 58096

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-28 21:04:17 UTC (rev 58095)
+++ data/CVE/list   2017-11-28 21:10:17 UTC (rev 58096)
@@ -1,3 +1,85 @@
+CVE-2018-0730
+   RESERVED
+CVE-2018-0729
+   RESERVED
+CVE-2018-0728
+   RESERVED
+CVE-2018-0727
+   RESERVED
+CVE-2018-0726
+   RESERVED
+CVE-2018-0725
+   RESERVED
+CVE-2018-0724
+   RESERVED
+CVE-2018-0723
+   RESERVED
+CVE-2018-0722
+   RESERVED
+CVE-2018-0721
+   RESERVED
+CVE-2018-0720
+   RESERVED
+CVE-2018-0719
+   RESERVED
+CVE-2018-0718
+   RESERVED
+CVE-2018-0717
+   RESERVED
+CVE-2018-0716
+   RESERVED
+CVE-2018-0715
+   RESERVED
+CVE-2018-0714
+   RESERVED
+CVE-2018-0713
+   RESERVED
+CVE-2018-0712
+   RESERVED
+CVE-2018-0711
+   RESERVED
+CVE-2018-0710
+   RESERVED
+CVE-2018-0709
+   RESERVED
+CVE-2018-0708
+   RESERVED
+CVE-2018-0707
+   RESERVED
+CVE-2018-0706
+   RESERVED
+CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 
does not ...)
+   TODO: check
+CVE-2017-17041
+   RESERVED
+CVE-2017-17040
+   RESERVED
+CVE-2017-17039
+   RESERVED
+CVE-2017-17038
+   RESERVED
+CVE-2017-17037
+   RESERVED
+CVE-2017-17036
+   RESERVED
+CVE-2017-17035
+   RESERVED
+CVE-2017-17034
+   RESERVED
+CVE-2017-17033
+   RESERVED
+CVE-2017-17032
+   RESERVED
+CVE-2017-17031
+   RESERVED
+CVE-2017-17030
+   RESERVED
+CVE-2017-17029
+   RESERVED
+CVE-2017-17028
+   RESERVED
+CVE-2017-17027
+   RESERVED
 CVE-2017- [XSA-247: Missing p2m error checking in PoD code]
- xen 
[stretch] - xen 4.8.2+xsa245-0+deb9u1
@@ -1419,10 +1501,10 @@
RESERVED
 CVE-2017-16953
RESERVED
-CVE-2017-16952
-   RESERVED
-CVE-2017-16951
-   RESERVED
+CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of 
service ...)
+   TODO: check
+CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a 
denial ...)
+   TODO: check
 CVE-2017-16950
RESERVED
 CVE-2017-16949
@@ -5309,8 +5391,8 @@
RESERVED
 CVE-2017-15674
RESERVED
-CVE-2017-15673
-   RESERVED
+CVE-2017-15673 (The files function in the administration section in CS-Cart 
4.6.2 and ...)
+   TODO: check
 CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 
3.3.4 and ...)
{DSA-4049-1}
- ffmpeg 7:3.4-1
@@ -5500,6 +5582,7 @@
 CVE-2017-15598
RESERVED
 CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying 
code made ...)
+   {DSA-4050-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-236.html
 CVE-2017-15586
@@ -6249,35 +6332,38 @@
 CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x 
before ...)
NOT-FOR-US: Mirasys Video Management System
 CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM 
PV guest ...)
+   {DSA-4050-1}
- xen 
[wheezy] - xen  (minor issue)
NOTE: https://xenbits.xen.org/xsa/advisory-244.html
 CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)
-   {DLA-1181-1}
+   {DSA-4050-1 DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-243.html
 CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
-   {DLA-1181-1}
+   {DSA-4050-1 DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-242.html
 CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
-   {DLA-1181-1}
+   {DSA-4050-1 DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-241.html
 CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
-   {DLA-1181-1}
+   {DSA-4050-1 DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-240.html
 CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)
-   {DLA-1181-1}
+   {DSA-4050-1 DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-239.html
 CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing 
attackers ...)
+   {DSA-4050-1}
- xen 
[jessie] - xen  (Only affects 4.5 and later)
[wheezy] - xen  (Only affects 4.5 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-238.html
 CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 
guest OS ...)
+   {DSA-4050-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-237.html
 CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in 

[Secure-testing-commits] r58075 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-28 09:10:21 + (Tue, 28 Nov 2017)
New Revision: 58075

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-28 05:35:21 UTC (rev 58074)
+++ data/CVE/list   2017-11-28 09:10:21 UTC (rev 58075)
@@ -1,3 +1,511 @@
+CVE-2018-0705
+   RESERVED
+CVE-2018-0704
+   RESERVED
+CVE-2018-0703
+   RESERVED
+CVE-2018-0702
+   RESERVED
+CVE-2018-0701
+   RESERVED
+CVE-2018-0700
+   RESERVED
+CVE-2018-0699
+   RESERVED
+CVE-2018-0698
+   RESERVED
+CVE-2018-0697
+   RESERVED
+CVE-2018-0696
+   RESERVED
+CVE-2018-0695
+   RESERVED
+CVE-2018-0694
+   RESERVED
+CVE-2018-0693
+   RESERVED
+CVE-2018-0692
+   RESERVED
+CVE-2018-0691
+   RESERVED
+CVE-2018-0690
+   RESERVED
+CVE-2018-0689
+   RESERVED
+CVE-2018-0688
+   RESERVED
+CVE-2018-0687
+   RESERVED
+CVE-2018-0686
+   RESERVED
+CVE-2018-0685
+   RESERVED
+CVE-2018-0684
+   RESERVED
+CVE-2018-0683
+   RESERVED
+CVE-2018-0682
+   RESERVED
+CVE-2018-0681
+   RESERVED
+CVE-2018-0680
+   RESERVED
+CVE-2018-0679
+   RESERVED
+CVE-2018-0678
+   RESERVED
+CVE-2018-0677
+   RESERVED
+CVE-2018-0676
+   RESERVED
+CVE-2018-0675
+   RESERVED
+CVE-2018-0674
+   RESERVED
+CVE-2018-0673
+   RESERVED
+CVE-2018-0672
+   RESERVED
+CVE-2018-0671
+   RESERVED
+CVE-2018-0670
+   RESERVED
+CVE-2018-0669
+   RESERVED
+CVE-2018-0668
+   RESERVED
+CVE-2018-0667
+   RESERVED
+CVE-2018-0666
+   RESERVED
+CVE-2018-0665
+   RESERVED
+CVE-2018-0664
+   RESERVED
+CVE-2018-0663
+   RESERVED
+CVE-2018-0662
+   RESERVED
+CVE-2018-0661
+   RESERVED
+CVE-2018-0660
+   RESERVED
+CVE-2018-0659
+   RESERVED
+CVE-2018-0658
+   RESERVED
+CVE-2018-0657
+   RESERVED
+CVE-2018-0656
+   RESERVED
+CVE-2018-0655
+   RESERVED
+CVE-2018-0654
+   RESERVED
+CVE-2018-0653
+   RESERVED
+CVE-2018-0652
+   RESERVED
+CVE-2018-0651
+   RESERVED
+CVE-2018-0650
+   RESERVED
+CVE-2018-0649
+   RESERVED
+CVE-2018-0648
+   RESERVED
+CVE-2018-0647
+   RESERVED
+CVE-2018-0646
+   RESERVED
+CVE-2018-0645
+   RESERVED
+CVE-2018-0644
+   RESERVED
+CVE-2018-0643
+   RESERVED
+CVE-2018-0642
+   RESERVED
+CVE-2018-0641
+   RESERVED
+CVE-2018-0640
+   RESERVED
+CVE-2018-0639
+   RESERVED
+CVE-2018-0638
+   RESERVED
+CVE-2018-0637
+   RESERVED
+CVE-2018-0636
+   RESERVED
+CVE-2018-0635
+   RESERVED
+CVE-2018-0634
+   RESERVED
+CVE-2018-0633
+   RESERVED
+CVE-2018-0632
+   RESERVED
+CVE-2018-0631
+   RESERVED
+CVE-2018-0630
+   RESERVED
+CVE-2018-0629
+   RESERVED
+CVE-2018-0628
+   RESERVED
+CVE-2018-0627
+   RESERVED
+CVE-2018-0626
+   RESERVED
+CVE-2018-0625
+   RESERVED
+CVE-2018-0624
+   RESERVED
+CVE-2018-0623
+   RESERVED
+CVE-2018-0622
+   RESERVED
+CVE-2018-0621
+   RESERVED
+CVE-2018-0620
+   RESERVED
+CVE-2018-0619
+   RESERVED
+CVE-2018-0618
+   RESERVED
+CVE-2018-0617
+   RESERVED
+CVE-2018-0616
+   RESERVED
+CVE-2018-0615
+   RESERVED
+CVE-2018-0614
+   RESERVED
+CVE-2018-0613
+   RESERVED
+CVE-2018-0612
+   RESERVED
+CVE-2018-0611
+   RESERVED
+CVE-2018-0610
+   RESERVED
+CVE-2018-0609
+   RESERVED
+CVE-2018-0608
+   RESERVED
+CVE-2018-0607
+   RESERVED
+CVE-2018-0606
+   RESERVED
+CVE-2018-0605
+   RESERVED
+CVE-2018-0604
+   RESERVED
+CVE-2018-0603
+   RESERVED
+CVE-2018-0602
+   RESERVED
+CVE-2018-0601
+   RESERVED
+CVE-2018-0600
+   RESERVED
+CVE-2018-0599
+   RESERVED
+CVE-2018-0598
+   RESERVED
+CVE-2018-0597
+   RESERVED
+CVE-2018-0596
+   RESERVED
+CVE-2018-0595
+   RESERVED
+CVE-2018-0594
+   RESERVED
+CVE-2018-0593
+   RESERVED
+CVE-2018-0592
+   RESERVED
+CVE-2018-0591
+   RESERVED
+CVE-2018-0590
+   RESERVED
+CVE-2018-0589
+   RESERVED
+CVE-2018-0588
+   RESERVED
+CVE-2018-0587
+   RESERVED
+CVE-2018-0586
+   RESERVED
+CVE-2018-0585
+   RESERVED
+CVE-2018-0584
+   RESERVED
+CVE-2018-0583
+   RESERVED
+CVE-2018-0582
+   RESERVED
+CVE-2018-0581
+   RESERVED
+CVE-2018-0580
+   RESERVED
+CVE-2018-0579
+   RESERVED
+CVE-2018-0578
+   RESERVED
+CVE-2018-0577
+   RESERVED
+CVE-2018-0576
+   RESERVED
+CVE-2018-0575
+   RESERVED
+CVE-2018-0574
+   RESERVED
+CVE-2018-0573
+   RESERVED
+CVE-2018-0572
+   RESERVED
+CVE-2018-0571
+   RESERVED
+CVE-2018-0570
+   RESERVED
+CVE-2018-0569
+   RESERVED
+CVE-2018-0568
+   RESERVED
+CVE-2018-0567
+   RESERVED
+CVE-2018-0566
+   RESERVED
+CVE-2018-0565
+   RESERVED
+CVE-2018-0564
+   RESERVED
+CVE-2018-0563
+   RESERVED
+CVE-2018-0562
+   RESERVED
+CVE-2018-0561
+

[Secure-testing-commits] r58059 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-27 21:10:20 + (Mon, 27 Nov 2017)
New Revision: 58059

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-27 20:37:03 UTC (rev 58058)
+++ data/CVE/list   2017-11-27 21:10:20 UTC (rev 58059)
@@ -1,3 +1,15 @@
+CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution 
in the ...)
+   TODO: check
+CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties 
such as a ...)
+   TODO: check
+CVE-2017-1001002 (math.js before 3.17.0 had an arbitrary code execution in the 
...)
+   TODO: check
+CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
+   TODO: check
+CVE-2017-1000207 (A vulnerability in Swagger-Parser's version = 1.0.30 and 
Swagger ...)
+   TODO: check
+CVE-2017-1000159 (Command injection in evince 3.24.8 via filename when 
printing to PDF ...)
+   TODO: check
 CVE-2018-0485
RESERVED
 CVE-2018-0484
@@ -798,7 +810,7 @@
RESERVED
 CVE-2018-0086
RESERVED
-CVE-2017-16994
+CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux 
kernel ...)
- linux 
NOTE: Fixed by: 
https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1)
 CVE-2017-16993
@@ -863,22 +875,22 @@
RESERVED
 CVE-2017-16963
RESERVED
-CVE-2017-16962
-   RESERVED
-CVE-2017-16961
-   RESERVED
-CVE-2017-16960
-   RESERVED
-CVE-2017-16959
-   RESERVED
-CVE-2017-16958
-   RESERVED
-CVE-2017-16957
-   RESERVED
-CVE-2017-16956
-   RESERVED
-CVE-2017-16955
-   RESERVED
+CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in 
CommuniGate ...)
+   TODO: check
+CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in 
BigTree ...)
+   TODO: check
+CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote 
...)
+   TODO: check
+CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, 
TL-ER, ...)
+   TODO: check
+CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote 
...)
+   TODO: check
+CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote 
...)
+   TODO: check
+CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending 
a ...)
+   TODO: check
+CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1 
for ...)
+   TODO: check
 CVE-2017-16954
RESERVED
 CVE-2017-16953
@@ -6202,14 +6214,13 @@
 CVE-2017-15118
RESERVED
 CVE-2017-15117
-   RESERVED
+   REJECTED
 CVE-2017-15116
RESERVED
 CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux 
kernel ...)
- linux 4.13.13-1
NOTE: 
https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 
(v4.14-rc6)
-CVE-2017-15114 [Passwordless access for non-libvirt related services when 
using shared certificate authority]
-   RESERVED
+CVE-2017-15114 (When libvirtd is configured by OSP director 
(tripleo-heat-templates) ...)
- tripleo-heat-templates  (Vulnerability introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015
NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370
@@ -6250,8 +6261,7 @@
- liblouis  (Incomplete fix not applied in Debian)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023
-CVE-2017-15100
-   RESERVED
+CVE-2017-15100 (An attacker submitting facts to the Foreman server containing 
HTML can ...)
- foreman  (bug #663101)
 CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x 
before ...)
{DSA-4028-1}
@@ -6435,16 +6445,16 @@
NOTE: https://github.com/upx/upx/issues/128
NOTE: 
https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317
NOTE: crash in CLI tool, no security impact
-CVE-2017-15055
-   RESERVED
-CVE-2017-15054
-   RESERVED
-CVE-2017-15053
-   RESERVED
-CVE-2017-15052
-   RESERVED
-CVE-2017-15051
-   RESERVED
+CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access 
control ...)
+   TODO: check
+CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass 
before ...)
+   TODO: check
+CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager 
access ...)
+   TODO: check
+CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager 
access ...)
+   TODO: check
+CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
TeamPass ...)
+   TODO: check
 CVE-2017-15050
RESERVED
 CVE-2017-15049
@@ -7932,10 +7942,10 @@
NOT-FOR-US: Atlassian
 CVE-2017-14587 (The administration user 

[Secure-testing-commits] r58047 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-27 09:10:15 + (Mon, 27 Nov 2017)
New Revision: 58047

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-27 06:38:47 UTC (rev 58046)
+++ data/CVE/list   2017-11-27 09:10:15 UTC (rev 58047)
@@ -1,3 +1,895 @@
+CVE-2018-0485
+   RESERVED
+CVE-2018-0484
+   RESERVED
+CVE-2018-0483
+   RESERVED
+CVE-2018-0482
+   RESERVED
+CVE-2018-0481
+   RESERVED
+CVE-2018-0480
+   RESERVED
+CVE-2018-0479
+   RESERVED
+CVE-2018-0478
+   RESERVED
+CVE-2018-0477
+   RESERVED
+CVE-2018-0476
+   RESERVED
+CVE-2018-0475
+   RESERVED
+CVE-2018-0474
+   RESERVED
+CVE-2018-0473
+   RESERVED
+CVE-2018-0472
+   RESERVED
+CVE-2018-0471
+   RESERVED
+CVE-2018-0470
+   RESERVED
+CVE-2018-0469
+   RESERVED
+CVE-2018-0468
+   RESERVED
+CVE-2018-0467
+   RESERVED
+CVE-2018-0466
+   RESERVED
+CVE-2018-0465
+   RESERVED
+CVE-2018-0464
+   RESERVED
+CVE-2018-0463
+   RESERVED
+CVE-2018-0462
+   RESERVED
+CVE-2018-0461
+   RESERVED
+CVE-2018-0460
+   RESERVED
+CVE-2018-0459
+   RESERVED
+CVE-2018-0458
+   RESERVED
+CVE-2018-0457
+   RESERVED
+CVE-2018-0456
+   RESERVED
+CVE-2018-0455
+   RESERVED
+CVE-2018-0454
+   RESERVED
+CVE-2018-0453
+   RESERVED
+CVE-2018-0452
+   RESERVED
+CVE-2018-0451
+   RESERVED
+CVE-2018-0450
+   RESERVED
+CVE-2018-0449
+   RESERVED
+CVE-2018-0448
+   RESERVED
+CVE-2018-0447
+   RESERVED
+CVE-2018-0446
+   RESERVED
+CVE-2018-0445
+   RESERVED
+CVE-2018-0444
+   RESERVED
+CVE-2018-0443
+   RESERVED
+CVE-2018-0442
+   RESERVED
+CVE-2018-0441
+   RESERVED
+CVE-2018-0440
+   RESERVED
+CVE-2018-0439
+   RESERVED
+CVE-2018-0438
+   RESERVED
+CVE-2018-0437
+   RESERVED
+CVE-2018-0436
+   RESERVED
+CVE-2018-0435
+   RESERVED
+CVE-2018-0434
+   RESERVED
+CVE-2018-0433
+   RESERVED
+CVE-2018-0432
+   RESERVED
+CVE-2018-0431
+   RESERVED
+CVE-2018-0430
+   RESERVED
+CVE-2018-0429
+   RESERVED
+CVE-2018-0428
+   RESERVED
+CVE-2018-0427
+   RESERVED
+CVE-2018-0426
+   RESERVED
+CVE-2018-0425
+   RESERVED
+CVE-2018-0424
+   RESERVED
+CVE-2018-0423
+   RESERVED
+CVE-2018-0422
+   RESERVED
+CVE-2018-0421
+   RESERVED
+CVE-2018-0420
+   RESERVED
+CVE-2018-0419
+   RESERVED
+CVE-2018-0418
+   RESERVED
+CVE-2018-0417
+   RESERVED
+CVE-2018-0416
+   RESERVED
+CVE-2018-0415
+   RESERVED
+CVE-2018-0414
+   RESERVED
+CVE-2018-0413
+   RESERVED
+CVE-2018-0412
+   RESERVED
+CVE-2018-0411
+   RESERVED
+CVE-2018-0410
+   RESERVED
+CVE-2018-0409
+   RESERVED
+CVE-2018-0408
+   RESERVED
+CVE-2018-0407
+   RESERVED
+CVE-2018-0406
+   RESERVED
+CVE-2018-0405
+   RESERVED
+CVE-2018-0404
+   RESERVED
+CVE-2018-0403
+   RESERVED
+CVE-2018-0402
+   RESERVED
+CVE-2018-0401
+   RESERVED
+CVE-2018-0400
+   RESERVED
+CVE-2018-0399
+   RESERVED
+CVE-2018-0398
+   RESERVED
+CVE-2018-0397
+   RESERVED
+CVE-2018-0396
+   RESERVED
+CVE-2018-0395
+   RESERVED
+CVE-2018-0394
+   RESERVED
+CVE-2018-0393
+   RESERVED
+CVE-2018-0392
+   RESERVED
+CVE-2018-0391
+   RESERVED
+CVE-2018-0390
+   RESERVED
+CVE-2018-0389
+   RESERVED
+CVE-2018-0388
+   RESERVED
+CVE-2018-0387
+   RESERVED
+CVE-2018-0386
+   RESERVED
+CVE-2018-0385
+   RESERVED
+CVE-2018-0384
+   RESERVED
+CVE-2018-0383
+   RESERVED
+CVE-2018-0382
+   RESERVED
+CVE-2018-0381
+   RESERVED
+CVE-2018-0380
+   RESERVED
+CVE-2018-0379
+   RESERVED
+CVE-2018-0378
+   RESERVED
+CVE-2018-0377
+   RESERVED
+CVE-2018-0376
+   RESERVED
+CVE-2018-0375
+   RESERVED
+CVE-2018-0374
+   RESERVED
+CVE-2018-0373
+   RESERVED
+CVE-2018-0372
+   RESERVED
+CVE-2018-0371
+   RESERVED
+CVE-2018-0370
+   RESERVED
+CVE-2018-0369
+   RESERVED
+CVE-2018-0368
+   RESERVED
+CVE-2018-0367
+   RESERVED
+CVE-2018-0366
+   RESERVED
+CVE-2018-0365
+   RESERVED
+CVE-2018-0364
+   RESERVED
+CVE-2018-0363
+   RESERVED
+CVE-2018-0362
+   RESERVED
+CVE-2018-0361
+   RESERVED
+CVE-2018-0360
+   RESERVED
+CVE-2018-0359
+   RESERVED
+CVE-2018-0358
+   RESERVED
+CVE-2018-0357
+   RESERVED
+CVE-2018-0356
+   RESERVED
+CVE-2018-0355
+   RESERVED
+CVE-2018-0354
+   RESERVED
+CVE-2018-0353
+   RESERVED
+CVE-2018-0352
+   RESERVED
+CVE-2018-0351
+   RESERVED
+CVE-2018-0350
+   RESERVED
+CVE-2018-0349
+   RESERVED
+CVE-2018-0348
+   RESERVED
+CVE-2018-0347
+   RESERVED
+CVE-2018-0346
+   RESERVED
+CVE-2018-0345
+   RESERVED
+CVE-2018-0344
+   RESERVED
+CVE-2018-0343
+   RESERVED
+CVE-2018-0342
+   RESERVED
+CVE-2018-0341
+

[Secure-testing-commits] r58040 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-26 21:10:18 + (Sun, 26 Nov 2017)
New Revision: 58040

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-26 20:38:31 UTC (rev 58039)
+++ data/CVE/list   2017-11-26 21:10:18 UTC (rev 58040)
@@ -1,3 +1,5 @@
+CVE-2017-16947
+   RESERVED
 CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php 
in MISP ...)
NOT-FOR-US: MISP
 CVE-2017-16945
@@ -6547,6 +6549,7 @@
 CVE-2017-14732
RESERVED
 CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows 
remote ...)
+   {DLA-1192-1}
- libofx 1:0.9.11-5 (bug #877442)
[stretch] - libofx  (Minor issue)
[jessie] - libofx  (Minor issue)
@@ -42810,6 +42813,7 @@
 CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing 
...)
NOT-FOR-US: PowerISO
 CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag 
parsing ...)
+   {DLA-1192-1}
- libofx 1:0.9.11-4 (bug #875801)
[stretch] - libofx  (Minor issue)
[jessie] - libofx  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58026 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-25 21:10:15 + (Sat, 25 Nov 2017)
New Revision: 58026

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-25 18:17:17 UTC (rev 58025)
+++ data/CVE/list   2017-11-25 21:10:15 UTC (rev 58026)
@@ -1,11 +1,17 @@
-CVE-2017-16944 [Exim handles BDAT data incorrectly and leads to crash]
+CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php 
in MISP ...)
+   TODO: check
+CVE-2017-16945
+   RESERVED
+CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error 
exists ...)
+   TODO: check
+CVE-2017-16944 (The receive_msg function in receive.c in the SMTP daemon in 
Exim 4.88 ...)
- exim4  (bug #882671)
[jessie] - exim4  (ESMTP CHUNKING extension introduced in 
4.88)
[wheezy] - exim4  (ESMTP CHUNKING extension introduced in 
4.88)
NOTE: https://bugs.exim.org/show_bug.cgi?id=2201
NOTE: 
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
NOTE: 4.89-10 adds a workaround which disables the affected code by 
default
-CVE-2017-16943 [Exim use-after-free vulnerability while reading mail header]
+CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in 
Exim 4.88 ...)
- exim4  (bug #882648)
[jessie] - exim4  (ESMTP CHUNKING extension introduced in 
4.88)
[wheezy] - exim4  (ESMTP CHUNKING extension introduced in 
4.88)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58010 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-25 09:10:29 + (Sat, 25 Nov 2017)
New Revision: 58010

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-25 08:27:24 UTC (rev 58009)
+++ data/CVE/list   2017-11-25 09:10:29 UTC (rev 58010)
@@ -1,3 +1,7 @@
+CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent 
use of ...)
+   TODO: check
+CVE-2017-16940
+   RESERVED
 CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in 
the ...)
- linux 4.13.13-1
NOTE: Fixed by: 
https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
@@ -3528,6 +3532,7 @@
 CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta 
Components ...)
NOT-FOR-US: Zeta Components Mail
 CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full 
function in ...)
+   {DLA-1191-1}
- python-werkzeug 0.11.11+dfsg1-1
NOTE: 
http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
NOTE: https://github.com/pallets/werkzeug/pull/1001


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58004 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-24 21:10:14 + (Fri, 24 Nov 2017)
New Revision: 58004

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-24 21:08:51 UTC (rev 58003)
+++ data/CVE/list   2017-11-24 21:10:14 UTC (rev 58004)
@@ -1,4 +1,4 @@
-CVE-2017-16939 [ipsec: Fix aborted xfrm policy dump crash]
+CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in 
the ...)
- linux 4.13.13-1
NOTE: Fixed by: 
https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote 
attackers to ...)
@@ -402,6 +402,7 @@
 CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site 
scripting ...)
NOT-FOR-US: EllisLab ExpressionEngine
 CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an 
integer overflow ...)
+   {DLA-1190-1 DLA-1189-1}
- python2.7 2.7.13-4
[stretch] - python2.7  (Minor issue)
[jessie] - python2.7  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57987 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-24 09:10:15 + (Fri, 24 Nov 2017)
New Revision: 57987

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-24 07:08:06 UTC (rev 57986)
+++ data/CVE/list   2017-11-24 09:10:15 UTC (rev 57987)
@@ -1,11 +1,25 @@
-CVE-2017-16932
+CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote 
attackers to ...)
+   TODO: check
+CVE-2017-16937
+   RESERVED
+CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on 
Shenzhen Tenda ...)
+   TODO: check
+CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs 
containing a ...)
+   TODO: check
+CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers 
to execute ...)
+   TODO: check
+CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a 
chown ...)
+   TODO: check
+CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote 
authenticated users ...)
+   TODO: check
+CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite 
recursion in ...)
- libxml2 
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
NOTE: 
https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
-CVE-2017-16931
+CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity 
references ...)
- libxml2 2.9.4+dfsg1-3.1
-[stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
-[jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
+   [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
+   [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956
NOTE: 
https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and 
CVE-2017-9050
@@ -1063,6 +1077,7 @@
 CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to 
a ...)
NOT-FOR-US: RemObjects Remoting SDK
 CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open 
Ticket ...)
+   {DSA-4047-1}
- otrs2 5.0.24-1 (bug #882370)
NOTE: 
https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
NOTE: OTRS 5: 
https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -9548,14 +9563,14 @@
NOT-FOR-US: Moxa
 CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
NOT-FOR-US: Moxa
-CVE-2017-13701
-   RESERVED
+CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
+   TODO: check
 CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
NOT-FOR-US: Moxa
-CVE-2017-13699
-   RESERVED
-CVE-2017-13698
-   RESERVED
+CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
+   TODO: check
+CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
+   TODO: check
 CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS 
related to ...)
NOT-FOR-US: FineCMS
 CVE-2017-13696
@@ -19600,7 +19615,7 @@
 CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of 
Oracle ...)
NOT-FOR-US: Oracle
 CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-   {DSA-4015-1 DLA-1187-1}
+   {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19685,7 +19700,7 @@
 CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting 
component of ...)
NOT-FOR-US: Oracle
 CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-   {DSA-4015-1 DLA-1187-1}
+   {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19693,7 +19708,7 @@
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-   {DSA-4015-1 DLA-1187-1}
+   {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19701,7 +19716,7 @@
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-   {DSA-4015-1 DLA-1187-1}
+   {DSA-4048-1 DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19717,13 +19732,13 @@
 CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools 
component of 

[Secure-testing-commits] r57979 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-23 21:10:12 + (Thu, 23 Nov 2017)
New Revision: 57979

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-23 21:03:31 UTC (rev 57978)
+++ data/CVE/list   2017-11-23 21:10:12 UTC (rev 57979)
@@ -1,3 +1,7 @@
+CVE-2017-16930
+   RESERVED
+CVE-2017-16929
+   RESERVED
 CVE-2017-16928
RESERVED
 CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in 
the session ...)
@@ -5321,8 +5325,7 @@
RESERVED
 CVE-2017-15089
RESERVED
-CVE-2017-15088
-   RESERVED
+CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 
5 (aka ...)
- krb5 1.15.2-2 (unimportant; bug #871698)
NOTE: https://github.com/krb5/krb5/pull/707
NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
@@ -19582,7 +19585,7 @@
 CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of 
Oracle ...)
NOT-FOR-US: Oracle
 CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19667,7 +19670,7 @@
 CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting 
component of ...)
NOT-FOR-US: Oracle
 CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19675,7 +19678,7 @@
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19683,7 +19686,7 @@
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19699,13 +19702,13 @@
 CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools 
component of ...)
NOT-FOR-US: Oracle
 CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
- openjdk-7 
 CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19713,7 +19716,7 @@
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19721,7 +19724,7 @@
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java 
SE ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19729,7 +19732,7 @@
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19737,7 +19740,7 @@
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19854,7 +19857,7 @@
- mysql-5.5  (Only affects MySQL 5.7)
NOTE: 
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
 CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-   {DSA-4015-1}
+   {DSA-4015-1 DLA-1187-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
[experimental] - openjdk-7 7u151-2.6.11-2
@@ -19886,7 +19889,7 @@
- mysql-5.5  (Only affects MySQL 5.6 and 5.7)
NOTE: 

[Secure-testing-commits] r57947 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-23 09:10:18 + (Thu, 23 Nov 2017)
New Revision: 57947

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-23 09:03:06 UTC (rev 57946)
+++ data/CVE/list   2017-11-23 09:10:18 UTC (rev 57947)
@@ -1,4 +1,6 @@
-CVE-2017-16927 [buffer oveflow in scp_v0s_accept function]
+CVE-2017-16928
+   RESERVED
+CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in 
the session ...)
- xrdp  (bug #882463)
NOTE: Proposed pull request: 
https://github.com/neutrinolabs/xrdp/pull/958
NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
@@ -179,8 +181,8 @@
- exiv2 
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: Can't seem to reproduce this in wheezy.
-CVE-2017-16879
-   RESERVED
+CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in 
...)
+   TODO: check
 CVE-2017-16878
RESERVED
 CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the 
/_next and ...)
@@ -9407,7 +9409,7 @@
 CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross 
Site ...)
NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
 CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a 
local ...)
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.4-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac
NOTE: This is in libxkbfile in wheezy
@@ -13882,7 +13884,7 @@
NOTE: https://www.spinics.net/lists/kvm/msg156651.html
 CVE-2017-12187
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
 CVE-2017-12186
@@ -13893,22 +13895,22 @@
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
 CVE-2017-12185
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
 CVE-2017-12184 [Unvalidated lengths]
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
 CVE-2017-12183 [xfixes: unvalidated lengths]
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5
 CVE-2017-12182 [hw/xfree86: unvalidated lengths]
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
 CVE-2017-12181 [hw/xfree86: unvalidated lengths]
@@ -13919,7 +13921,7 @@
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
 CVE-2017-12180 [hw/xfree86: unvalidated lengths]
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
 CVE-2017-12179 [Xi: integer overflow and unvalidated length in 
(S)ProcXIBarrierReleasePointer]
@@ -13929,17 +13931,17 @@
[wheezy] - xorg-server  (Vulnerable code introduced later)
 CVE-2017-12178 [Xi: fix wrong extra length check in ProcXIChangeHierarchy]
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821
 CVE-2017-12177 [dbe: Unvalidated variable-length request in 
ProcDbeGetVisualInfo]
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831
 CVE-2017-12176 [Unvalidated extra length in ProcEstablishConnection]
RESERVED
-   {DSA-4000-1}
+   {DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: 
https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81
 CVE-2017-12175
@@ -13955,8 +13957,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1498173
NOTE: Fixed by: 
https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835
NOTE: Introduced by 
https://pagure.io/SSSD/sssd/c/7ecb5aea65cb1899f16e7a41bffa93d074defd4a 
(sssd-1_12_0)
-CVE-2017-12172
-   RESERVED
+CVE-2017-12172 

[Secure-testing-commits] r57939 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-22 21:10:15 + (Wed, 22 Nov 2017)
New Revision: 57939

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-22 20:57:18 UTC (rev 57938)
+++ data/CVE/list   2017-11-22 21:10:15 UTC (rev 57939)
@@ -1047,6 +1047,7 @@
NOTE: https://github.com/bit-team/backintime/issues/834
NOTE: 
https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3
 CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant 
heap-based ...)
+   {DLA-1185-1}
- sam2p 
NOTE: https://github.com/pts/sam2p/issues/16
 CVE-2017-16662
@@ -4059,8 +4060,8 @@
RESERVED
 CVE-2017-15529
RESERVED
-CVE-2017-15528
-   RESERVED
+CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can 
be ...)
+   TODO: check
 CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be 
...)
NOT-FOR-US: Symantec
 CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be 
...)
@@ -5248,15 +5249,13 @@
 CVE-2017-15100
RESERVED
- foreman  (bug #663101)
-CVE-2017-15099
-   RESERVED
+CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x 
before ...)
{DSA-4028-1}
- postgresql-10 10.1-1
- postgresql-9.6 
- postgresql-9.4  (ON CONFLICT DO UPDATE and RLS 
introduced in 9.5)
- postgresql-9.1  (ON CONFLICT DO UPDATE and RLS 
introduced in 9.5)
-CVE-2017-15098
-   RESERVED
+CVE-2017-15098 (Invalid json_populate_recordset or jsonb_populate_recordset 
function ...)
{DSA-4028-1 DSA-4027-1}
- postgresql-10 10.1-1
- postgresql-9.6 
@@ -10857,8 +10856,8 @@
RESERVED
 CVE-2017-13072
RESERVED
-CVE-2017-13071
-   RESERVED
+CVE-2017-13071 (QNAP has already patched this vulnerability. This security 
concern ...)
+   TODO: check
 CVE-2017-13070
RESERVED
 CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities 
found in ...)
@@ -13848,8 +13847,7 @@
RESERVED
 CVE-2017-12194
RESERVED
-CVE-2017-12193
-   RESERVED
+CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in 
lib/assoc_array.c ...)
- linux 4.13.13-1
[wheezy] - linux  (Vulnerable code introduced in 3.13-rc1)
NOTE: Fixed by: 
https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7)
@@ -13861,8 +13859,7 @@
NOTE: Introduced by: 
https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1)
 CVE-2017-12191
RESERVED
-CVE-2017-12190 [memory leak when merging buffers in SCSI IO vectors]
-   RESERVED
+CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in 
block/bio.c in the ...)
- linux 4.13.10-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089
 CVE-2017-12189
@@ -25984,7 +25981,7 @@
RESERVED
 CVE-2017-8028
RESERVED
-   {DLA-1180-1}
+   {DSA-4046-1 DLA-1180-1}
- libspring-ldap-java 
NOTE: https://pivotal.io/security/cve-2017-8028
NOTE: https://github.com/spring-projects/spring-ldap/issues/430
@@ -27240,8 +27237,8 @@
RESERVED
 CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 
5.8.2 and ...)
NOT-FOR-US: Fortinet
-CVE-2017-7736
-   RESERVED
+CVE-2017-7736 (A stored Cross-site Scripting (XSS) vulnerability in Fortinet 
FortiWeb ...)
+   TODO: check
 CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
NOT-FOR-US: Fortinet FortiOS
 CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
@@ -32364,8 +32361,8 @@
NOT-FOR-US: F5 BIG-IP
 CVE-2017-6167
RESERVED
-CVE-2017-6166
-   RESERVED
+CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link 
Controller, ...)
+   TODO: check
 CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link 
...)
NOT-FOR-US: F5 BIG-IP
 CVE-2017-6164
@@ -52120,7 +52117,7 @@
 CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to 
files that ...)
- moodle 2.7.17+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=343275
-CVE-2016-10089 (Nagios 4.2.4 and earlier allows local users to gain root 
privileges ...)
+CVE-2016-10089 (Nagios 4.3.2 and earlier allows local users to gain root 
privileges ...)
- nagios3  (Vulnerable code not present)
NOTE: Flaw in upstream damon-init.in. Debian package installs an own 
init-skript.
 CVE-2016-8641


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57923 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-22 09:10:22 + (Wed, 22 Nov 2017)
New Revision: 57923

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-22 08:33:10 UTC (rev 57922)
+++ data/CVE/list   2017-11-22 09:10:22 UTC (rev 57923)
@@ -1,3 +1,5 @@
+CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially 
crafted ...)
+   TODO: check
 CVE-2017- [Command injection through file names]
- ohcount  (bug #882372)
 CVE-2017-16925
@@ -18241,6 +18243,7 @@
 CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an ...)
NOT-FOR-US: QNAP
 CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x 
before ...)
+   {DSA-4045-1}
- vlc 2.2.6-3
[wheezy] - vlc  (Not supported in wheezy LTS)
NOTE: 
http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
@@ -22395,6 +22398,7 @@
- vlc 2.2.5.1-1
[wheezy] - vlc  (Not supported in wheezy LTS)
 CVE-2017-9300 (plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 
2.2.4 ...)
+   {DSA-4045-1}
- vlc 2.2.6-3
[wheezy] - vlc  (Not supported in wheezy LTS)
NOTE: 
https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3
@@ -23757,16 +23761,16 @@
RESERVED
 CVE-2017-8865
RESERVED
-CVE-2017-8864
-   RESERVED
-CVE-2017-8863
-   RESERVED
-CVE-2017-8862
-   RESERVED
-CVE-2017-8861
-   RESERVED
-CVE-2017-8860
-   RESERVED
+CVE-2017-8864 (Client-side enforcement using JavaScript of server-side 
security ...)
+   TODO: check
+CVE-2017-8863 (Information disclosure of .esp source code on the Cohu 3960 
allows an ...)
+   TODO: check
+CVE-2017-8862 (The webupgrade function on the Cohu 3960HD does not verify the 
firmware ...)
+   TODO: check
+CVE-2017-8861 (Missing authentication for the remote configuration port 
1236/tcp on ...)
+   TODO: check
+CVE-2017-8860 (Information disclosure through directory listing on the Cohu 
3960HD ...)
+   TODO: check
 CVE-2017-8859 (In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated 
users ...)
NOT-FOR-US: Veritas NetBackup
 CVE-2017-8858 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 
3.0 and ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57910 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-21 21:10:13 + (Tue, 21 Nov 2017)
New Revision: 57910

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-21 20:59:05 UTC (rev 57909)
+++ data/CVE/list   2017-11-21 21:10:13 UTC (rev 57910)
@@ -1,3 +1,15 @@
+CVE-2017-16925
+   RESERVED
+CVE-2017-16924
+   RESERVED
+CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen 
Tenda ...)
+   TODO: check
+CVE-2017-16922
+   RESERVED
+CVE-2017-16921
+   RESERVED
+CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default 
SYS_KEY ...)
+   TODO: check
 CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting 
(XSS) ...)
NOT-FOR-US: MapOS
 CVE-2017-16918
@@ -180,7 +192,7 @@
- xrootd  (bug #687222)
 CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote 
code ...)
NOT-FOR-US: Elixir's vim plugin
-CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after 
free in the ...)
+CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in 
the HTML ...)
{DLA-1175-1}
- lynx 2.8.9dev16-1
- lynx-cur 
@@ -260,6 +272,7 @@
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
NOTE: 
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of 
optipng 0.7.6 ...)
+   {DLA-1184-1}
- optipng  (bug #882032)
NOTE: https://sourceforge.net/p/optipng/bugs/65/
NOTE: Proposed patch: 
https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
@@ -1012,8 +1025,7 @@
RESERVED
 CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to 
a ...)
NOT-FOR-US: RemObjects Remoting SDK
-CVE-2017-16664 [OSA-2017-07]
-   RESERVED
+CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open 
Ticket ...)
- otrs2  (bug #882370)
NOTE: 
https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
NOTE: OTRS 5: 
https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -1168,8 +1180,8 @@
NOT-FOR-US: MLAlchemy
 CVE-2017-16614
RESERVED
-CVE-2017-16613 [Swift object/proxy server writing swauth Auth Token to log 
file]
-   RESERVED
+CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth 
through ...)
+   {DSA-4044-1}
- swauth 1.2.0-4 (bug #882314)
NOTE: https://bugs.launchpad.net/swift/+bug/1655781
 CVE-2017-16612
@@ -4755,6 +4767,7 @@
NOT-FOR-US: OpenText Documentum Content Server
 CVE-2017-15275 [Server heap memory information leak]
RESERVED
+   {DSA-4043-1 DLA-1183-1}
- samba 2:4.7.1+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2017-15275.html
 CVE-2017-15274 (security/keys/keyctl.c in the Linux kernel before 4.11.5 does 
not ...)
@@ -5412,8 +5425,8 @@
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the 
input file, marking that as the fixed
NOTE: version, although the internal lame code was only fixed in 3.100 
(strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
-CVE-2017-15044
-   RESERVED
+CVE-2017-15044 (The default installation of DocuWare Fulltext Search server 
through ...)
+   TODO: check
 CVE-2017-15043
RESERVED
 CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 
1.9.x ...)
@@ -6344,6 +6357,7 @@
RESERVED
 CVE-2017-14746 [Use-after-free vulnerability]
RESERVED
+   {DSA-4043-1}
- samba 2:4.7.1+dfsg-2
[wheezy] - samba  (Issue introduced in 4.0.0)
NOTE: https://www.samba.org/samba/security/CVE-2017-14746.html
@@ -27804,8 +27818,7 @@
 CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable 
to ...)
- 389-ds-base 1.3.6.7-1 (bug #870752)
NOTE: https://pagure.io/389-ds-base/issue/49336
-CVE-2017-7550
-   RESERVED
+CVE-2017-7550 (A flaw was found in the way Ansible (2.3.x before 2.3.3, and 
2.4.x ...)
- ansible  (unimportant)
NOTE: Just an insecure example
 CVE-2017-7549 (A flaw was found in instack-undercloud 7.2.0 as packaged in Red 
Hat ...)
@@ -33514,8 +33527,8 @@
RESERVED
 CVE-2017-5730
RESERVED
-CVE-2017-5729
-   RESERVED
+CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel 
Dual-Band and ...)
+   TODO: check
 CVE-2017-5728
RESERVED
 CVE-2017-5727
@@ -33534,8 +33547,8 @@
NOT-FOR-US: Intel
 CVE-2017-5720
RESERVED
-CVE-2017-5719
-   RESERVED
+CVE-2017-5719 (A vulnerability in the 

[Secure-testing-commits] r57884 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-21 09:10:26 + (Tue, 21 Nov 2017)
New Revision: 57884

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-21 01:55:04 UTC (rev 57883)
+++ data/CVE/list   2017-11-21 09:10:26 UTC (rev 57884)
@@ -1,3 +1,25 @@
+CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting 
(XSS) ...)
+   TODO: check
+CVE-2017-16918
+   RESERVED
+CVE-2017-16917
+   RESERVED
+CVE-2017-16916
+   RESERVED
+CVE-2017-16915
+   RESERVED
+CVE-2017-16914
+   RESERVED
+CVE-2017-16913
+   RESERVED
+CVE-2017-16912
+   RESERVED
+CVE-2017-16911
+   RESERVED
+CVE-2017-16910
+   RESERVED
+CVE-2017-16909
+   RESERVED
 CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field 
during ...)
- php-horde 
NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
@@ -233,6 +255,7 @@
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
NOTE: 
https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
 CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have 
unspecified ...)
+   {DLA-1182-1}
- ldns  (bug #882015)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
NOTE: 
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
@@ -539,8 +562,8 @@
NOT-FOR-US: Yoast SEO plugin for WordPress
 CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to 
...)
NOT-FOR-US: LanSweeper
-CVE-2017-16840
-   RESERVED
+CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote 
...)
+   TODO: check
 CVE-2017-16839
RESERVED
 CVE-2017-16838
@@ -2006,7 +2029,7 @@
RESERVED
 CVE-2017-16250
RESERVED
-CVE-2017-16249 (The Debut embedded http server 1.20 contains a remotely 
exploitable ...)
+CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable 
denial ...)
NOT-FOR-US: Debut embedded http server
 CVE-2017-16247
RESERVED
@@ -14103,10 +14126,10 @@
RESERVED
 CVE-2017-12112
RESERVED
-CVE-2017-12111
-   RESERVED
-CVE-2017-12110
-   RESERVED
+CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the 
xls_addCell ...)
+   TODO: check
+CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the 
...)
+   TODO: check
 CVE-2017-12109
RESERVED
 CVE-2017-12108
@@ -42330,8 +42353,8 @@
TODO: check smplayer, embeds it
 CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing 
...)
NOT-FOR-US: Computerinsel Photoline
-CVE-2017-2919
-   RESERVED
+CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists 
in the ...)
+   TODO: check
 CVE-2017-2918
RESERVED
 CVE-2017-2917 (An exploitable vulnerability exists in the notifications 
functionality ...)
@@ -42375,10 +42398,10 @@
RESERVED
 CVE-2017-2898 (An exploitable vulnerability exists in the signature 
verification of ...)
NOT-FOR-US: Circle with Disney
-CVE-2017-2897
-   RESERVED
-CVE-2017-2896
-   RESERVED
+CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the 
...)
+   TODO: check
+CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the 
...)
+   TODO: check
 CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in 
the MQTT ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57868 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-20 21:10:13 + (Mon, 20 Nov 2017)
New Revision: 57868

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-20 20:59:32 UTC (rev 57867)
+++ data/CVE/list   2017-11-20 21:10:13 UTC (rev 57868)
@@ -1,3 +1,31 @@
+CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field 
during ...)
+   TODO: check
+CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in 
a Create ...)
+   TODO: check
+CVE-2017-16906 (In Horde Groupware 5.2.19, there is XSS via the URL field in a 
...)
+   TODO: check
+CVE-2017-16905
+   RESERVED
+CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 
allows ...)
+   TODO: check
+CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and 
execute ...)
+   TODO: check
+CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a 
long ...)
+   TODO: check
+CVE-2017-16901
+   RESERVED
+CVE-2017-16900
+   RESERVED
+CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a 
allows ...)
+   TODO: check
+CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming 
v0.4.8 or ...)
+   TODO: check
+CVE-2017-16897
+   RESERVED
+CVE-2017-16896 (A SQL injection in classes/handler/public.php in the 
forgotpass ...)
+   TODO: check
+CVE-2017-16895
+   RESERVED
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can 
obtain ...)
TODO: check
 CVE-2017-16893
@@ -1249,8 +1277,7 @@
NOTE: The wheezy version gives an assert before the vulnerability can 
be triggered. Due to this
NOTE: the severity of the wheezy version is low even though the 
vulnerable code is still present.
NOTE: The patch is trivial so it may be worth fixing in combination 
with some other fix.
-CVE-2017-16544 [missing terminal escape sequence filtering in autocompletion]
-   RESERVED
+CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox 
through ...)
- busybox  (bug #882258)
[stretch] - busybox  (Minor issue, can be fixed via point 
release)
[jessie] - busybox  (Minor issue, can be fixed via point 
release)
@@ -3954,8 +3981,8 @@
RESERVED
 CVE-2017-15528
RESERVED
-CVE-2017-15527
-   RESERVED
+CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be 
...)
+   TODO: check
 CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be 
...)
NOT-FOR-US: Symantec
 CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be 
...)
@@ -4595,18 +4622,23 @@
[wheezy] - xen  (minor issue)
NOTE: https://xenbits.xen.org/xsa/advisory-244.html
 CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)
+   {DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-243.html
 CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
+   {DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-242.html
 CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
+   {DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-241.html
 CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
+   {DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-240.html
 CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)
+   {DLA-1181-1}
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-239.html
 CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing 
attackers ...)
@@ -5102,8 +5134,8 @@
RESERVED
 CVE-2017-15111
RESERVED
-CVE-2017-15110
-   RESERVED
+CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other 
students ...)
+   TODO: check
 CVE-2017-15109
RESERVED
 CVE-2017-15108
@@ -12705,15 +12737,13 @@
RESERVED
 CVE-2017-12609
RESERVED
-CVE-2017-12608
-   RESERVED
+CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser 
before ...)
{DSA-4022-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
NOTE: 
https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
-CVE-2017-12607
-   RESERVED
+CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, 
and ...)
{DSA-4022-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
@@ -16042,12 +16072,12 @@

[Secure-testing-commits] r57843 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-20 09:10:15 + (Mon, 20 Nov 2017)
New Revision: 57843

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-20 05:59:51 UTC (rev 57842)
+++ data/CVE/list   2017-11-20 09:10:15 UTC (rev 57843)
@@ -1,3 +1,5 @@
+CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can 
obtain ...)
+   TODO: check
 CVE-2017-16893
RESERVED
 CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename 
...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57840 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-19 21:10:15 + (Sun, 19 Nov 2017)
New Revision: 57840

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-19 20:13:56 UTC (rev 57839)
+++ data/CVE/list   2017-11-19 21:10:15 UTC (rev 57840)
@@ -1,3 +1,21 @@
+CVE-2017-16893
+   RESERVED
+CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename 
...)
+   TODO: check
+CVE-2017-16891
+   RESERVED
+CVE-2017-16890
+   RESERVED
+CVE-2017-16889
+   RESERVED
+CVE-2017-16888
+   RESERVED
+CVE-2017-16887
+   RESERVED
+CVE-2017-16886
+   RESERVED
+CVE-2017-16885
+   RESERVED
 CVE-2017-1000404
NOT-FOR-US: Jenkins plugin
 CVE-2017-1000403
@@ -18169,7 +18187,7 @@
 CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name 
field. ...)
NOT-FOR-US: GetSimple CMS
 CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for 
Perl allows ...)
-   {DLA-1171-1}
+   {DSA-4042-1 DLA-1171-1}
- libxml-libxml-perl 2.0128+dfsg-5 (bug #866676)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246
NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8
@@ -25802,6 +25820,7 @@
RESERVED
 CVE-2017-8028
RESERVED
+   {DLA-1180-1}
- libspring-ldap-java 
NOTE: https://pivotal.io/security/cve-2017-8028
NOTE: https://github.com/spring-projects/spring-ldap/issues/430


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57816 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-19 09:10:16 + (Sun, 19 Nov 2017)
New Revision: 57816

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-19 08:45:39 UTC (rev 57815)
+++ data/CVE/list   2017-11-19 09:10:16 UTC (rev 57816)
@@ -1,3 +1,5 @@
+CVE-2017-16884
+   RESERVED
 CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in 
libming = ...)
- ming 
NOTE: https://github.com/libming/libming/issues/77
@@ -423,7 +425,7 @@
- qemu-kvm 
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
 CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in 
formisc.c in ...)
-   {DLA-1173-1}
+   {DSA-4041-1 DLA-1173-1}
- procmail 3.22-26 (bug #876511)
 CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via 
the ...)
NOT-FOR-US: Vonage VDV-23


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57799 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-18 21:10:12 + (Sat, 18 Nov 2017)
New Revision: 57799

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-18 20:26:51 UTC (rev 57798)
+++ data/CVE/list   2017-11-18 21:10:12 UTC (rev 57799)
@@ -1,3 +1,9 @@
+CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in 
libming = ...)
+   TODO: check
+CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as 
root but ...)
+   TODO: check
+CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS 
in JSON ...)
+   TODO: check
 CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops 
before ...)
NOT-FOR-US: filp whoops
 CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the 
ItemCount field ...)
@@ -440,12 +446,12 @@
 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro 
before ...)
NOT-FOR-US: Gemirro
 CVE-2017-16853 (The DynamicMetadataProvider class in ...)
-   {DSA-4039-1}
+   {DSA-4039-1 DLA-1178-1}
- opensaml2  (bug #881856)
NOTE: 
https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
 CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic ...)
-   {DSA-4038-1}
+   {DSA-4038-1 DLA-1179-1}
- shibboleth-sp2  (bug #881857)
NOTE: 
https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16
NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
@@ -3768,6 +3774,7 @@
NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public)
NOTE: Fixed by: 
https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971
 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the 
...)
+   {DLA-1177-1}
- poppler  (bug #879066)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016
NOTE: Fixed by: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d
@@ -5508,16 +5515,19 @@
 CVE-2017-14978
RESERVED
 CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in 
Poppler ...)
+   {DLA-1177-1}
- poppler  (low; bug #877952)
[stretch] - poppler  (Minor issue)
[jessie] - poppler  (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045
NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c
 CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in 
Poppler ...)
+   {DLA-1177-1}
- poppler  (low; bug #877954)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724
NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf
 CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in 
Poppler ...)
+   {DLA-1177-1}
- poppler  (low; bug #877957)
[stretch] - poppler  (Minor issue)
[jessie] - poppler  (Minor issue)
@@ -14767,6 +14777,7 @@
- ming 
NOTE: https://github.com/libming/libming/issues/83
 CVE-2017-11733 (A null pointer dereference vulnerability was found in the 
function ...)
+   {DLA-1176-1}
- ming 
NOTE: https://github.com/libming/libming/issues/78
 CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the 
function ...)
@@ -18296,9 +18307,11 @@
- libav  (Vulnerable code not present)
NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879
 CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation. 
A ...)
+   {DLA-1176-1}
- ming 
NOTE: https://github.com/libming/libming/issues/86
 CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 
mishandles ...)
+   {DLA-1176-1}
- ming 
NOTE: https://github.com/libming/libming/issues/85
 CVE-2017-9987 (There is a heap-based buffer overflow in the function 
hpel_motion in ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57776 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-18 09:10:15 + (Sat, 18 Nov 2017)
New Revision: 57776

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-18 08:08:53 UTC (rev 57775)
+++ data/CVE/list   2017-11-18 09:10:15 UTC (rev 57776)
@@ -1,3 +1,23 @@
+CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops 
before ...)
+   TODO: check
+CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the 
ItemCount field ...)
+   TODO: check
+CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress 
Theme ...)
+   TODO: check
+CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the 
Opencast search ...)
+   TODO: check
+CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script 
injections ...)
+   TODO: check
+CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE 
vulnerability ...)
+   TODO: check
+CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 
through ...)
+   TODO: check
+CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 
parser ...)
+   TODO: check
+CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser 
...)
+   TODO: check
+CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp 
parser ...)
+   TODO: check
 CVE-2017-16879
RESERVED
 CVE-2017-16878
@@ -23,6 +43,7 @@
 CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote 
code ...)
NOT-FOR-US: Elixir's vim plugin
 CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after 
free in the ...)
+   {DLA-1175-1}
- lynx 2.8.9dev16-1
- lynx-cur 
NOTE: 
https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
@@ -53,7 +74,7 @@
NOT-FOR-US: UpdraftPlus plugin for WordPress
 CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF 
in the ...)
NOT-FOR-US: UpdraftPlus plugin for WordPress
-CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a 
denial of ...)
+CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers 
to cause ...)
- upx-ucl  (bug #882041; unimportant)
NOTE: https://github.com/upx/upx/issues/146
NOTE: crash in CLI tool, no security impact
@@ -386,6 +407,7 @@
- qemu-kvm 
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
 CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in 
formisc.c in ...)
+   {DLA-1173-1}
- procmail 3.22-26 (bug #876511)
 CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via 
the ...)
NOT-FOR-US: Vonage VDV-23
@@ -1080,8 +1102,8 @@
NOT-FOR-US: Logitech Media Server
 CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media 
Server ...)
NOT-FOR-US: Logitech Media Server
-CVE-2017-16566
-   RESERVED
+CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server 
does not ...)
+   TODO: check
 CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage 
...)
NOT-FOR-US: Vonage
 CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in 
/cgi-bin/config2 on ...)
@@ -1126,6 +1148,7 @@
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
 CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 
7.0.7-9 does ...)
+   {DSA-4040-1}
- imagemagick  (bug #881392)
[wheezy] - imagemagick  (Vulnerable code not present; PoC 
from GitHub issue results in memory allocation exception thrown at 
coders/wpg.c:1109 and valgrind does not report any issues)
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
@@ -2966,7 +2989,7 @@
 CVE-2017-15925
RESERVED
 CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow 
remote ...)
-   {DSA-4033-1}
+   {DSA-4033-1 DLA-1174-1}
- konversation 1.7.3-1 (bug #881586)
NOTE: 
https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the 
...)
@@ -4524,7 +4547,7 @@
 CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 
2.1.27.9. ...)
NOT-FOR-US: TeamPass
 CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and 
GraphicsMagick ...)
-   {DSA-4032-1 DLA-1140-1 DLA-1139-1}
+   {DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1}
- imagemagick  (bug #878578)
- graphicsmagick 1.3.26-14
NOTE: IM6: 

[Secure-testing-commits] r57745 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-17 21:10:14 + (Fri, 17 Nov 2017)
New Revision: 57745

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-17 19:45:46 UTC (rev 57744)
+++ data/CVE/list   2017-11-17 21:10:14 UTC (rev 57745)
@@ -1,13 +1,59 @@
-CVE-2017-16872
+CVE-2017-16879
RESERVED
-CVE-2017-16871
+CVE-2017-16878
RESERVED
-CVE-2017-16870
+CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the 
/_next and ...)
+   TODO: check
+CVE-2017-16876
RESERVED
-CVE-2017-16869
+CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and 
pjlib-util) in ...)
+   TODO: check
+CVE-2017-16874
RESERVED
-CVE-2017-16868
+CVE-2017-16873
RESERVED
+CVE-2017-1000233
+   REJECTED
+   TODO: check
+CVE-2017-1000222
+   REJECTED
+   TODO: check
+CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an ...)
+   TODO: check
+CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote 
code ...)
+   TODO: check
+CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after 
free in the ...)
+   TODO: check
+CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is 
vulnerable to ...)
+   TODO: check
+CVE-2017-1000204
+   REJECTED
+   TODO: check
+CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an 
authenticated shell ...)
+   TODO: check
+CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a 
Local File ...)
+   TODO: check
+CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet 
resulting ...)
+   TODO: check
+CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
+   TODO: check
+CVE-2017-1000169 (QuickerBB version = 0.7.2 is vulnerable to arbitrary 
file writes ...)
+   TODO: check
+CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to 
degenerate ...)
+   TODO: check
+CVE-2017-1000161
+   REJECTED
+   TODO: check
+CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and 
pjlib-util) in ...)
+   TODO: check
+CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows 
remote PHP ...)
+   TODO: check
+CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF 
in the ...)
+   TODO: check
+CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a 
denial of ...)
+   TODO: check
+CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c 
does not ...)
+   TODO: check
 CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...)
NOT-FOR-US: Amazon Key
 CVE-2017-1000248 (Redis-store =v1.3.0 allows unsafe objects to be loaded 
from redis ...)
@@ -329,8 +375,7 @@
NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via the ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16845 [ps2: information leakage via post_load routine]
-   RESERVED
+CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' 
values ...)
- qemu 
- qemu-kvm 
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
@@ -431,8 +476,8 @@
RESERVED
 CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in 
processor/AdminProcessor.java ...)
NOT-FOR-US: b3log Symphony
-CVE-2017-16819
-   RESERVED
+CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time 
Systems ...)
+   TODO: check
 CVE-2017-16818
RESERVED
 CVE-2017-16817
@@ -8001,8 +8046,8 @@
REJECTED
 CVE-2017-14112
RESERVED
-CVE-2017-14111
-   RESERVED
+CVE-2017-14111 (The workstation logging function in Philips IntelliSpace ...)
+   TODO: check
 CVE-2017-14110
RESERVED
 CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 
is ...)
@@ -9182,14 +9227,14 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510
NOTE: 
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html
NOTE: 
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928
-CVE-2017-13703
-   RESERVED
-CVE-2017-13702
-   RESERVED
+CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. A ...)
+   TODO: check
+CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
+   TODO: check
 CVE-2017-13701
RESERVED
-CVE-2017-13700
-   RESERVED
+CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
+   TODO: check
 CVE-2017-13699
RESERVED
 CVE-2017-13698
@@ -17467,16 +17512,16 @@
RESERVED
 

[Secure-testing-commits] r57697 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-17 09:10:18 + (Fri, 17 Nov 2017)
New Revision: 57697

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-17 06:20:29 UTC (rev 57696)
+++ data/CVE/list   2017-11-17 09:10:18 UTC (rev 57697)
@@ -1,3 +1,107 @@
+CVE-2017-16872
+   RESERVED
+CVE-2017-16871
+   RESERVED
+CVE-2017-16870
+   RESERVED
+CVE-2017-16869
+   RESERVED
+CVE-2017-16868
+   RESERVED
+CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...)
+   TODO: check
+CVE-2017-1000248 (Redis-store =v1.3.0 allows unsafe objects to be loaded 
from redis ...)
+   TODO: check
+CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 
is ...)
+   TODO: check
+CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the 
...)
+   TODO: check
+CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior 
is affected ...)
+   TODO: check
+CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected 
 stored ...)
+   TODO: check
+CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross 
Site ...)
+   TODO: check
+CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary 
File Upload ...)
+   TODO: check
+CVE-2017-1000237 (I, Librarian version =4.6  4.7 is vulnerable to 
Server-Side Request ...)
+   TODO: check
+CVE-2017-1000236 (I, Librarian version =4.6  4.7 is vulnerable to 
Reflected Cross-Site ...)
+   TODO: check
+CVE-2017-1000235 (I, Librarian version =4.6  4.7 is vulnerable to OS 
Command Injection ...)
+   TODO: check
+CVE-2017-1000234 (I, Librarian version =4.6  4.7 is vulnerable to 
Directory ...)
+   TODO: check
+CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have 
...)
+   TODO: check
+CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have 
unspecified ...)
+   TODO: check
+CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of 
optipng 0.7.6 ...)
+   TODO: check
+CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote 
code ...)
+   TODO: check
+CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the 
REST API ...)
+   TODO: check
+CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when 
using ...)
+   TODO: check
+CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow 
unauthenticated ...)
+   TODO: check
+CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a 
XSS) is ...)
+   TODO: check
+CVE-2017-1000220 (soyuka/pidusage =1.1.4 is vulnerable to command 
injection in the ...)
+   TODO: check
+CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command 
injection ...)
+   TODO: check
+CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in 
the ...)
+   TODO: check
+CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the 
begriff POST ...)
+   TODO: check
+CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack 
buffer ...)
+   TODO: check
+CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not 
verify that the ...)
+   TODO: check
+CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version = 1.0.30) 
yaml parsing ...)
+   TODO: check
+CVE-2017-1000197 (October CMS build 412 is vulnerable to file path 
modification in asset ...)
+   TODO: check
+CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in 
the asset ...)
+   TODO: check
+CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection 
in asset ...)
+   TODO: check
+CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration 
...)
+   TODO: check
+CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a 
XSS) in brand ...)
+   TODO: check
+CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
+   TODO: check
+CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
+   TODO: check
+CVE-2017-1000187 (In SWFTools, an address access exception was found in 
pdf2swf. ...)
+   TODO: check
+CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...)
+   TODO: check
+CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf. 
...)
+   TODO: check
+CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...)
+   TODO: check
+CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...)
+   TODO: check
+CVE-2017-1000174 (In SWFTools, an address access exception was found in 
swfdump ...)
+   TODO: check
+CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code 
Execution. ...)
+   

[Secure-testing-commits] r57687 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-16 21:10:13 + (Thu, 16 Nov 2017)
New Revision: 57687

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-16 21:05:33 UTC (rev 57686)
+++ data/CVE/list   2017-11-16 21:10:13 UTC (rev 57687)
@@ -1,3 +1,215 @@
+CVE-2018-0085
+   RESERVED
+CVE-2018-0084
+   RESERVED
+CVE-2018-0083
+   RESERVED
+CVE-2018-0082
+   RESERVED
+CVE-2018-0081
+   RESERVED
+CVE-2018-0080
+   RESERVED
+CVE-2018-0079
+   RESERVED
+CVE-2018-0078
+   RESERVED
+CVE-2018-0077
+   RESERVED
+CVE-2018-0076
+   RESERVED
+CVE-2018-0075
+   RESERVED
+CVE-2018-0074
+   RESERVED
+CVE-2018-0073
+   RESERVED
+CVE-2018-0072
+   RESERVED
+CVE-2018-0071
+   RESERVED
+CVE-2018-0070
+   RESERVED
+CVE-2018-0069
+   RESERVED
+CVE-2018-0068
+   RESERVED
+CVE-2018-0067
+   RESERVED
+CVE-2018-0066
+   RESERVED
+CVE-2018-0065
+   RESERVED
+CVE-2018-0064
+   RESERVED
+CVE-2018-0063
+   RESERVED
+CVE-2018-0062
+   RESERVED
+CVE-2018-0061
+   RESERVED
+CVE-2018-0060
+   RESERVED
+CVE-2018-0059
+   RESERVED
+CVE-2018-0058
+   RESERVED
+CVE-2018-0057
+   RESERVED
+CVE-2018-0056
+   RESERVED
+CVE-2018-0055
+   RESERVED
+CVE-2018-0054
+   RESERVED
+CVE-2018-0053
+   RESERVED
+CVE-2018-0052
+   RESERVED
+CVE-2018-0051
+   RESERVED
+CVE-2018-0050
+   RESERVED
+CVE-2018-0049
+   RESERVED
+CVE-2018-0048
+   RESERVED
+CVE-2018-0047
+   RESERVED
+CVE-2018-0046
+   RESERVED
+CVE-2018-0045
+   RESERVED
+CVE-2018-0044
+   RESERVED
+CVE-2018-0043
+   RESERVED
+CVE-2018-0042
+   RESERVED
+CVE-2018-0041
+   RESERVED
+CVE-2018-0040
+   RESERVED
+CVE-2018-0039
+   RESERVED
+CVE-2018-0038
+   RESERVED
+CVE-2018-0037
+   RESERVED
+CVE-2018-0036
+   RESERVED
+CVE-2018-0035
+   RESERVED
+CVE-2018-0034
+   RESERVED
+CVE-2018-0033
+   RESERVED
+CVE-2018-0032
+   RESERVED
+CVE-2018-0031
+   RESERVED
+CVE-2018-0030
+   RESERVED
+CVE-2018-0029
+   RESERVED
+CVE-2018-0028
+   RESERVED
+CVE-2018-0027
+   RESERVED
+CVE-2018-0026
+   RESERVED
+CVE-2018-0025
+   RESERVED
+CVE-2018-0024
+   RESERVED
+CVE-2018-0023
+   RESERVED
+CVE-2018-0022
+   RESERVED
+CVE-2018-0021
+   RESERVED
+CVE-2018-0020
+   RESERVED
+CVE-2018-0019
+   RESERVED
+CVE-2018-0018
+   RESERVED
+CVE-2018-0017
+   RESERVED
+CVE-2018-0016
+   RESERVED
+CVE-2018-0015
+   RESERVED
+CVE-2018-0014
+   RESERVED
+CVE-2018-0013
+   RESERVED
+CVE-2018-0012
+   RESERVED
+CVE-2018-0011
+   RESERVED
+CVE-2018-0010
+   RESERVED
+CVE-2018-0009
+   RESERVED
+CVE-2018-0008
+   RESERVED
+CVE-2018-0007
+   RESERVED
+CVE-2018-0006
+   RESERVED
+CVE-2018-0005
+   RESERVED
+CVE-2018-0004
+   RESERVED
+CVE-2018-0003
+   RESERVED
+CVE-2018-0002
+   RESERVED
+CVE-2018-0001
+   RESERVED
+CVE-2017-16866
+   RESERVED
+CVE-2017-16865
+   RESERVED
+CVE-2017-16864
+   RESERVED
+CVE-2017-16863
+   RESERVED
+CVE-2017-16862
+   RESERVED
+CVE-2017-16861
+   RESERVED
+CVE-2017-16860
+   RESERVED
+CVE-2017-16859
+   RESERVED
+CVE-2017-16858
+   RESERVED
+CVE-2017-16857
+   RESERVED
+CVE-2017-16856
+   RESERVED
+CVE-2017-16855 (Ipsilon before 2.1.0 has a SAML2 multi-session 
vulnerability. ...)
+   TODO: check
+CVE-2017-16854
+   RESERVED
+CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via the ...)
+   TODO: check
+CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via the ...)
+   TODO: check
+CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via the ...)
+   TODO: check
+CVE-2017-16848 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via the ...)
+   TODO: check
+CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via the ...)
+   TODO: check
+CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via the ...)
+   TODO: check
+CVE-2017-16845
+   RESERVED
+CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in 
formisc.c in ...)
+   TODO: check
 CVE-2017-16843
RESERVED
 CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...)
@@ -21,11 +233,12 @@
NOTE: https://github.com/lingej/pnp4nagios/issues/140
 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro 
before ...)
NOT-FOR-US: Gemirro
-CVE-2017-16853 [CPPOST-105]
+CVE-2017-16853 (The DynamicMetadataProvider class in ...)
- opensaml2  (bug #881856)
NOTE: 
https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
NOTE: 

[Secure-testing-commits] r57675 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-16 09:10:18 + (Thu, 16 Nov 2017)
New Revision: 57675

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-16 08:03:57 UTC (rev 57674)
+++ data/CVE/list   2017-11-16 09:10:18 UTC (rev 57675)
@@ -1,4 +1,22 @@
-CVE-2017-16834 [root privilege escalation via insecure permissions]
+CVE-2017-16843
+   RESERVED
+CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...)
+   TODO: check
+CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to 
...)
+   TODO: check
+CVE-2017-16840
+   RESERVED
+CVE-2017-16839
+   RESERVED
+CVE-2017-16838
+   RESERVED
+CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 
1.9.6 are not ...)
+   TODO: check
+CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...)
+   TODO: check
+CVE-2017-16835
+   RESERVED
+CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned 
by an ...)
- pnp4nagios 
NOTE: https://github.com/lingej/pnp4nagios/issues/140
 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro 
before ...)
@@ -4530,8 +4548,7 @@
RESERVED
 CVE-2017-15116
RESERVED
-CVE-2017-15115 [sctp: use-after-free in sctp_cmp_addr_exact()]
-   RESERVED
+CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux 
kernel ...)
- linux 
NOTE: 
https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 
(v4.14-rc6)
 CVE-2017-15114 [Passwordless access for non-libvirt related services when 
using shared certificate authority]
@@ -4563,8 +4580,7 @@
RESERVED
 CVE-2017-15103
RESERVED
-CVE-2017-15102 [NULL pointer dereference due to race condition in probe 
function of legousbtower driver]
-   RESERVED
+CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in 
the ...)
- linux 4.7.8-1
[jessie] - linux 3.16.43-1
[wheezy] - linux 3.2.86-1
@@ -7868,8 +7884,8 @@
NOTE: Fixed by: 
https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
NOTE: https://patchwork.kernel.org/patch/9929625/
NOTE: Non issue, only "exploitable" with root access
-CVE-2017-14034
-   RESERVED
+CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in 
libavcodec, as used ...)
+   TODO: check
 CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 
2.2.8, ...)
{DSA-4031-1 DLA-1114-1}
- ruby2.3 2.3.5-1 (bug #875928)
@@ -9986,10 +10002,10 @@
NOT-FOR-US: Wordpress theme
 CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL 
injection in the ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-13136
-   RESERVED
-CVE-2017-13135
-   RESERVED
+CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an 
integer ...)
+   TODO: check
+CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in 
libbpg ...)
+   TODO: check
 CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based 
buffer ...)
{DSA-4032-1 DLA-1170-1 DLA-1081-1}
- imagemagick  (bug #873099)
@@ -12826,8 +12842,8 @@
RESERVED
 CVE-2017-12351
RESERVED
-CVE-2017-12350
-   RESERVED
+CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 
2.1.0 and ...)
+   TODO: check
 CVE-2017-12349
RESERVED
 CVE-2017-12348
@@ -12852,8 +12868,8 @@
RESERVED
 CVE-2017-12338
RESERVED
-CVE-2017-12337
-   RESERVED
+CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco 
collaboration ...)
+   TODO: check
 CVE-2017-12336
RESERVED
 CVE-2017-12335
@@ -12880,56 +12896,56 @@
RESERVED
 CVE-2017-12324
RESERVED
-CVE-2017-12323
-   RESERVED
-CVE-2017-12322
-   RESERVED
-CVE-2017-12321
-   RESERVED
-CVE-2017-12320
-   RESERVED
+CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco 
Registered ...)
+   TODO: check
+CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco 
Registered ...)
+   TODO: check
+CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco 
Registered ...)
+   TODO: check
+CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco 
Registered ...)
+   TODO: check
 CVE-2017-12319
RESERVED
-CVE-2017-12318
-   RESERVED
+CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 
devices ...)
+   TODO: check
 CVE-2017-12317 (The Cisco AMP For Endpoints application allows an 
authenticated, local ...)
NOT-FOR-US: Cisco
-CVE-2017-12316
-   RESERVED
-CVE-2017-12315
-   RESERVED
-CVE-2017-12314
-   RESERVED
-CVE-2017-12313
-   RESERVED
-CVE-2017-12312
-   RESERVED

[Secure-testing-commits] r57666 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-15 21:10:20 + (Wed, 15 Nov 2017)
New Revision: 57666

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-15 20:35:45 UTC (rev 57665)
+++ data/CVE/list   2017-11-15 21:10:20 UTC (rev 57666)
@@ -1,3 +1,5 @@
+CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro 
before ...)
+   TODO: check
 CVE-2017- [CPPOST-105]
- opensaml2  (bug #881856)
NOTE: 
https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
@@ -2540,8 +2542,7 @@
RESERVED
 CVE-2017-15925
RESERVED
-CVE-2017-15923 [Crash in parsing IRC color formatting codes]
-   RESERVED
+CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow 
remote ...)
{DSA-4033-1}
- konversation 1.7.3-1 (bug #881586)
NOTE: 
https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
@@ -2804,8 +2805,8 @@
NOT-FOR-US: phpMyFaq
 CVE-2017-15807
RESERVED
-CVE-2017-15806
-   RESERVED
+CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta 
Components ...)
+   TODO: check
 CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full 
function in ...)
- python-werkzeug 0.11.11+dfsg1-1
NOTE: 
http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
@@ -4063,8 +4064,8 @@
- qemu-kvm 
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
NOTE: Fixed by: 
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51
-CVE-2017-15288
-   RESERVED
+CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 
2.11.12, ...)
+   TODO: check
 CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream 
Multimedia ...)
NOT-FOR-US: BouquetEditor WebPlugin
 CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in 
tableColumnList in ...)
@@ -4116,14 +4117,14 @@
 CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 
before ...)
- mahara 
NOTE: https://mahara.org/interaction/forum/topic.php?id=8081
-CVE-2017-15272
-   RESERVED
-CVE-2017-15271
-   RESERVED
-CVE-2017-15270
-   RESERVED
-CVE-2017-15269
-   RESERVED
+CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration 
inside ...)
+   TODO: check
+CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP 
...)
+   TODO: check
+CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape 
data ...)
+   TODO: check
+CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce 
scans ...)
+   TODO: check
 CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory 
leak by ...)
- qemu  (bug #880836)
[stretch] - qemu  (Minor issue)
@@ -5103,8 +5104,8 @@
RESERVED
 CVE-2017-14962
RESERVED
-CVE-2017-14961
-   RESERVED
+CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains 
an ...)
+   TODO: check
 CVE-2017-14960
RESERVED
 CVE-2017-14959
@@ -12029,10 +12030,10 @@
 CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...)
- couchdb 
NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
-CVE-2017-12634
-   RESERVED
-CVE-2017-12633
-   RESERVED
+CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 
and ...)
+   TODO: check
+CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 
and ...)
+   TODO: check
 CVE-2017-12632
RESERVED
 CVE-2017-12631
@@ -12490,7 +12491,7 @@
RESERVED
 CVE-2017-12461
RESERVED
-CVE-2017-12460 (Unspecified vulnerability in Barco ClickShare CSM-1 firmware 
before ...)
+CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware 
before ...)
NOT-FOR-US: Barco ClickShare CSM-1 firmware
 CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in 
the ...)
- binutils 2.29-8
@@ -23189,7 +23190,7 @@
 CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x 
before ...)
- mediawiki 1:1.27.4-1
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
-   NOTE: https://phabricator.wikimedia.org/T119158
+   NOTE: https://phabricator.wikimedia.org/T119158
 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x 
before ...)
- mediawiki 1:1.27.4-1
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
@@ -23215,9 +23216,10 @@
 CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x 
before 1.29.2 ...)
- mediawiki 

[Secure-testing-commits] r57648 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-15 09:10:14 + (Wed, 15 Nov 2017)
New Revision: 57648

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-15 07:19:41 UTC (rev 57647)
+++ data/CVE/list   2017-11-15 09:10:14 UTC (rev 57648)
@@ -1,3 +1,31 @@
+CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary 
File ...)
+   TODO: check
+CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka 
libbfd), as ...)
+   TODO: check
+CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU 
Binutils ...)
+   TODO: check
+CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c 
in the ...)
+   TODO: check
+CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 
2.29.1 ...)
+   TODO: check
+CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the 
Binary File ...)
+   TODO: check
+CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary 
File ...)
+   TODO: check
+CVE-2017-16825
+   RESERVED
+CVE-2017-16824
+   RESERVED
+CVE-2017-16823
+   RESERVED
+CVE-2017-16822
+   RESERVED
+CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in 
processor/AdminProcessor.java ...)
+   TODO: check
+CVE-2017-16819
+   RESERVED
+CVE-2017-16818
+   RESERVED
 CVE-2017-16817
RESERVED
 CVE-2017-16816
@@ -4,7 +32,7 @@
RESERVED
 CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site 
Migration  ...)
NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) 
plugin for WordPress
-CVE-2017-16820 [snmp plugin: double free or heap corruption]
+CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in 
collectd ...)
- collectd  (bug #881757)
NOTE: https://github.com/collectd/collectd/issues/2291
 CVE-2017-16814
@@ -11665,12 +11693,12 @@
RESERVED
 CVE-2017-12740
RESERVED
-CVE-2017-12739
-   RESERVED
-CVE-2017-12738
-   RESERVED
-CVE-2017-12737
-   RESERVED
+CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM 
Modules with ...)
+   TODO: check
+CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM 
Modules with ...)
+   TODO: check
+CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM 
Modules with ...)
+   TODO: check
 CVE-2017-12736
RESERVED
 CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. 
An ...)
@@ -13869,122 +13897,122 @@
RESERVED
 CVE-2017-11885
RESERVED
-CVE-2017-11884
-   RESERVED
-CVE-2017-11883
-   RESERVED
-CVE-2017-11882
-   RESERVED
+CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to 
run ...)
+   TODO: check
+CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker 
to ...)
+   TODO: check
+CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 
Service ...)
+   TODO: check
 CVE-2017-11881
RESERVED
-CVE-2017-11880
-   RESERVED
-CVE-2017-11879
-   RESERVED
-CVE-2017-11878
-   RESERVED
-CVE-2017-11877
-   RESERVED
-CVE-2017-11876
-   RESERVED
+CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and 
R2 SP1, ...)
+   TODO: check
+CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session 
...)
+   TODO: check
+CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 
Service Pack ...)
+   TODO: check
+CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 
Service Pack ...)
+   TODO: check
+CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise 
Server ...)
+   TODO: check
 CVE-2017-11875
RESERVED
-CVE-2017-11874
-   RESERVED
-CVE-2017-11873
-   RESERVED
-CVE-2017-11872
-   RESERVED
-CVE-2017-11871
-   RESERVED
-CVE-2017-11870
-   RESERVED
-CVE-2017-11869
-   RESERVED
+CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows 
Server, ...)
+   TODO: check
+CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 
1709, ...)
+   TODO: check
+CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows 
Server ...)
+   TODO: check
+CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and 
Windows ...)
+   TODO: check
+CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and 
Windows ...)
+   TODO: check
+CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 
2008 and ...)
+   TODO: check
 CVE-2017-11868
RESERVED
 CVE-2017-11867
RESERVED
-CVE-2017-11866
-   RESERVED
+CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 
1703, ...)
+   

[Secure-testing-commits] r57638 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-14 21:10:19 + (Tue, 14 Nov 2017)
New Revision: 57638

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-14 20:55:39 UTC (rev 57637)
+++ data/CVE/list   2017-11-14 21:10:19 UTC (rev 57638)
@@ -1,3 +1,9 @@
+CVE-2017-16817
+   RESERVED
+CVE-2017-16816
+   RESERVED
+CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site 
Migration  ...)
+   TODO: check
 CVE-2017-16820 [snmp plugin: double free or heap corruption]
- collectd  (bug #881757)
NOTE: https://github.com/collectd/collectd/issues/2291
@@ -1386,8 +1392,8 @@
RESERVED
 CVE-2017-16240
RESERVED
-CVE-2017-16239
-   RESERVED
+CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 
16.x through ...)
+   TODO: check
 CVE-2017-16238
RESERVED
 CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file 
...)
@@ -11949,12 +11955,10 @@
NOT-FOR-US: Ipswitch IMail
 CVE-2017-12637 (Directory traversal vulnerability in ...)
NOT-FOR-US: SAP
-CVE-2017-12636
-   RESERVED
+CVE-2017-12636 (CouchDB administrative users can configure the database server 
via ...)
- couchdb 
NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
-CVE-2017-12635
-   RESERVED
+CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...)
- couchdb 
NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
 CVE-2017-12634
@@ -11982,8 +11986,8 @@
RESERVED
 CVE-2017-12625 (Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x 
before ...)
NOT-FOR-US: Apache Hive
-CVE-2017-12624
-   RESERVED
+CVE-2017-12624 (Apache CXF supports sending and receiving attachments via 
either the ...)
+   TODO: check
 CVE-2017-12623 (An authorized user could upload a template which contained 
malicious ...)
NOT-FOR-US: Apache NiFi
 CVE-2017-12622
@@ -17551,6 +17555,7 @@
 CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name 
field. ...)
NOT-FOR-US: GetSimple CMS
 CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for 
Perl allows ...)
+   {DLA-1171-1}
- libxml-libxml-perl 2.0128+dfsg-5 (bug #866676)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246
NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8
@@ -22333,8 +22338,8 @@
RESERVED
 CVE-2017-9086
RESERVED
-CVE-2017-9085
-   RESERVED
+CVE-2017-9085 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak 
InSite 6.5 ...)
+   TODO: check
 CVE-2017-9084
RESERVED
 CVE-2017-9083 (poppler 0.54.0, as used in Evince and other products, has a 
NULL ...)
@@ -31247,10 +31252,10 @@
NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2017-6276
RESERVED
-CVE-2017-6275
-   RESERVED
-CVE-2017-6274
-   RESERVED
+CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal 
Driver, ...)
+   TODO: check
+CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal 
Driver, ...)
+   TODO: check
 CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP 
Loader ...)
NOT-FOR-US: NVIDIA ADSP Firmware
 CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the 
kernel mode ...)
@@ -31290,8 +31295,8 @@
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
 CVE-2017-6265
RESERVED
-CVE-2017-6264
-   RESERVED
+CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA 
GPU ...)
+   TODO: check
 CVE-2017-6263
RESERVED
 CVE-2017-6262


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57614 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-14 09:10:13 + (Tue, 14 Nov 2017)
New Revision: 57614

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-14 08:26:59 UTC (rev 57613)
+++ data/CVE/list   2017-11-14 09:10:13 UTC (rev 57614)
@@ -1,3 +1,23 @@
+CVE-2017-16814
+   RESERVED
+CVE-2017-16813
+   RESERVED
+CVE-2017-16812
+   RESERVED
+CVE-2017-16811
+   RESERVED
+CVE-2017-16810 (Cross-site scripting (XSS) vulnerability in the All Variables 
tab in ...)
+   TODO: check
+CVE-2017-16809
+   RESERVED
+CVE-2017-16808 (tcpdump 4.9.2 has a heap-based buffer over-read related to 
aoe_print in ...)
+   TODO: check
+CVE-2017-16807 (A cross-site Scripting (XSS) vulnerability in Kirby Panel 
before 2.3.3, ...)
+   TODO: check
+CVE-2017-16806 (The Process function in 
RemoteTaskServer/WebServer/HttpServer.cs in ...)
+   TODO: check
+CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to 
cause a ...)
+   TODO: check
 CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the 
smacker_decode_tree ...)
- libav 
- ffmpeg 
@@ -588,6 +608,7 @@
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
NOTE: 
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
 CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 
1.3.26 does ...)
+   {DLA-1170-1}
- graphicsmagick 1.3.26-18
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
@@ -2429,6 +2450,7 @@
RESERVED
 CVE-2017-15923 [Crash in parsing IRC color formatting codes]
RESERVED
+   {DSA-4033-1}
- konversation 1.7.3-1 (bug #881586)
NOTE: 
https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the 
...)
@@ -3283,10 +3305,10 @@
RESERVED
 CVE-2017-15527
RESERVED
-CVE-2017-15526
-   RESERVED
-CVE-2017-15525
-   RESERVED
+CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be 
...)
+   TODO: check
+CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be 
...)
+   TODO: check
 CVE-2017-15524
RESERVED
 CVE-2017-15523
@@ -9863,7 +9885,7 @@
 CVE-2017-13135
RESERVED
 CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based 
buffer ...)
-   {DSA-4032-1 DLA-1081-1}
+   {DSA-4032-1 DLA-1170-1 DLA-1081-1}
- imagemagick  (bug #873099)
- graphicsmagick 1.3.26-19 (bug #881524)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
@@ -44315,8 +44337,8 @@
RESERVED
 CVE-2017-1711
RESERVED
-CVE-2017-1710
-   RESERVED
+CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize 
V7000 ...)
+   TODO: check
 CVE-2017-1709
RESERVED
 CVE-2017-1708
@@ -44781,8 +44803,8 @@
RESERVED
 CVE-2017-1478
RESERVED
-CVE-2017-1477
-   RESERVED
+CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a 
XML ...)
+   TODO: check
 CVE-2017-1476
RESERVED
 CVE-2017-1475
@@ -44829,8 +44851,8 @@
RESERVED
 CVE-2017-1454
RESERVED
-CVE-2017-1453
-   RESERVED
+CVE-2017-1453 (IBM Security Access Manager Appliance 9.0.3 could allow a 
remote ...)
+   TODO: check
 CVE-2017-1452 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 
...)
NOT-FOR-US: IBM
 CVE-2017-1451 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 
...)
@@ -45277,8 +45299,8 @@
RESERVED
 CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) 
uses ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
-CVE-2017-1229
-   RESERVED
+CVE-2017-1229 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could 
allow a ...)
+   TODO: check
 CVE-2017-1228 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) 
could ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
 CVE-2017-1227 (IBM Tivoli Endpoint Manager could allow a unauthorized user to 
consume ...)
@@ -45293,8 +45315,8 @@
NOT-FOR-US: IBM
 CVE-2017-1222 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) 
does not ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
-CVE-2017-1221
-   RESERVED
+CVE-2017-1221 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not 
require ...)
+   TODO: check
 CVE-2017-1220 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) 
...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
 CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External 
Entity ...)
@@ -51369,8 +51391,7 @@
RESERVED
- glance  (unimportant)
NOTE: 

[Secure-testing-commits] Processing r57610 failed

[security tracker role]

The error message was:

data/DLA/list:3: invalid non-printable character '\x1b'
Makefile:21: recipe for target 'all' failed
make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57605 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-13 21:10:16 + (Mon, 13 Nov 2017)
New Revision: 57605

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-13 19:27:59 UTC (rev 57604)
+++ data/CVE/list   2017-11-13 21:10:16 UTC (rev 57605)
@@ -1,11 +1,15 @@
-CVE-2017-16804 [Email reminders reveal information about inaccessible issues]
+CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the 
smacker_decode_tree ...)
+   TODO: check
+CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...)
+   TODO: check
+CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders 
function ...)
- redmine 
[wheezy] - redmine  (Not supported wheezy LTS)
NOTE: https://www.redmine.org/issues/25713 (private)
NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0
NOTE: 
https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
-CVE-2017-16801
-   RESERVED
+CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy ...)
+   TODO: check
 CVE-2017-16800
RESERVED
 CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in 
modules/New/action.addcategory.php, ...)
@@ -26,8 +30,8 @@
 CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 
does not ...)
- swftools 
NOTE: https://github.com/matthiaskramm/swftools/issues/47
-CVE-2017-16792
-   RESERVED
+CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in 
geminabox (Gem in ...)
+   TODO: check
 CVE-2017-16791
RESERVED
 CVE-2017-16790
@@ -5699,8 +5703,8 @@
NOT-FOR-US: EPESI
 CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks 
Phonecall ...)
NOT-FOR-US: EPESI
-CVE-2017-14711
-   RESERVED
+CVE-2017-14711 (The Kickbase GmbH Kickbase Bundesliga Manager app 
before 2.2.1 -- aka ...)
+   TODO: check
 CVE-2017-14710
RESERVED
 CVE-2017-14709
@@ -6639,8 +6643,8 @@
RESERVED
 CVE-2017-14389
RESERVED
-CVE-2017-14388
-   RESERVED
+CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior 
to 0.30.0 ...)
+   TODO: check
 CVE-2017-14387
RESERVED
 CVE-2017-14386
@@ -7757,16 +7761,16 @@
RESERVED
 CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB 
FOX515T ...)
NOT-FOR-US: ABB FOX515T
-CVE-2017-14024
-   RESERVED
+CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in 
Schneider ...)
+   TODO: check
 CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens 
SIMATIC ...)
NOT-FOR-US: Siemens
 CVE-2017-14022
RESERVED
 CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in 
Korenix ...)
NOT-FOR-US: Korenix
-CVE-2017-14020
-   RESERVED
+CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in 
...)
+   TODO: check
 CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in 
Progea ...)
NOT-FOR-US: Progea Movicon
 CVE-2017-14018
@@ -15962,8 +15966,8 @@
{DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/472
-CVE-2017-11169
-   RESERVED
+CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT 
iB-WRA300N3GT_1.1.1 devices ...)
+   TODO: check
 CVE-2017-11168
RESERVED
 CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP 
code by ...)
@@ -16966,8 +16970,8 @@
RESERVED
 CVE-2017-10886
RESERVED
-CVE-2017-10885
-   RESERVED
+CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and 
earlier ...)
+   TODO: check
 CVE-2017-10884
RESERVED
 CVE-2017-10883
@@ -16986,16 +16990,16 @@
RESERVED
 CVE-2017-10876
RESERVED
-CVE-2017-10875
-   RESERVED
+CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an 
...)
+   TODO: check
 CVE-2017-10874
RESERVED
 CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
NOT-FOR-US: OpenAM
 CVE-2017-10872
RESERVED
-CVE-2017-10871
-   RESERVED
+CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software 
version ...)
+   TODO: check
 CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku 
Hagaki ...)
NOT-FOR-US: Rakuraku Hagaki
 CVE-2017-10869
@@ -21337,8 +21341,8 @@
RESERVED
 CVE-2017-9315
RESERVED
-CVE-2017-9314
-   RESERVED
+CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, 
...)
+   TODO: check
 CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin 
before ...)
- webmin 
 CVE-2017-9312
@@ -23068,8 +23072,7 @@
RESERVED
 CVE-2017-8807
RESERVED
-CVE-2017-8806
-   

[Secure-testing-commits] r57595 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-13 09:10:14 + (Mon, 13 Nov 2017)
New Revision: 57595

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-13 08:36:06 UTC (rev 57594)
+++ data/CVE/list   2017-11-13 09:10:14 UTC (rev 57595)
@@ -1,3 +1,5 @@
+CVE-2017-16801
+   RESERVED
 CVE-2017-16800
RESERVED
 CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in 
modules/New/action.addcategory.php, ...)
@@ -8089,187 +8091,174 @@
RESERVED
 CVE-2017-13853
RESERVED
-CVE-2017-13852
-   RESERVED
+CVE-2017-13852 (An issue was discovered in certain Apple products. iOS before 
11.1 is ...)
+   TODO: check
 CVE-2017-13851
RESERVED
 CVE-2017-13850
RESERVED
-CVE-2017-13849
-   RESERVED
+CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 
11.1 is ...)
+   TODO: check
 CVE-2017-13848
RESERVED
 CVE-2017-13847
RESERVED
-CVE-2017-13846
-   RESERVED
+CVE-2017-13846 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
 CVE-2017-13845
RESERVED
-CVE-2017-13844
-   RESERVED
-CVE-2017-13843
-   RESERVED
-CVE-2017-13842
-   RESERVED
-CVE-2017-13841
-   RESERVED
-CVE-2017-13840
-   RESERVED
+CVE-2017-13844 (An issue was discovered in certain Apple products. iOS before 
11.1 is ...)
+   TODO: check
+CVE-2017-13843 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13842 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13841 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13840 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
 CVE-2017-13839
RESERVED
-CVE-2017-13838
-   RESERVED
+CVE-2017-13838 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
 CVE-2017-13837
RESERVED
-CVE-2017-13836
-   RESERVED
+CVE-2017-13836 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
 CVE-2017-13835
RESERVED
-CVE-2017-13834
-   RESERVED
-CVE-2017-13833
-   RESERVED
-CVE-2017-13832
-   RESERVED
-CVE-2017-13831
-   RESERVED
-CVE-2017-13830
-   RESERVED
-CVE-2017-13829
-   RESERVED
-CVE-2017-13828
-   RESERVED
+CVE-2017-13834 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13833 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13832 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13831 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13830 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13829 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13828 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
 CVE-2017-13827
RESERVED
-CVE-2017-13826
-   RESERVED
-CVE-2017-13825
-   RESERVED
-CVE-2017-13824
-   RESERVED
-CVE-2017-13823
-   RESERVED
-CVE-2017-13822
-   RESERVED
-CVE-2017-13821
-   RESERVED
-CVE-2017-13820
-   RESERVED
-CVE-2017-13819
-   RESERVED
-CVE-2017-13818
-   RESERVED
-CVE-2017-13817
-   RESERVED
-CVE-2017-13816
-   RESERVED
-CVE-2017-13815
-   RESERVED
-CVE-2017-13814
-   RESERVED
-CVE-2017-13813
-   RESERVED
-CVE-2017-13812
-   RESERVED
-CVE-2017-13811
-   RESERVED
-CVE-2017-13810
-   RESERVED
-CVE-2017-13809
-   RESERVED
-CVE-2017-13808
-   RESERVED
-CVE-2017-13807
-   RESERVED
+CVE-2017-13826 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13825 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13824 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13823 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13822 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13821 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13820 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13819 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13818 (An issue was discovered in certain Apple products. macOS 
before ...)
+   TODO: check
+CVE-2017-13817 (An out-of-bounds read issue was discovered in certain Apple 

[Secure-testing-commits] r57585 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-12 21:10:13 + (Sun, 12 Nov 2017)
New Revision: 57585

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-12 20:47:07 UTC (rev 57584)
+++ data/CVE/list   2017-11-12 21:10:13 UTC (rev 57585)
@@ -1,3 +1,15 @@
+CVE-2017-16800
+   RESERVED
+CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in 
modules/New/action.addcategory.php, ...)
+   TODO: check
+CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in 
...)
+   TODO: check
+CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not 
properly ...)
+   TODO: check
+CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not 
check ...)
+   TODO: check
+CVE-2017-16795
+   RESERVED
 CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not 
properly ...)
- swftools 
NOTE: https://github.com/matthiaskramm/swftools/issues/50
@@ -3947,7 +3959,7 @@
 CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 
2.1.27.9. ...)
NOT-FOR-US: TeamPass
 CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and 
GraphicsMagick ...)
-   {DLA-1140-1 DLA-1139-1}
+   {DSA-4032-1 DLA-1140-1 DLA-1139-1}
- imagemagick  (bug #878578)
- graphicsmagick 1.3.26-14
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5
@@ -4869,7 +4881,7 @@
NOTE: https://core.trac.wordpress.org/ticket/38474
NOTE: Wordpress in Wheezy requires a database upgrade and backports of 
new functions
 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in 
...)
-   {DLA-1131-1}
+   {DSA-4032-1 DLA-1131-1}
- imagemagick  (bug #878562)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
@@ -5752,7 +5764,7 @@
 CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as 
demonstrated by ...)
NOT-FOR-US: geminabox
 CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows 
remote ...)
-   {DLA-1131-1}
+   {DSA-4032-1 DLA-1131-1}
- imagemagick  (bug #876488)
NOTE: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32726
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
@@ -5987,7 +5999,7 @@
NOTE: 
https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
NOTE: https://github.com/LibRaw/LibRaw/issues/101
 CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related 
to ...)
-   {DLA-1131-1}
+   {DSA-4032-1 DLA-1131-1}
- imagemagick  (low; bug #878527)
NOTE: IM6 patch: 
https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
@@ -7082,7 +7094,7 @@
- libav 
NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
 CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c 
in ...)
-   {DLA-1131-1}
+   {DSA-4032-1 DLA-1131-1}
- imagemagick  (bug #876097)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
@@ -8296,7 +8308,7 @@
 CVE-2017-13770
RESERVED
 CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in 
ImageMagick ...)
-   {DLA-1131-1}
+   {DSA-4032-1 DLA-1131-1}
- imagemagick  (low; bug #878507)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
@@ -8346,7 +8358,7 @@
 CVE-2017-13759
RESERVED
 CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow 
in the ...)
-   {DLA-1131-1}
+   {DSA-4032-1 DLA-1131-1}
- imagemagick  (bug #878508)
NOTE: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32583
NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
@@ -9840,7 +9852,7 @@
 CVE-2017-13135
RESERVED
 CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based 
buffer ...)
-   {DLA-1081-1}
+   {DSA-4032-1 DLA-1081-1}
- imagemagick  (bug #873099)
- graphicsmagick 1.3.26-19 (bug #881524)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
@@ -10278,7 +10290,7 @@
 CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to 
message.php, ...)
NOT-FOR-US: PHPMyWind
 

[Secure-testing-commits] r57571 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-12 09:10:15 + (Sun, 12 Nov 2017)
New Revision: 57571

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-12 08:18:43 UTC (rev 57570)
+++ data/CVE/list   2017-11-12 09:10:15 UTC (rev 57571)
@@ -1,3 +1,11 @@
+CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not 
properly ...)
+   TODO: check
+CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 
does not ...)
+   TODO: check
+CVE-2017-16792
+   RESERVED
+CVE-2017-16791
+   RESERVED
 CVE-2017-16790
RESERVED
 CVE-2017-16789
@@ -9816,7 +9824,7 @@
RESERVED
 CVE-2017-13135
RESERVED
-CVE-2017-13134 (In ImageMagick 7.0.6-6, a heap-based buffer over-read was 
found in the ...)
+CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based 
buffer ...)
{DLA-1081-1}
- imagemagick  (bug #873099)
- graphicsmagick 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57563 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-11 21:10:14 + (Sat, 11 Nov 2017)
New Revision: 57563

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-11 20:32:20 UTC (rev 57562)
+++ data/CVE/list   2017-11-11 21:10:14 UTC (rev 57563)
@@ -7682,7 +7682,7 @@
 CVE-2017-14034
RESERVED
 CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 
2.2.8, ...)
-   {DLA-1114-1}
+   {DSA-4031-1 DLA-1114-1}
- ruby2.3  (bug #875928)
- ruby2.1 
- ruby1.9.1 
@@ -17180,7 +17180,7 @@
 CVE-2017-10785
RESERVED
 CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby 
before 2.2.8, ...)
-   {DLA-1114-1 DLA-1113-1}
+   {DSA-4031-1 DLA-1114-1 DLA-1113-1}
- ruby2.3  (bug #875931)
- ruby2.1 
- ruby1.9.1 
@@ -23030,7 +23030,7 @@
RESERVED
 CVE-2017-8806
RESERVED
-   {DSA-4029-1}
+   {DSA-4029-1 DLA-1169-1}
- postgresql-common 188
 CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync 
--safe-links ...)
- archvsync 20171017
@@ -45883,6 +45883,7 @@
 CVE-2017-0904
RESERVED
 CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a 
...)
+   {DSA-4031-1}
- ruby2.3  (bug #879231)
- ruby2.1 
- ruby1.9.1 
@@ -45936,7 +45937,7 @@
NOTE: For Ruby 2.2.7: 
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
NOTE: Not considered a vulnerability per se, if this affects a terminal 
emulator it's a bug there
 CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a 
malicious ...)
-   {DLA-1114-1 DLA-1113-1}
+   {DSA-4031-1 DLA-1114-1 DLA-1113-1}
- ruby2.3  (bug #875936)
- ruby2.1 
- ruby1.9.1 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57546 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-11 09:10:16 + (Sat, 11 Nov 2017)
New Revision: 57546

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-11 09:08:20 UTC (rev 57545)
+++ data/CVE/list   2017-11-11 09:10:16 UTC (rev 57546)
@@ -1,4 +1,24 @@
-CVE-2017-16785 [reflected XSS via the PATH_INFO to host.php]
+CVE-2017-16790
+   RESERVED
+CVE-2017-16789
+   RESERVED
+CVE-2017-16788
+   RESERVED
+CVE-2017-16787
+   RESERVED
+CVE-2017-16786
+   RESERVED
+CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...)
+   TODO: check
+CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template 
Injection via ...)
+   TODO: check
+CVE-2017-16782 (In Home Assistant before 0.57, it is possible to inject 
JavaScript code ...)
+   TODO: check
+CVE-2017-16781 (The installer in MyBB before 1.8.13 has XSS. ...)
+   TODO: check
+CVE-2017-16780 (The installer in MyBB before 1.8.13 allows remote attackers to 
execute ...)
+   TODO: check
+CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. 
...)
- cacti 
NOTE: https://github.com/Cacti/cacti/issues/1071
 CVE-2017-16779
@@ -594,8 +614,8 @@
NOT-FOR-US: MitraStar
 CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where 
...)
NOT-FOR-US: Inedo BuildMaster
-CVE-2017-16520
-   RESERVED
+CVE-2017-16520 (Inedo BuildMaster before 5.8.2 does not properly restrict 
creation of ...)
+   TODO: check
 CVE-2017-16519
RESERVED
 CVE-2017-16518


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57535 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-10 21:10:14 + (Fri, 10 Nov 2017)
New Revision: 57535

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-10 20:59:55 UTC (rev 57534)
+++ data/CVE/list   2017-11-10 21:10:14 UTC (rev 57535)
@@ -1,13 +1,43 @@
-CVE-2017-16764
+CVE-2017-16779
RESERVED
-CVE-2017-16763
+CVE-2017-16778
RESERVED
-CVE-2017-16762
+CVE-2017-16777
RESERVED
-CVE-2017-16761
+CVE-2017-16776
RESERVED
-CVE-2017-16760
+CVE-2017-16775
RESERVED
+CVE-2017-16774
+   RESERVED
+CVE-2017-16773
+   RESERVED
+CVE-2017-16772
+   RESERVED
+CVE-2017-16771
+   RESERVED
+CVE-2017-16770
+   RESERVED
+CVE-2017-16769
+   RESERVED
+CVE-2017-16768
+   RESERVED
+CVE-2017-16767
+   RESERVED
+CVE-2017-16766
+   RESERVED
+CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via 
cgi-bin/gui.cgi. ...)
+   TODO: check
+CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing 
functionality ...)
+   TODO: check
+CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing 
functionality ...)
+   TODO: check
+CVE-2017-16762 (Sanic before 0.5.1 allows reading arbitrary files with 
directory ...)
+   TODO: check
+CVE-2017-16761 (An Open Redirect vulnerability in Inedo BuildMaster before 
5.8.2 allows ...)
+   TODO: check
+CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS. ...)
+   TODO: check
 CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows 
remote ...)
NOT-FOR-US: LibreNMS
 CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...)
@@ -195,6 +225,7 @@
 CVE-2017-16670
RESERVED
 CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers 
to cause ...)
+   {DLA-1168-1}
- graphicsmagick 
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/450/
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d
@@ -557,8 +588,8 @@
NOT-FOR-US: MitraStar
 CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
NOT-FOR-US: MitraStar
-CVE-2017-16521
-   RESERVED
+CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where 
...)
+   TODO: check
 CVE-2017-16520
RESERVED
 CVE-2017-16519
@@ -3137,7 +3168,7 @@
 CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via 
the id ...)
NOT-FOR-US: zorovavi/blog
 CVE-2017-15587 (An integer overflow was discovered in 
pdf_read_new_xref_section in ...)
-   {DSA-4006-1 DLA-1164-1}
+   {DSA-4006-2 DSA-4006-1 DLA-1164-1}
- mupdf 1.11+ds1-2 (bug #879055)
NOTE: 
http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57525 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-10 09:10:26 + (Fri, 10 Nov 2017)
New Revision: 57525

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-10 08:53:38 UTC (rev 57524)
+++ data/CVE/list   2017-11-10 09:10:26 UTC (rev 57525)
@@ -1,3 +1,19 @@
+CVE-2017-16764
+   RESERVED
+CVE-2017-16763
+   RESERVED
+CVE-2017-16762
+   RESERVED
+CVE-2017-16761
+   RESERVED
+CVE-2017-16760
+   RESERVED
+CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows 
remote ...)
+   TODO: check
+CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...)
+   TODO: check
+CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under 
%PROGRAMFILES%, ...)
+   TODO: check
 CVE-2017-16756
RESERVED
 CVE-2017-16755


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57513 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-09 21:10:15 + (Thu, 09 Nov 2017)
New Revision: 57513

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-09 20:53:15 UTC (rev 57512)
+++ data/CVE/list   2017-11-09 21:10:15 UTC (rev 57513)
@@ -1,3 +1,161 @@
+CVE-2017-16756
+   RESERVED
+CVE-2017-16755
+   RESERVED
+CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to 
_profiler ...)
+   TODO: check
+CVE-2017-16753
+   RESERVED
+CVE-2017-16752
+   RESERVED
+CVE-2017-16751
+   RESERVED
+CVE-2017-16750
+   RESERVED
+CVE-2017-16749
+   RESERVED
+CVE-2017-16748
+   RESERVED
+CVE-2017-16747
+   RESERVED
+CVE-2017-16746
+   RESERVED
+CVE-2017-16745
+   RESERVED
+CVE-2017-16744
+   RESERVED
+CVE-2017-16743
+   RESERVED
+CVE-2017-16742
+   RESERVED
+CVE-2017-16741
+   RESERVED
+CVE-2017-16740
+   RESERVED
+CVE-2017-16739
+   RESERVED
+CVE-2017-16738
+   RESERVED
+CVE-2017-16737
+   RESERVED
+CVE-2017-16736
+   RESERVED
+CVE-2017-16735
+   RESERVED
+CVE-2017-16734
+   RESERVED
+CVE-2017-16733
+   RESERVED
+CVE-2017-16732
+   RESERVED
+CVE-2017-16731
+   RESERVED
+CVE-2017-16730
+   RESERVED
+CVE-2017-16729
+   RESERVED
+CVE-2017-16728
+   RESERVED
+CVE-2017-16727
+   RESERVED
+CVE-2017-16726
+   RESERVED
+CVE-2017-16725
+   RESERVED
+CVE-2017-16724
+   RESERVED
+CVE-2017-16723
+   RESERVED
+CVE-2017-16722
+   RESERVED
+CVE-2017-16721
+   RESERVED
+CVE-2017-16720
+   RESERVED
+CVE-2017-16719
+   RESERVED
+CVE-2017-16718
+   RESERVED
+CVE-2017-16717
+   RESERVED
+CVE-2017-16716
+   RESERVED
+CVE-2017-16715
+   RESERVED
+CVE-2017-16714
+   RESERVED
+CVE-2017-16713
+   RESERVED
+CVE-2017-16712
+   RESERVED
+CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in 
lib/modules/swfbits.c ...)
+   TODO: check
+CVE-2017-16710
+   RESERVED
+CVE-2017-16709
+   RESERVED
+CVE-2017-16708
+   RESERVED
+CVE-2017-16707
+   RESERVED
+CVE-2017-16706
+   RESERVED
+CVE-2017-16705
+   RESERVED
+CVE-2017-16704
+   RESERVED
+CVE-2017-16703
+   RESERVED
+CVE-2017-16702
+   RESERVED
+CVE-2017-16701
+   RESERVED
+CVE-2017-16700
+   RESERVED
+CVE-2017-16699
+   RESERVED
+CVE-2017-16698
+   RESERVED
+CVE-2017-16697
+   RESERVED
+CVE-2017-16696
+   RESERVED
+CVE-2017-16695
+   RESERVED
+CVE-2017-16694
+   RESERVED
+CVE-2017-16693
+   RESERVED
+CVE-2017-16692
+   RESERVED
+CVE-2017-16691
+   RESERVED
+CVE-2017-16690
+   RESERVED
+CVE-2017-16689
+   RESERVED
+CVE-2017-16688
+   RESERVED
+CVE-2017-16687
+   RESERVED
+CVE-2017-16686
+   RESERVED
+CVE-2017-16685
+   RESERVED
+CVE-2017-16684
+   RESERVED
+CVE-2017-16683
+   RESERVED
+CVE-2017-16682
+   RESERVED
+CVE-2017-16681
+   RESERVED
+CVE-2017-16680
+   RESERVED
+CVE-2017-16679
+   RESERVED
+CVE-2017-16678
+   RESERVED
 CVE-2017-16677
RESERVED
 CVE-2017-16676
@@ -65,8 +223,8 @@
RESERVED
 CVE-2017-16652
RESERVED
-CVE-2017-16651 [file disclosure vulnerabliity]
-   RESERVED
+CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x 
before ...)
+   {DSA-4030-1}
- roundcube 1.3.3+dfsg.1-1
NOTE: master: 
https://github.com/roundcube/roundcubemail/commit/2a32f51c91d5e9c7b1a9d931846dd44c008ff36d
NOTE: release-1.3: 
https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806
@@ -124,10 +282,10 @@
NOT-FOR-US: Bludit
 CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the 
...)
NOT-FOR-US: TinyWebGallery
-CVE-2017-16634
-   RESERVED
-CVE-2017-16633
-   RESERVED
+CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass 
a ...)
+   TODO: check
+CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed 
read-only ...)
+   TODO: check
 CVE-2017-16632
RESERVED
 CVE-2017-16631
@@ -256,10 +414,10 @@
NOT-FOR-US: KeystoneJS
 CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 
via an ...)
NOT-FOR-US: Zurmo
-CVE-2017-16568
-   RESERVED
-CVE-2017-16567
-   RESERVED
+CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media 
Server ...)
+   TODO: check
+CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media 
Server ...)
+   TODO: check
 CVE-2017-16566
RESERVED
 CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage 
...)
@@ -268,8 +426,8 @@
NOT-FOR-US: Vonage
 CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen 
on ...)
NOT-FOR-US: Vonage
-CVE-2017-16562
-   RESERVED
+CVE-2017-16562 (The 

[Secure-testing-commits] r57484 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-09 09:10:13 + (Thu, 09 Nov 2017)
New Revision: 57484

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-09 07:26:10 UTC (rev 57483)
+++ data/CVE/list   2017-11-09 09:10:13 UTC (rev 57484)
@@ -1,3 +1,21 @@
+CVE-2017-16677
+   RESERVED
+CVE-2017-16676
+   RESERVED
+CVE-2017-16675
+   RESERVED
+CVE-2017-16674 (Datto Windows Agent allows unauthenticated remote command 
execution via ...)
+   TODO: check
+CVE-2017-16673 (Datto Backup Agent 1.0.6.0 and earlier does not authenticate 
incoming ...)
+   TODO: check
+CVE-2017-16672 (An issue was discovered in Asterisk Open Source 13 before 
13.18.1, 14 ...)
+   TODO: check
+CVE-2017-16671 (A Buffer Overflow issue was discovered in Asterisk Open Source 
13 ...)
+   TODO: check
+CVE-2017-16670
+   RESERVED
+CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers 
to cause ...)
+   TODO: check
 CVE-2017-16668
RESERVED
 CVE-2017-1
@@ -12622,7 +12640,7 @@
RESERVED
 CVE-2017-12197
RESERVED
-   {DLA-1165-1}
+   {DSA-4025-1 DLA-1165-1}
- libpam4j 1.4-3 (bug #879001)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103
NOTE: https://github.com/kohsuke/libpam4j/issues/18
@@ -14609,10 +14627,10 @@
RESERVED
 CVE-2017-11513
RESERVED
-CVE-2017-11512
-   RESERVED
-CVE-2017-11511
-   RESERVED
+CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to 
arbitrary file ...)
+   TODO: check
+CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to 
arbitrary file ...)
+   TODO: check
 CVE-2017-11510
RESERVED
 CVE-2017-11509


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57466 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-08 21:10:14 + (Wed, 08 Nov 2017)
New Revision: 57466

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-08 20:49:18 UTC (rev 57465)
+++ data/CVE/list   2017-11-08 21:10:14 UTC (rev 57466)
@@ -1,4 +1,12 @@
-CVE-2017-16667 [shell injection in notify-send]
+CVE-2017-16668
+   RESERVED
+CVE-2017-1
+   RESERVED
+CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to 
a ...)
+   TODO: check
+CVE-2017-16664
+   RESERVED
+CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper ...)
- backintime  (bug #881205)
NOTE: https://github.com/bit-team/backintime/issues/834
NOTE: 
https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3
@@ -344,6 +352,7 @@
 CVE-2017-16517
RESERVED
 CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file 
is ...)
+   {DLA-1167-1}
- ruby-yajl 1.2.0-3.1 (low; bug #880691)
[stretch] - ruby-yajl  (Minor issue)
[jessie] - ruby-yajl  (Minor issue)
@@ -2230,8 +2239,8 @@
NOT-FOR-US: user-login-history plugin for WordPress
 CVE-2017-15866
RESERVED
-CVE-2017-15865
-   RESERVED
+CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as 
used in ...)
+   TODO: check
 CVE-2017-15864
RESERVED
 CVE-2016-10517 (networking.c in Redis before 3.2.7 allows Cross Protocol 
Scripting ...)
@@ -3272,6 +3281,7 @@
RESERVED
 CVE-2017-15399
RESERVED
+   {DSA-4024-1}
- chromium-browser 62.0.3202.89-1
[jessie] - chromium-browser  (End of life, see DSA 4020)
[wheezy] - chromium-browser  (Not supported in Wheezy)
@@ -3279,6 +3289,7 @@
NOTE: libv8 not covered by security support
 CVE-2017-15398
RESERVED
+   {DSA-4024-1}
- chromium-browser 62.0.3202.89-1
[jessie] - chromium-browser  (End of life, see DSA 4020)
[wheezy] - chromium-browser  (Not supported in Wheezy)
@@ -4162,14 +4173,11 @@
NOTE: runs on client systems, and only with a certificate that is 
explicitly
NOTE: configured locally, leading to a local kinit crash if passed a 
crafted
NOTE: local certificate. This is hardly has any harmful security 
implication.
-CVE-2017-15087
-   RESERVED
+CVE-2017-15087 (It was discovered that the fix for CVE-2017-12163 was not 
properly ...)
- samba  (Incomplete Red Hat backport for CVE-2017-12163)
-CVE-2017-15086
-   RESERVED
+CVE-2017-15086 (It was discovered that the fix for CVE-2017-12151 was not 
properly ...)
- samba  (Incomplete Red Hat backport for CVE-2017-12151)
-CVE-2017-15085
-   RESERVED
+CVE-2017-15085 (It was discovered that the fix for CVE-2017-12150 was not 
properly ...)
- samba  (Incomplete Red Hat backport for CVE-2017-12150)
 CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows 
logout ...)
NOT-FOR-US: Metasploit Framework
@@ -6330,8 +6338,8 @@
RESERVED
 CVE-2017-14361
RESERVED
-CVE-2017-14360
-   RESERVED
+CVE-2017-14360 (A potential security vulnerability has been identified in HPE 
Content ...)
+   TODO: check
 CVE-2017-14359 (A potential security vulnerability has been identified in HPE 
...)
NOT-FOR-US: HPE Performance Center
 CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP 
ArcSight ESM ...)
@@ -10963,8 +10971,8 @@
RESERVED
 CVE-2017-12825
RESERVED
-CVE-2017-12824
-   RESERVED
+CVE-2017-12824 (Special crafted InPage document leads to arbitrary code 
execution in ...)
+   TODO: check
 CVE-2017-12823
RESERVED
 CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's 
HASP SRM, ...)
@@ -20895,7 +20903,7 @@
[wheezy] - chicken  (Minor issue)
NOTE: Original announcement: 
http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg0.html
NOTE: Patch: 
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html
-CVE-2017-9330 (QEMU (aka Quick Emulator), when built with the USB OHCI 
Emulation ...)
+CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB 
OHCI ...)
{DSA-3920-1}
- qemu 1:2.8+dfsg-7 (bug #863943)
[jessie] - qemu  (Minor issue)
@@ -21844,8 +21852,8 @@
NOTE: 
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
 CVE-2017-9097 (In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices 
through ...)
NOT-FOR-US: Anti-Web
-CVE-2017-9096
-   RESERVED
+CVE-2017-9096 (The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do 
not ...)
+   TODO: check
 CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local 
files ...)
NOT-FOR-US: Diving Log
 

[Secure-testing-commits] r57437 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-08 09:10:21 + (Wed, 08 Nov 2017)
New Revision: 57437

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-08 08:28:25 UTC (rev 57436)
+++ data/CVE/list   2017-11-08 09:10:21 UTC (rev 57437)
@@ -1,7 +1,47 @@
-CVE-2017-16661 [Local File Read]
+CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant 
heap-based ...)
+   TODO: check
+CVE-2017-16662
+   RESERVED
+CVE-2017-16659 (The Gentoo mail-filter/assp package 1.9.8.13030 and earlier 
allows ...)
+   TODO: check
+CVE-2017-16658
+   RESERVED
+CVE-2017-16657
+   RESERVED
+CVE-2017-16656
+   RESERVED
+CVE-2017-16655
+   RESERVED
+CVE-2017-16654
+   RESERVED
+CVE-2017-16653
+   RESERVED
+CVE-2017-16652
+   RESERVED
+CVE-2017-16651
+   RESERVED
+CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in 
the Linux ...)
+   TODO: check
+CVE-2017-16649 (The usbnet_generic_cdc_bind function in 
drivers/net/usb/cdc_ether.c in ...)
+   TODO: check
+CVE-2017-16648 (The dvb_frontend_free function in 
drivers/media/dvb-core/dvb_frontend.c ...)
+   TODO: check
+CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 
4.13.11 ...)
+   TODO: check
+CVE-2017-16646 (drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux 
kernel through ...)
+   TODO: check
+CVE-2017-16645 (The ims_pcu_get_cdc_union_desc function in 
drivers/input/misc/ims-pcu.c ...)
+   TODO: check
+CVE-2017-16644 (The hdpvr_probe function in 
drivers/media/usb/hdpvr/hdpvr-core.c in the ...)
+   TODO: check
+CVE-2017-16643 (The parse_hid_report_descriptor function in 
drivers/input/tablet/gtco.c ...)
+   TODO: check
+CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 
7.1.11, an ...)
+   TODO: check
+CVE-2017-16661 (Cacti 1.1.27 allows remote authenticated administrators to 
read ...)
- cacti 
NOTE: https://github.com/Cacti/cacti/issues/1066
-CVE-2017-16660 [RCE]
+CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to 
conduct ...)
- cacti 
NOTE: https://github.com/Cacti/cacti/issues/1066
 CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated 
administrators ...)
@@ -12,7 +52,7 @@
RESERVED
 CVE-2017-16639
RESERVED
-CVE-2008-7319 [command injection via crafted arguments]
+CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does 
not ...)
- libnet-ping-external-perl  (bug #881097)
[stretch] - libnet-ping-external-perl  (Remove in next point 
update)
[jessie] - libnet-ping-external-perl  (Remove in next point 
update)
@@ -58,14 +98,14 @@
RESERVED
 CVE-2017-16619
RESERVED
-CVE-2017-16618
-   RESERVED
+CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading 
functionality ...)
+   TODO: check
 CVE-2017-16617
RESERVED
-CVE-2017-16616
-   RESERVED
-CVE-2017-16615
-   RESERVED
+CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing 
functionality ...)
+   TODO: check
+CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing 
functionality ...)
+   TODO: check
 CVE-2017-16614
RESERVED
 CVE-2017-16613
@@ -172,8 +212,8 @@
NOT-FOR-US: Vonage
 CVE-2017-16562
RESERVED
-CVE-2017-16561
-   RESERVED
+CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 
2.3.0 is ...)
+   TODO: check
 CVE-2017-16560
RESERVED
 CVE-2017-16559
@@ -2803,6 +2843,7 @@
 CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho) 
...)
NOT-FOR-US: IDEMIA
 CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD 
Slurm ...)
+   {DSA-4023-1}
- slurm-llnl 17.02.9-1 (bug #880530)
[jessie] - slurm-llnl  (Vulnerable code introduced later)
[wheezy] - slurm-llnl  (Vulnerable code introduced later)
@@ -76693,8 +76734,8 @@
RESERVED
 CVE-2016-0873
RESERVED
-CVE-2016-0872
-   RESERVED
+CVE-2016-0872 (A Plaintext Storage of a Password issue was discovered in 
Kabona AB ...)
+   TODO: check
 CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote 
...)
NOT-FOR-US: Eaton Lighting EG2 Web Control
 CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows 
remote ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57416 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-07 21:10:12 + (Tue, 07 Nov 2017)
New Revision: 57416

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-07 21:00:39 UTC (rev 57415)
+++ data/CVE/list   2017-11-07 21:10:12 UTC (rev 57416)
@@ -1,3 +1,9 @@
+CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated 
administrators ...)
+   TODO: check
+CVE-2017-16640
+   RESERVED
+CVE-2017-16639
+   RESERVED
 CVE-2008-7319 [command injection via crafted arguments]
- libnet-ping-external-perl  (bug #881097)
[stretch] - libnet-ping-external-perl  (Remove in next point 
update)
@@ -2106,8 +2112,8 @@
RESERVED
 CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet 
Radio List ...)
NOT-FOR-US: Synology
-CVE-2017-15887
-   RESERVED
+CVE-2017-15887 (An improper restriction of excessive authentication attempts 
...)
+   TODO: check
 CVE-2017-15886
RESERVED
 CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 
2100 Network ...)
@@ -2846,7 +2852,7 @@
 CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via 
the id ...)
NOT-FOR-US: zorovavi/blog
 CVE-2017-15587 (An integer overflow was discovered in 
pdf_read_new_xref_section in ...)
-   {DSA-4006-1}
+   {DSA-4006-1 DLA-1164-1}
- mupdf 1.11+ds1-2 (bug #879055)
NOTE: 
http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
@@ -5323,7 +5329,7 @@
 CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of 
service or ...)
NOT-FOR-US: STDU Viewer
 CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of 
service or ...)
-   {DSA-4006-1}
+   {DSA-4006-1 DLA-1164-1}
- mupdf 1.11+ds1-1.1 (bug #877379)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558
NOTE: Fixed by: 
http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
@@ -5457,7 +5463,7 @@
[jessie] - sam2p  (Minor issue)
NOTE: https://github.com/pts/sam2p/issues/14 (bug 4)
 CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x 
before ...)
-   {DLA-1119-1}
+   {DSA-4021-1 DLA-1119-1}
- otrs2 5.0.23-1 (bug #876462)
NOTE: 
https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 
(rel-5_0)
NOTE: 
https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618 
(rel-5_0)
@@ -11477,6 +11483,7 @@
NOTE: 
mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
NOTE: 
https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147
 CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 
to ...)
+   {DLA-1166-1}
- tomcat9  (bug #802312)
- tomcat8 8.5.23-1
- tomcat8.0  (unimportant)
@@ -11522,12 +11529,14 @@
RESERVED
 CVE-2017-12608
RESERVED
+   {DSA-4022-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
NOTE: 
https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
 CVE-2017-12607
RESERVED
+   {DSA-4022-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
@@ -12531,6 +12540,7 @@
RESERVED
 CVE-2017-12197
RESERVED
+   {DLA-1165-1}
- libpam4j 1.4-3 (bug #879001)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103
NOTE: https://github.com/kohsuke/libpam4j/issues/18
@@ -12883,12 +12893,12 @@
RESERVED
 CVE-2017-12097
RESERVED
-CVE-2017-12096
-   RESERVED
+CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of 
Circle ...)
+   TODO: check
 CVE-2017-12095
RESERVED
-CVE-2017-12094
-   RESERVED
+CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel 
parsing of ...)
+   TODO: check
 CVE-2017-12093
RESERVED
 CVE-2017-12092
@@ -12905,12 +12915,12 @@
RESERVED
 CVE-2017-12086
RESERVED
-CVE-2017-12085
-   RESERVED
-CVE-2017-12084
-   RESERVED
-CVE-2017-12083
-   RESERVED
+CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with 
Disney ...)
+   TODO: check
+CVE-2017-12084 (A backdoor vulnerability exists in remote control 
functionality of ...)
+   TODO: check
+CVE-2017-12083 (An exploitable information disclosure vulnerability exists in 

[Secure-testing-commits] r57396 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-07 09:10:21 + (Tue, 07 Nov 2017)
New Revision: 57396

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-07 08:04:53 UTC (rev 57395)
+++ data/CVE/list   2017-11-07 09:10:21 UTC (rev 57396)
@@ -1,3 +1,15 @@
+CVE-2017-16638 (The Gentoo net-misc/vde package before version 2.3.2-r4 may 
allow ...)
+   TODO: check
+CVE-2017-16637 (In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, 
when ...)
+   TODO: check
+CVE-2017-16636 (In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located 
in the new ...)
+   TODO: check
+CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the 
...)
+   TODO: check
+CVE-2017-16634
+   RESERVED
+CVE-2017-16633
+   RESERVED
 CVE-2017-16632
RESERVED
 CVE-2017-16631
@@ -7284,24 +7296,24 @@
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1058757
NOTE: 
https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/
NOTE: 
https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b
-CVE-2017-14031
-   RESERVED
+CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral 
VTScada ...)
+   TODO: check
 CVE-2017-14030
RESERVED
-CVE-2017-14029
-   RESERVED
+CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in 
Trihedral ...)
+   TODO: check
 CVE-2017-14028
RESERVED
 CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in 
Korenix JetNet ...)
NOT-FOR-US: Korenix
 CVE-2017-14026
RESERVED
-CVE-2017-14025
-   RESERVED
+CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB 
FOX515T ...)
+   TODO: check
 CVE-2017-14024
RESERVED
-CVE-2017-14023
-   RESERVED
+CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens 
SIMATIC ...)
+   TODO: check
 CVE-2017-14022
RESERVED
 CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in 
Korenix ...)
@@ -7314,8 +7326,8 @@
RESERVED
 CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in 
Progea ...)
NOT-FOR-US: Progea Movicon
-CVE-2017-14016
-   RESERVED
+CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in 
Advantech ...)
+   TODO: check
 CVE-2017-14015
RESERVED
 CVE-2017-14014
@@ -8263,10 +8275,10 @@
NOT-FOR-US: Symantec
 CVE-2017-13682 (In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a 
kernel ...)
NOT-FOR-US: Symantec
-CVE-2017-13681
-   RESERVED
-CVE-2017-13680
-   RESERVED
+CVE-2017-13681 (Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could 
be ...)
+   TODO: check
+CVE-2017-13680 (Prior to SEP 12.1 RU6 MP9  SEP 14 RU1 Symantec Endpoint 
Protection ...)
+   TODO: check
 CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption 
Desktop before ...)
NOT-FOR-US: Symantec
 CVE-2017-13678
@@ -11157,8 +11169,8 @@
RESERVED
 CVE-2017-12720
RESERVED
-CVE-2017-12719
-   RESERVED
+CVE-2017-12719 (An Untrusted Pointer Dereference issue was discovered in 
Advantech ...)
+   TODO: check
 CVE-2017-12718
RESERVED
 CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in 
Advantech ...)
@@ -11454,6 +11466,7 @@
 CVE-2017-12619
RESERVED
 CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior 
fail to ...)
+   {DLA-1163-1}
- apr-util 1.6.1-1 (low; bug #879996)
NOTE: 
mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
NOTE: 
https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147
@@ -30418,8 +30431,8 @@
RESERVED
 CVE-2017-6332
RESERVED
-CVE-2017-6331
-   RESERVED
+CVE-2017-6331 (Prior to SEP 14 RU1 Symantec Endpoint Protection product can 
encounter ...)
+   TODO: check
 CVE-2017-6330 (Symantec Encryption Desktop before SED 10.4.1MP2 can allow 
remote ...)
NOT-FOR-US: Symantec
 CVE-2017-6329 (Symantec VIP Access for Desktop prior to 2.2.4 can be 
susceptible to a ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57382 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-06 21:10:16 + (Mon, 06 Nov 2017)
New Revision: 57382

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-06 20:53:43 UTC (rev 57381)
+++ data/CVE/list   2017-11-06 21:10:16 UTC (rev 57382)
@@ -1,3 +1,127 @@
+CVE-2017-16632
+   RESERVED
+CVE-2017-16631
+   RESERVED
+CVE-2017-16630
+   RESERVED
+CVE-2017-16629
+   RESERVED
+CVE-2017-16628
+   RESERVED
+CVE-2017-16627
+   RESERVED
+CVE-2017-16626
+   RESERVED
+CVE-2017-16625
+   RESERVED
+CVE-2017-16624
+   RESERVED
+CVE-2017-16623
+   RESERVED
+CVE-2017-16622
+   RESERVED
+CVE-2017-16621
+   RESERVED
+CVE-2017-16620
+   RESERVED
+CVE-2017-16619
+   RESERVED
+CVE-2017-16618
+   RESERVED
+CVE-2017-16617
+   RESERVED
+CVE-2017-16616
+   RESERVED
+CVE-2017-16615
+   RESERVED
+CVE-2017-16614
+   RESERVED
+CVE-2017-16613
+   RESERVED
+CVE-2017-16612
+   RESERVED
+CVE-2017-16611
+   RESERVED
+CVE-2017-16610
+   RESERVED
+CVE-2017-16609
+   RESERVED
+CVE-2017-16608
+   RESERVED
+CVE-2017-16607
+   RESERVED
+CVE-2017-16606
+   RESERVED
+CVE-2017-16605
+   RESERVED
+CVE-2017-16604
+   RESERVED
+CVE-2017-16603
+   RESERVED
+CVE-2017-16602
+   RESERVED
+CVE-2017-16601
+   RESERVED
+CVE-2017-16600
+   RESERVED
+CVE-2017-16599
+   RESERVED
+CVE-2017-16598
+   RESERVED
+CVE-2017-16597
+   RESERVED
+CVE-2017-16596
+   RESERVED
+CVE-2017-16595
+   RESERVED
+CVE-2017-16594
+   RESERVED
+CVE-2017-16593
+   RESERVED
+CVE-2017-16592
+   RESERVED
+CVE-2017-16591
+   RESERVED
+CVE-2017-16590
+   RESERVED
+CVE-2017-16589
+   RESERVED
+CVE-2017-16588
+   RESERVED
+CVE-2017-16587
+   RESERVED
+CVE-2017-16586
+   RESERVED
+CVE-2017-16585
+   RESERVED
+CVE-2017-16584
+   RESERVED
+CVE-2017-16583
+   RESERVED
+CVE-2017-16582
+   RESERVED
+CVE-2017-16581
+   RESERVED
+CVE-2017-16580
+   RESERVED
+CVE-2017-16579
+   RESERVED
+CVE-2017-16578
+   RESERVED
+CVE-2017-16577
+   RESERVED
+CVE-2017-16576
+   RESERVED
+CVE-2017-16575
+   RESERVED
+CVE-2017-16574
+   RESERVED
+CVE-2017-16573
+   RESERVED
+CVE-2017-16572
+   RESERVED
+CVE-2017-16571
+   RESERVED
 CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF 
bypass by ...)
NOT-FOR-US: KeystoneJS
 CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 
via an ...)
@@ -1292,8 +1416,8 @@
RESERVED
 CVE-2017-16002
RESERVED
-CVE-2017-16001
-   RESERVED
+CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka 
vagrant-vmware-fusion) ...)
+   TODO: check
 CVE-2017-16000 (SQL injection vulnerability in the EyesOfNetwork web interface 
(aka ...)
NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2017-15999 (In the NQ Contacts Backup  Restore 
application 1.1 for Android, no ...)
@@ -2436,8 +2560,7 @@
RESERVED
 CVE-2017-15673
RESERVED
-CVE-2017-15672
-   RESERVED
+CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 
3.3.4 and ...)
- ffmpeg 
[stretch] - ffmpeg  (Wait until next round of security 
releases)
- libav 
@@ -3303,8 +3426,7 @@
RESERVED
 CVE-2017-15307
RESERVED
-CVE-2017-15306 [KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM]
-   RESERVED
+CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in 
arch/powerpc/kvm/powerpc.c ...)
- linux 
[jessie] - linux  (Vulnerable code introduced later)
[wheezy] - linux  (Vulnerable code introduced later)
@@ -11307,6 +11429,7 @@
 CVE-2017-12614
RESERVED
 CVE-2017-12613 (When apr_exp_time*() or apr_os_exp_time*() functions are 
invoked with ...)
+   {DLA-1162-1}
- apr 1.6.3-1 (low; bug #879708)
[stretch] - apr  (Minor issue)
[jessie] - apr  (Minor issue)
@@ -15205,8 +15328,8 @@
NOT-FOR-US: FineCMS
 CVE-2017-11178 (In FineCMS through 2017-07-11, 
application/core/controller/style.php ...)
NOT-FOR-US: FineCMS
-CVE-2017-11177
-   RESERVED
+CVE-2017-11177 (TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict 
file ...)
+   TODO: check
 CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does 
not set ...)
{DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
@@ -26723,8 +26846,8 @@
RESERVED
 CVE-2017-7426
RESERVED
-CVE-2017-7425
-   RESERVED
+CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager 
...)
+   TODO: check
 CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro 
Focus ...)
NOT-FOR-US: Micro Focus
 CVE-2017-7423 (A Cross-Site Request Forgery (CWE-352) vulnerability in 
esfadmingui in ...)
@@ -80803,8 +80926,7 @@

[Secure-testing-commits] r57358 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-06 09:10:22 + (Mon, 06 Nov 2017)
New Revision: 57358

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-06 05:30:22 UTC (rev 57357)
+++ data/CVE/list   2017-11-06 09:10:22 UTC (rev 57358)
@@ -1,3 +1,55 @@
+CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF 
bypass by ...)
+   TODO: check
+CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 
via an ...)
+   TODO: check
+CVE-2017-16568
+   RESERVED
+CVE-2017-16567
+   RESERVED
+CVE-2017-16566
+   RESERVED
+CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage 
...)
+   TODO: check
+CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in 
/cgi-bin/config2 on ...)
+   TODO: check
+CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen 
on ...)
+   TODO: check
+CVE-2017-16562
+   RESERVED
+CVE-2017-16561
+   RESERVED
+CVE-2017-16560
+   RESERVED
+CVE-2017-16559
+   RESERVED
+CVE-2017-16558
+   RESERVED
+CVE-2017-16557
+   RESERVED
+CVE-2017-16556
+   RESERVED
+CVE-2017-16555
+   RESERVED
+CVE-2017-16554
+   RESERVED
+CVE-2017-16553
+   RESERVED
+CVE-2017-16552
+   RESERVED
+CVE-2017-16551
+   RESERVED
+CVE-2017-16550
+   RESERVED
+CVE-2017-16549
+   RESERVED
+CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
+   TODO: check
+CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 
1.3.26 does ...)
+   TODO: check
+CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 
7.0.7-9 does ...)
+   TODO: check
+CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 
1.3.26 does ...)
+   TODO: check
 CVE-2017-16544
RESERVED
 CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via ...)
@@ -54,8 +106,8 @@
NOTE: Fixed by: 
https://git.kernel.org/linus/bbf26183b7a6236ba602f4d6a2f7cade35bba043
 CVE-2017-16525 (The usb_serial_console_disconnect function in ...)
- linux 4.13.10-1
-CVE-2017-16524
-   RESERVED
+CVE-2017-16524 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from 
an ...)
+   TODO: check
 CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
NOT-FOR-US: MitraStar
 CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
@@ -3001,48 +3053,59 @@
RESERVED
 CVE-2017-15396
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
- libv8  (unimportant)
NOTE: libv8 not covered by security support
 CVE-2017-15395
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15394
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15393
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15392
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15391
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15390
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15389
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15388
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15387
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15386
RESERVED
+   {DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2017-15385 (The store_versioninfo_gnu_verdef function in 
libr/bin/format/elf/elf.c ...)
@@ -4004,8 +4067,8 @@
NOTE: 
https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
 CVE-2017-15040
RESERVED
-CVE-2017-15039
-   RESERVED
+CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 
via a ...)
+   TODO: check
 CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c 
in QEMU ...)
{DLA-1129-1 DLA-1128-1}
- qemu 1:2.10.0+dfsg-2 

[Secure-testing-commits] r57351 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-05 21:10:14 + (Sun, 05 Nov 2017)
New Revision: 57351

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-05 19:35:53 UTC (rev 57350)
+++ data/CVE/list   2017-11-05 21:10:14 UTC (rev 57351)
@@ -1,3 +1,9 @@
+CVE-2017-16544
+   RESERVED
+CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via ...)
+   TODO: check
+CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 allows 
Post-authentication ...)
+   TODO: check
 CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote 
attackers to ...)
TODO: check
 CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote 
database ...)
@@ -1953,6 +1959,7 @@
 CVE-2017-15864
RESERVED
 CVE-2016-10517 (networking.c in Redis before 3.2.7 allows Cross Protocol 
Scripting ...)
+   {DLA-1161-1}
- redis 3:3.2.7-1
NOTE: 
https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
 CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks 
plugin ...)
@@ -9107,6 +9114,7 @@
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870013)
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430
 CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a 
crafted file ...)
+   {DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/600
 CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the 
Bridge theme ...)
@@ -11046,6 +11054,7 @@
- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/617
 CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in 
...)
+   {DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/621
 CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in 
WriteCALSImage ...)
@@ -11133,7 +11142,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/550
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
 CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in 
...)
-   {DLA-1081-1}
+   {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/542
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
@@ -11316,7 +11325,7 @@
NOTE: https://github.com/rsyslog/rsyslog/pull/1565
NOTE: The zmq3 input and output modules are not enabled and built in 
Debian
 CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the 
ReadPWPImage ...)
-   {DLA-1081-1}
+   {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870526)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/535
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add
@@ -11732,7 +11741,7 @@
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc
NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620
 CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was 
found in ...)
-   {DLA-1081-1}
+   {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870491)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/536
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7
@@ -13291,13 +13300,14 @@
NOTE: changing the upstream pro file to enable YT_USE_YTSIG. 
YT_USE_YTSIG is
NOTE: disabled by default on upstream since 17.2.0
 CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ...)
+   {DSA-4019-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870111)
[wheezy] - imagemagick  (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/596
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0
NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645
 CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...)
-   {DLA-1081-1}
+   {DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
 CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion 

[Secure-testing-commits] r57321 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-04 21:10:14 + (Sat, 04 Nov 2017)
New Revision: 57321

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-04 20:25:50 UTC (rev 57320)
+++ data/CVE/list   2017-11-04 21:10:14 UTC (rev 57321)
@@ -1,3 +1,9 @@
+CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote 
attackers to ...)
+   TODO: check
+CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote 
database ...)
+   TODO: check
+CVE-2017-16539 (The DefaultLinuxSpec function in oci/defaults.go in Docker 
Moby through ...)
+   TODO: check
 CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel 
through ...)
- linux 
 CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the 
Linux kernel ...)
@@ -122,6 +128,7 @@
 CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 
16.04 before ...)
TODO: check
 CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where 
$wpdb-prepare() ...)
+   {DLA-1160-1}
- wordpress 4.8.3+dfsg-1 (bug #880528)
NOTE: https://wpvulndb.com/vulnerabilities/8941
NOTE: 
https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57299 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-04 09:10:24 + (Sat, 04 Nov 2017)
New Revision: 57299

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-03 23:09:43 UTC (rev 57298)
+++ data/CVE/list   2017-11-04 09:10:24 UTC (rev 57299)
@@ -1,3 +1,31 @@
+CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel 
through ...)
+   TODO: check
+CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the 
Linux kernel ...)
+   TODO: check
+CVE-2017-16536 (The cx231xx_usb_probe function in ...)
+   TODO: check
+CVE-2017-16535 (The usb_get_bos_descriptor function in 
drivers/usb/core/config.c in the ...)
+   TODO: check
+CVE-2017-16534 (The cdc_parse_cdc_header function in 
drivers/usb/core/message.c in the ...)
+   TODO: check
+CVE-2017-16533 (The usbhid_parse function in drivers/hid/usbhid/hid-core.c in 
the Linux ...)
+   TODO: check
+CVE-2017-16532 (The get_endpoints function in drivers/usb/misc/usbtest.c in 
the Linux ...)
+   TODO: check
+CVE-2017-16531 (drivers/usb/core/config.c in the Linux kernel before 4.13.6 
allows ...)
+   TODO: check
+CVE-2017-16530 (The uas driver in the Linux kernel before 4.13.6 allows local 
users to ...)
+   TODO: check
+CVE-2017-16529 (The snd_usb_create_streams function in sound/usb/card.c in the 
Linux ...)
+   TODO: check
+CVE-2017-16528 (sound/core/seq_device.c in the Linux kernel before 4.13.4 
allows local ...)
+   TODO: check
+CVE-2017-16527 (sound/usb/mixer.c in the Linux kernel before 4.13.8 allows 
local users ...)
+   TODO: check
+CVE-2017-16526 (drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows 
local users ...)
+   TODO: check
+CVE-2017-16525 (The usb_serial_console_disconnect function in ...)
+   TODO: check
 CVE-2017-16524
RESERVED
 CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
@@ -37592,6 +37620,7 @@
 CVE-2017-3737
RESERVED
 CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery 
squaring ...)
+   {DSA-4017-1}
- openssl 1.1.0g-1
[stretch] - openssl 1.1.0f-3+deb9u1
[jessie] - openssl  (Vulnerable code not present)
@@ -37601,7 +37630,7 @@
NOTE: Fix for 1.0.2: 
https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b
NOTE: Fix for 1.1.0: 
https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871
 CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 
certificate, it ...)
-   {DLA-1157-1}
+   {DSA-4018-1 DSA-4017-1 DLA-1157-1}
- openssl 1.1.0g-1
- openssl1.0 1.0.2m-1
NOTE: Fix for 1.0.2: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57287 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-03 21:10:17 + (Fri, 03 Nov 2017)
New Revision: 57287

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-03 20:48:57 UTC (rev 57286)
+++ data/CVE/list   2017-11-03 21:10:17 UTC (rev 57287)
@@ -1,61 +1,87 @@
-CVE-2017-16511
+CVE-2017-16524
RESERVED
-CVE-2017-1000171
+CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
+   TODO: check
+CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
+   TODO: check
+CVE-2017-16521
RESERVED
-CVE-2017-1000157
+CVE-2017-16520
RESERVED
-CVE-2017-1000156
+CVE-2017-16519
RESERVED
-CVE-2017-1000155
+CVE-2017-16518
RESERVED
-CVE-2017-1000154
+CVE-2017-16517
RESERVED
-CVE-2017-1000153
+CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file 
is ...)
+   TODO: check
+CVE-2017-16515
RESERVED
-CVE-2017-1000152
+CVE-2017-16514
RESERVED
-CVE-2017-1000151
+CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer 
overflows in ...)
+   TODO: check
+CVE-2017-16512
RESERVED
-CVE-2017-1000150
+CVE-2017-16511
RESERVED
-CVE-2017-1000149
-   RESERVED
-CVE-2017-1000148
-   RESERVED
-CVE-2017-1000147
-   RESERVED
-CVE-2017-1000146
-   RESERVED
-CVE-2017-1000145
-   RESERVED
-CVE-2017-1000144
-   RESERVED
-CVE-2017-1000143
-   RESERVED
-CVE-2017-1000142
-   RESERVED
+CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being 
sent to ...)
+   TODO: check
+CVE-2017-1000157 (Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 
16.10 before ...)
+   TODO: check
+CVE-2017-1000156 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 
16.04 before ...)
+   TODO: check
+CVE-2017-1000155 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 
16.04 before ...)
+   TODO: check
+CVE-2017-1000154 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 
16.04 before ...)
+   TODO: check
+CVE-2017-1000153 (Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 
16.04 before ...)
+   TODO: check
+CVE-2017-1000152 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running 
PHP 5.3 ...)
+   TODO: check
+CVE-2017-1000151 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 
16.04 before ...)
+   TODO: check
+CVE-2017-1000150 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are 
vulnerable to ...)
+   TODO: check
+CVE-2017-1000149 (Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 
before ...)
+   TODO: check
+CVE-2017-1000148 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 
16.04 before ...)
+   TODO: check
+CVE-2017-1000147 (Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 
before ...)
+   TODO: check
+CVE-2017-1000146 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 
before ...)
+   TODO: check
+CVE-2017-1000145 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 
before ...)
+   TODO: check
+CVE-2017-1000144 (Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 
before ...)
+   TODO: check
+CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 
1.10.3 ...)
+   TODO: check
+CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 
1.10.3 ...)
+   TODO: check
 CVE-2017-1000141
RESERVED
-CVE-2017-1000140
-   RESERVED
-CVE-2017-1000139
-   RESERVED
-CVE-2017-1000138
-   RESERVED
-CVE-2017-1000137
-   RESERVED
-CVE-2017-1000136
-   RESERVED
-CVE-2017-1000135
-   RESERVED
-CVE-2017-1000134
-   RESERVED
-CVE-2017-1000133
-   RESERVED
-CVE-2017-1000132
-   RESERVED
-CVE-2017-1000131
-   RESERVED
+CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 
1.10.3 ...)
+   TODO: check
+CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 
1.10.3 ...)
+   TODO: check
+CVE-2017-1000138 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are 
vulnerable to ...)
+   TODO: check
+CVE-2017-1000137 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are 
vulnerable to ...)
+   TODO: check
+CVE-2017-1000136 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 
1.10.1 ...)
+   TODO: check
+CVE-2017-1000135 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 
1.10.3 ...)
+   TODO: check
+CVE-2017-1000134 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 
1.10.1 ...)
+   TODO: check
+CVE-2017-1000133 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 
16.04 before ...)
+   TODO: check
+CVE-2017-1000132 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 
1.10.3 ...)
+   TODO: check
+CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 
16.04 

[Secure-testing-commits] r57274 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-03 09:11:04 + (Fri, 03 Nov 2017)
New Revision: 57274

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-03 06:17:15 UTC (rev 57273)
+++ data/CVE/list   2017-11-03 09:11:04 UTC (rev 57274)
@@ -1,3 +1,5 @@
+CVE-2017-16511
+   RESERVED
 CVE-2017-1000171
RESERVED
 CVE-2017-1000157
@@ -54,7 +56,7 @@
RESERVED
 CVE-2017-1000131
RESERVED
-CVE-2017-16510 [Unsafe queries with wpdb->prepare]
+CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where 
$wpdb-prepare() ...)
- wordpress 4.8.3+dfsg-1 (bug #880528)
NOTE: https://wpvulndb.com/vulnerabilities/8941
NOTE: 
https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
@@ -650,8 +652,8 @@
RESERVED
 CVE-2017-16238
RESERVED
-CVE-2017-16237
-   RESERVED
+CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file 
...)
+   TODO: check
 CVE-2017-16236
RESERVED
 CVE-2017-16235
@@ -1631,12 +1633,15 @@
 CVE-2017-15956 (ConverTo Video Downloader  Converter 1.4.1 allows 
Arbitrary File ...)
NOT-FOR-US: ConverTo Video Downloader
 CVE-2017-15955 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable 
to an ...)
+   {DLA-1158-1}
- bchunk  (bug #880116)
NOTE: https://github.com/extramaster/bchunk/issues/4
 CVE-2017-15954 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable 
to a ...)
+   {DLA-1158-1}
- bchunk  (bug #880116)
NOTE: https://github.com/extramaster/bchunk/issues/3
 CVE-2017-15953 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable 
to a ...)
+   {DLA-1158-1}
- bchunk  (bug #880116)
NOTE: https://github.com/extramaster/bchunk/issues/2
 CVE-2017-15952
@@ -2006,27 +2011,38 @@
NOT-FOR-US: XnView
 CVE-2017-15801 (XnView Classic for Windows Version 2.43 allows attackers to 
cause a ...)
NOT-FOR-US: XnView
-CVE-2017-15800 (IrfanView version 4.50 (64bit) allows attackers to execute 
arbitrary ...)
+CVE-2017-15800
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15799 (IrfanView version 4.50 (64bit) allows attackers to cause a 
denial of ...)
+CVE-2017-15799
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15798 (IrfanView version 4.50 (64bit) allows attackers to cause a 
denial of ...)
+CVE-2017-15798
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15797 (IrfanView version 4.50 (64bit) allows attackers to execute 
arbitrary ...)
+CVE-2017-15797
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15796 (IrfanView version 4.50 (64bit) allows attackers to cause a 
denial of ...)
+CVE-2017-15796
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15795 (IrfanView version 4.50 (64bit) allows attackers to cause a 
denial of ...)
+CVE-2017-15795
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15794 (IrfanView version 4.50 (64bit) allows attackers to cause a 
denial of ...)
+CVE-2017-15794
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15793 (IrfanView version 4.50 (64bit) allows attackers to execute 
arbitrary ...)
+CVE-2017-15793
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15792 (IrfanView version 4.50 (64bit) allows attackers to cause a 
denial of ...)
+CVE-2017-15792
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15791 (IrfanView version 4.50 (64bit) allows attackers to cause a 
denial of ...)
+CVE-2017-15791
+   REJECTED
NOT-FOR-US: IrfanView
-CVE-2017-15790 (IrfanView version 4.50 (64bit) allows attackers to cause a 
denial of ...)
+CVE-2017-15790
+   REJECTED
NOT-FOR-US: IrfanView
 CVE-2017-15789 (XnView Classic for Windows Version 2.43 allows attackers to 
execute ...)
NOT-FOR-US: XnView
@@ -17801,6 +17817,7 @@
 CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of 
Oracle ...)
NOT-FOR-US: Oracle
 CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
+   {DSA-4015-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
- openjdk-7 
@@ -17880,18 +17897,21 @@
 CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting 
component of ...)
NOT-FOR-US: Oracle
 CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
+   {DSA-4015-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
- openjdk-7 
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
+   {DSA-4015-1}
- openjdk-9 9.0.1+11-1
- openjdk-8 8u151-b12-1
- openjdk-7 
- openjdk-6 
[wheezy] - openjdk-6 
 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
+   {DSA-4015-1}

[Secure-testing-commits] r57261 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-02 21:10:12 + (Thu, 02 Nov 2017)
New Revision: 57261

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-02 21:07:55 UTC (rev 57260)
+++ data/CVE/list   2017-11-02 21:10:12 UTC (rev 57261)
@@ -1,3 +1,61 @@
+CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where 
$wpdb-prepare() ...)
+   TODO: check
+CVE-2017-1000171
+   RESERVED
+CVE-2017-1000157
+   RESERVED
+CVE-2017-1000156
+   RESERVED
+CVE-2017-1000155
+   RESERVED
+CVE-2017-1000154
+   RESERVED
+CVE-2017-1000153
+   RESERVED
+CVE-2017-1000152
+   RESERVED
+CVE-2017-1000151
+   RESERVED
+CVE-2017-1000150
+   RESERVED
+CVE-2017-1000149
+   RESERVED
+CVE-2017-1000148
+   RESERVED
+CVE-2017-1000147
+   RESERVED
+CVE-2017-1000146
+   RESERVED
+CVE-2017-1000145
+   RESERVED
+CVE-2017-1000144
+   RESERVED
+CVE-2017-1000143
+   RESERVED
+CVE-2017-1000142
+   RESERVED
+CVE-2017-1000141
+   RESERVED
+CVE-2017-1000140
+   RESERVED
+CVE-2017-1000139
+   RESERVED
+CVE-2017-1000138
+   RESERVED
+CVE-2017-1000137
+   RESERVED
+CVE-2017-1000136
+   RESERVED
+CVE-2017-1000135
+   RESERVED
+CVE-2017-1000134
+   RESERVED
+CVE-2017-1000133
+   RESERVED
+CVE-2017-1000132
+   RESERVED
+CVE-2017-1000131
+   RESERVED
 CVE-2017- [Unsafe queries with wpdb->prepare]
- wordpress 4.8.3+dfsg-1 (bug #880528)
NOTE: https://wpvulndb.com/vulnerabilities/8941
@@ -2008,9 +2066,11 @@
NOT-FOR-US: XnView
 CVE-2017-15772 (XnView Classic for Windows Version 2.43 allows attackers to 
cause a ...)
NOT-FOR-US: XnView
-CVE-2017-15771 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary 
code or ...)
+CVE-2017-15771
+   REJECTED
NOT-FOR-US: Foxit Reader
-CVE-2017-15770 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary 
code or ...)
+CVE-2017-15770
+   REJECTED
NOT-FOR-US: Foxit Reader
 CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of 
service or ...)
NOT-FOR-US: IrfanView
@@ -11862,10 +11922,10 @@
RESERVED
 CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an 
...)
NOT-FOR-US: Cisco
-CVE-2017-12295
-   RESERVED
-CVE-2017-12294
-   RESERVED
+CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an 
...)
+   TODO: check
+CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an 
...)
+   TODO: check
 CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an 
...)
NOT-FOR-US: Cisco
 CVE-2017-12292
@@ -11886,28 +11946,28 @@
NOT-FOR-US: Cisco
 CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for 
Windows Client ...)
NOT-FOR-US: Cisco
-CVE-2017-12283
-   RESERVED
-CVE-2017-12282
-   RESERVED
-CVE-2017-12281
-   RESERVED
-CVE-2017-12280
-   RESERVED
-CVE-2017-12279
-   RESERVED
-CVE-2017-12278
-   RESERVED
-CVE-2017-12277
-   RESERVED
-CVE-2017-12276
-   RESERVED
-CVE-2017-12275
-   RESERVED
-CVE-2017-12274
-   RESERVED
-CVE-2017-12273
-   RESERVED
+CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected 
Management Frames ...)
+   TODO: check
+CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) 
ingress ...)
+   TODO: check
+CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible 
...)
+   TODO: check
+CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless 
Access ...)
+   TODO: check
+CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS 
Software for ...)
+   TODO: check
+CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol 
(SNMP) ...)
+   TODO: check
+CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the 
Cisco ...)
+   TODO: check
+CVE-2017-12276 (A vulnerability in the web framework code for the SQL database 
...)
+   TODO: check
+CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service 
Set ...)
+   TODO: check
+CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) 
ingress ...)
+   TODO: check
+CVE-2017-12273 (A vulnerability in 802.11 association request frame processing 
for the ...)
+   TODO: check
 CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE 
Software ...)
NOT-FOR-US: Cisco
 CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones 
could allow ...)
@@ -11928,10 +11988,10 @@
NOT-FOR-US: Cisco
 CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager 
software ...)
NOT-FOR-US: Cisco
-CVE-2017-12262
-   RESERVED
-CVE-2017-12261
-   RESERVED

[Secure-testing-commits] r57233 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-02 09:10:13 + (Thu, 02 Nov 2017)
New Revision: 57233

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-02 08:15:40 UTC (rev 57232)
+++ data/CVE/list   2017-11-02 09:10:13 UTC (rev 57233)
@@ -7776,11 +7776,11 @@
NOT-FOR-US: FineCMS
 CVE-2017-13696
RESERVED
-CVE-2017-1000122
+CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 
2.16.3, ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
NOTE: Not covered by security support
-CVE-2017-1000121
+CVE-2017-1000121 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 
2.16.3, ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
NOTE: Not covered by security support
@@ -24777,7 +24777,7 @@
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825
 CVE-2017-7824
RESERVED
-   {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+   {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24786,7 +24786,7 @@
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
 CVE-2017-7823
RESERVED
-   {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+   {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24807,7 +24807,7 @@
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820
 CVE-2017-7819
RESERVED
-   {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+   {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24816,7 +24816,7 @@
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
 CVE-2017-7818
RESERVED
-   {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+   {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24837,7 +24837,7 @@
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815
 CVE-2017-7814
RESERVED
-   {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+   {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24858,7 +24858,7 @@
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811
 CVE-2017-7810
RESERVED
-   {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+   {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24885,7 +24885,7 @@
- firefox 55.0-1
 CVE-2017-7805
RESERVED
-   {DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
+   {DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24945,7 +24945,7 @@
- firefox 55.0-1
 CVE-2017-7793
RESERVED
-   {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+   {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -43490,12 +43490,12 @@
NOT-FOR-US: IBM
 CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an 
authenticated ...)
NOT-FOR-US: IBM
-CVE-2017-1554
-   RESERVED
-CVE-2017-1553
-   RESERVED
-CVE-2017-1552
-   RESERVED
+CVE-2017-1554 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote 
...)
+   TODO: check
+CVE-2017-1553 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to 
cross-site ...)
+   TODO: check
+CVE-2017-1552 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to 
link ...)
+   TODO: check
 CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote 
attacker ...)
NOT-FOR-US: IBM
 CVE-2017-1550
@@ -43918,8 +43918,8 @@
RESERVED
 CVE-2017-1341
RESERVED
-CVE-2017-1340
-   RESERVED
+CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an 
authenticated ...)
+   TODO: check
 CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage 
Manager) ...)
NOT-FOR-US: IBM
 CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is 
vulnerable to ...)
@@ -43932,8 +43932,8 @@
NOT-FOR-US: IBM
 CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site 
scripting. This ...)
NOT-FOR-US: IBM
-CVE-2017-1333
-   RESERVED
+CVE-2017-1333 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an ...)
+   

[Secure-testing-commits] r57213 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-01 21:10:17 + (Wed, 01 Nov 2017)
New Revision: 57213

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-01 20:56:37 UTC (rev 57212)
+++ data/CVE/list   2017-11-01 21:10:17 UTC (rev 57213)
@@ -1,3 +1,327 @@
+CVE-2017-16509
+   RESERVED
+CVE-2017-16508
+   RESERVED
+CVE-2017-16507
+   RESERVED
+CVE-2017-16506
+   RESERVED
+CVE-2017-16505
+   RESERVED
+CVE-2017-16504
+   RESERVED
+CVE-2017-16503
+   RESERVED
+CVE-2017-16502
+   RESERVED
+CVE-2017-16501
+   RESERVED
+CVE-2017-16500
+   RESERVED
+CVE-2017-16499
+   RESERVED
+CVE-2017-16498
+   RESERVED
+CVE-2017-16497
+   RESERVED
+CVE-2017-16496
+   RESERVED
+CVE-2017-16495
+   RESERVED
+CVE-2017-16494
+   RESERVED
+CVE-2017-16493
+   RESERVED
+CVE-2017-16492
+   RESERVED
+CVE-2017-16491
+   RESERVED
+CVE-2017-16490
+   RESERVED
+CVE-2017-16489
+   RESERVED
+CVE-2017-16488
+   RESERVED
+CVE-2017-16487
+   RESERVED
+CVE-2017-16486
+   RESERVED
+CVE-2017-16485
+   RESERVED
+CVE-2017-16484
+   RESERVED
+CVE-2017-16483
+   RESERVED
+CVE-2017-16482
+   RESERVED
+CVE-2017-16481
+   RESERVED
+CVE-2017-16480
+   RESERVED
+CVE-2017-16479
+   RESERVED
+CVE-2017-16478
+   RESERVED
+CVE-2017-16477
+   RESERVED
+CVE-2017-16476
+   RESERVED
+CVE-2017-16475
+   RESERVED
+CVE-2017-16474
+   RESERVED
+CVE-2017-16473
+   RESERVED
+CVE-2017-16472
+   RESERVED
+CVE-2017-16471
+   RESERVED
+CVE-2017-16470
+   RESERVED
+CVE-2017-16469
+   RESERVED
+CVE-2017-16468
+   RESERVED
+CVE-2017-16467
+   RESERVED
+CVE-2017-16466
+   RESERVED
+CVE-2017-16465
+   RESERVED
+CVE-2017-16464
+   RESERVED
+CVE-2017-16463
+   RESERVED
+CVE-2017-16462
+   RESERVED
+CVE-2017-16461
+   RESERVED
+CVE-2017-16460
+   RESERVED
+CVE-2017-16459
+   RESERVED
+CVE-2017-16458
+   RESERVED
+CVE-2017-16457
+   RESERVED
+CVE-2017-16456
+   RESERVED
+CVE-2017-16455
+   RESERVED
+CVE-2017-16454
+   RESERVED
+CVE-2017-16453
+   RESERVED
+CVE-2017-16452
+   RESERVED
+CVE-2017-16451
+   RESERVED
+CVE-2017-16450
+   RESERVED
+CVE-2017-16449
+   RESERVED
+CVE-2017-16448
+   RESERVED
+CVE-2017-16447
+   RESERVED
+CVE-2017-16446
+   RESERVED
+CVE-2017-16445
+   RESERVED
+CVE-2017-16444
+   RESERVED
+CVE-2017-16443
+   RESERVED
+CVE-2017-16442
+   RESERVED
+CVE-2017-16441
+   RESERVED
+CVE-2017-16440
+   RESERVED
+CVE-2017-16439
+   RESERVED
+CVE-2017-16438
+   RESERVED
+CVE-2017-16437
+   RESERVED
+CVE-2017-16436
+   RESERVED
+CVE-2017-16435
+   RESERVED
+CVE-2017-16434
+   RESERVED
+CVE-2017-16433
+   RESERVED
+CVE-2017-16432
+   RESERVED
+CVE-2017-16431
+   RESERVED
+CVE-2017-16430
+   RESERVED
+CVE-2017-16429
+   RESERVED
+CVE-2017-16428
+   RESERVED
+CVE-2017-16427
+   RESERVED
+CVE-2017-16426
+   RESERVED
+CVE-2017-16425
+   RESERVED
+CVE-2017-16424
+   RESERVED
+CVE-2017-16423
+   RESERVED
+CVE-2017-16422
+   RESERVED
+CVE-2017-16421
+   RESERVED
+CVE-2017-16420
+   RESERVED
+CVE-2017-16419
+   RESERVED
+CVE-2017-16418
+   RESERVED
+CVE-2017-16417
+   RESERVED
+CVE-2017-16416
+   RESERVED
+CVE-2017-16415
+   RESERVED
+CVE-2017-16414
+   RESERVED
+CVE-2017-16413
+   RESERVED
+CVE-2017-16412
+   RESERVED
+CVE-2017-16411
+   RESERVED
+CVE-2017-16410
+   RESERVED
+CVE-2017-16409
+   RESERVED
+CVE-2017-16408
+   RESERVED
+CVE-2017-16407
+   RESERVED
+CVE-2017-16406
+   RESERVED
+CVE-2017-16405
+   RESERVED
+CVE-2017-16404
+   RESERVED
+CVE-2017-16403
+   RESERVED
+CVE-2017-16402
+   RESERVED
+CVE-2017-16401
+   RESERVED
+CVE-2017-16400
+   RESERVED
+CVE-2017-16399
+   RESERVED
+CVE-2017-16398
+   RESERVED
+CVE-2017-16397
+   RESERVED
+CVE-2017-16396
+   RESERVED
+CVE-2017-16395
+   RESERVED
+CVE-2017-16394
+   RESERVED
+CVE-2017-16393
+   RESERVED
+CVE-2017-16392
+   RESERVED
+CVE-2017-16391
+   RESERVED
+CVE-2017-16390
+   RESERVED
+CVE-2017-16389
+   RESERVED
+CVE-2017-16388
+   RESERVED
+CVE-2017-16387
+   RESERVED
+CVE-2017-16386
+   RESERVED
+CVE-2017-16385
+   RESERVED
+CVE-2017-16384
+   RESERVED
+CVE-2017-16383
+   RESERVED
+CVE-2017-16382
+   RESERVED
+CVE-2017-16381
+   RESERVED
+CVE-2017-16380
+   RESERVED
+CVE-2017-16379
+   RESERVED
+CVE-2017-16378
+   RESERVED
+CVE-2017-16377
+   RESERVED
+CVE-2017-16376
+   RESERVED
+CVE-2017-16375
+   RESERVED
+CVE-2017-16374
+   RESERVED
+CVE-2017-16373
+   RESERVED
+CVE-2017-16372
+   RESERVED
+CVE-2017-16371
+   RESERVED
+CVE-2017-16370
+   RESERVED

[Secure-testing-commits] r57198 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-01 09:10:18 + (Wed, 01 Nov 2017)
New Revision: 57198

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-01 07:52:47 UTC (rev 57197)
+++ data/CVE/list   2017-11-01 09:10:18 UTC (rev 57198)
@@ -1,3 +1,219 @@
+CVE-2017-16351
+   RESERVED
+CVE-2017-16350
+   RESERVED
+CVE-2017-16349
+   RESERVED
+CVE-2017-16348
+   RESERVED
+CVE-2017-16347
+   RESERVED
+CVE-2017-16346
+   RESERVED
+CVE-2017-16345
+   RESERVED
+CVE-2017-16344
+   RESERVED
+CVE-2017-16343
+   RESERVED
+CVE-2017-16342
+   RESERVED
+CVE-2017-16341
+   RESERVED
+CVE-2017-16340
+   RESERVED
+CVE-2017-16339
+   RESERVED
+CVE-2017-16338
+   RESERVED
+CVE-2017-16337
+   RESERVED
+CVE-2017-16336
+   RESERVED
+CVE-2017-16335
+   RESERVED
+CVE-2017-16334
+   RESERVED
+CVE-2017-16333
+   RESERVED
+CVE-2017-16332
+   RESERVED
+CVE-2017-16331
+   RESERVED
+CVE-2017-16330
+   RESERVED
+CVE-2017-16329
+   RESERVED
+CVE-2017-16328
+   RESERVED
+CVE-2017-16327
+   RESERVED
+CVE-2017-16326
+   RESERVED
+CVE-2017-16325
+   RESERVED
+CVE-2017-16324
+   RESERVED
+CVE-2017-16323
+   RESERVED
+CVE-2017-16322
+   RESERVED
+CVE-2017-16321
+   RESERVED
+CVE-2017-16320
+   RESERVED
+CVE-2017-16319
+   RESERVED
+CVE-2017-16318
+   RESERVED
+CVE-2017-16317
+   RESERVED
+CVE-2017-16316
+   RESERVED
+CVE-2017-16315
+   RESERVED
+CVE-2017-16314
+   RESERVED
+CVE-2017-16313
+   RESERVED
+CVE-2017-16312
+   RESERVED
+CVE-2017-16311
+   RESERVED
+CVE-2017-16310
+   RESERVED
+CVE-2017-16309
+   RESERVED
+CVE-2017-16308
+   RESERVED
+CVE-2017-16307
+   RESERVED
+CVE-2017-16306
+   RESERVED
+CVE-2017-16305
+   RESERVED
+CVE-2017-16304
+   RESERVED
+CVE-2017-16303
+   RESERVED
+CVE-2017-16302
+   RESERVED
+CVE-2017-16301
+   RESERVED
+CVE-2017-16300
+   RESERVED
+CVE-2017-16299
+   RESERVED
+CVE-2017-16298
+   RESERVED
+CVE-2017-16297
+   RESERVED
+CVE-2017-16296
+   RESERVED
+CVE-2017-16295
+   RESERVED
+CVE-2017-16294
+   RESERVED
+CVE-2017-16293
+   RESERVED
+CVE-2017-16292
+   RESERVED
+CVE-2017-16291
+   RESERVED
+CVE-2017-16290
+   RESERVED
+CVE-2017-16289
+   RESERVED
+CVE-2017-16288
+   RESERVED
+CVE-2017-16287
+   RESERVED
+CVE-2017-16286
+   RESERVED
+CVE-2017-16285
+   RESERVED
+CVE-2017-16284
+   RESERVED
+CVE-2017-16283
+   RESERVED
+CVE-2017-16282
+   RESERVED
+CVE-2017-16281
+   RESERVED
+CVE-2017-16280
+   RESERVED
+CVE-2017-16279
+   RESERVED
+CVE-2017-16278
+   RESERVED
+CVE-2017-16277
+   RESERVED
+CVE-2017-16276
+   RESERVED
+CVE-2017-16275
+   RESERVED
+CVE-2017-16274
+   RESERVED
+CVE-2017-16273
+   RESERVED
+CVE-2017-16272
+   RESERVED
+CVE-2017-16271
+   RESERVED
+CVE-2017-16270
+   RESERVED
+CVE-2017-16269
+   RESERVED
+CVE-2017-16268
+   RESERVED
+CVE-2017-16267
+   RESERVED
+CVE-2017-16266
+   RESERVED
+CVE-2017-16265
+   RESERVED
+CVE-2017-16264
+   RESERVED
+CVE-2017-16263
+   RESERVED
+CVE-2017-16262
+   RESERVED
+CVE-2017-16261
+   RESERVED
+CVE-2017-16260
+   RESERVED
+CVE-2017-16259
+   RESERVED
+CVE-2017-16258
+   RESERVED
+CVE-2017-16257
+   RESERVED
+CVE-2017-16256
+   RESERVED
+CVE-2017-16255
+   RESERVED
+CVE-2017-16254
+   RESERVED
+CVE-2017-16253
+   RESERVED
+CVE-2017-16252
+   RESERVED
+CVE-2017-16251
+   RESERVED
+CVE-2017-16250
+   RESERVED
+CVE-2017-16249
+   RESERVED
+CVE-2017-16247
+   RESERVED
+CVE-2017-16246
+   RESERVED
+CVE-2017-16245
+   RESERVED
+CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka 
Build 426) ...)
+   TODO: check
+CVE-2017-16243
+   RESERVED
 CVE-2017-16242
RESERVED
 CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) 
ignores ...)
@@ -8,7 +224,7 @@
 CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) 
ignores umask ...)
- vim 
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
-CVE-2017-16248 [leaks files without extention, inadvertently]
+CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl 
allows ...)
- libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558
 CVE-2017-16241
@@ -1904,8 +2120,8 @@
NOT-FOR-US: ILIAS
 CVE-2017-15536
RESERVED
-CVE-2017-15535
-   RESERVED
+CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...)
+   TODO: check
 CVE-2017-15534
RESERVED
 CVE-2017-15533
@@ -3127,7 +3343,7 @@
- koji  (bug #877921)
NOTE: 

[Secure-testing-commits] r57177 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-10-31 21:10:19 + (Tue, 31 Oct 2017)
New Revision: 57177

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2017-10-31 20:37:37 UTC (rev 57176)
+++ data/CVE/list   2017-10-31 21:10:19 UTC (rev 57177)
@@ -1,9 +1,11 @@
-CVE-2017-1000383
+CVE-2017-16242
+   RESERVED
+CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) 
ignores ...)
- emacs25 
- emacs24 
- emacs23 
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
-CVE-2017-1000382
+CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) 
ignores umask ...)
- vim 
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
 CVE-2017- [leaks files without extention, inadvertently]
@@ -48,7 +50,7 @@
NOTE: This is similar class of issue as for CVE-2017-1000117/git
NOTE: But needs a separate CVE since different codebasis.
 CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before 
1.2.2 ...)
-   {DSA-4011-1}
+   {DSA-4011-1 DLA-1152-1}
- quagga  (bug #879474)
NOTE: 
https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
NOTE: 
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
@@ -1010,8 +1012,8 @@
[jessie] - linux  (Vulnerable code introduced later)
[wheezy] - linux  (Vulnerable code introduced later)
NOTE: Fixed by: 
https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76 
(v4.14-rc6)
-CVE-2017-15950
-   RESERVED
+CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable 
to a ...)
+   TODO: check
 CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the 
usertoedit ...)
NOT-FOR-US: Xavier PHP Management Panel
 CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file 
upload ...)
@@ -1068,6 +1070,7 @@
NOTE: 
https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
NOTE: https://github.com/radare/radare2/issues/8731
 CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a 
Null ...)
+   {DLA-1154-1}
- graphicsmagick 1.3.26-16 (bug #87)
NOTE: 
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
NOTE: 
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
@@ -1174,8 +1177,8 @@
RESERVED
 CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 
2100 Network ...)
NOT-FOR-US: Axis
-CVE-2017-15884
-   RESERVED
+CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka 
vagrant-vmware-fusion) ...)
+   TODO: check
 CVE-2017-15883
RESERVED
 CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) 
application before ...)
@@ -2594,8 +2597,7 @@
[stretch] - linux 4.9.47-1
[wheezy] - linux 3.2.93-1
NOTE: Fixed by: 
https://git.kernel.org/linus/5649645d725c73df4302428ee4e02c869248b4c5 (4.12-rc5)
-CVE-2017-15273
-   RESERVED
+CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 
before ...)
- mahara 
NOTE: https://mahara.org/interaction/forum/topic.php?id=8081
 CVE-2017-15272
@@ -3129,8 +3131,7 @@
{DSA-4007-1 DLA-1143-1}
- curl 7.56.1-1
NOTE: https://curl.haxx.se/docs/adv_20171023.html
-CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for 
clients]
-   RESERVED
+CVE-2017-1000256 (libvirt version 2.3.0 and later is vulnerable to a bad 
default ...)
{DSA-4003-1}
- libvirt 3.8.0-3 (bug #878799)
[jessie] - libvirt  (Vulnerable code introduced later)
@@ -3450,7 +3451,7 @@
 CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document 
Sciences ...)
NOT-FOR-US: EMC
 CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key 
values (but ...)
-   {DSA-3997-1}
+   {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-2 (bug #877629)
NOTE: https://core.trac.wordpress.org/ticket/38474
 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in 
...)
@@ -4098,8 +4099,7 @@
NOT-FOR-US: OpenText Document Sciences xPression
 CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork 
web ...)
NOT-FOR-US: EyesOfNetwork (EON)
-CVE-2017-14752
-   RESERVED
+CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 
before ...)
- mahara 
NOTE: https://mahara.org/interaction/forum/topic.php?id=8083
 CVE-2017-14751 (The Intense WP WP Jobs plugin 1.5 for WordPress 
has XSS, related to ...)
@@ -4197,7 +4197,7 @@
[wheezy] - wordpress  (Vulnerable code not present)
NOTE: 

[Secure-testing-commits] Processing r57162 failed

[security tracker role]

The error message was:

data/DLA/list:3: expected package entry, got: '[wheezy] - quagga 
quagga_0.99.22.4-1+wheezy3+deb7u2'
Makefile:21: recipe for target 'all' failed
make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] Processing r57162 failed

[security tracker role]

The error message was:

data/DLA/list:3: expected package entry, got: '[wheezy] - quagga 
quagga_0.99.22.4-1+wheezy3+deb7u2'
Makefile:21: recipe for target 'all' failed
make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits