Author: sectracker Date: 2017-11-24 09:10:15 +0000 (Fri, 24 Nov 2017) New Revision: 57987
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-24 07:08:06 UTC (rev 57986) +++ data/CVE/list 2017-11-24 09:10:15 UTC (rev 57987) @@ -1,11 +1,25 @@ -CVE-2017-16932 +CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...) + TODO: check +CVE-2017-16937 + RESERVED +CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on Shenzhen Tenda ...) + TODO: check +CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs containing a ...) + TODO: check +CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execute ...) + TODO: check +CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown ...) + TODO: check +CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...) + TODO: check +CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in ...) - libxml2 <unfixed> NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579 NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 -CVE-2017-16931 +CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity references ...) - libxml2 2.9.4+dfsg1-3.1 - [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 - [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 + [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 + [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956 NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050 @@ -1063,6 +1077,7 @@ CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...) NOT-FOR-US: RemObjects Remoting SDK CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...) + {DSA-4047-1} - otrs2 5.0.24-1 (bug #882370) NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d @@ -9548,14 +9563,14 @@ NOT-FOR-US: Moxa CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: Moxa -CVE-2017-13701 - RESERVED +CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: Moxa -CVE-2017-13699 - RESERVED -CVE-2017-13698 - RESERVED +CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check +CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...) NOT-FOR-US: FineCMS CVE-2017-13696 @@ -19600,7 +19615,7 @@ CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19685,7 +19700,7 @@ CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) NOT-FOR-US: Oracle CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19693,7 +19708,7 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19701,7 +19716,7 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19717,13 +19732,13 @@ CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 <removed> CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19731,7 +19746,7 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19739,7 +19754,7 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19747,7 +19762,7 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19755,7 +19770,7 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19872,7 +19887,7 @@ - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19904,7 +19919,7 @@ - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19922,7 +19937,7 @@ CVE-2017-10282 RESERVED CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19947,7 +19962,7 @@ CVE-2017-10275 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...) NOT-FOR-US: Oracle CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -36126,6 +36141,7 @@ [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5130 RESERVED + {DLA-1188-1} - libxml2 2.9.4+dfsg1-5.1 (bug #880000) [stretch] - libxml2 <no-dsa> (Minor issue) [jessie] - libxml2 <no-dsa> (Minor issue) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits