Author: sectracker
Date: 2017-03-24 09:10:12 +0000 (Fri, 24 Mar 2017)
New Revision: 49986
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-24 05:56:27 UTC (rev 49985)
+++ data/CVE/list 2017-03-24 09:10:12 UTC (rev 49986)
@@ -1,3 +1,25 @@
+CVE-2017-7254
+ RESERVED
+CVE-2017-7253
+ RESERVED
+CVE-2017-7252
+ RESERVED
+CVE-2017-7251 (A Cross-Site Scripting (XSS) was discovered in pi-engine/pi
2.5.0. The ...)
+ TODO: check
+CVE-2017-7250 (A Cross-Site Scripting (XSS) was discovered in Gazelle before
...)
+ TODO: check
+CVE-2017-7249 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle
before ...)
+ TODO: check
+CVE-2017-7248 (A Cross-Site Scripting (XSS) was discovered in Gazelle before
...)
+ TODO: check
+CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle
before ...)
+ TODO: check
+CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring
function in ...)
+ TODO: check
+CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring
function in ...)
+ TODO: check
+CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 ...)
+ TODO: check
CVE-2017-7243
RESERVED
CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in
admin/modules ...)
@@ -1657,8 +1679,8 @@
NOT-FOR-US: Easy File Sharing FTP Server
CVE-2017-6509 (Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a
reflected XSS ...)
NOT-FOR-US: burgundy-cms
-CVE-2017-6507
- RESERVED
+CVE-2017-6507 (An issue was discovered in AppArmor before 2.12. Incorrect
handling of ...)
+ TODO: check
CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site
Scripting ...)
{DSA-3815-1 DLA-860-1}
- wordpress 4.7.3+dfsg-1 (bug #857026)
@@ -1725,7 +1747,7 @@
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751
CVE-2017-6500 (An issue was discovered in ImageMagick 6.9.7. A specially
crafted sun ...)
- {DSA-3808-1}
+ {DSA-3808-1 DLA-868-1}
- imagemagick 8:6.9.7.4+dfsg-2 (bug #856879)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528
NOTE: https://github.com/ImageMagick/ImageMagick/issues/375
@@ -1737,7 +1759,7 @@
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543
CVE-2017-6498 (An issue was discovered in ImageMagick 6.9.7. Incorrect TGA
files could ...)
- {DSA-3808-1}
+ {DSA-3808-1 DLA-868-1}
- imagemagick 8:6.9.7.4+dfsg-2 (bug #856878)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9
NOTE: https://github.com/ImageMagick/ImageMagick/pull/359
@@ -2242,8 +2264,8 @@
RESERVED
CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an
index.php?loginProvider URI in ...)
NOT-FOR-US: Typo3
-CVE-2017-6369
- RESERVED
+CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x
before 2.5.7 ...)
+ TODO: check
CVE-2017-6368
RESERVED
CVE-2017-6367 (In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes
the ...)
@@ -5848,7 +5870,7 @@
NOT-FOR-US: Rapid7
CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version
4.13.0-2017020701 ...)
NOT-FOR-US: Rapid7
-CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to obtain
...)
+CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows local users to
obtain ...)
NOT-FOR-US: QNAP
CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow
in the ...)
{DLA-795-1}
@@ -6004,10 +6026,10 @@
CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before
4.8, ...)
- firejail 0.9.44.4-1 (bug #850558)
NOTE: Fixed by:
https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e
-CVE-2017-5199
- RESERVED
-CVE-2017-5198
- RESERVED
+CVE-2017-5199 (The editbanner feature in SolarWinds LEM (aka SIEM) through
6.3.1 ...)
+ TODO: check
+CVE-2017-5198 (SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo
...)
+ TODO: check
CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before
3.5.2. ...)
NOT-FOR-US: SilverStripe
CVE-2017-5192 [local_batch client external authentication not respected]
@@ -12953,7 +12975,7 @@
NOTE: Debian uses an old fork of netpbm
NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
CVE-2017-2577
- RESERVED
+ REJECTED
CVE-2017-2575
RESERVED
CVE-2017-2574
@@ -18743,7 +18765,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick
does not ...)
- {DSA-3799-1}
+ {DSA-3799-1 DLA-868-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
NOTE: https://github.com/ImageMagick/ImageMagick/issues/352
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
