Author: sectracker Date: 2017-07-02 21:10:14 +0000 (Sun, 02 Jul 2017) New Revision: 53134
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-02 20:23:31 UTC (rev 53133) +++ data/CVE/list 2017-07-02 21:10:14 UTC (rev 53134) @@ -1,3 +1,11 @@ +CVE-2017-10796 + RESERVED +CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows ...) + TODO: check +CVE-2017-10794 + RESERVED +CVE-2017-10793 + RESERVED CVE-2017-10792 (There is a NULL Pointer Dereference in the function ll_insert() of the ...) - pspp <unfixed> (bug #866890) [jessie] - pspp <no-dsa> (Minor issue) @@ -182,8 +190,8 @@ RESERVED CVE-2017-10707 RESERVED -CVE-2017-10706 - RESERVED +CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...) + TODO: check CVE-2017-10705 RESERVED CVE-2017-10704 @@ -4932,10 +4940,10 @@ RESERVED CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...) NOT-FOR-US: Veritas -CVE-2017-8894 - RESERVED -CVE-2017-8893 - RESERVED +CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software ...) + TODO: check +CVE-2017-8893 (AeroAdmin 4.1 uses a function to copy data between two pointers where ...) + TODO: check CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...) NOT-FOR-US: OpenText Tempo Box CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a ...) @@ -5247,8 +5255,7 @@ - miniupnpc 1.9.20140610-3 (bug #862273) NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229 -CVE-2017-8797 [nfsd: remote DoS] - RESERVED +CVE-2017-8797 (The NFSv4 server in the Linux kernel before 4.11.3 does not properly ...) - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/b550a32e60a4941994b437a8d662432a486235a5 (4.12-rc1) NOTE: Fixed by: https://git.kernel.org/linus/f961e3f2acae94b727380c0b74e2d3954d0edf79 (4.12-rc1) @@ -8374,7 +8381,7 @@ CVE-2017-7680 RESERVED CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...) - {DSA-3896-1} + {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 CVE-2017-7678 RESERVED @@ -8397,7 +8404,7 @@ CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...) - hadoop <itp> (bug #793644) CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and ...) - {DSA-3896-1} + {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the ...) NOT-FOR-US: Apache NiFi @@ -8832,6 +8839,7 @@ RESERVED CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key recovery] RESERVED + {DSA-3901-1} - libgcrypt20 1.7.8-1 - libgcrypt11 <removed> NOTE: https://eprint.iacr.org/2017/627 @@ -21976,12 +21984,12 @@ CVE-2017-3170 RESERVED CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl ...) - {DSA-3896-1} + {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 CVE-2017-3168 RESERVED CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...) - {DSA-3896-1} + {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 CVE-2017-3166 RESERVED @@ -28552,8 +28560,7 @@ RESERVED CVE-2017-0378 RESERVED -CVE-2017-0377 [TROVE-2017-006: Regression in guard family avoidance in 0.3.0 series] - RESERVED +CVE-2017-0377 (Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only ...) - tor <not-affected> (Affects only 0.3.x series) NOTE: https://trac.torproject.org/projects/tor/ticket/22753 NOTE: https://blog.torproject.org/blog/tor-0309-released-security-update-clients _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits