Author: sectracker
Date: 2017-09-12 09:10:12 +0000 (Tue, 12 Sep 2017)
New Revision: 55680

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-12 08:15:55 UTC (rev 55679)
+++ data/CVE/list       2017-09-12 09:10:12 UTC (rev 55680)
@@ -1,3 +1,61 @@
+CVE-2017-14340
+       RESERVED
+CVE-2017-14339
+       RESERVED
+CVE-2017-14338
+       RESERVED
+CVE-2017-14337
+       RESERVED
+CVE-2017-14336
+       RESERVED
+CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because 
user-controlled input ...)
+       TODO: check
+CVE-2017-14334
+       RESERVED
+CVE-2017-14333 (The process_version_sections function in readelf.c in GNU 
Binutils 2.29 ...)
+       TODO: check
+CVE-2017-14332
+       RESERVED
+CVE-2017-14331
+       RESERVED
+CVE-2017-14330
+       RESERVED
+CVE-2017-14329
+       RESERVED
+CVE-2017-14328
+       RESERVED
+CVE-2017-14327
+       RESERVED
+CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was 
found in ...)
+       TODO: check
+CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was 
found in ...)
+       TODO: check
+CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was 
found in ...)
+       TODO: check
+CVE-2017-14323
+       RESERVED
+CVE-2017-14322
+       RESERVED
+CVE-2017-14321
+       RESERVED
+CVE-2017-14320
+       RESERVED
+CVE-2017-14319
+       RESERVED
+CVE-2017-14318
+       RESERVED
+CVE-2017-14317
+       RESERVED
+CVE-2017-14316
+       RESERVED
+CVE-2017-14315
+       RESERVED
+CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c 
in ...)
+       TODO: check
+CVE-2017-14312 (Nagios Core through 4.3.4 initially executes /usr/sbin/nagios 
as root ...)
+       TODO: check
+CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 
for ...)
+       TODO: check
 CVE-2017-XXXX [XSA 235]
        - xen <unfixed>
        [stretch] - xen 4.8.1-1+deb9u3
@@ -98,7 +156,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2017/09/11/1
        NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
        NOTE: 
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
-CVE-2017-14313 [XSS due to add_query_arg]
+CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the 
Shibboleth ...)
        - wordpress-shibboleth 1.8-1 (bug #874416)
        NOTE: 
https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
        NOTE: 
https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/
@@ -108,8 +166,8 @@
        NOT-FOR-US: EE 4GEE WiFi MBB
 CVE-2017-14267 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, 
related ...)
        NOT-FOR-US: EE 4GEE WiFi MBB
-CVE-2017-14266
-       RESERVED
+CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow 
...)
+       TODO: check
 CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in 
xtrans_interpolate in ...)
        - libraw <unfixed>
        NOTE: https://github.com/LibRaw/LibRaw/issues/99
@@ -4191,6 +4249,7 @@
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201708-01
 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to 
inform ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-230.html
 CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is 
...)
@@ -5970,6 +6029,7 @@
 CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass 
vulnerability in ...)
        NOT-FOR-US: XOOPS
 CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain 
host OS ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-227.html
 CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 
4.9.x ...)
@@ -5979,6 +6039,7 @@
        [wheezy] - xen <not-affected> (Only affects 4.6 and later)
        NOTE: https://xenbits.xen.org/xsa/advisory-228.html
 CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service 
(crash) ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-226.html
 CVE-2017-12134 (The xen_biovec_phys_mergeable function in 
drivers/xen/biomerge.c in ...)
@@ -12395,12 +12456,15 @@
        [wheezy] - xen <not-affected> (Vulnerable code not present)
        NOTE: https://xenbits.xen.org/xsa/advisory-225.html
 CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO 
region ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure 
sufficient ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, 
which allows ...)
@@ -12410,9 +12474,11 @@
        [wheezy] - xen <not-affected> (arm not supported)
        NOTE: https://xenbits.xen.org/xsa/advisory-223.html
 CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during 
certain ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-222.html
 CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled 
event ...)
+       {DSA-3969-1}
        - xen <unfixed>
        [wheezy] - xen <not-affected> (Vulnerable code not present)
        NOTE: https://xenbits.xen.org/xsa/advisory-221.html
@@ -12423,15 +12489,19 @@
        [wheezy] - xen <not-affected> (Vulnerable code not present)
        NOTE: https://xenbits.xen.org/xsa/advisory-220.html
 CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page 
...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-219.html
 CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race 
condition ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-218.html
 CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false 
mapping ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-218.html
 CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest 
OS users ...)
+       {DSA-3969-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-217.html
 CVE-2017-10911 (The make_response function in 
drivers/block/xen-blkback/blkback.c in ...)
@@ -18297,7 +18367,7 @@
        RESERVED
 CVE-2017-7809
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
@@ -18306,7 +18376,7 @@
        - firefox 55.0-1
 CVE-2017-7807
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
@@ -18322,25 +18392,25 @@
        - icedove <not-affected> (Windows-specific)
 CVE-2017-7803
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7802
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7801
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7800
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
@@ -18367,13 +18437,13 @@
        RESERVED
 CVE-2017-7792
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7791
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
@@ -18389,25 +18459,25 @@
        - firefox 55.0-1
 CVE-2017-7787
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7786
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7785
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
 CVE-2017-7784
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
@@ -18427,7 +18497,7 @@
        - firefox 55.0-1
 CVE-2017-7779
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
@@ -18612,7 +18682,7 @@
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754
 CVE-2017-7753
        RESERVED
-       {DSA-3928-1 DLA-1087-1 DLA-1053-1}
+       {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
        - firefox 55.0-1
        - firefox-esr 52.3.0esr-1
        - icedove 1:52.3.0-1 (bug #872834)
@@ -18702,10 +18772,10 @@
        NOT-FOR-US: Fortinet
 CVE-2017-7736
        RESERVED
-CVE-2017-7735
-       RESERVED
-CVE-2017-7734
-       RESERVED
+CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
+       TODO: check
+CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
+       TODO: check
 CVE-2017-7733
        RESERVED
 CVE-2017-7732
@@ -32999,12 +33069,12 @@
        NOTE: Patch for 9.9.9-P6: 
ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434
 CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet 
FortiWLC-SD ...)
        NOT-FOR-US: Fortinet FortiWLC-SD
-CVE-2017-3133
-       RESERVED
-CVE-2017-3132
-       RESERVED
-CVE-2017-3131
-       RESERVED
+CVE-2017-3133 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
+       TODO: check
+CVE-2017-3132 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
+       TODO: check
+CVE-2017-3131 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
+       TODO: check
 CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 
5.6.0, ...)
        NOT-FOR-US: Fortinet
 CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb 
versions ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to