Author: sectracker
Date: 2017-12-07 09:10:16 +0000 (Thu, 07 Dec 2017)
New Revision: 58316
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-07 09:10:07 UTC (rev 58315)
+++ data/CVE/list 2017-12-07 09:10:16 UTC (rev 58316)
@@ -1,3 +1,23 @@
+CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1
may lead ...)
+ TODO: check
+CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1
may lead ...)
+ TODO: check
+CVE-2017-17455
+ RESERVED
+CVE-2017-17454
+ RESERVED
+CVE-2017-17453
+ RESERVED
+CVE-2017-17452
+ RESERVED
+CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in
the ...)
+ TODO: check
+CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does
not ...)
+ TODO: check
+CVE-2017-17449 (The __netlink_deliver_tap_skb function in
net/netlink/af_netlink.c in ...)
+ TODO: check
+CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through
4.14.4 ...)
+ TODO: check
CVE-2018-1280
RESERVED
CVE-2018-1279
@@ -223,6 +243,7 @@
[jessie] - libextractor <no-dsa> (Minor issue)
NOTE: Fixed by:
https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are
able to ...)
+ {DSA-4055-1}
- heimdal <unfixed> (bug #878144)
[jessie] - heimdal <not-affected> (Vulnerability introduced in 7.0)
[wheezy] - heimdal <not-affected> (Vulnerability introduced in 7.0)
@@ -233,10 +254,10 @@
RESERVED
CVE-2017-17437
RESERVED
-CVE-2017-17436
- RESERVED
-CVE-2017-17435
- RESERVED
+CVE-2017-17436 (An issue was discovered in the software on Vaultek Gun Safe
VT20i ...)
+ TODO: check
+CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe
VT20i ...)
+ TODO: check
CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before
2017-12-03, ...)
- rsync <unfixed> (bug #883665)
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1
@@ -246,8 +267,8 @@
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q,
status, ...)
NOT-FOR-US: GeniXCMS
-CVE-2017-17430
- RESERVED
+CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before
2.3.12-80-GA allows ...)
+ TODO: check
CVE-2017-17429
RESERVED
CVE-2017-17428
@@ -432,8 +453,8 @@
RESERVED
CVE-2017-17385
RESERVED
-CVE-2017-17384
- RESERVED
+CVE-2017-17384 (ISPConfig 3.x before 3.1.9 allows remote authenticated users
to obtain ...)
+ TODO: check
CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated
administrators to ...)
- jenkins <removed>
CVE-2017-17382
@@ -2629,7 +2650,7 @@
NOT-FOR-US: GitPHP
CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and
Swagger ...)
NOT-FOR-US: Swagger-Parser
-CVE-2017-1000159 (Command injection in evince 3.24.8 via filename when
printing to PDF ...)
+CVE-2017-1000159 (Command injection in evince via filename when printing to
PDF. This ...)
- evince 3.25.92-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947
NOTE: Introduced by:
https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99
(EVINCE_0_9_1)
@@ -169200,7 +169221,7 @@
NOT-FOR-US: Opera
CVE-2002-2483
- linux-2.6 2.4.20
-CVE-2012-1002 (Unspecified vulnerability in OpenConf 4.x before 4.12 has
unknown ...)
+CVE-2012-1002 (SQL injection vulnerability in author/edit.php in OpenConf 4.x
before ...)
NOT-FOR-US: OpenConf
CVE-2012-1001
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
