Author: sectracker
Date: 2017-12-24 21:10:13 +0000 (Sun, 24 Dec 2017)
New Revision: 58906
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-24 19:57:27 UTC (rev 58905)
+++ data/CVE/list 2017-12-24 21:10:13 UTC (rev 58906)
@@ -1,3 +1,31 @@
+CVE-2017-17901
+ RESERVED
+CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr
ERP/CRM ...)
+ TODO: check
+CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php
in ...)
+ TODO: check
+CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests
to ...)
+ TODO: check
+CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr
ERP/CRM ...)
+ TODO: check
+CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to
the /job ...)
+ TODO: check
+CVE-2017-17895 (Readymade Job Site Script has SQL Injection via the
location_name array ...)
+ TODO: check
+CVE-2017-17894 (Readymade Job Site Script has CSRF via the /job URI. ...)
+ TODO: check
+CVE-2017-17893 (Readymade Video Sharing Script has XSS via the
search_video.php search ...)
+ TODO: check
+CVE-2017-17892 (Readymade Video Sharing Script has SQL Injection via the
viewsubs.php ...)
+ TODO: check
+CVE-2017-17891 (Readymade Video Sharing Script has CSRF via
user-profile-edit.php. ...)
+ TODO: check
+CVE-2017-17890
+ RESERVED
+CVE-2017-17889
+ RESERVED
+CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on
NetBiter / HMS, ...)
+ TODO: check
CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was
found in ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
@@ -105,8 +133,8 @@
- asterisk <unfixed> (bug #885072)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480
-CVE-2017-17849
- RESERVED
+CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager
5.3.0.2712 ...)
+ TODO: check
CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in
the Linux ...)
- linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introdued later)
@@ -392,6 +420,7 @@
CVE-2017-17791
RESERVED
CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through
2.4.3 ...)
+ {DLA-1222-1 DLA-1221-1}
- ruby2.5 <unfixed> (bug #884878)
- ruby2.3 <unfixed> (bug #884879)
[stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in
future DSA)
@@ -6314,6 +6343,7 @@
CVE-2017-17406
RESERVED
CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection.
Net::FTP#get, ...)
+ {DLA-1222-1 DLA-1221-1}
- ruby2.5 2.5.0~rc1-1 (bug #884437)
- ruby2.3 2.3.6-1 (bug #884438)
[stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in a
future update)
@@ -36824,14 +36854,17 @@
NOT-FOR-US: Nessus
CVE-2017-7848
RESERVED
+ {DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848
CVE-2017-7847
RESERVED
+ {DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847
CVE-2017-7846
RESERVED
+ {DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846
CVE-2017-7845
@@ -36911,6 +36944,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830
CVE-2017-7829
RESERVED
+ {DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
CVE-2017-7828
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
