[Secure-testing-commits] r50372 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Apr 5 09:10:14 UTC 2017
Author: sectracker
Date: 2017-04-05 09:10:14 +0000 (Wed, 05 Apr 2017)
New Revision: 50372
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-05 08:57:04 UTC (rev 50371)
+++ data/CVE/list 2017-04-05 09:10:14 UTC (rev 50372)
@@ -1,3 +1,43 @@
+CVE-2017-7438
+ RESERVED
+CVE-2017-7437
+ RESERVED
+CVE-2017-7436
+ RESERVED
+CVE-2017-7435
+ RESERVED
+CVE-2017-7434
+ RESERVED
+CVE-2017-7433
+ RESERVED
+CVE-2017-7432
+ RESERVED
+CVE-2017-7431
+ RESERVED
+CVE-2017-7430
+ RESERVED
+CVE-2017-7429
+ RESERVED
+CVE-2017-7428
+ RESERVED
+CVE-2017-7427
+ RESERVED
+CVE-2017-7426
+ RESERVED
+CVE-2017-7425
+ RESERVED
+CVE-2017-7424
+ RESERVED
+CVE-2017-7423
+ RESERVED
+CVE-2017-7422
+ RESERVED
+CVE-2017-7421
+ RESERVED
+CVE-2017-7420
+ RESERVED
+CVE-2017-7419
+ RESERVED
CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the ...)
- proftpd-dfsg <unfixed> (low; bug #859592)
[jessie] - proftpd-dfsg <no-dsa> (Minor issue)
@@ -187,8 +227,7 @@
NOT-FOR-US: Pixie CMS
CVE-2017-7359 (Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. ...)
NOT-FOR-US: Pixie CMS
-CVE-2017-7358
- RESERVED
+CVE-2017-7358 (In LightDM through 1.22.0, a directory traversal issue in ...)
- lightdm <not-affected> (Vulnerable code not present)
NOTE: https://launchpad.net/bugs/1677924
NOTE: Specific script debian/guest-account.sh not merged from Ubuntu
@@ -745,10 +784,12 @@
CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
NOT-FOR-US: cloudflare-scrape
CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...)
+ {DLA-885-1}
- python-django 1:1.10.7-1 (bug #859516)
NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753
CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 ...)
+ {DLA-885-1}
- python-django 1:1.10.7-1 (bug #859515)
NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a
@@ -2324,11 +2365,11 @@
RESERVED
CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson ...)
NOT-FOR-US: Kinsey Infor-Lawson
-CVE-2017-6549 (Session hijack vulnerability in httpd in ASUS ASUSWRT on RT-AC53 ...)
+CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, ...)
NOT-FOR-US: ASUS
-CVE-2017-6548 (Buffer overflows in networkmap in ASUS ASUSWRT on RT-AC53 ...)
+CVE-2017-6548 (Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, ...)
NOT-FOR-US: ASUS
-CVE-2017-6547 (Cross-site scripting (XSS) vulnerability in httpd in ASUS ASUSWRT on ...)
+CVE-2017-6547 (Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, ...)
NOT-FOR-US: ASUS
CVE-2017-6546
RESERVED
@@ -13452,8 +13493,7 @@
RESERVED
CVE-2017-2672
RESERVED
-CVE-2017-2671 [Linux kernel ping socket / AF_LLC connect() sin_family race]
- RESERVED
+CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel ...)
- linux <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6
CVE-2017-2670
More information about the Secure-testing-commits
mailing list