[Secure-testing-commits] r50372 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-04-05 09:10:14 +0000 (Wed, 05 Apr 2017)
New Revision: 50372

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-05 08:57:04 UTC (rev 50371)
+++ data/CVE/list	2017-04-05 09:10:14 UTC (rev 50372)
@@ -1,3 +1,43 @@
+CVE-2017-7438
+	RESERVED
+CVE-2017-7437
+	RESERVED
+CVE-2017-7436
+	RESERVED
+CVE-2017-7435
+	RESERVED
+CVE-2017-7434
+	RESERVED
+CVE-2017-7433
+	RESERVED
+CVE-2017-7432
+	RESERVED
+CVE-2017-7431
+	RESERVED
+CVE-2017-7430
+	RESERVED
+CVE-2017-7429
+	RESERVED
+CVE-2017-7428
+	RESERVED
+CVE-2017-7427
+	RESERVED
+CVE-2017-7426
+	RESERVED
+CVE-2017-7425
+	RESERVED
+CVE-2017-7424
+	RESERVED
+CVE-2017-7423
+	RESERVED
+CVE-2017-7422
+	RESERVED
+CVE-2017-7421
+	RESERVED
+CVE-2017-7420
+	RESERVED
+CVE-2017-7419
+	RESERVED
 CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the ...)
 	- proftpd-dfsg <unfixed> (low; bug #859592)
 	[jessie] - proftpd-dfsg <no-dsa> (Minor issue)
@@ -187,8 +227,7 @@
 	NOT-FOR-US: Pixie CMS
 CVE-2017-7359 (Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. ...)
 	NOT-FOR-US: Pixie CMS
-CVE-2017-7358
-	RESERVED
+CVE-2017-7358 (In LightDM through 1.22.0, a directory traversal issue in ...)
 	- lightdm <not-affected> (Vulnerable code not present)
 	NOTE: https://launchpad.net/bugs/1677924
 	NOTE: Specific script debian/guest-account.sh not merged from Ubuntu
@@ -745,10 +784,12 @@
 CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
 	NOT-FOR-US: cloudflare-scrape
 CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...)
+	{DLA-885-1}
 	- python-django 1:1.10.7-1 (bug #859516)
 	NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
 	NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753
 CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 ...)
+	{DLA-885-1}
 	- python-django 1:1.10.7-1 (bug #859515)
 	NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
 	NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a
@@ -2324,11 +2365,11 @@
 	RESERVED
 CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson ...)
 	NOT-FOR-US: Kinsey Infor-Lawson
-CVE-2017-6549 (Session hijack vulnerability in httpd in ASUS ASUSWRT on RT-AC53 ...)
+CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, ...)
 	NOT-FOR-US: ASUS
-CVE-2017-6548 (Buffer overflows in networkmap in ASUS ASUSWRT on RT-AC53 ...)
+CVE-2017-6548 (Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, ...)
 	NOT-FOR-US: ASUS
-CVE-2017-6547 (Cross-site scripting (XSS) vulnerability in httpd in ASUS ASUSWRT on ...)
+CVE-2017-6547 (Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, ...)
 	NOT-FOR-US: ASUS
 CVE-2017-6546
 	RESERVED
@@ -13452,8 +13493,7 @@
 	RESERVED
 CVE-2017-2672
 	RESERVED
-CVE-2017-2671 [Linux kernel ping socket / AF_LLC connect() sin_family race]
-	RESERVED
+CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel ...)
 	- linux <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6
 CVE-2017-2670