[Secure-testing-commits] r54600 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Aug 11 09:10:16 UTC 2017 

Author: sectracker
Date: 2017-08-11 09:10:16 +0000 (Fri, 11 Aug 2017)
New Revision: 54600

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-11 06:40:25 UTC (rev 54599)
+++ data/CVE/list	2017-08-11 09:10:16 UTC (rev 54600)
@@ -11196,8 +11196,8 @@
 	RESERVED
 CVE-2017-8659 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-8658
-	RESERVED
+CVE-2017-8658 (A remote code execution vulnerability exists in the way that the ...)
+	TODO: check
 CVE-2017-8657 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-8656 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
@@ -13943,8 +13943,8 @@
 	RESERVED
 CVE-2017-7738
 	RESERVED
-CVE-2017-7737
-	RESERVED
+CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...)
+	TODO: check
 CVE-2017-7736
 	RESERVED
 CVE-2017-7735
@@ -14113,10 +14113,10 @@
 	NOT-FOR-US: Apache Ranger
 CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores ...)
 	NOT-FOR-US: Apache Ranger
-CVE-2017-7675
-	RESERVED
-CVE-2017-7674
-	RESERVED
+CVE-2017-7675 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and ...)
+	TODO: check
+CVE-2017-7674 (The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to ...)
+	TODO: check
 CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2017-7672 (If an application allows enter an URL in a form field and built-in ...)
@@ -14533,7 +14533,7 @@
 	NOTE: https://www.postgresql.org/about/news/1772/
 CVE-2017-7547 [The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges]
 	RESERVED
-	{DSA-3936-1 DSA-3935-1}
+	{DSA-3936-1 DSA-3935-1 DLA-1051-1}
 	- postgresql-9.6 9.6.4-1
 	- postgresql-9.4 <removed>
 	- postgresql-9.1 <removed>
@@ -14542,7 +14542,7 @@
 	NOTE: https://www.postgresql.org/about/news/1772/
 CVE-2017-7546 [Empty password accepted in some authentication methods]
 	RESERVED
-	{DSA-3936-1 DSA-3935-1}
+	{DSA-3936-1 DSA-3935-1 DLA-1051-1}
 	- postgresql-9.6 9.6.4-1
 	- postgresql-9.4 <removed>
 	- postgresql-9.1 <removed>
@@ -14798,7 +14798,7 @@
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
 CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...)
-	{DSA-3851-1}
+	{DSA-3851-1 DLA-1051-1}
 	- postgresql-9.6 9.6.3-1
 	- postgresql-9.4 <removed>
 	- postgresql-9.1 <removed>
@@ -27979,7 +27979,7 @@
 	{DSA-3896-1 DLA-1009-1}
 	- apache2 2.4.25-4
 CVE-2017-3168
-	RESERVED
+	REJECTED
 CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...)
 	{DSA-3896-1 DLA-1009-1}
 	- apache2 2.4.25-4
@@ -28129,8 +28129,8 @@
 	RESERVED
 CVE-2017-3131
 	RESERVED
-CVE-2017-3130
-	RESERVED
+CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 5.6.0, ...)
+	TODO: check
 CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions ...)
 	NOT-FOR-US: Fortinet FortiWeb
 CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...)
@@ -37831,8 +37831,7 @@
 	NOTE: http://svn.apache.org/r1774166
 CVE-2016-8746 (Apache Ranger before 0.6.3 policy engine incorrectly matches paths in ...)
 	NOT-FOR-US: Apache Ranger
-CVE-2016-8745
-	RESERVED
+CVE-2016-8745 (A bug in the error handling of the send file code for the NIO HTTP ...)
 	{DSA-3755-1 DSA-3754-1 DLA-779-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.9-1
@@ -44086,8 +44085,7 @@
 	RESERVED
 CVE-2016-6818 (SQL injection vulnerability in SAP Business Intelligence platform ...)
 	NOT-FOR-US: SAP
-CVE-2016-6817 [denial of service]
-	RESERVED
+CVE-2016-6817 (The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 <not-affected> (Only affects 9.x and 8.5.x)
 	- tomcat7 <not-affected> (Only affects 9.x and 8.5.x)
@@ -44161,8 +44159,7 @@
 	NOT-FOR-US: Apache Cordova
 CVE-2016-6798 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
 	NOT-FOR-US: Apache Sling
-CVE-2016-6797 [Apache Tomcat Unrestricted Access to Global Resources]
-	RESERVED
+CVE-2016-6797 (The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to ...)
 	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
 	- tomcat8 8.0.37-1 (low)
 	- tomcat7 7.0.72-1 (low; bug #842666)
@@ -44172,8 +44169,7 @@
 	NOTE: Fixed by: http://svn.apache.org/r1757273 (8.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1757275 (7.0.x)
 	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1757285 (6.0.x)
-CVE-2016-6796 [Apache Tomcat Security Manager Bypass]
-	RESERVED
+CVE-2016-6796 (A malicious web application running on Apache Tomcat 9.0.0.M1 to ...)
 	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
 	- tomcat8 8.0.37-1 (low)
 	- tomcat7 7.0.72-1 (low; bug #842665)

More information about the Secure-testing-commits mailing list