[Secure-testing-commits] r55223 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Aug 30 09:10:14 UTC 2017 

Author: sectracker
Date: 2017-08-30 09:10:14 +0000 (Wed, 30 Aug 2017)
New Revision: 55223

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-30 09:00:05 UTC (rev 55222)
+++ data/CVE/list	2017-08-30 09:10:14 UTC (rev 55223)
@@ -1,4 +1,65 @@
-CVE-2017-13753 (There is a reachable assertion abort in the function JPC_NOMINALGAIN() ...)
+CVE-2017-13779
+	RESERVED
+CVE-2017-13778
+	RESERVED
+CVE-2017-13777
+	RESERVED
+CVE-2017-13776
+	RESERVED
+CVE-2017-13775
+	RESERVED
+CVE-2017-13774
+	RESERVED
+CVE-2017-13773
+	RESERVED
+CVE-2017-13772
+	RESERVED
+CVE-2017-13771
+	RESERVED
+CVE-2017-13770
+	RESERVED
+CVE-2017-13769
+	RESERVED
+CVE-2017-13768
+	RESERVED
+CVE-2017-13767
+	RESERVED
+CVE-2017-13766
+	RESERVED
+CVE-2017-13765
+	RESERVED
+CVE-2017-13764
+	RESERVED
+CVE-2017-13763 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of ...)
+	TODO: check
+CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. ...)
+	TODO: check
+CVE-2017-13761
+	RESERVED
+CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in ...)
+	TODO: check
+CVE-2017-13759
+	RESERVED
+CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...)
+	TODO: check
+CVE-2017-13757 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
+	TODO: check
+CVE-2017-13756 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers ...)
+	TODO: check
+CVE-2017-13755 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image ...)
+	TODO: check
+CVE-2017-13754
+	RESERVED
+CVE-2016-10507
+	RESERVED
+CVE-2016-10506
+	RESERVED
+CVE-2016-10505
+	RESERVED
+CVE-2016-10504
+	RESERVED
+CVE-2017-13753
+	REJECTED
 CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize() ...)
 	- jasper <removed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485276
@@ -34941,8 +35002,8 @@
 	RESERVED
 CVE-2017-1536
 	RESERVED
-CVE-2017-1535
-	RESERVED
+CVE-2017-1535 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
+	TODO: check
 CVE-2017-1534
 	RESERVED
 CVE-2017-1533
@@ -35041,8 +35102,8 @@
 	RESERVED
 CVE-2017-1486
 	RESERVED
-CVE-2017-1485
-	RESERVED
+CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
+	TODO: check
 CVE-2017-1484
 	RESERVED
 CVE-2017-1483
@@ -35155,10 +35216,10 @@
 	RESERVED
 CVE-2017-1429
 	RESERVED
-CVE-2017-1428
-	RESERVED
-CVE-2017-1427
-	RESERVED
+CVE-2017-1428 (IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the ...)
+	TODO: check
+CVE-2017-1427 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
+	TODO: check
 CVE-2017-1426
 	RESERVED
 CVE-2017-1425
@@ -35621,8 +35682,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require ...)
 	NOT-FOR-US: IBM
-CVE-2017-1195
-	RESERVED
+CVE-2017-1195 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow ...)
+	TODO: check
 CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
 	NOT-FOR-US: IBM
 CVE-2017-1193 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to ...)
@@ -37621,8 +37682,7 @@
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2017-0380
 	RESERVED
-CVE-2017-0379 [side-channel attack on Curve25519]
-	RESERVED
+CVE-2017-0379 (Libgcrypt before 1.8.1 does not properly consider Curve25519 ...)
 	{DSA-3959-1}
 	- libgcrypt20 1.7.9-1 (bug #873383)
 	[jessie] - libgcrypt20 <not-affected> (Vulnerable code not present, no Curve25519 support)
@@ -39175,7 +39235,7 @@
 	- jasper <removed> (unimportant)
 	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize
 	NOTE: Negligable security impact
-CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc_t1cod.c in JasPer before 1.900.12 ...)
+CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through ...)
 	- jasper <removed> (unimportant)
 	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN
 	NOTE: Negligable security impact
@@ -59661,20 +59721,20 @@
 	RESERVED
 CVE-2016-2981 (An undisclosed vulnerability in the CLM applications in IBM Jazz Team ...)
 	NOT-FOR-US: IBM
-CVE-2016-2980
-	RESERVED
+CVE-2016-2980 (The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script ...)
+	TODO: check
 CVE-2016-2979 (IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
-CVE-2016-2978
-	RESERVED
+CVE-2016-2978 (IBM Sametime 8.5.2 and 9.0 could store potentially sensitive ...)
+	TODO: check
 CVE-2016-2977 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user ...)
 	NOT-FOR-US: IBM
-CVE-2016-2976
-	RESERVED
-CVE-2016-2975
-	RESERVED
-CVE-2016-2974
-	RESERVED
+CVE-2016-2976 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting ...)
+	TODO: check
+CVE-2016-2975 (IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This ...)
+	TODO: check
+CVE-2016-2974 (IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime ...)
+	TODO: check
 CVE-2016-2973 (IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
 CVE-2016-2972 (IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of ...)
@@ -59687,14 +59747,14 @@
 	NOT-FOR-US: IBM
 CVE-2016-2968 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows ...)
 	NOT-FOR-US: IBM
-CVE-2016-2967
-	RESERVED
-CVE-2016-2966
-	RESERVED
+CVE-2016-2967 (IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This ...)
+	TODO: check
+CVE-2016-2966 (IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to ...)
+	TODO: check
 CVE-2016-2965 (IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
-CVE-2016-2964
-	RESERVED
+CVE-2016-2964 (IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error ...)
+	TODO: check
 CVE-2016-2963 (Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote ...)
 	NOT-FOR-US: IBM
 CVE-2016-2962
@@ -69131,8 +69191,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-0359 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
 	NOT-FOR-US: IBM
-CVE-2016-0358
-	RESERVED
+CVE-2016-0358 (IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated ...)
+	TODO: check
 CVE-2016-0357 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
 	NOT-FOR-US: IBM
 CVE-2016-0356 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an ...)

More information about the Secure-testing-commits mailing list