[Secure-testing-commits] r58166 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Dec 1 09:10:17 UTC 2017 

Author: sectracker
Date: 2017-12-01 09:10:17 +0000 (Fri, 01 Dec 2017)
New Revision: 58166

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-01 07:38:45 UTC (rev 58165)
+++ data/CVE/list	2017-12-01 09:10:17 UTC (rev 58166)
@@ -1,3 +1,21 @@
+CVE-2017-17088
+	RESERVED
+CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...)
+	TODO: check
+CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "</script>" substring in an ...)
+	TODO: check
+CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety ...)
+	TODO: check
+CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA ...)
+	TODO: check
+CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...)
+	TODO: check
+CVE-2017-17082
+	RESERVED
+CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...)
+	TODO: check
+CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
+	TODO: check
 CVE-2018-0740
 	RESERVED
 CVE-2018-0739
@@ -1793,10 +1811,9 @@
 	RESERVED
 CVE-2017-16885
 	RESERVED
-CVE-2017-1000406
+CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
 	NOT-FOR-US: OpenDayLight
-CVE-2017-1000405 ["Dirty COW" variant on transparent huge pages]
-	RESERVED
+CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use ...)
 	- linux 4.14.2-1
 	NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
 	NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
@@ -5609,6 +5626,7 @@
 	[jessie] - musl <no-dsa> (Minor issue)
 	NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
 CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...)
+	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #882144)
 	[stretch] - sox <no-dsa> (Minor issue)
 	[jessie] - sox <no-dsa> (Minor issue)
@@ -5689,8 +5707,8 @@
 	NOT-FOR-US: Octopus Deploy
 CVE-2017-15608
 	RESERVED
-CVE-2017-15607
-	RESERVED
+CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based ...)
+	TODO: check
 CVE-2017-15606
 	RESERVED
 CVE-2017-15605
@@ -6274,6 +6292,7 @@
 CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to ...)
 	NOT-FOR-US: E-Sic
 CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
+	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #878808)
 	[stretch] - sox <no-dsa> (Minor issue)
 	[jessie] - sox <no-dsa> (Minor issue)
@@ -18354,19 +18373,17 @@
 	RESERVED
 CVE-2017-11287
 	RESERVED
-CVE-2017-11286
-	RESERVED
-CVE-2017-11285
-	RESERVED
-CVE-2017-11284
-	RESERVED
-CVE-2017-11283
-	RESERVED
-CVE-2017-11282
-	RESERVED
+CVE-2017-11286 (Adobe ColdFusion has an XML external entity (XXE) injection ...)
+	TODO: check
+CVE-2017-11285 (Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This ...)
+	TODO: check
+CVE-2017-11284 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...)
+	TODO: check
+CVE-2017-11283 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...)
+	TODO: check
+CVE-2017-11282 (Adobe Flash Player has an exploitable memory corruption vulnerability ...)
 	NOT-FOR-US: Adobe
-CVE-2017-11281
-	RESERVED
+CVE-2017-11281 (Adobe Flash Player has an exploitable memory corruption vulnerability ...)
 	NOT-FOR-US: Adobe
 CVE-2017-11280 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory ...)
 	NOT-FOR-US: Adobe
@@ -43632,10 +43649,10 @@
 	NOT-FOR-US: Adobe
 CVE-2017-3106 (Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2017-3105
-	RESERVED
-CVE-2017-3104
-	RESERVED
+CVE-2017-3105 (Adobe RoboHelp has an Open Redirect vulnerability. This affects ...)
+	TODO: check
+CVE-2017-3104 (Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This ...)
+	TODO: check
 CVE-2017-3103 (Adobe Connect versions 9.6.1 and earlier have a stored cross-site ...)
 	NOT-FOR-US: Adobe Connect
 CVE-2017-3102 (Adobe Connect versions 9.6.1 and earlier have a reflected cross-site ...)

More information about the Secure-testing-commits mailing list