[Secure-testing-commits] r58369 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Dec 8 21:10:25 UTC 2017 

Author: sectracker
Date: 2017-12-08 21:10:25 +0000 (Fri, 08 Dec 2017)
New Revision: 58369

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-08 19:20:32 UTC (rev 58368)
+++ data/CVE/list	2017-12-08 21:10:25 UTC (rev 58369)
@@ -1,3 +1,13 @@
+CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
+	TODO: check
+CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
+	TODO: check
+CVE-2017-17478
+	RESERVED
+CVE-2017-17477
+	RESERVED
+CVE-2017-17476
+	RESERVED
 CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
 	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
 CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
@@ -3770,7 +3780,7 @@
 	- linux 4.13.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...)
-	{DLA-1196-1}
+	{DSA-4058-1 DLA-1196-1}
 	- optipng 0.7.6-1.1 (bug #878839)
 	NOTE: https://sourceforge.net/p/optipng/bugs/69/
 CVE-2017-16937
@@ -3831,8 +3841,7 @@
 	NOT-FOR-US: Shenzhen Tenda
 CVE-2017-16922
 	RESERVED
-CVE-2017-16921 [OSA-2017-09: Remote code execution]
-	RESERVED
+CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...)
 	- otrs2 6.0.2-1 (bug #883774)
 	NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
 	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
@@ -4158,7 +4167,7 @@
 	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
 	NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
-	{DLA-1184-1}
+	{DSA-4058-1 DLA-1184-1}
 	- optipng 0.7.6-1.1 (bug #882032)
 	NOTE: https://sourceforge.net/p/optipng/bugs/65/
 	NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
@@ -4441,8 +4450,7 @@
 	NOT-FOR-US: Atlassian Confluence
 CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...)
 	- ipsilon <itp> (bug #826838)
-CVE-2017-16854 [OSA-2017-08: Information Disclosure]
-	RESERVED
+CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...)
 	- otrs2 6.0.2-1
 	NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
 	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
@@ -5099,6 +5107,7 @@
 	- swauth 1.2.0-4 (bug #882314)
 	NOTE: https://bugs.launchpad.net/swift/+bug/1655781
 CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that could lead ...)
+	{DSA-4059-1}
 	- libxcursor <unfixed> (bug #883792)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
@@ -7196,16 +7205,16 @@
 	RESERVED
 CVE-2017-15896
 	RESERVED
-CVE-2017-15895
-	RESERVED
-CVE-2017-15894
-	RESERVED
-CVE-2017-15893
-	RESERVED
+CVE-2017-15895 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
+	TODO: check
+CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
+	TODO: check
+CVE-2017-15893 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
+	TODO: check
 CVE-2017-15892
 	RESERVED
-CVE-2017-15891
-	RESERVED
+CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in ...)
+	TODO: check
 CVE-2017-15890
 	RESERVED
 CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...)
@@ -16281,8 +16290,8 @@
 	RESERVED
 CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in ...)
 	NOT-FOR-US: InPage
-CVE-2017-12823
-	RESERVED
+CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky Embedded ...)
+	TODO: check
 CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...)
 	NOT-FOR-US: Gemalto
 CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel ...)
@@ -18629,8 +18638,8 @@
 	RESERVED
 CVE-2017-11941
 	RESERVED
-CVE-2017-11940
-	RESERVED
+CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
+	TODO: check
 CVE-2017-11939
 	RESERVED
 CVE-2017-11938
@@ -20019,12 +20028,12 @@
 	RESERVED
 CVE-2017-11483
 	RESERVED
-CVE-2017-11482
-	RESERVED
-CVE-2017-11481
-	RESERVED
-CVE-2017-11480
-	RESERVED
+CVE-2017-11482 (The Kibana fix for CVE-2017-8451 was found to be incomplete. With ...)
+	TODO: check
+CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting ...)
+	TODO: check
+CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of service ...)
+	TODO: check
 CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) ...)
 	- kibana <itp> (bug #700337)
 CVE-2017-11477
@@ -21872,8 +21881,8 @@
 	RESERVED
 CVE-2017-10907
 	RESERVED
-CVE-2017-10906
-	RESERVED
+CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 ...)
+	TODO: check
 CVE-2017-10905
 	RESERVED
 CVE-2017-10904
@@ -21890,16 +21899,16 @@
 	NOT-FOR-US: A-Reserve
 CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for MT cloud ...)
 	NOT-FOR-US: A-Member
-CVE-2017-10897
-	RESERVED
-CVE-2017-10896
-	RESERVED
+CVE-2017-10897 (Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband ...)
+	TODO: check
+CVE-2017-10896 (Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG ...)
+	TODO: check
 CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause ...)
 	NOT-FOR-US: sDNSProxy
 CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...)
 	NOT-FOR-US: StreamRelay.NET
-CVE-2017-10893
-	RESERVED
+CVE-2017-10893 (Untrusted search path vulnerability in The Public Certification ...)
+	TODO: check
 CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version ...)
 	NOT-FOR-US: Music Center for PC
 CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...)

More information about the Secure-testing-commits mailing list