[Secure-testing-commits] r58587 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Dec 14 21:10:14 UTC 2017
Author: sectracker
Date: 2017-12-14 21:10:14 +0000 (Thu, 14 Dec 2017)
New Revision: 58587
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-14 21:09:55 UTC (rev 58586)
+++ data/CVE/list 2017-12-14 21:10:14 UTC (rev 58587)
@@ -1,3 +1,7 @@
+CVE-2017-17685
+ RESERVED
+CVE-2016-10703 (A regular expression Denial of Service (DoS) vulnerability in the file ...)
+ TODO: check
CVE-2018-2359
RESERVED
CVE-2018-2358
@@ -2366,54 +2370,42 @@
RESERVED
CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and ...)
TODO: check
-CVE-2017-17535 [argument injection]
- RESERVED
+CVE-2017-17535 (lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...)
- gjots2 <unfixed>
NOTE: https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188
-CVE-2017-17534 [argument injection]
- RESERVED
+CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before ...)
- mensis <removed>
NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
-CVE-2017-17533 [argument injection]
- RESERVED
+CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before launching ...)
- tkabber <unfixed>
NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
-CVE-2017-17532 [argument injection]
- RESERVED
+CVE-2017-17532 (examples/framework/news/news3.py in Kiwi 1.9.22 does not validate ...)
- kiwi <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/kiwi/1.9.22-4/examples/framework/news/news3.py/?hl=88#L88
NOTE: Only in examples code, negligible impact
-CVE-2017-17531 [argument injection]
- RESERVED
+CVE-2017-17531 (gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before ...)
- global <unfixed>
NOTE: https://sources.debian.org/src/global/4.8.6-2/gozilla/gozilla.c/#L269
-CVE-2017-17530 [argument injection]
- RESERVED
+CVE-2017-17530 (common/help.c in Geomview 1.9.5 does not validate strings before ...)
- geomview <unfixed>
[wheezy] - geomview <no-dsa> (Minor issue)
NOTE: https://sources.debian.org/src/geomview/1.9.5-1/src/bin/geomview/common/help.c/?hl=51#L83
-CVE-2017-17529 [argument injection]
- RESERVED
+CVE-2017-17529 (af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ...)
- abiword <unfixed>
NOTE: https://sources.debian.org/src/abiword/3.0.2-5/src/af/util/xp/ut_go_file.cpp/#L1717
-CVE-2017-17528 [argument injection]
- RESERVED
+CVE-2017-17528 (backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not ...)
- scummvm <unfixed>
NOTE: https://sources.debian.org/src/scummvm/1.9.0+dfsg-2/backends/platform/sdl/posix/posix.cpp/?hl=274#L274
-CVE-2017-17527 [argument injection]
- RESERVED
+CVE-2017-17527 (delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate ...)
- pasdoc <unfixed>
NOTE: https://sources.debian.org/src/pasdoc/0.14.0-1/source/delphi_gui/WWWBrowserRunnerDM.pas/?hl=63#L63
-CVE-2017-17526 [argument injection]
- RESERVED
+CVE-2017-17526 (Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings ...)
- giac <unfixed>
NOTE: https://sources.debian.org/src/giac/1.2.3.57+dfsg1-2/src/Input.cc/?hl=68#L77
-CVE-2017-17525 [argument injection]
- RESERVED
+CVE-2017-17525 (guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate ...)
- postbooks <unfixed>
NOTE: https://sources.debian.org/src/postbooks/4.7.0-3/guiclient/guiclient.cpp/?hl=1610#L1610
-CVE-2017-17524 [argument injection]
- RESERVED
+CVE-2017-17524 (library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings ...)
- swi-prolog <unfixed>
NOTE: https://sources.debian.org/src/swi-prolog/7.2.3+dfsg-1/library/www_browser.pl/?hl=68#L68
CVE-2017-17523 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings ...)
@@ -2421,8 +2413,7 @@
[jessie] - lilypond <no-dsa> (Minor issue)
[wheezy] - lilypond <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/testlilyissues/issues/5243/
-CVE-2017-17522 [argument injection]
- RESERVED
+CVE-2017-17522 (Lib/webbrowser.py in Python through 3.6.3 does not validate strings ...)
- jython <unfixed>
- python2.6 <removed>
- python2.7 <unfixed>
@@ -2433,44 +2424,35 @@
- python3.7 <unfixed>
NOTE: Lib/webbrowser.py does not validate strings before launching the program
NOTE: specified by the BROWSER environment variable.
-CVE-2017-17521 [argument injection]
- RESERVED
+CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate strings before ...)
- fontforge <unfixed>
NOTE: https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
-CVE-2017-17520 [argument injection]
- RESERVED
+CVE-2017-17520 (** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate ...)
- tin <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120
NOTE: Documentation has a clear SECURITY section mentioning that [...] url_handler
NOTE: does not try hard to shell escape its input nor does it convert relative URLs
NOTE: into abosulte ones. If you use url_handler.pl from other applications be sure to
NOTE: at least shell escaped its input.
-CVE-2017-17519 [argument injection]
- RESERVED
+CVE-2017-17519 (batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) ...)
- ocaml-batteries <unfixed>
NOTE: https://sources.debian.org/src/ocaml-batteries/2.6.0-1/src/batteriesConfig.mlp/?hl=23#L23
-CVE-2017-17518 [argument injection]
- RESERVED
+CVE-2017-17518 (swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not ...)
- whitedune <unfixed>
NOTE: https://sources.debian.org/src/whitedune/0.30.10-2.1/src/swt/motif/browser.c/?hl=159#L214
-CVE-2017-17517 [argument injection]
- RESERVED
+CVE-2017-17517 (libsylph/utils.c in Sylpheed through 3.6 does not validate strings ...)
- sylpheed <unfixed>
NOTE: https://sources.debian.org/src/sylpheed/3.5.1-1/libsylph/utils.c/?hl=4292#L4292
-CVE-2017-17516 [argument injection]
- RESERVED
+CVE-2017-17516 (scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 ...)
- rtv <unfixed>
NOTE: https://sources.debian.org/src/rtv/1.20.0+dfsg-1/scripts/inspect_webbrowser.py/
-CVE-2017-17515 [argument injection]
- RESERVED
+CVE-2017-17515 (etc/ObjectList in Metview 4.7.3 does not validate strings before ...)
- metview <unfixed>
NOTE: https://sources.debian.org/src/metview/4.7.2-3/share/metview/etc/ObjectList/?hl=2857#L2857
-CVE-2017-17514 [argument injection]
- RESERVED
+CVE-2017-17514 (boxes.c in nip2 8.4.0 does not validate strings before launching the ...)
- nip2 <unfixed>
NOTE: https://sources.debian.org/src/nip2/8.4.0-1/src/boxes.c/?hl=727#L727
-CVE-2017-17513 [argument injection]
- RESERVED
+CVE-2017-17513 (TeX Live through 20170524 does not validate strings before launching ...)
- texlive-base <unfixed>
- texlive-bin <unfixed>
- context <unfixed>
@@ -2480,8 +2462,7 @@
CVE-2017-17512 (sensible-browser in sensible-utils before 0.0.11 does not validate ...)
- sensible-utils 0.0.11 (bug #881767)
NOTE: https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5
-CVE-2017-17511 [argument injection]
- RESERVED
+CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching the program ...)
- kildclient <unfixed>
NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159
NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/prefs.c/?hl=324#L324
@@ -35692,8 +35673,8 @@
NOT-FOR-US: SAP
CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in ...)
NOT-FOR-US: MobiLink Synchronization Server
-CVE-2017-7344
- RESERVED
+CVE-2017-7344 (A privilege escalation in Fortinet FortiClient Windows 5.4.3 and ...)
+ TODO: check
CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...)
NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7342
@@ -40943,8 +40924,8 @@
NOTE: Fixed by: http://svn.apache.org/r1793470 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1793471 (7.0.x)
NOTE: Fixed by: http://svn.apache.org/r1793491 (7.0.x)
-CVE-2017-5663
- RESERVED
+CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and ...)
+ TODO: check
CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the ...)
{DLA-926-1}
- batik 1.9-1 (bug #860566)
More information about the Secure-testing-commits
mailing list