[Secure-testing-commits] r58625 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Dec 16 21:10:16 UTC 2017 

Author: sectracker
Date: 2017-12-16 21:10:15 +0000 (Sat, 16 Dec 2017)
New Revision: 58625

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-16 19:16:24 UTC (rev 58624)
+++ data/CVE/list	2017-12-16 21:10:15 UTC (rev 58625)
@@ -1,3 +1,9 @@
+CVE-2017-17715 (The saveFile method in MediaController.java in the Telegram Messenger ...)
+	TODO: check
+CVE-2017-17714 (Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId ...)
+	TODO: check
+CVE-2017-17713 (Trape before 2017-11-05 has SQL injection via the /nr red parameter, ...)
+	TODO: check
 CVE-2017-17712 (The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel ...)
 	TODO: check
 CVE-2017-17711
@@ -4941,6 +4947,7 @@
 	- sensible-utils 0.0.11 (bug #881767)
 	NOTE: https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5
 CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching the program ...)
+	{DLA-1210-1}
 	- kildclient <unfixed>
 	NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159
 	NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/prefs.c/?hl=324#L324
@@ -5536,6 +5543,7 @@
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.3)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
 CVE-2017-1000409 [buffer overflow]
+	RESERVED
 	- glibc 2.25-5 (bug #884133)
 	[stretch] - glibc <no-dsa> (Minor issue)
 	[jessie] - glibc <no-dsa> (Minor issue)
@@ -17586,8 +17594,8 @@
 	NOTE: https://github.com/opencv/opencv/pull/9448
 CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the ...)
 	NOT-FOR-US: webadmin plugin for opendreambox
-CVE-2017-14134
-	RESERVED
+CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password page of ...)
+	TODO: check
 CVE-2017-14133
 	RESERVED
 CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service ...)

More information about the Secure-testing-commits mailing list