[Secure-testing-commits] r58667 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun Dec 17 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-12-17 21:10:12 +0000 (Sun, 17 Dec 2017)
New Revision: 58667

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-17 21:03:38 UTC (rev 58666)
+++ data/CVE/list	2017-12-17 21:10:12 UTC (rev 58667)
@@ -1,3 +1,9 @@
+CVE-2017-17718
+	RESERVED
+CVE-2017-17717 (Sonatype Nexus Repository Manager through 2.14.5 has weak password ...)
+	TODO: check
+CVE-2017-17716 (GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate ...)
+	TODO: check
 CVE-2017-17715 (The saveFile method in MediaController.java in the Telegram Messenger ...)
 	NOT-FOR-US: Telegram Messenger for Android
 CVE-2017-17714 (Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId ...)
@@ -5513,10 +5519,12 @@
 CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe VT20i ...)
 	NOT-FOR-US: Vaultek Gun Safe
 CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, ...)
+	{DSA-4068-1}
 	- rsync 3.1.2-2.1 (bug #883665)
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
 CVE-2017-17433 (The recv_files function in receiver.c in the daemon in rsync 3.1.2, and ...)
+	{DSA-4068-1}
 	- rsync 3.1.2-2.1 (bug #883667)
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
 CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, ...)
@@ -5562,6 +5570,7 @@
 	[wheezy] - eglibc <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
 CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, ...)
+	{DSA-4067-1}
 	- openafs 1.6.22-1 (bug #883602)
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
 CVE-2018-1180
@@ -7928,6 +7937,7 @@
 CVE-2017-16998
 	RESERVED
 CVE-2017-16997 [Incorrect handling of RPATH or RUNPATH containing $ORIGIN for ...]
+	RESERVED
 	- glibc <unfixed> (bug #884615)
 	[stretch] - glibc <no-dsa> (Minor issue)
 	[jessie] - glibc <no-dsa> (Minor issue)
@@ -8963,6 +8973,7 @@
 CVE-2017-16922
 	RESERVED
 CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...)
+	{DSA-4066-1}
 	- otrs2 6.0.2-1 (bug #883774)
 	NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
 	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
@@ -9587,6 +9598,7 @@
 CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...)
 	- ipsilon <itp> (bug #826838)
 CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...)
+	{DSA-4066-1}
 	- otrs2 6.0.2-1
 	NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
 	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
@@ -10408,6 +10420,7 @@
 CVE-2017-16549
 	RESERVED
 CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
+	{DSA-4068-1}
 	- rsync 3.1.2-2.1 (bug #880954)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
 	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
@@ -49017,6 +49030,7 @@
 CVE-2017-3739
 	RESERVED
 CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication ...)
+	{DSA-4065-1}
 	- openssl <unfixed> (low)
 	[stretch] - openssl <postponed> (Can be fixed with next OpenSSL advisory round)
 	[jessie] - openssl <not-affected> (Vulnerable code not present)
@@ -49026,6 +49040,7 @@
 	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
 CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error ...)
+	{DSA-4065-1}
 	- openssl 1.1.0b-2
 	[jessie] - openssl <postponed> (Can be fixed with next OpenSSL advisory round)
 	- openssl1.0 1.0.2n-1

More information about the Secure-testing-commits mailing list