[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sun Dec 31 21:10:24 UTC 2017

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c1497cd by security tracker role at 2017-12-31T21:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,13 @@
+CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the ...)
+	TODO: check
+CVE-2017-18004 (Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to ...)
+	TODO: check
+CVE-2017-18003
+	RESERVED
+CVE-2017-18002
+	RESERVED
+CVE-2017-18001 (Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote ...)
+	TODO: check
 CVE-2016-10704 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...)
 	NOT-FOR-US: Magento
 CVE-2017-18000
@@ -8614,19 +8624,19 @@ CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a 
 CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "</script>" substring in an ...)
 	NOT-FOR-US: Indeo Otter
 CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety ...)
-	{DSA-4060-1}
+	{DSA-4060-1 DLA-1226-1}
 	- wireshark 2.4.3-1
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-49.html
 CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA ...)
-	{DSA-4060-1}
+	{DSA-4060-1 DLA-1226-1}
 	- wireshark 2.4.3-1
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14236
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8502fe94ef9e431860921507e1a351c5e3f5c634
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-47.html
 CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...)
-	{DSA-4060-1}
+	{DSA-4060-1 DLA-1226-1}
 	- wireshark 2.4.3-1
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14249
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3
@@ -27037,7 +27047,7 @@ CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go in
 	NOTE: after 2.1.0 from upstream. Upstream changed the types in llc_gprs_dissect_xid
 	NOTE: in version 2.1.0.
 CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector ...)
-	{DSA-4060-1}
+	{DSA-4060-1 DLA-1226-1}
 	- wireshark 2.4.0-1 (bug #870172)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a102c172b0b2fe231fdb49f4f6694603f5b93b0c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c1497cd307eaa0e288d20abd2d17389e509e3fe

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c1497cd307eaa0e288d20abd2d17389e509e3fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171231/6a39436d/attachment.html>
