[Secure-testing-commits] r53134 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun Jul 2 21:10:14 UTC 2017


Author: sectracker
Date: 2017-07-02 21:10:14 +0000 (Sun, 02 Jul 2017)
New Revision: 53134

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-02 20:23:31 UTC (rev 53133)
+++ data/CVE/list	2017-07-02 21:10:14 UTC (rev 53134)
@@ -1,3 +1,11 @@
+CVE-2017-10796
+	RESERVED
+CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows ...)
+	TODO: check
+CVE-2017-10794
+	RESERVED
+CVE-2017-10793
+	RESERVED
 CVE-2017-10792 (There is a NULL Pointer Dereference in the function ll_insert() of the ...)
 	- pspp <unfixed> (bug #866890)
 	[jessie] - pspp <no-dsa> (Minor issue)
@@ -182,8 +190,8 @@
 	RESERVED
 CVE-2017-10707
 	RESERVED
-CVE-2017-10706
-	RESERVED
+CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...)
+	TODO: check
 CVE-2017-10705
 	RESERVED
 CVE-2017-10704
@@ -4932,10 +4940,10 @@
 	RESERVED
 CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...)
 	NOT-FOR-US: Veritas
-CVE-2017-8894
-	RESERVED
-CVE-2017-8893
-	RESERVED
+CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software ...)
+	TODO: check
+CVE-2017-8893 (AeroAdmin 4.1 uses a function to copy data between two pointers where ...)
+	TODO: check
 CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...)
 	NOT-FOR-US: OpenText Tempo Box
 CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a ...)
@@ -5247,8 +5255,7 @@
 	- miniupnpc 1.9.20140610-3 (bug #862273)
 	NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
 	NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
-CVE-2017-8797 [nfsd: remote DoS]
-	RESERVED
+CVE-2017-8797 (The NFSv4 server in the Linux kernel before 4.11.3 does not properly ...)
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/b550a32e60a4941994b437a8d662432a486235a5 (4.12-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/f961e3f2acae94b727380c0b74e2d3954d0edf79 (4.12-rc1)
@@ -8374,7 +8381,7 @@
 CVE-2017-7680
 	RESERVED
 CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...)
-	{DSA-3896-1}
+	{DSA-3896-1 DLA-1009-1}
 	- apache2 2.4.25-4
 CVE-2017-7678
 	RESERVED
@@ -8397,7 +8404,7 @@
 CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...)
 	- hadoop <itp> (bug #793644)
 CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and ...)
-	{DSA-3896-1}
+	{DSA-3896-1 DLA-1009-1}
 	- apache2 2.4.25-4
 CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the ...)
 	NOT-FOR-US: Apache NiFi
@@ -8832,6 +8839,7 @@
 	RESERVED
 CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key recovery]
 	RESERVED
+	{DSA-3901-1}
 	- libgcrypt20 1.7.8-1
 	- libgcrypt11 <removed>
 	NOTE: https://eprint.iacr.org/2017/627
@@ -21976,12 +21984,12 @@
 CVE-2017-3170
 	RESERVED
 CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl ...)
-	{DSA-3896-1}
+	{DSA-3896-1 DLA-1009-1}
 	- apache2 2.4.25-4
 CVE-2017-3168
 	RESERVED
 CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...)
-	{DSA-3896-1}
+	{DSA-3896-1 DLA-1009-1}
 	- apache2 2.4.25-4
 CVE-2017-3166
 	RESERVED
@@ -28552,8 +28560,7 @@
 	RESERVED
 CVE-2017-0378
 	RESERVED
-CVE-2017-0377 [TROVE-2017-006: Regression in guard family avoidance in 0.3.0 series]
-	RESERVED
+CVE-2017-0377 (Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only ...)
 	- tor <not-affected> (Affects only 0.3.x series)
 	NOTE: https://trac.torproject.org/projects/tor/ticket/22753
 	NOTE: https://blog.torproject.org/blog/tor-0309-released-security-update-clients




More information about the Secure-testing-commits mailing list