[Secure-testing-commits] r53390 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Jul 11 21:10:16 UTC 2017 

Author: sectracker
Date: 2017-07-11 21:10:16 +0000 (Tue, 11 Jul 2017)
New Revision: 53390

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-11 21:09:02 UTC (rev 53389)
+++ data/CVE/list	2017-07-11 21:10:16 UTC (rev 53390)
@@ -1,3 +1,7 @@
+CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in ...)
+	TODO: check
+CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...)
+	TODO: check
 CVE-2017-11169
 	RESERVED
 CVE-2017-11168
@@ -1275,7 +1279,7 @@
 CVE-2017-10689
 	RESERVED
 CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...)
-	{DSA-3903-1}
+	{DSA-3903-1 DLA-1022-1}
 	- tiff 4.0.8-3 (bug #866611)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
@@ -1495,8 +1499,8 @@
 	RESERVED
 CVE-2017-10601
 	RESERVED
-CVE-2017-10600
-	RESERVED
+CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates ...)
+	TODO: check
 CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...)
 	- ffmpeg 7:3.2.5-1
 	- libav <undetermined>
@@ -1664,7 +1668,7 @@
 	NOTE: to see this as an issue in libjbig itself.
 	TODO: wait for futher development on upstream
 CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
-	{DSA-3903-1}
+	{DSA-3903-1 DLA-1023-1 DLA-1022-1}
 	- tiff 4.0.8-3 (bug #866113)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
@@ -9383,16 +9387,16 @@
 	RESERVED
 CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...)
 	NOT-FOR-US: Fortinet FortiPortal
-CVE-2017-7730
-	RESERVED
-CVE-2017-7729
-	RESERVED
-CVE-2017-7728
-	RESERVED
+CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood ...)
+	TODO: check
+CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control because ...)
+	TODO: check
+CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass leading to ...)
+	TODO: check
 CVE-2017-7727
-	RESERVED
-CVE-2017-7726
-	RESERVED
+	REJECTED
+CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation ...)
+	TODO: check
 CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during ...)
 	NOT-FOR-US: concrete5
 CVE-2017-7724
@@ -11841,7 +11845,7 @@
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
-CVE-2017-6972 (Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and ...)
+CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an ...)
 	NOT-FOR-US: AlienVault
 CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
 	NOT-FOR-US: AlienVault
@@ -51621,7 +51625,7 @@
 	NOT-FOR-US: IBM
 CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a ...)
 	NOT-FOR-US: IBM
-CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends password ...)
+CVE-2016-3052 (Under non-standard configurations, IBM WebSphere MQ might send ...)
 	NOT-FOR-US: IBM
 CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...)
 	NOT-FOR-US: IBM
@@ -238949,7 +238953,7 @@
 	NOT-FOR-US: Sauerbraten / cube engine
 CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...)
 	NOT-FOR-US: logIT
-CVE-2006-1098 (** DISPUTED ** ...)
+CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce ...)
 	NOT-FOR-US: NZ Ecommerce
 CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...)
 	NOT-FOR-US: Woltlab Burning Board
@@ -250459,7 +250463,7 @@
 	NOT-FOR-US: PHProjekt
 CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
 	NOT-FOR-US: PHProjekt
-CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...)
+CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ...)
 	NOT-FOR-US: PHProjekt
 CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
 	NOT-FOR-US: PHProjekt
@@ -255510,7 +255514,7 @@
 	- uim 1:0.4.6beta2-1
 CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
 	NOT-FOR-US: Xinkaa
-CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...)
+CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to ...)
 	NOT-FOR-US: Bontago
 CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
 	NOT-FOR-US: MSIE6

More information about the Secure-testing-commits mailing list