[Secure-testing-commits] r53470 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Jul 13 21:10:15 UTC 2017 

Author: sectracker
Date: 2017-07-13 21:10:15 +0000 (Thu, 13 Jul 2017)
New Revision: 53470

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-13 21:09:49 UTC (rev 53469)
+++ data/CVE/list	2017-07-13 21:10:15 UTC (rev 53470)
@@ -1,4 +1,211 @@
+CVE-2017-11311 (soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt ...)
+	TODO: check
+CVE-2017-11310 (The read_user_chunk_callback function in coders\png.c in ImageMagick ...)
+	TODO: check
+CVE-2017-11309
+	RESERVED
+CVE-2017-11308
+	RESERVED
+CVE-2017-11307
+	RESERVED
+CVE-2017-11306
+	RESERVED
+CVE-2017-11305
+	RESERVED
+CVE-2017-11304
+	RESERVED
+CVE-2017-11303
+	RESERVED
+CVE-2017-11302
+	RESERVED
+CVE-2017-11301
+	RESERVED
+CVE-2017-11300
+	RESERVED
+CVE-2017-11299
+	RESERVED
+CVE-2017-11298
+	RESERVED
+CVE-2017-11297
+	RESERVED
+CVE-2017-11296
+	RESERVED
+CVE-2017-11295
+	RESERVED
+CVE-2017-11294
+	RESERVED
+CVE-2017-11293
+	RESERVED
+CVE-2017-11292
+	RESERVED
+CVE-2017-11291
+	RESERVED
+CVE-2017-11290
+	RESERVED
+CVE-2017-11289
+	RESERVED
+CVE-2017-11288
+	RESERVED
+CVE-2017-11287
+	RESERVED
+CVE-2017-11286
+	RESERVED
+CVE-2017-11285
+	RESERVED
+CVE-2017-11284
+	RESERVED
+CVE-2017-11283
+	RESERVED
+CVE-2017-11282
+	RESERVED
+CVE-2017-11281
+	RESERVED
+CVE-2017-11280
+	RESERVED
+CVE-2017-11279
+	RESERVED
+CVE-2017-11278
+	RESERVED
+CVE-2017-11277
+	RESERVED
+CVE-2017-11276
+	RESERVED
+CVE-2017-11275
+	RESERVED
+CVE-2017-11274
+	RESERVED
+CVE-2017-11273
+	RESERVED
+CVE-2017-11272
+	RESERVED
+CVE-2017-11271
+	RESERVED
+CVE-2017-11270
+	RESERVED
+CVE-2017-11269
+	RESERVED
+CVE-2017-11268
+	RESERVED
+CVE-2017-11267
+	RESERVED
+CVE-2017-11266
+	RESERVED
+CVE-2017-11265
+	RESERVED
+CVE-2017-11264
+	RESERVED
+CVE-2017-11263
+	RESERVED
+CVE-2017-11262
+	RESERVED
+CVE-2017-11261
+	RESERVED
+CVE-2017-11260
+	RESERVED
+CVE-2017-11259
+	RESERVED
+CVE-2017-11258
+	RESERVED
+CVE-2017-11257
+	RESERVED
+CVE-2017-11256
+	RESERVED
+CVE-2017-11255
+	RESERVED
+CVE-2017-11254
+	RESERVED
+CVE-2017-11253
+	RESERVED
+CVE-2017-11252
+	RESERVED
+CVE-2017-11251
+	RESERVED
+CVE-2017-11250
+	RESERVED
+CVE-2017-11249
+	RESERVED
+CVE-2017-11248
+	RESERVED
+CVE-2017-11247
+	RESERVED
+CVE-2017-11246
+	RESERVED
+CVE-2017-11245
+	RESERVED
+CVE-2017-11244
+	RESERVED
+CVE-2017-11243
+	RESERVED
+CVE-2017-11242
+	RESERVED
+CVE-2017-11241
+	RESERVED
+CVE-2017-11240
+	RESERVED
+CVE-2017-11239
+	RESERVED
+CVE-2017-11238
+	RESERVED
+CVE-2017-11237
+	RESERVED
+CVE-2017-11236
+	RESERVED
+CVE-2017-11235
+	RESERVED
+CVE-2017-11234
+	RESERVED
+CVE-2017-11233
+	RESERVED
+CVE-2017-11232
+	RESERVED
+CVE-2017-11231
+	RESERVED
+CVE-2017-11230
+	RESERVED
+CVE-2017-11229
+	RESERVED
+CVE-2017-11228
+	RESERVED
+CVE-2017-11227
+	RESERVED
+CVE-2017-11226
+	RESERVED
+CVE-2017-11225
+	RESERVED
+CVE-2017-11224
+	RESERVED
+CVE-2017-11223
+	RESERVED
+CVE-2017-11222
+	RESERVED
+CVE-2017-11221
+	RESERVED
+CVE-2017-11220
+	RESERVED
+CVE-2017-11219
+	RESERVED
+CVE-2017-11218
+	RESERVED
+CVE-2017-11217
+	RESERVED
+CVE-2017-11216
+	RESERVED
+CVE-2017-11215
+	RESERVED
+CVE-2017-11214
+	RESERVED
+CVE-2017-11213
+	RESERVED
+CVE-2017-11212
+	RESERVED
+CVE-2017-11211
+	RESERVED
+CVE-2017-11210
+	RESERVED
+CVE-2017-11209
+	RESERVED
 CVE-2017-1000083 [Evince command injection vulnerability in CBT handler]
+	RESERVED
 	- evince 3.22.1-4
 	- atril <unfixed>
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
@@ -85,30 +292,43 @@
 CVE-2017-11172
 	RESERVED
 CVE-2017-1000096
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000095
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000094
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000093
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000092
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000091
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000090
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000089
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000088
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000087
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000086
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000085
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000084
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in ...)
 	- gnome-session 2.30.0-1
@@ -186,160 +406,160 @@
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819
 	NOTE: https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75
 	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
-CVE-2017-1000362
-	RESERVED
-CVE-2017-1000081
-	RESERVED
-CVE-2017-1000080
-	RESERVED
-CVE-2017-1000079
-	RESERVED
-CVE-2017-1000078
-	RESERVED
+CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and ...)
+	TODO: check
+CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...)
+	TODO: check
+CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets ...)
+	TODO: check
+CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS ...)
+	TODO: check
+CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device ...)
+	TODO: check
 CVE-2017-1000077
 	RESERVED
 CVE-2017-1000076
 	RESERVED
-CVE-2017-1000075
-	RESERVED
-CVE-2017-1000074
-	RESERVED
-CVE-2017-1000073
-	RESERVED
-CVE-2017-1000072
-	RESERVED
-CVE-2017-1000071
-	RESERVED
-CVE-2017-1000070
-	RESERVED
-CVE-2017-1000069
-	RESERVED
-CVE-2017-1000068
-	RESERVED
-CVE-2017-1000067
-	RESERVED
-CVE-2017-1000066
-	RESERVED
-CVE-2017-1000065
-	RESERVED
-CVE-2017-1000064
-	RESERVED
-CVE-2017-1000063
-	RESERVED
-CVE-2017-1000062
-	RESERVED
-CVE-2017-1000061
-	RESERVED
-CVE-2017-1000060
-	RESERVED
-CVE-2017-1000059
-	RESERVED
-CVE-2017-1000058
-	RESERVED
-CVE-2017-1000057
-	RESERVED
-CVE-2017-1000056
-	RESERVED
+CVE-2017-1000075 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...)
+	TODO: check
+CVE-2017-1000074 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...)
+	TODO: check
+CVE-2017-1000073 (Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an ...)
+	TODO: check
+CVE-2017-1000072 (Creolabs Gravity version 1.0 is vulnerable to a Double Free in ...)
+	TODO: check
+CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass ...)
+	TODO: check
+CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an ...)
+	TODO: check
+CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow ...)
+	TODO: check
+CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to an ...)
+	TODO: check
+CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL ...)
+	TODO: check
+CVE-2017-1000066 (The entry details view funcion in KeePass version 1.32 inadvertently ...)
+	TODO: check
+CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in ...)
+	TODO: check
+CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion ...)
+	TODO: check
+CVE-2017-1000063 (kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 ...)
+	TODO: check
+CVE-2017-1000062 (kittoframework kitto 0.5.1 is vulnerable to directory traversal in the ...)
+	TODO: check
+CVE-2017-1000061 (xmlsec 1.2.23 and before is vulnerable to XML External Entity ...)
+	TODO: check
+CVE-2017-1000060 (EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb ...)
+	TODO: check
+CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to Cross-Site ...)
+	TODO: check
+CVE-2017-1000058 (Stored XSS in chevereto CMS before version 3.8.11 ...)
+	TODO: check
+CVE-2017-1000057 (A reflected cross-site scripting vulnerability in GetSimple CMS ...)
+	TODO: check
+CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...)
+	TODO: check
 CVE-2017-1000055
-	RESERVED
-CVE-2017-1000054
-	RESERVED
-CVE-2017-1000053
-	RESERVED
-CVE-2017-1000052
-	RESERVED
-CVE-2017-1000051
-	RESERVED
-CVE-2017-1000049
-	RESERVED
-CVE-2017-1000048
-	RESERVED
-CVE-2017-1000047
-	RESERVED
-CVE-2017-1000046
-	RESERVED
-CVE-2017-1000045
-	RESERVED
-CVE-2017-1000043
-	RESERVED
-CVE-2017-1000042
-	RESERVED
-CVE-2017-1000039
-	RESERVED
-CVE-2017-1000038
-	RESERVED
-CVE-2017-1000037
-	RESERVED
-CVE-2017-1000036
-	RESERVED
-CVE-2017-1000035
-	RESERVED
-CVE-2017-1000034
-	RESERVED
-CVE-2017-1000033
-	RESERVED
-CVE-2017-1000032
-	RESERVED
-CVE-2017-1000031
-	RESERVED
-CVE-2017-1000030
-	RESERVED
-CVE-2017-1000029
-	RESERVED
-CVE-2017-1000028
-	RESERVED
-CVE-2017-1000027
-	RESERVED
-CVE-2017-1000026
-	RESERVED
-CVE-2017-1000025
-	RESERVED
-CVE-2017-1000024
-	RESERVED
-CVE-2017-1000023
-	RESERVED
-CVE-2017-1000022
-	RESERVED
-CVE-2017-1000021
-	RESERVED
-CVE-2017-1000020
-	RESERVED
-CVE-2017-1000018
-	RESERVED
-CVE-2017-1000017
-	RESERVED
-CVE-2017-1000016
-	RESERVED
-CVE-2017-1000015
-	RESERVED
-CVE-2017-1000014
-	RESERVED
-CVE-2017-1000013
-	RESERVED
-CVE-2017-1000012
-	RESERVED
-CVE-2017-1000011
-	RESERVED
-CVE-2017-1000010
-	RESERVED
-CVE-2017-1000009
-	RESERVED
-CVE-2017-1000008
-	RESERVED
-CVE-2017-1000007
-	RESERVED
-CVE-2017-1000006
-	RESERVED
-CVE-2017-1000005
-	RESERVED
-CVE-2017-1000004
-	RESERVED
-CVE-2017-1000003
-	RESERVED
-CVE-2017-1000002
-	RESERVED
-CVE-2017-1000001
-	RESERVED
+	REJECTED
+CVE-2017-1000054 (Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the ...)
+	TODO: check
+CVE-2017-1000053 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...)
+	TODO: check
+CVE-2017-1000052 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...)
+	TODO: check
+CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in XWiki labs ...)
+	TODO: check
+CVE-2017-1000049 (Roundcube Webmail 1.1.5 is vulnerable to Persistent Xss ...)
+	TODO: check
+CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, v6.2.3, ...)
+	TODO: check
+CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in ...)
+	TODO: check
+CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...)
+	TODO: check
+CVE-2017-1000045 (Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state ...)
+	TODO: check
+CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are ...)
+	TODO: check
+CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are ...)
+	TODO: check
+CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in the CSV ...)
+	TODO: check
+CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored ...)
+	TODO: check
+CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD ...)
+	TODO: check
+CVE-2017-1000036 (All versions of Candy Chat are vulnerable to an XSS attack by message ...)
+	TODO: check
+CVE-2017-1000035 (Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener ...)
+	TODO: check
+CVE-2017-1000034 (Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java ...)
+	TODO: check
+CVE-2017-1000033 (Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a ...)
+	TODO: check
+CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow ...)
+	TODO: check
+CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...)
+	TODO: check
+CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...)
+	TODO: check
+CVE-2017-1000029 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...)
+	TODO: check
+CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both ...)
+	TODO: check
+CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable ...)
+	TODO: check
+CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable ...)
+	TODO: check
+CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 ...)
+	TODO: check
+CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...)
+	TODO: check
+CVE-2017-1000023 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to an XSS ...)
+	TODO: check
+CVE-2017-1000022 (LogicalDoc CommunityEdition 7.5.3 and prior contain an Incorrect ...)
+	TODO: check
+CVE-2017-1000021 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to XXE when ...)
+	TODO: check
+CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded ...)
+	TODO: check
+CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...)
+	TODO: check
+CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...)
+	TODO: check
+CVE-2017-1000016 (A weakness was discovered where an attacker can inject arbitrary ...)
+	TODO: check
+CVE-2017-1000015 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...)
+	TODO: check
+CVE-2017-1000014 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the ...)
+	TODO: check
+CVE-2017-1000013 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect ...)
+	TODO: check
+CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying ...)
+	TODO: check
+CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the database ...)
+	TODO: check
+CVE-2017-1000010 (Audacity version 2.1.2 is vulnerable to Dll HIjacking in the ...)
+	TODO: check
+CVE-2017-1000009 (Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell ...)
+	TODO: check
+CVE-2017-1000008 (Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user ...)
+	TODO: check
+CVE-2017-1000007 (txAWS (all current versions) fail to perform complete certificate ...)
+	TODO: check
+CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are vulrenable to an ...)
+	TODO: check
+CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the ...)
+	TODO: check
+CVE-2017-1000004 (ATutor versions 2.2.1 and earlier are vulnerable to a SQL injection ...)
+	TODO: check
+CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access ...)
+	TODO: check
+CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a directory ...)
+	TODO: check
+CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message validation flaw ...)
+	TODO: check
 CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...)
 	- imagemagick <unfixed> (low)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
@@ -414,7 +634,7 @@
 	- imagemagick <unfixed> (bug #867808)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
-CVE-2017-11188 [CPU exhaustion in ReadDPXImage]
+CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...)
 	- imagemagick <unfixed> (bug #867806)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
 CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...)
@@ -455,16 +675,14 @@
 	RESERVED
 CVE-2017-11105
 	RESERVED
-CVE-2017-1000050 [NULL Pointer Dereference jp2_encode (jp2_enc.c)]
-	RESERVED
+CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in the ...)
 	- jasper <removed> (unimportant)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1
 	NOTE: https://github.com/mdadams/jasper/issues/120
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293
 CVE-2017-1002024
 	NOT-FOR-US: kindeditor
-CVE-2017-11103
-	RESERVED
+CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate services with ...)
 	- heimdal <unfixed> (bug #868208)
 	- samba <unfixed> (bug #868209)
 	[wheezy] - samba <not-affected> (Heimdal is only used in 4.x, wheezy ships 3.6.6)
@@ -2173,12 +2391,12 @@
 	NOTE: Issue is specific to Struts 2.x.
 CVE-2017-9790
 	RESERVED
-CVE-2017-9789
-	RESERVED
-CVE-2017-9788
-	RESERVED
-CVE-2017-9787
-	RESERVED
+CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling code ...)
+	TODO: check
+CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value ...)
+	TODO: check
+CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it is ...)
+	TODO: check
 CVE-2017-9786
 	RESERVED
 CVE-2017-9785
@@ -6337,8 +6555,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
-CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer]
-	RESERVED
+CVE-2017-1000044 (gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly ...)
 	- gtk-vnc 0.4.3-1
 	NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3)
 CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a ...)
@@ -8290,8 +8507,7 @@
 	NOTE: partially fix CVE-2016-9602.
 CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...)
 	NOT-FOR-US: Exponent CMS
-CVE-2017-1000363 [lp.c Out-of-Bounds Write via Kernel Command-line]
-	RESERVED
+CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds ...)
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
 	NOTE: https://alephsecurity.com/vulns/aleph-2017023
@@ -9707,8 +9923,8 @@
 CVE-2017-7673
 	RESERVED
 	NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7672
-	RESERVED
+CVE-2017-7672 (If an application allows enter an URL in a form field and built-in ...)
+	TODO: check
 CVE-2017-7671
 	RESERVED
 CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic Control ...)
@@ -10148,8 +10364,7 @@
 	RESERVED
 CVE-2017-7530
 	RESERVED
-CVE-2017-7529
-	RESERVED
+CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable ...)
 	{DSA-3908-1 DLA-1024-1}
 	- nginx <unfixed> (bug #868109)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
@@ -14165,8 +14380,8 @@
 	RESERVED
 CVE-2017-6250 (NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web ...)
 	NOT-FOR-US: NVIDIA GeForce Experience
-CVE-2017-6249
-	RESERVED
+CVE-2017-6249 (An elevation of privilege vulnerability in the NVIDIA sound driver ...)
+	TODO: check
 CVE-2017-6248 (An elevation of privilege vulnerability in the NVIDIA sound driver ...)
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-6247 (An elevation of privilege vulnerability in the NVIDIA sound driver ...)
@@ -23409,13 +23624,13 @@
 	RESERVED
 CVE-2017-3143 [An error in TSIG authentication can permit unauthorized dynamic updates]
 	RESERVED
-	{DSA-3904-1}
+	{DSA-3904-1 DLA-1025-1}
 	- bind9 <unfixed> (bug #866564)
 	NOTE: https://kb.isc.org/article/AA-01503
 	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669
 CVE-2017-3142 [An error in TSIG authentication can permit unauthorized zone transfers]
 	RESERVED
-	{DSA-3904-1}
+	{DSA-3904-1 DLA-1025-1}
 	- bind9 <unfixed> (bug #866564)
 	NOTE: https://kb.isc.org/article/AA-01504
 	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669
@@ -27692,8 +27907,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1309
 	RESERVED
-CVE-2017-1308
-	RESERVED
+CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 ...)
+	TODO: check
 CVE-2017-1307
 	RESERVED
 CVE-2017-1306
@@ -32687,8 +32902,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-8965
 	RESERVED
-CVE-2016-8964
-	RESERVED
+CVE-2016-8964 (IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting ...)
+	TODO: check
 CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in ...)
 	NOT-FOR-US: IBM
 CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have ...)
@@ -32711,10 +32926,10 @@
 	NOT-FOR-US: IBM
 CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...)
 	NOT-FOR-US: IBM
-CVE-2016-8952
-	RESERVED
-CVE-2016-8951
-	RESERVED
+CVE-2016-8952 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
+	TODO: check
+CVE-2016-8951 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
+	TODO: check
 CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
 CVE-2016-8949
@@ -42394,8 +42609,8 @@
 	RESERVED
 CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...)
 	NOT-FOR-US: IBM
-CVE-2016-6019
-	RESERVED
+CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
+	TODO: check
 CVE-2016-6018
 	RESERVED
 CVE-2016-6017

More information about the Secure-testing-commits mailing list