[Secure-testing-commits] r53686 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Jul 19 21:10:15 UTC 2017 

Author: sectracker
Date: 2017-07-19 21:10:15 +0000 (Wed, 19 Jul 2017)
New Revision: 53686

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-19 20:48:57 UTC (rev 53685)
+++ data/CVE/list	2017-07-19 21:10:15 UTC (rev 53686)
@@ -1,3 +1,17 @@
+CVE-2017-11463
+	RESERVED
+CVE-2017-11462
+	RESERVED
+CVE-2017-11461
+	RESERVED
+CVE-2017-11460
+	RESERVED
+CVE-2017-11459
+	RESERVED
+CVE-2017-11458
+	RESERVED
+CVE-2017-11457
+	RESERVED
 CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences starting with a ...)
 	NOT-FOR-US: Geneko GWR routers
 CVE-2017-11455
@@ -11,19 +25,23 @@
 CVE-2017-11451
 	RESERVED
 CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...)
+	{DSA-3914-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867894)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602
 CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable ...)
+	{DSA-3914-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867896)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
 CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before ...)
+	{DSA-3914-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867893)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11
 CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...)
+	{DSA-3914-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867897)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
@@ -980,7 +998,7 @@
 	NOT-FOR-US: plotly.js (different from the plotly Python package)
 CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the ...)
 	NOT-FOR-US: PHPMiniAdmin
-CVE-2017-1000004 (ATutor versions 2.2.1 and earlier are vulnerable to a SQL injection ...)
+CVE-2017-1000004 (ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in ...)
 	NOT-FOR-US: ATutor
 CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access ...)
 	NOT-FOR-US: ATutor
@@ -4321,8 +4339,8 @@
 	- gsoap 2.8.48-1
 	NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
 	NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
-CVE-2017-9764
-	RESERVED
+CVE-2017-9764 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows ...)
+	TODO: check
 CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ...)
 	{DSA-3895-1}
 	- flatpak 0.8.7-1 (bug #865413)
@@ -9469,8 +9487,8 @@
 	NOT-FOR-US: Samsung
 CVE-2017-7979 (The cookie feature in the packet action API implementation in ...)
 	- linux <not-affected> (Only affects 4.11-rc1 onwards)
-CVE-2017-7977
-	RESERVED
+CVE-2017-7977 (The Screensavercc component in eLux RP before 5.5.0 allows attackers ...)
+	TODO: check
 CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...)
 	{DSA-3855-1 DLA-942-1}
 	- jbig2dec 0.13-4.1 (bug #860787)
@@ -28595,8 +28613,8 @@
 	RESERVED
 CVE-2017-1310 (IBM Informix Dynamic Server 12.1 could allow an authenticated user to ...)
 	NOT-FOR-US: IBM
-CVE-2017-1309
-	RESERVED
+CVE-2017-1309 (IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user ...)
+	TODO: check
 CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 ...)
 	NOT-FOR-US: IBM
 CVE-2017-1307
@@ -28765,20 +28783,20 @@
 	RESERVED
 CVE-2017-1225
 	RESERVED
-CVE-2017-1224
-	RESERVED
-CVE-2017-1223
-	RESERVED
+CVE-2017-1224 (IBM Tivoli Endpoint Manager uses weaker than expected cryptographic ...)
+	TODO: check
+CVE-2017-1223 (IBM Tivoli Endpoint Manager could allow a remote attacker to conduct ...)
+	TODO: check
 CVE-2017-1222
 	RESERVED
 CVE-2017-1221
 	RESERVED
 CVE-2017-1220
 	RESERVED
-CVE-2017-1219
-	RESERVED
-CVE-2017-1218
-	RESERVED
+CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity ...)
+	TODO: check
+CVE-2017-1218 (IBM Tivoli Endpoint Manager is vulnerable to cross-site request ...)
+	TODO: check
 CVE-2017-1217 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
 CVE-2017-1216
@@ -28807,8 +28825,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1204
 	RESERVED
-CVE-2017-1203
-	RESERVED
+CVE-2017-1203 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and ...)
+	TODO: check
 CVE-2017-1202
 	RESERVED
 CVE-2017-1201
@@ -38210,14 +38228,14 @@
 	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
 	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
 	NOTE: found.
-CVE-2016-7509
-	RESERVED
+CVE-2016-7509 (Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote ...)
+	TODO: check
 CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an ...)
 	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/issues/1047
 	NOTE: Only supported behind an authenticated HTTP zone
-CVE-2016-7507
-	RESERVED
+CVE-2016-7507 (Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows ...)
+	TODO: check
 CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp ...)
 	NOT-FOR-US: MuJS
 CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of ...)
@@ -40369,8 +40387,7 @@
 	RESERVED
 CVE-2016-6799 (Product: Apache Cordova Android 5.2.2 and earlier. The application ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2016-6798
-	RESERVED
+CVE-2016-6798 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
 	NOT-FOR-US: Apache Sling
 CVE-2016-6797 [Apache Tomcat Unrestricted Access to Global Resources]
 	RESERVED
@@ -43299,8 +43316,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
 	NOT-FOR-US: IBM
-CVE-2016-6018
-	RESERVED
+CVE-2016-6018 (IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error ...)
+	TODO: check
 CVE-2016-6017
 	RESERVED
 CVE-2016-6016
@@ -45181,8 +45198,7 @@
 	NOTE: https://issues.apache.org/jira/browse/TS-5019
 CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user ...)
 	NOT-FOR-US: Apache Ranger
-CVE-2016-5394
-	RESERVED
+CVE-2016-5394 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
 	NOT-FOR-US: Apache Sling
 CVE-2016-5393 (In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote ...)
 	- hadoop <itp> (bug #793644)

More information about the Secure-testing-commits mailing list