[Secure-testing-commits] r53736 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Jul 21 09:10:13 UTC 2017 

Author: sectracker
Date: 2017-07-21 09:10:13 +0000 (Fri, 21 Jul 2017)
New Revision: 53736

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-21 08:54:13 UTC (rev 53735)
+++ data/CVE/list	2017-07-21 09:10:13 UTC (rev 53736)
@@ -1,3 +1,25 @@
+CVE-2017-11504
+	RESERVED
+CVE-2017-11503 (PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email ...)
+	TODO: check
+CVE-2017-11502 (Technicolor DPC3928AD DOCSIS devices allow remote attackers to read ...)
+	TODO: check
+CVE-2017-11501 (NixOS 17.03 and earlier has an unintended default absence of SSL ...)
+	TODO: check
+CVE-2017-11500 (A directory traversal vulnerability exists in MetInfo 5.3.17. A remote ...)
+	TODO: check
+CVE-2017-11499
+	RESERVED
+CVE-2017-11498
+	RESERVED
+CVE-2017-11497
+	RESERVED
+CVE-2017-11496
+	RESERVED
+CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow ...)
+	TODO: check
+CVE-2017-11494
+	RESERVED
 CVE-2017-11493
 	RESERVED
 CVE-2017-11492
@@ -44,8 +66,8 @@
 	NOT-FOR-US: IDERA Uptime Monitor
 CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the ...)
 	NOT-FOR-US: IDERA Uptime Monitor
-CVE-2017-11468
-	RESERVED
+CVE-2017-11468 (Docker Registry before 2.6.2 in Docker Distribution does not properly ...)
+	TODO: check
 CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege requirements during ...)
 	NOT-FOR-US: OrientDB
 CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows ...)
@@ -895,6 +917,7 @@
 	- php5 <not-affected> (Incomplete fix for CVE-2017-11145 not applied)
 	NOTE: https://github.com/php/php-src/commit/e8b7698f5ee757ce2c8bd10a192a491a498f891c
 CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack ...)
+	{DLA-1034-1}
 	- php7.1 <unfixed>
 	- php7.0 <unfixed>
 	- php5 <removed>
@@ -1458,8 +1481,8 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/538
 CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary ...)
 	NOT-FOR-US: Foxit Reader
-CVE-2017-10993
-	RESERVED
+CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to ...)
+	TODO: check
 CVE-2017-10992
 	RESERVED
 CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the ...)
@@ -1566,6 +1589,7 @@
 	NOTE: https://github.com/Cacti/cacti/issues/838
 	NOTE: https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5
 CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler ...)
+	{DLA-1034-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
@@ -1575,6 +1599,7 @@
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
 	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
 CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of ...)
+	{DLA-1034-1}
 	- php7.1 <not-affected> (Fixed with initial upload to unstable)
 	- php7.0 7.0.13-1
 	- php5 <removed>
@@ -1584,6 +1609,7 @@
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
 	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
 CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the ...)
+	{DLA-1034-1}
 	- php7.1 <unfixed>
 	- php7.0 <unfixed>
 	- php5 <removed>
@@ -1594,6 +1620,7 @@
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
 	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
 CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of ...)
+	{DLA-1034-1}
 	- php7.1 <not-affected> (Only affected 5.6)
 	- php7.0 <not-affected> (Only affected 5.6)
 	- php5 <removed>
@@ -2501,8 +2528,8 @@
 	- teamspeak-client <removed>
 CVE-2017-9981
 	RESERVED
-CVE-2017-9980
-	RESERVED
+CVE-2017-9980 (In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the ...)
+	TODO: check
 CVE-2017-9979
 	RESERVED
 CVE-2017-9978
@@ -2629,12 +2656,12 @@
 	NOT-FOR-US: Joomla
 CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads ...)
 	NOT-FOR-US: Joomla
-CVE-2017-9932
-	RESERVED
-CVE-2017-9931
-	RESERVED
-CVE-2017-9930
-	RESERVED
+CVE-2017-9932 (Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a ...)
+	TODO: check
+CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware ...)
+	TODO: check
+CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 ...)
+	TODO: check
 CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function ...)
 	- lrzip <unfixed> (bug #866020)
 	[stretch] - lrzip <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list