[Secure-testing-commits] r53852 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-07-24 09:10:24 +0000 (Mon, 24 Jul 2017)
New Revision: 53852

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-24 08:45:20 UTC (rev 53851)
+++ data/CVE/list	2017-07-24 09:10:24 UTC (rev 53852)
@@ -1,3 +1,85 @@
+CVE-2017-11607
+	RESERVED
+CVE-2017-11606
+	RESERVED
+CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ...)
+	TODO: check
+CVE-2017-11604
+	RESERVED
+CVE-2017-11603
+	RESERVED
+CVE-2017-11602
+	RESERVED
+CVE-2017-11601
+	RESERVED
+CVE-2017-11600 (net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when ...)
+	TODO: check
+CVE-2017-11599
+	RESERVED
+CVE-2017-11598
+	RESERVED
+CVE-2017-11597
+	RESERVED
+CVE-2017-11596
+	RESERVED
+CVE-2017-11595
+	RESERVED
+CVE-2017-11594 (Cross-site scripting (XSS) vulnerability in the Markdown parser in ...)
+	TODO: check
+CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...)
+	TODO: check
+CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...)
+	TODO: check
+CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function in ...)
+	TODO: check
+CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in ...)
+	TODO: check
+CVE-2017-11589 (On Cisco DDR2200 ADSL2+ Residential Gateway ...)
+	TODO: check
+CVE-2017-11588 (On Cisco DDR2200 ADSL2+ Residential Gateway ...)
+	TODO: check
+CVE-2017-11587 (On Cisco DDR2200 ADSL2+ Residential Gateway ...)
+	TODO: check
+CVE-2017-11586 (dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in ...)
+	TODO: check
+CVE-2017-11585 (dayrui FineCms 5.0.9 has remote PHP code execution via the param ...)
+	TODO: check
+CVE-2017-11584 (dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an ...)
+	TODO: check
+CVE-2017-11583 (dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an ...)
+	TODO: check
+CVE-2017-11582 (dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an ...)
+	TODO: check
+CVE-2017-11581 (dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php ...)
+	TODO: check
+CVE-2017-11580
+	RESERVED
+CVE-2017-11579
+	RESERVED
+CVE-2017-11578
+	RESERVED
+CVE-2017-11577 (FontForge 20161012 is vulnerable to a buffer over-read in getsid ...)
+	TODO: check
+CVE-2017-11576 (FontForge 20161012 does not ensure a positive size in a weight vector ...)
+	TODO: check
+CVE-2017-11575 (FontForge 20161012 is vulnerable to a buffer over-read in strnmatch ...)
+	TODO: check
+CVE-2017-11574 (FontForge 20161012 is vulnerable to a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-11573 (FontForge 20161012 is vulnerable to a buffer over-read in ...)
+	TODO: check
+CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-11571 (FontForge 20161012 is vulnerable to a stack-based buffer overflow in ...)
+	TODO: check
+CVE-2017-11570 (FontForge 20161012 is vulnerable to a buffer over-read in umodenc ...)
+	TODO: check
+CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-11568 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-11567
+	RESERVED
 CVE-2017-11566
 	RESERVED
 CVE-2017-1002151 [pagure: private repositories accessible through ssh]
@@ -143,7 +225,7 @@
 	RESERVED
 CVE-2017-11506
 	RESERVED
-CVE-2017-11565 [Tor in stretch silently scraps apparmor]
+CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was ...)
 	- tor <unfixed> (bug #869153)
 	[stretch] - tor <no-dsa> (Minor issue)
 	[jessie] - tor <not-affected> (aa-exec in jessie is located in /usr/sbin/)