[Secure-testing-commits] r53960 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Jul 26 21:10:24 UTC 2017 

Author: sectracker
Date: 2017-07-26 21:10:24 +0000 (Wed, 26 Jul 2017)
New Revision: 53960

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-26 20:32:10 UTC (rev 53959)
+++ data/CVE/list	2017-07-26 21:10:24 UTC (rev 53960)
@@ -1,3 +1,9 @@
+CVE-2017-11667 (OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session ...)
+	TODO: check
+CVE-2017-11666 (Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the ...)
+	TODO: check
+CVE-2017-11665
+	RESERVED
 CVE-2017-11664
 	RESERVED
 CVE-2017-11663
@@ -10,20 +16,18 @@
 	RESERVED
 CVE-2017-11659
 	RESERVED
-CVE-2017-11658
-	RESERVED
+CVE-2017-11658 (In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion ...)
+	TODO: check
 CVE-2017-11657
 	RESERVED
 CVE-2017-11656
 	RESERVED
-CVE-2017-11655 [memory leak]
-	RESERVED
+CVE-2017-11655 (A memory leak was found in the way SIPcrack 0.2 handled processing of ...)
 	- sipcrack <unfixed> (bug #869803)
 	[stretch] - sipcrack <no-dsa> (Minor issue)
 	[jessie] - sipcrack <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
-CVE-2017-11654 [memory safety issues]
-	RESERVED
+CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...)
 	- sipcrack <unfixed> (bug #869803)
 	[stretch] - sipcrack <no-dsa> (Minor issue)
 	[jessie] - sipcrack <no-dsa> (Minor issue)
@@ -50,7 +54,7 @@
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/587
 CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() ...)
-	 - graphicsmagick <unfixed>
+	- graphicsmagick <unfixed>
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71
 CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
 	- graphicsmagick <unfixed>
@@ -154,16 +158,16 @@
 	- atmailopen <removed>
 CVE-2017-11616
 	RESERVED
-CVE-2017-11615
-	RESERVED
+CVE-2017-11615 (A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 ...)
+	TODO: check
 CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for ...)
 	NOT-FOR-US: MEDHOST Connex
 CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in the ...)
 	- tiff <unfixed> (bug #869823)
 	- tiff3 <removed>
 	NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
-CVE-2017-11612
-	RESERVED
+CVE-2017-11612 (In Joomla! before 3.7.4, inadequate filtering of potentially malicious ...)
+	TODO: check
 CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)
 	NOT-FOR-US: ZyXEL
 CVE-2017-11611
@@ -387,6 +391,7 @@
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8
 CVE-2017-11521 (The SdpContents::Session::Medium::parse function in ...)
+	{DLA-1040-1}
 	- resiprocate <unfixed> (low; bug #869404)
 	[stretch] - resiprocate <no-dsa> (Minor issue)
 	[jessie] - resiprocate <no-dsa> (Minor issue)
@@ -3332,8 +3337,8 @@
 	- piwigo <removed>
 CVE-2017-9836 (Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote ...)
 	- piwigo <removed>
-CVE-2017-9835
-	RESERVED
+CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript ...)
+	TODO: check
 CVE-2017-9834
 	RESERVED
 CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ...)
@@ -5138,10 +5143,10 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e
 CVE-2017-9741 (install/make-config.php in ProjectSend r754 allows remote attackers to ...)
 	NOT-FOR-US: ProjectSend
-CVE-2017-9740
-	RESERVED
-CVE-2017-9739
-	RESERVED
+CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex ...)
+	TODO: check
+CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript ...)
+	TODO: check
 CVE-2017-9738
 	RESERVED
 CVE-2017-9737
@@ -5168,10 +5173,10 @@
 	- uclibc <unfixed> (unimportant)
 CVE-2017-9728 (In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp ...)
 	- uclibc <unfixed> (unimportant)
-CVE-2017-9727
-	RESERVED
-CVE-2017-9726
-	RESERVED
+CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript ...)
+	TODO: check
+CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript ...)
+	TODO: check
 CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in ...)
 	{DLA-1021-1 DLA-1020-1}
 	- jetty9 9.2.22-1 (bug #864898)
@@ -5402,12 +5407,12 @@
 	NOT-FOR-US: Telaxus/EPESI
 CVE-2017-9621 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Telaxus/EPESI
-CVE-2017-9620
-	RESERVED
-CVE-2017-9619
-	RESERVED
-CVE-2017-9618
-	RESERVED
+CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex ...)
+	TODO: check
+CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex ...)
+	TODO: check
+CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...)
+	TODO: check
 CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...)
 	- wireshark <unfixed> (low)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
@@ -5420,12 +5425,12 @@
 	RESERVED
 CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...)
 	NOT-FOR-US: SAP SuccessFactors
-CVE-2017-9612
-	RESERVED
-CVE-2017-9611
-	RESERVED
-CVE-2017-9610
-	RESERVED
+CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...)
+	TODO: check
+CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript ...)
+	TODO: check
+CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...)
+	TODO: check
 CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows ...)
 	NOT-FOR-US: Blackcat CMS
 CVE-2017-9608
@@ -17105,8 +17110,8 @@
 	RESERVED
 CVE-2017-5692
 	RESERVED
-CVE-2017-5691
-	RESERVED
+CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...)
+	TODO: check
 CVE-2017-5690
 	RESERVED
 CVE-2017-5689 (An unprivileged network attacker could gain system privileges to ...)

More information about the Secure-testing-commits mailing list