[Secure-testing-commits] r52226 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Jun 2 09:10:13 UTC 2017 

Author: sectracker
Date: 2017-06-02 09:10:13 +0000 (Fri, 02 Jun 2017)
New Revision: 52226

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-02 08:45:36 UTC (rev 52225)
+++ data/CVE/list	2017-06-02 09:10:13 UTC (rev 52226)
@@ -1,36 +1,54 @@
-CVE-2017-9358 [AST-2017-004: Memory exhaustion on short SCCP packets]
+CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) ...)
+	TODO: check
+CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force parameter to ...)
+	TODO: check
+CVE-2017-9364 (Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an ...)
+	TODO: check
+CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5 allows ...)
+	TODO: check
+CVE-2017-9362
+	RESERVED
+CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in ...)
+	TODO: check
+CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in ...)
+	TODO: check
+CVE-2017-9357
+	RESERVED
+CVE-2017-9356
+	RESERVED
+CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...)
 	- asterisk <unfixed> (bug #863906)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-004.txt
-CVE-2017-9359 [AST-2017-003: Crash in PJSIP multi-part body parser]
+CVE-2017-9359 (The multi-part body parser in PJSIP, as used in Asterisk Open Source ...)
 	- pjproject <unfixed> (bug #863902)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939
 CVE-2017-9355
 	RESERVED
-CVE-2017-9354
-	RESERVED
-CVE-2017-9353
-	RESERVED
-CVE-2017-9352
-	RESERVED
-CVE-2017-9351
-	RESERVED
-CVE-2017-9350
-	RESERVED
-CVE-2017-9349
-	RESERVED
-CVE-2017-9348
-	RESERVED
-CVE-2017-9347
-	RESERVED
-CVE-2017-9346
-	RESERVED
-CVE-2017-9345
-	RESERVED
-CVE-2017-9344
-	RESERVED
-CVE-2017-9343
-	RESERVED
+CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector ...)
+	TODO: check
+CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was ...)
+	TODO: check
+CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector ...)
+	TODO: check
+CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector ...)
+	TODO: check
+CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY ...)
+	TODO: check
+CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector ...)
+	TODO: check
+CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...)
+	TODO: check
+CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL ...)
+	TODO: check
+CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector ...)
+	TODO: check
+CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector ...)
+	TODO: check
+CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP ...)
+	TODO: check
+CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector ...)
+	TODO: check
 CVE-2017-9342
 	RESERVED
 CVE-2017-9341
@@ -408,6 +426,7 @@
 CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...)
 	NOT-FOR-US: Aries QWR-1104 Wireless-N Router
 CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...)
+	{DLA-974-1}
 	- picocom <unfixed> (bug #863671)
 	NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
 CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...)
@@ -46308,7 +46327,7 @@
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=71912
 	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/29a6487d648d1593e1e2fa615d9b3a844756ddc3
 CVE-2016-3073
-	RESERVED
+	REJECTED
 CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search function ...)
 	NOT-FOR-US: Katello
 CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of ...)

More information about the Secure-testing-commits mailing list