[Secure-testing-commits] r52836 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Jun 23 09:10:13 UTC 2017 

Author: sectracker
Date: 2017-06-23 09:10:13 +0000 (Fri, 23 Jun 2017)
New Revision: 52836

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-23 08:25:55 UTC (rev 52835)
+++ data/CVE/list	2017-06-23 09:10:13 UTC (rev 52836)
@@ -1312,10 +1312,10 @@
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21600
 CVE-2017-9777
 	RESERVED
-CVE-2017-9776
-	RESERVED
-CVE-2017-9775
-	RESERVED
+CVE-2017-9776 (Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in ...)
+	TODO: check
+CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before ...)
+	TODO: check
 CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...)
 	- php-horde-image <unfixed> (bug #865505)
 	NOTE: https://lists.horde.org/archives/announce/2017/001234.html
@@ -2507,8 +2507,8 @@
 	NOT-FOR-US: WebsiteBaker
 CVE-2017-9357
 	RESERVED
-CVE-2017-9356
-	RESERVED
+CVE-2017-9356 (Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability ...)
+	TODO: check
 CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...)
 	- asterisk 1:13.14.1~dfsg-2 (bug #863906)
 	[jessie] - asterisk <not-affected> (11.x series not affected)
@@ -22123,12 +22123,12 @@
 	NOTE: Wheezy do not have any elliptic curve functionality. Jessie is affected however.
 CVE-2017-2783 (An exploitable heap corruption vulnerability exists in the ...)
 	NOT-FOR-US: AntennaHouse
-CVE-2017-2782
-	RESERVED
-CVE-2017-2781
-	RESERVED
-CVE-2017-2780
-	RESERVED
+CVE-2017-2782 (An integer overflow vulnerability exists in the X509 certificate ...)
+	TODO: check
+CVE-2017-2781 (An exploitable heap buffer overflow vulnerability exists in the X509 ...)
+	TODO: check
+CVE-2017-2780 (An exploitable heap buffer overflow vulnerability exists in the X509 ...)
+	TODO: check
 CVE-2017-2779
 	RESERVED
 CVE-2017-2778
@@ -26166,8 +26166,8 @@
 	RESERVED
 CVE-2017-0898
 	RESERVED
-CVE-2017-0897
-	RESERVED
+CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create ...)
+	TODO: check
 CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...)

More information about the Secure-testing-commits mailing list