[Secure-testing-commits] r49621 - data/CVE

Sun Mar 12 21:10:12 UTC 2017

Author: sectracker
Date: 2017-03-12 21:10:12 +0000 (Sun, 12 Mar 2017)
New Revision: 49621

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-03-12 21:04:21 UTC (rev 49620)
+++ data/CVE/list	2017-03-12 21:10:12 UTC (rev 49621)
@@ -16,7 +16,7 @@
 	RESERVED
 CVE-2017-6821
 	RESERVED
-CVE-2017-6820 [XSS issue in handling of a style tag inside of an svg element]
+CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is ...)
 	- roundcube <unfixed> (bug #857473)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305
 	NOTE: https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4
@@ -648,31 +648,31 @@
 	NOT-FOR-US: burgundy-cms
 CVE-2017-6507
 	RESERVED
-CVE-2017-6814 [Cross-site scripting (XSS) via media file metadata]
+CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...)
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
-CVE-2017-6815 [Control characters can trick redirect URL validation]
+CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control ...)
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
-CVE-2017-6816 [Unintended files can be deleted by administrators using the plugin deletion functionality]
+CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...)
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	[jessie] - wordpress <not-affected> (Only affects 4.7.x)
 	[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
-CVE-2017-6817 [Cross-site scripting (XSS) via video URL in YouTube embeds]
+CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is ...)
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
-CVE-2017-6818 [Cross-site scripting (XSS) via taxonomy term names]
+CVE-2017-6818 (In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is ...)
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	[jessie] - wordpress <not-affected> (Only affects 4.7.x)
 	[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
-CVE-2017-6819 [Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources]
+CVE-2017-6819 (In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...)
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	[jessie] - wordpress <not-affected> (Only affects 4.2 and later)
 	[wheezy] - wordpress <not-affected> (Only affects 4.2 and later)
@@ -2046,16 +2046,19 @@
 CVE-2017-6012
 	RESERVED
 CVE-2017-6011 (An issue was discovered in icoutils 0.31.1. An out-of-bounds read ...)
+	{DSA-3807-1}
 	- icoutils 0.31.2-1 (bug #854054)
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74
 	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393
 CVE-2017-6010 (An issue was discovered in icoutils 0.31.1. A buffer overflow was ...)
+	{DSA-3807-1}
 	- icoutils 0.31.2-1 (bug #854054)
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74
 	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393
 CVE-2017-6009 (An issue was discovered in icoutils 0.31.1. A buffer overflow was ...)
+	{DSA-3807-1}
 	- icoutils 0.31.2-1 (bug #854050)
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e
 	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256407


