[Secure-testing-commits] r51937 - data/CVE

Wed May 24 21:10:25 UTC 2017

Author: sectracker
Date: 2017-05-24 21:10:25 +0000 (Wed, 24 May 2017)
New Revision: 51937

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-05-24 18:46:36 UTC (rev 51936)
+++ data/CVE/list	2017-05-24 21:10:25 UTC (rev 51937)
@@ -1,3 +1,31 @@
+CVE-2017-9231
+	RESERVED
+CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain attack ...)
+	TODO: check
+CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	TODO: check
+CVE-2017-9228 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	TODO: check
+CVE-2017-9227 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	TODO: check
+CVE-2017-9226 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	TODO: check
+CVE-2017-9225 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	TODO: check
+CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	TODO: check
+CVE-2017-9223
+	RESERVED
+CVE-2017-9222
+	RESERVED
+CVE-2017-9221
+	RESERVED
+CVE-2017-9220
+	RESERVED
+CVE-2017-9219
+	RESERVED
+CVE-2017-9218
+	RESERVED
 CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a denial ...)
 	- systemd <unfixed> (bug #863277)
 	[jessie] - systemd <not-affected> (vulnerable code introduced later)
@@ -6415,7 +6443,7 @@
 CVE-2017-6892
 	RESERVED
 CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) ...)
-	{DLA-950-1}
+	{DSA-3861-1 DLA-950-1}
 	- libtasn1-6 <unfixed> (bug #863186)
 	- libtasn1-3 <removed>
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
@@ -18394,26 +18422,25 @@
 	RESERVED
 CVE-2017-2825
 	RESERVED
-CVE-2017-2824
-	RESERVED
+CVE-2017-2824 (An exploitable code execution vulnerability exists in the trapper ...)
 	- zabbix <unfixed>
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0325/
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0326/
 	NOTE: Apparently only one CVE assigned for both issues
-CVE-2017-2823
-	RESERVED
+CVE-2017-2823 (A use-after-free vulnerability exists in the .ISO parsing ...)
+	TODO: check
 CVE-2017-2822
 	RESERVED
 CVE-2017-2821
 	RESERVED
 CVE-2017-2820
 	RESERVED
-CVE-2017-2819
-	RESERVED
+CVE-2017-2819 (An exploitable heap-based buffer overflow exists in the Hangul Word ...)
+	TODO: check
 CVE-2017-2818
 	RESERVED
-CVE-2017-2817
-	RESERVED
+CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing ...)
+	TODO: check
 CVE-2017-2816
 	RESERVED
 CVE-2017-2815
@@ -18444,20 +18471,18 @@
 	RESERVED
 CVE-2017-2802
 	RESERVED
-CVE-2017-2801 [Incorrect comparison in X.509 DN strings]
-	RESERVED
+CVE-2017-2801 (A programming error exists in a way Randombit Botan cryptographic ...)
 	{DLA-915-1}
 	- botan1.10 <unfixed> (bug #860072)
 	NOTE: https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4 (1.10.16)
 	NOTE: Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16
-CVE-2017-2800
-	RESERVED
+CVE-2017-2800 (A specially crafted x509 certificate can cause a single out of bounds ...)
 	- wolfssl <unfixed> (bug #862154)
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0293/
-CVE-2017-2799
-	RESERVED
-CVE-2017-2798
-	RESERVED
+CVE-2017-2799 (An exploitable heap corruption vulnerability exists in the AddSst ...)
+	TODO: check
+CVE-2017-2798 (An exploitable heap corruption vulnerability exists in the ...)
+	TODO: check
 CVE-2017-2797 (An exploitable heap overflow vulnerability exists in the ...)
 	NOT-FOR-US: AntennaHouse
 CVE-2017-2796
@@ -36165,7 +36190,7 @@
 	NOT-FOR-US: IBM
 CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a ...)
 	NOT-FOR-US: IBM
-CVE-2016-6110 (IBM Tivoli Storage Manager undisclosed unencrypted login credentials ...)
+CVE-2016-6110 (IBM Tivoli Storage Manager discloses unencrypted login credentials to ...)
 	NOT-FOR-US: IBM
 CVE-2016-6109
 	RESERVED


