[Secure-testing-commits] r57466 - data/CVE

Wed Nov 8 21:10:14 UTC 2017

Author: sectracker
Date: 2017-11-08 21:10:14 +0000 (Wed, 08 Nov 2017)
New Revision: 57466

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-11-08 20:49:18 UTC (rev 57465)
+++ data/CVE/list	2017-11-08 21:10:14 UTC (rev 57466)
@@ -1,4 +1,12 @@
-CVE-2017-16667 [shell injection in notify-send]
+CVE-2017-16668
+	RESERVED
+CVE-2017-16666
+	RESERVED
+CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...)
+	TODO: check
+CVE-2017-16664
+	RESERVED
+CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper ...)
 	- backintime <unfixed> (bug #881205)
 	NOTE: https://github.com/bit-team/backintime/issues/834
 	NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3
@@ -344,6 +352,7 @@
 CVE-2017-16517
 	RESERVED
 CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is ...)
+	{DLA-1167-1}
 	- ruby-yajl 1.2.0-3.1 (low; bug #880691)
 	[stretch] - ruby-yajl <no-dsa> (Minor issue)
 	[jessie] - ruby-yajl <no-dsa> (Minor issue)
@@ -2230,8 +2239,8 @@
 	NOT-FOR-US: user-login-history plugin for WordPress
 CVE-2017-15866
 	RESERVED
-CVE-2017-15865
-	RESERVED
+CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...)
+	TODO: check
 CVE-2017-15864
 	RESERVED
 CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" ...)
@@ -3272,6 +3281,7 @@
 	RESERVED
 CVE-2017-15399
 	RESERVED
+	{DSA-4024-1}
 	- chromium-browser 62.0.3202.89-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -3279,6 +3289,7 @@
 	NOTE: libv8 not covered by security support
 CVE-2017-15398
 	RESERVED
+	{DSA-4024-1}
 	- chromium-browser 62.0.3202.89-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -4162,14 +4173,11 @@
 	NOTE: runs on client systems, and only with a certificate that is explicitly
 	NOTE: configured locally, leading to a local kinit crash if passed a crafted
 	NOTE: local certificate. This is hardly has any harmful security implication.
-CVE-2017-15087
-	RESERVED
+CVE-2017-15087 (It was discovered that the fix for CVE-2017-12163 was not properly ...)
 	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12163)
-CVE-2017-15086
-	RESERVED
+CVE-2017-15086 (It was discovered that the fix for CVE-2017-12151 was not properly ...)
 	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12151)
-CVE-2017-15085
-	RESERVED
+CVE-2017-15085 (It was discovered that the fix for CVE-2017-12150 was not properly ...)
 	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12150)
 CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout ...)
 	NOT-FOR-US: Metasploit Framework
@@ -6330,8 +6338,8 @@
 	RESERVED
 CVE-2017-14361
 	RESERVED
-CVE-2017-14360
-	RESERVED
+CVE-2017-14360 (A potential security vulnerability has been identified in HPE Content ...)
+	TODO: check
 CVE-2017-14359 (A potential security vulnerability has been identified in HPE ...)
 	NOT-FOR-US: HPE Performance Center
 CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP ArcSight ESM ...)
@@ -10963,8 +10971,8 @@
 	RESERVED
 CVE-2017-12825
 	RESERVED
-CVE-2017-12824
-	RESERVED
+CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in ...)
+	TODO: check
 CVE-2017-12823
 	RESERVED
 CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...)
@@ -20895,7 +20903,7 @@
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	NOTE: Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html
 	NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html
-CVE-2017-9330 (QEMU (aka Quick Emulator), when built with the USB OHCI Emulation ...)
+CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI ...)
 	{DSA-3920-1}
 	- qemu 1:2.8+dfsg-7 (bug #863943)
 	[jessie] - qemu <no-dsa> (Minor issue)
@@ -21844,8 +21852,8 @@
 	NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
 CVE-2017-9097 (In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through ...)
 	NOT-FOR-US: Anti-Web
-CVE-2017-9096
-	RESERVED
+CVE-2017-9096 (The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not ...)
+	TODO: check
 CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local files ...)
 	NOT-FOR-US: Diving Log
 CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ...)
@@ -92259,8 +92267,8 @@
 	NOTE: https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
 CVE-2015-3934
 	RESERVED
-CVE-2015-3933
-	RESERVED
+CVE-2015-3933 (Multiple SQL injection vulnerabilities in inc/lib/User.class.php in ...)
+	TODO: check
 CVE-2015-3932 (Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML ...)
 	NOT-FOR-US: Netlock Mokka
 CVE-2015-3931 (Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform ...)
@@ -132921,7 +132929,7 @@
 CVE-2013-6056
 	RESERVED
 CVE-2013-6055
-	RESERVED
+	REJECTED
 CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...)
 	{DSA-2808-1}
 	- openjpeg 1.3+dfsg-4.7 (bug #731237)


