[Secure-testing-commits] r57666 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Nov 15 21:10:20 UTC 2017 

Author: sectracker
Date: 2017-11-15 21:10:20 +0000 (Wed, 15 Nov 2017)
New Revision: 57666

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-15 20:35:45 UTC (rev 57665)
+++ data/CVE/list	2017-11-15 21:10:20 UTC (rev 57666)
@@ -1,3 +1,5 @@
+CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...)
+	TODO: check
 CVE-2017-XXXX [CPPOST-105]
 	- opensaml2 <unfixed> (bug #881856)
 	NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
@@ -2540,8 +2542,7 @@
 	RESERVED
 CVE-2017-15925
 	RESERVED
-CVE-2017-15923 [Crash in parsing IRC color formatting codes]
-	RESERVED
+CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...)
 	{DSA-4033-1}
 	- konversation 1.7.3-1 (bug #881586)
 	NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
@@ -2804,8 +2805,8 @@
 	NOT-FOR-US: phpMyFaq
 CVE-2017-15807
 	RESERVED
-CVE-2017-15806
-	RESERVED
+CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components ...)
+	TODO: check
 CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function in ...)
 	- python-werkzeug 0.11.11+dfsg1-1
 	NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
@@ -4063,8 +4064,8 @@
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
 	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51
-CVE-2017-15288
-	RESERVED
+CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...)
+	TODO: check
 CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia ...)
 	NOT-FOR-US: BouquetEditor WebPlugin
 CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in ...)
@@ -4116,14 +4117,14 @@
 CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before ...)
 	- mahara <removed>
 	NOTE: https://mahara.org/interaction/forum/topic.php?id=8081
-CVE-2017-15272
-	RESERVED
-CVE-2017-15271
-	RESERVED
-CVE-2017-15270
-	RESERVED
-CVE-2017-15269
-	RESERVED
+CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside ...)
+	TODO: check
+CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP ...)
+	TODO: check
+CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data ...)
+	TODO: check
+CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans ...)
+	TODO: check
 CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...)
 	- qemu <unfixed> (bug #880836)
 	[stretch] - qemu <no-dsa> (Minor issue)
@@ -5103,8 +5104,8 @@
 	RESERVED
 CVE-2017-14962
 	RESERVED
-CVE-2017-14961
-	RESERVED
+CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...)
+	TODO: check
 CVE-2017-14960
 	RESERVED
 CVE-2017-14959
@@ -12029,10 +12030,10 @@
 CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...)
 	- couchdb <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
-CVE-2017-12634
-	RESERVED
-CVE-2017-12633
-	RESERVED
+CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and ...)
+	TODO: check
+CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and ...)
+	TODO: check
 CVE-2017-12632
 	RESERVED
 CVE-2017-12631
@@ -12490,7 +12491,7 @@
 	RESERVED
 CVE-2017-12461
 	RESERVED
-CVE-2017-12460 (Unspecified vulnerability in Barco ClickShare CSM-1 firmware before ...)
+CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware before ...)
 	NOT-FOR-US: Barco ClickShare CSM-1 firmware
 CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the ...)
 	- binutils 2.29-8
@@ -23189,7 +23190,7 @@
 CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...)
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
- 	NOTE: https://phabricator.wikimedia.org/T119158
+	NOTE: https://phabricator.wikimedia.org/T119158
 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...)
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
@@ -23215,9 +23216,10 @@
 CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...)
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
- 	NOTE: https://phabricator.wikimedia.org/T178451
+	NOTE: https://phabricator.wikimedia.org/T178451
 CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects]
 	RESERVED
+	{DSA-4034-1}
 	- varnish <unfixed> (bug #881808)
 	[jessie] - varnish <not-affected> (Vulnerable code not present, issue introduced in 4.1.0)
 	NOTE: http://varnish-cache.org/security/VSV00002.html
@@ -119273,8 +119275,7 @@
 	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #752573)
 CVE-2014-4001
 	RESERVED
-CVE-2014-4000 [PHP Object Injection Vulnerabilities]
-	RESERVED
+CVE-2014-4000 (Cacti before 1.0.0 allows remote authenticated users to conduct PHP ...)
 	- cacti 0.8.8e+ds1-1 (low)
 	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
 	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
@@ -121905,8 +121906,8 @@
 	NOTE: libv8 not covered by security support
 CVE-2014-3151
 	RESERVED
-CVE-2014-3150
-	RESERVED
+CVE-2014-3150 (Livebox 1.1 allows remote authenticated users to upload arbitrary ...)
+	TODO: check
 CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...)
 	NOT-FOR-US: Invision Power IP.Board
 CVE-2014-3148 (Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid ...)
@@ -122665,8 +122666,8 @@
 	NOT-FOR-US: CIS Manager CMS
 CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php ...)
 	NOT-FOR-US: Arkeia Server Backup
-CVE-2014-2845
-	RESERVED
+CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.509 ...)
+	TODO: check
 CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...)
 	NOT-FOR-US: F-Secure Messaging Secure Gateway
 CVE-2014-2843
@@ -130429,8 +130430,7 @@
 	[squeeze] - openssl 0.9.8o-4squeeze15
 CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote ...)
 	NOT-FOR-US: Cloudera Manager
-CVE-2014-0219
-	RESERVED
+CVE-2014-0219 (Apache Karaf enables a shutdown port on the loopback interface, which ...)
 	NOT-FOR-US: Apache Karaf
 CVE-2014-0218 (Cross-site scripting (XSS) vulnerability in the URL downloader ...)
 	- moodle 2.6.3-1

More information about the Secure-testing-commits mailing list