[Secure-testing-commits] r57799 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Nov 18 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-11-18 21:10:12 +0000 (Sat, 18 Nov 2017)
New Revision: 57799

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-18 20:26:51 UTC (rev 57798)
+++ data/CVE/list	2017-11-18 21:10:12 UTC (rev 57799)
@@ -1,3 +1,9 @@
+CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= ...)
+	TODO: check
+CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but ...)
+	TODO: check
+CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON ...)
+	TODO: check
 CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before ...)
 	NOT-FOR-US: filp whoops
 CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...)
@@ -440,12 +446,12 @@
 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...)
 	NOT-FOR-US: Gemirro
 CVE-2017-16853 (The DynamicMetadataProvider class in ...)
-	{DSA-4039-1}
+	{DSA-4039-1 DLA-1178-1}
 	- opensaml2 <unfixed> (bug #881856)
 	NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
 	NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
 CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic ...)
-	{DSA-4038-1}
+	{DSA-4038-1 DLA-1179-1}
 	- shibboleth-sp2 <unfixed> (bug #881857)
 	NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16
 	NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
@@ -3768,6 +3774,7 @@
 	NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public)
 	NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971
 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...)
+	{DLA-1177-1}
 	- poppler <unfixed> (bug #879066)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016
 	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d
@@ -5508,16 +5515,19 @@
 CVE-2017-14978
 	RESERVED
 CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler ...)
+	{DLA-1177-1}
 	- poppler <unfixed> (low; bug #877952)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	[jessie] - poppler <no-dsa> (Minor issue)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045
 	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c
 CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...)
+	{DLA-1177-1}
 	- poppler <unfixed> (low; bug #877954)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724
 	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf
 CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...)
+	{DLA-1177-1}
 	- poppler <unfixed> (low; bug #877957)
 	[stretch] - poppler <no-dsa> (Minor issue)
 	[jessie] - poppler <no-dsa> (Minor issue)
@@ -14767,6 +14777,7 @@
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/83
 CVE-2017-11733 (A null pointer dereference vulnerability was found in the function ...)
+	{DLA-1176-1}
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/78
 CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function ...)
@@ -18296,9 +18307,11 @@
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879
 CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A ...)
+	{DLA-1176-1}
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/86
 CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles ...)
+	{DLA-1176-1}
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/85
 CVE-2017-9987 (There is a heap-based buffer overflow in the function hpel_motion in ...)

More information about the Secure-testing-commits mailing list