[Secure-testing-commits] r57868 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Nov 20 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-11-20 21:10:13 +0000 (Mon, 20 Nov 2017)
New Revision: 57868

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-20 20:59:32 UTC (rev 57867)
+++ data/CVE/list	2017-11-20 21:10:13 UTC (rev 57868)
@@ -1,3 +1,31 @@
+CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...)
+	TODO: check
+CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...)
+	TODO: check
+CVE-2017-16906 (In Horde Groupware 5.2.19, there is XSS via the URL field in a ...)
+	TODO: check
+CVE-2017-16905
+	RESERVED
+CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows ...)
+	TODO: check
+CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and execute ...)
+	TODO: check
+CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long ...)
+	TODO: check
+CVE-2017-16901
+	RESERVED
+CVE-2017-16900
+	RESERVED
+CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows ...)
+	TODO: check
+CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ...)
+	TODO: check
+CVE-2017-16897
+	RESERVED
+CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass ...)
+	TODO: check
+CVE-2017-16895
+	RESERVED
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain ...)
 	TODO: check
 CVE-2017-16893
@@ -1249,8 +1277,7 @@
 	NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this
 	NOTE: the severity of the wheezy version is low even though the vulnerable code is still present.
 	NOTE: The patch is trivial so it may be worth fixing in combination with some other fix.
-CVE-2017-16544 [missing terminal escape sequence filtering in autocompletion]
-	RESERVED
+CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through ...)
 	- busybox <unfixed> (bug #882258)
 	[stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release)
 	[jessie] - busybox <no-dsa> (Minor issue, can be fixed via point release)
@@ -3954,8 +3981,8 @@
 	RESERVED
 CVE-2017-15528
 	RESERVED
-CVE-2017-15527
-	RESERVED
+CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be ...)
+	TODO: check
 CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...)
 	NOT-FOR-US: Symantec
 CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...)
@@ -4595,18 +4622,23 @@
 	[wheezy] - xen <ignored> (minor issue)
 	NOTE: https://xenbits.xen.org/xsa/advisory-244.html
 CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
+	{DLA-1181-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-243.html
 CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
+	{DLA-1181-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-242.html
 CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
+	{DLA-1181-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-241.html
 CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
+	{DLA-1181-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-240.html
 CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
+	{DLA-1181-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-239.html
 CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...)
@@ -5102,8 +5134,8 @@
 	RESERVED
 CVE-2017-15111
 	RESERVED
-CVE-2017-15110
-	RESERVED
+CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other students ...)
+	TODO: check
 CVE-2017-15109
 	RESERVED
 CVE-2017-15108
@@ -12705,15 +12737,13 @@
 	RESERVED
 CVE-2017-12609
 	RESERVED
-CVE-2017-12608
-	RESERVED
+CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser before ...)
 	{DSA-4022-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
 	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
-CVE-2017-12607
-	RESERVED
+CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, and ...)
 	{DSA-4022-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
@@ -16042,12 +16072,12 @@
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
 	NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
 	NOTE: issue. See: http://www.openwall.com/lists/oss-security/2017/09/01/6
-CVE-2017-11402
-	RESERVED
-CVE-2017-11401
-	RESERVED
-CVE-2017-11400
-	RESERVED
+CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...)
+	TODO: check
+CVE-2017-11401 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...)
+	TODO: check
+CVE-2017-11400 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...)
+	TODO: check
 CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...)
 	- gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
 	[stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1
@@ -18937,8 +18967,7 @@
 	NOT-FOR-US: Redgate SQL Monitor
 CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 ...)
 	NOT-FOR-US: OpenWebif plugin for E2
-CVE-2017-9806
-	RESERVED
+CVE-2017-9806 (A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, ...)
 	- libreoffice 1:3.4.3-1
 	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0295
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806
@@ -41475,8 +41504,7 @@
 	NOT-FOR-US: Apache Camel
 CVE-2017-3158
 	RESERVED
-CVE-2017-3157
-	RESERVED
+CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders embedded ...)
 	{DSA-3792-1 DLA-910-1}
 	- libreoffice 1:5.2.3-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
@@ -57758,8 +57786,7 @@
 	NOT-FOR-US: Apache Wicket
 CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to read ...)
 	NOT-FOR-US: Apache Ignite
-CVE-2016-6804
-	RESERVED
+CVE-2016-6804 (The Apache OpenOffice installer (versions prior to 4.1.3, including ...)
 	NOT-FOR-US: Apache OpenOffice installer for Windows
 CVE-2016-6803 (An installer defect known as an "unquoted Windows search path ...)
 	NOT-FOR-US: Apache OpenOffice installer for Windows

More information about the Secure-testing-commits mailing list