[Secure-testing-commits] r57910 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Nov 21 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-11-21 21:10:13 +0000 (Tue, 21 Nov 2017)
New Revision: 57910

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-21 20:59:05 UTC (rev 57909)
+++ data/CVE/list	2017-11-21 21:10:13 UTC (rev 57910)
@@ -1,3 +1,15 @@
+CVE-2017-16925
+	RESERVED
+CVE-2017-16924
+	RESERVED
+CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda ...)
+	TODO: check
+CVE-2017-16922
+	RESERVED
+CVE-2017-16921
+	RESERVED
+CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY ...)
+	TODO: check
 CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) ...)
 	NOT-FOR-US: MapOS
 CVE-2017-16918
@@ -180,7 +192,7 @@
 	- xrootd <itp> (bug #687222)
 CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code ...)
 	NOT-FOR-US: Elixir's vim plugin
-CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after free in the ...)
+CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML ...)
 	{DLA-1175-1}
 	- lynx 2.8.9dev16-1
 	- lynx-cur <removed>
@@ -260,6 +272,7 @@
 	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
 	NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
+	{DLA-1184-1}
 	- optipng <unfixed> (bug #882032)
 	NOTE: https://sourceforge.net/p/optipng/bugs/65/
 	NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
@@ -1012,8 +1025,7 @@
 	RESERVED
 CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...)
 	NOT-FOR-US: RemObjects Remoting SDK
-CVE-2017-16664 [OSA-2017-07]
-	RESERVED
+CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...)
 	- otrs2 <unfixed> (bug #882370)
 	NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
 	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -1168,8 +1180,8 @@
 	NOT-FOR-US: MLAlchemy
 CVE-2017-16614
 	RESERVED
-CVE-2017-16613 [Swift object/proxy server writing swauth Auth Token to log file]
-	RESERVED
+CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through ...)
+	{DSA-4044-1}
 	- swauth 1.2.0-4 (bug #882314)
 	NOTE: https://bugs.launchpad.net/swift/+bug/1655781
 CVE-2017-16612
@@ -4755,6 +4767,7 @@
 	NOT-FOR-US: OpenText Documentum Content Server
 CVE-2017-15275 [Server heap memory information leak]
 	RESERVED
+	{DSA-4043-1 DLA-1183-1}
 	- samba 2:4.7.1+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2017-15275.html
 CVE-2017-15274 (security/keys/keyctl.c in the Linux kernel before 4.11.5 does not ...)
@@ -5412,8 +5425,8 @@
 	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
 	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
 	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
-CVE-2017-15044
-	RESERVED
+CVE-2017-15044 (The default installation of DocuWare Fulltext Search server through ...)
+	TODO: check
 CVE-2017-15043
 	RESERVED
 CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x ...)
@@ -6344,6 +6357,7 @@
 	RESERVED
 CVE-2017-14746 [Use-after-free vulnerability]
 	RESERVED
+	{DSA-4043-1}
 	- samba 2:4.7.1+dfsg-2
 	[wheezy] - samba <not-affected> (Issue introduced in 4.0.0)
 	NOTE: https://www.samba.org/samba/security/CVE-2017-14746.html
@@ -27804,8 +27818,7 @@
 CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to ...)
 	- 389-ds-base 1.3.6.7-1 (bug #870752)
 	NOTE: https://pagure.io/389-ds-base/issue/49336
-CVE-2017-7550
-	RESERVED
+CVE-2017-7550 (A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x ...)
 	- ansible <unfixed> (unimportant)
 	NOTE: Just an insecure example
 CVE-2017-7549 (A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat ...)
@@ -33514,8 +33527,8 @@
 	RESERVED
 CVE-2017-5730
 	RESERVED
-CVE-2017-5729
-	RESERVED
+CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and ...)
+	TODO: check
 CVE-2017-5728
 	RESERVED
 CVE-2017-5727
@@ -33534,8 +33547,8 @@
 	NOT-FOR-US: Intel
 CVE-2017-5720
 	RESERVED
-CVE-2017-5719
-	RESERVED
+CVE-2017-5719 (A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows ...)
+	TODO: check
 CVE-2017-5718
 	RESERVED
 CVE-2017-5717
@@ -33548,22 +33561,22 @@
 	RESERVED
 CVE-2017-5713
 	RESERVED
-CVE-2017-5712
-	RESERVED
-CVE-2017-5711
-	RESERVED
-CVE-2017-5710
-	RESERVED
-CVE-2017-5709
-	RESERVED
-CVE-2017-5708
-	RESERVED
-CVE-2017-5707
-	RESERVED
-CVE-2017-5706
-	RESERVED
-CVE-2017-5705
-	RESERVED
+CVE-2017-5712 (Buffer overflow in Active Management Technology (AMT) in Intel ...)
+	TODO: check
+CVE-2017-5711 (Multiple buffer overflows in Active Management Technology (AMT) in ...)
+	TODO: check
+CVE-2017-5710 (Multiple privilege escalations in kernel in Intel Trusted Execution ...)
+	TODO: check
+CVE-2017-5709 (Multiple privilege escalations in kernel in Intel Server Platform ...)
+	TODO: check
+CVE-2017-5708 (Multiple privilege escalations in kernel in Intel Manageability Engine ...)
+	TODO: check
+CVE-2017-5707 (Multiple buffer overflows in kernel in Intel Trusted Execution Engine ...)
+	TODO: check
+CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform Services ...)
+	TODO: check
+CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine ...)
+	TODO: check
 CVE-2017-5704
 	RESERVED
 CVE-2017-5703
@@ -93567,8 +93580,8 @@
 	[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
 	NOTE: https://github.com/Dolibarr/dolibarr/issues/2857
 	NOTE: https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
-CVE-2015-3934
-	RESERVED
+CVE-2015-3934 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow ...)
+	TODO: check
 CVE-2015-3933 (Multiple SQL injection vulnerabilities in inc/lib/User.class.php in ...)
 	NOT-FOR-US: MetalGenix GeniXCMS
 CVE-2015-3932 (Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML ...)

More information about the Secure-testing-commits mailing list