[Secure-testing-commits] r56447 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Oct 6 09:10:13 UTC 2017 

Author: sectracker
Date: 2017-10-06 09:10:13 +0000 (Fri, 06 Oct 2017)
New Revision: 56447

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-06 08:30:39 UTC (rev 56446)
+++ data/CVE/list	2017-10-06 09:10:13 UTC (rev 56447)
@@ -1,4 +1,46 @@
-CVE-2017-15042
+CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a ...)
+	TODO: check
+CVE-2017-15062
+	RESERVED
+CVE-2017-15061
+	RESERVED
+CVE-2017-15060
+	RESERVED
+CVE-2017-15059
+	RESERVED
+CVE-2017-15058
+	RESERVED
+CVE-2017-15057
+	RESERVED
+CVE-2017-15056 (p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote ...)
+	TODO: check
+CVE-2017-15055
+	RESERVED
+CVE-2017-15054
+	RESERVED
+CVE-2017-15053
+	RESERVED
+CVE-2017-15052
+	RESERVED
+CVE-2017-15051
+	RESERVED
+CVE-2017-15050
+	RESERVED
+CVE-2017-15049
+	RESERVED
+CVE-2017-15048
+	RESERVED
+CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...)
+	TODO: check
+CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow, a different ...)
+	TODO: check
+CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read, a different ...)
+	TODO: check
+CVE-2017-15044
+	RESERVED
+CVE-2017-15043
+	RESERVED
+CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x ...)
 	- golang-1.9 1.9.1-1
 	- golang-1.8 1.8.4-1
 	- golang-1.7 <undetermined>
@@ -7,7 +49,7 @@
 	NOTE: https://golang.org/cl/68023
 	NOTE: https://golang.org/cl/68210
 	NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
-CVE-2017-15041
+CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...)
 	- golang-1.9 1.9.1-1
 	- golang-1.8 1.8.4-1
 	- golang-1.7 <undetermined>
@@ -153,6 +195,7 @@
 CVE-2017-1000102 (The Details view of some Static Analysis Utilities based plugins, was ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000098 (The net/http package's Request.ParseMultipartForm method starts ...)
+	{DLA-1123-1}
 	- golang-1.9 <not-affected> (Fixed before initial release to Debian)
 	- golang-1.8 <not-affected> (Fixed before initial release to Debian)
 	- golang-1.7 1.7.4-1
@@ -868,7 +911,7 @@
 	NOTE: for 2.x: https://github.com/randombit/botan/commit/95df7f155570949837e8e28e733f3d59408092da
 CVE-2017-14736
 	RESERVED
-CVE-2017-14735 (OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as ...)
+CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as ...)
 	NOT-FOR-US: OWASP AntiSamy
 CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote ...)
 	NOT-FOR-US: libbpg
@@ -2973,20 +3016,20 @@
 	NOT-FOR-US: Ctek SkyRouter
 CVE-2017-13999
 	RESERVED
-CVE-2017-13998
-	RESERVED
+CVE-2017-13998 (An Insufficiently Protected Credentials issue was discovered in LOYTEC ...)
+	TODO: check
 CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...)
 	NOT-FOR-US: Schneider
-CVE-2017-13996
-	RESERVED
+CVE-2017-13996 (A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME ...)
+	TODO: check
 CVE-2017-13995 (An Improper Authentication issue was discovered in iniNet Solutions ...)
 	NOT-FOR-US: iniNet Solutions iniNet Webserver
-CVE-2017-13994
-	RESERVED
+CVE-2017-13994 (A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions ...)
+	TODO: check
 CVE-2017-13993 (An Uncontrolled Search Path or Element issue was discovered in i-SENS ...)
 	NOT-FOR-US: i-SENS SmartLog Diabetes Management Software
-CVE-2017-13992
-	RESERVED
+CVE-2017-13992 (An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME ...)
+	TODO: check
 CVE-2017-13991 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...)
 	NOT-FOR-US: ArcSight
 CVE-2017-13990 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...)
@@ -6685,12 +6728,12 @@
 	NOT-FOR-US: Siemens
 CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...)
 	NOT-FOR-US: SiteSentinel
-CVE-2017-12732
-	RESERVED
+CVE-2017-12732 (A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY ...)
+	TODO: check
 CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Systems ...)
 	NOT-FOR-US: SiteSentinel
-CVE-2017-12730
-	RESERVED
+CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...)
+	TODO: check
 CVE-2017-12729
 	RESERVED
 CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...)

More information about the Secure-testing-commits mailing list