[Secure-testing-commits] r56486 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Oct 7 09:10:14 UTC 2017 

Author: sectracker
Date: 2017-10-07 09:10:14 +0000 (Sat, 07 Oct 2017)
New Revision: 56486

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-07 09:04:04 UTC (rev 56485)
+++ data/CVE/list	2017-10-07 09:10:14 UTC (rev 56486)
@@ -1,3 +1,5 @@
+CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout ...)
+	TODO: check
 CVE-2017-15083
 	RESERVED
 CVE-2017-15082
@@ -957,6 +959,7 @@
 CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL ...)
 	NOT-FOR-US: FileRun
 CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...)
+	{DLA-1125-1}
 	- botan1.10 <unfixed> (bug #877436)
 	NOTE: https://github.com/randombit/botan/issues/1222
 	NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
@@ -3795,6 +3798,7 @@
 	NOTE: This is in libxkbfile in wheezy
 CVE-2017-13722 [pcfGetProperties: Check string boundaries]
 	RESERVED
+	{DLA-1126-1}
 	- libxfont 1:2.0.1-4
 	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
 CVE-2017-13721 [Xext/shm: Validate shmseg resource id]
@@ -3804,6 +3808,7 @@
 	NOTE: In wheezy this is possibly libxext, src/XShm.c?
 CVE-2017-13720 [Check for end of string in PatternMatch]
 	RESERVED
+	{DLA-1126-1}
 	- libxfont 1:2.0.1-4
 	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
 CVE-2017-13719
@@ -42046,6 +42051,7 @@
 	- chromium-browser 55.0.2883.75-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...)
+	{DSA-3993-1}
 	- tor 0.3.1.7-1 (bug #876221)
 	[jessie] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
 	[wheezy] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
@@ -91220,8 +91226,8 @@
 	[wheezy] - nova <no-dsa> (Minor issue)
 	NOTE: This is no longer a security issue starting with icehouse, so marking 2014.1 as fixed
 	NOTE: https://bugs.launchpad.net/nova/+bug/1419577
-CVE-2015-2673
-	RESERVED
+CVE-2015-2673 (The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in ...)
+	TODO: check
 CVE-2015-2671
 	RESERVED
 CVE-2015-2670
@@ -92845,20 +92851,20 @@
 	NOTE: http://xenbits.xen.org/xsa/advisory-120.html
 CVE-2015-2149 (Multiple cross-site scripting (XSS) vulnerabilities in the administrative ...)
 	NOT-FOR-US: MyBB
-CVE-2015-2148
-	RESERVED
-CVE-2015-2147
-	RESERVED
-CVE-2015-2146
-	RESERVED
-CVE-2015-2145
-	RESERVED
-CVE-2015-2144
-	RESERVED
-CVE-2015-2143
-	RESERVED
-CVE-2015-2142
-	RESERVED
+CVE-2015-2148 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...)
+	TODO: check
+CVE-2015-2147 (Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker ...)
+	TODO: check
+CVE-2015-2146 (Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker ...)
+	TODO: check
+CVE-2015-2145 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...)
+	TODO: check
+CVE-2015-2144 (Multiple cross-site scriping (XSS) vulnerabilities in Issuetracker ...)
+	TODO: check
+CVE-2015-2143 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2015-2142 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
 CVE-2015-2141 (The InvertibleRWFunction::CalculateInverse function in rw.cpp in ...)
 	{DSA-3296-1 DLA-262-1}
 	- libcrypto++ 5.6.1-7
@@ -93702,8 +93708,8 @@
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
 CVE-2015-1829 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
-CVE-2015-1828
-	RESERVED
+CVE-2015-1828 (The Ruby http gem before 0.7.3 does not verify hostnames in SSL ...)
+	TODO: check
 CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in FreeIPA ...)
 	- freeipa <not-affected> (Only affects 4.1, see bug #781224)
 	NOTE: https://fedorahosted.org/freeipa/ticket/4908
@@ -95004,8 +95010,8 @@
 	NOT-FOR-US: Little forum
 CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum before 2.3.4 ...)
 	NOT-FOR-US: Little forum
-CVE-2015-1429
-	RESERVED
+CVE-2015-1429 (Directory traversal vulnerability in Cybele Software Thinfinity Remote ...)
+	TODO: check
 CVE-2015-1428 (Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow ...)
 	NOT-FOR-US: Sefrengo
 CVE-2015-1427 (The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x ...)
@@ -100664,8 +100670,7 @@
 	- libapache2-mod-cluster <itp> (bug #731410)
 CVE-2015-0297 (Red Hat JBoss Operations Network 3.3.1 does not properly restrict ...)
 	NOT-FOR-US: RHQ
-CVE-2015-0296
-	RESERVED
+CVE-2015-0296 (The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged ...)
 	- texlive-base <not-affected> (Specific to Red Hat packaging/postinst)
 CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly calculate ...)
 	{DLA-210-1}
@@ -101512,8 +101517,8 @@
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d need
 	NOTE: to be backported to 3.4
-CVE-2014-8957
-	RESERVED
+CVE-2014-8957 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 ...)
+	TODO: check
 CVE-2014-8956 (Stack-based buffer overflow in the K7Sentry.sys kernel mode driver ...)
 	NOT-FOR-US: K7 Computing
 CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form Clean and ...)

More information about the Secure-testing-commits mailing list