[Secure-testing-commits] r56949 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Oct 24 21:10:15 UTC 2017 

Author: sectracker
Date: 2017-10-24 21:10:15 +0000 (Tue, 24 Oct 2017)
New Revision: 56949

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-24 20:38:27 UTC (rev 56948)
+++ data/CVE/list	2017-10-24 21:10:15 UTC (rev 56949)
@@ -1,4 +1,28 @@
-CVE-2017-15863
+CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an ...)
+	TODO: check
+CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2.c ...)
+	TODO: check
+CVE-2017-15872 (phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and ...)
+	TODO: check
+CVE-2017-15871 (** DISPUTED ** The deserialize function in serialize-to-js through ...)
+	TODO: check
+CVE-2017-15870
+	RESERVED
+CVE-2017-15869
+	RESERVED
+CVE-2017-15868
+	RESERVED
+CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2017-15866
+	RESERVED
+CVE-2017-15865
+	RESERVED
+CVE-2017-15864
+	RESERVED
+CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" ...)
+	TODO: check
+CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin ...)
 	NOT-FOR-US: WordPress plugin wp-noexternallinks
 CVE-2017-15862
 	RESERVED
@@ -649,6 +673,7 @@
 CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id ...)
 	NOT-FOR-US: zorovavi/blog
 CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in ...)
+	{DSA-4006-1}
 	- mupdf <unfixed> (bug #879055)
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
@@ -1483,10 +1508,10 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0
 CVE-2017-15224
 	RESERVED
-CVE-2017-15223
-	RESERVED
-CVE-2017-15222
-	RESERVED
+CVE-2017-15223 (Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 ...)
+	TODO: check
+CVE-2017-15222 (Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows ...)
+	TODO: check
 CVE-2017-15221 (ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a ...)
 	NOT-FOR-US: ASX to MP3 converter
 CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer ...)
@@ -1593,8 +1618,7 @@
 	NOTE: https://github.com/Cacti/cacti/issues/1010
 	NOTE: https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
 	NOTE: https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d
-CVE-2017-15186 [Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder]
-	RESERVED
+CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ...)
 	- ffmpeg <undetermined>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
 	TODO: check
@@ -1854,6 +1878,7 @@
 	NOTE: https://pagure.io/koji/issue/563
 	NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
 CVE-2017-1000257 [curl: IMAP FETCH response out of bounds read]
+	{DLA-1143-1}
 	- curl 7.56.1-1
 	NOTE: https://curl.haxx.se/docs/adv_20171023.html
 CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for clients]
@@ -2955,13 +2980,11 @@
 	RESERVED
 CVE-2017-14697
 	RESERVED
-CVE-2017-14696 [Remote DoS via crated authentication request]
-	RESERVED
+CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and ...)
 	- salt <unfixed> (bug #879090)
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/89e084bda356739de645c15e7d1968afebdcc56e (2016.11)
-CVE-2017-14695 [Directory traversal in minion id validation]
-	RESERVED
+CVE-2017-14695 (Directory traversal vulnerability in minion id validation in SaltStack ...)
 	- salt <unfixed> (bug #879089)
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/206ae23f15cb7ec95a07dee4cbe9802da84f9c42 (2016.11)
@@ -2980,14 +3003,17 @@
 CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
 	NOT-FOR-US: STDU Viewer
 CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...)
+	{DSA-4006-1}
 	- mupdf 1.11+ds1-1.1 (bug #877379)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
 CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...)
+	{DSA-4006-1}
 	- mupdf 1.11+ds1-1.1 (bug #877379)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698540
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
 CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...)
+	{DSA-4006-1}
 	- mupdf 1.11+ds1-1.1 (bug #877379)
 	[wheezy] - mupdf <not-affected> (vulnerable code not present)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539
@@ -86178,14 +86204,14 @@
 	- tomcat6 6.0.41-3
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
 	NOTE: Fixed in 6.0.45, 7.0.65, 8.0.27
-CVE-2015-5173
-	RESERVED
-CVE-2015-5172
-	RESERVED
-CVE-2015-5171
-	RESERVED
-CVE-2015-5170
-	RESERVED
+CVE-2015-5173 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and ...)
+	TODO: check
+CVE-2015-5172 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and ...)
+	TODO: check
+CVE-2015-5171 (The password change functionality in Cloud Foundry Runtime cf-release ...)
+	TODO: check
+CVE-2015-5170 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and ...)
+	TODO: check
 CVE-2015-5169 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
 	- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
 CVE-2015-5168 (Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...)
@@ -124374,8 +124400,7 @@
 	NOT-FOR-US: Paratrooper Newrelic Ruby Gem
 CVE-2014-1233 (The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to ...)
 	NOT-FOR-US: Paratrooper Pingdom Ruby Gem
-CVE-2014-1203
-	RESERVED
+CVE-2014-1203 (The get_login_ip_config_file function in Eyou Mail System before 3.6 ...)
 	NOT-FOR-US: Eyou Mail System
 CVE-2014-0979 (The start_authentication function in lightdm-gtk-greeter.c in LightDM ...)
 	- lightdm-gtk-greeter 1.6.1-5 (bug #734472)
@@ -125025,8 +125050,8 @@
 	RESERVED
 CVE-2014-0692
 	RESERVED
-CVE-2014-0691
-	RESERVED
+CVE-2014-0691 (Cisco WebEx Meetings Server before 1.1 uses meeting IDs with ...)
+	TODO: check
 CVE-2014-0690
 	RESERVED
 CVE-2014-0689
@@ -136508,8 +136533,7 @@
 CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...)
 	- php5 <removed> (unimportant)
 	NOTE: exploitable by malicious scripts only
-CVE-2013-3734 [Datasource password visible to administrator]
-	RESERVED
+CVE-2013-3734 (** DISPUTED ** The Embedded Jopr component in JBoss Application Server ...)
 	NOT-FOR-US: Embedded Jopr
 CVE-2013-3733
 	RESERVED

More information about the Secure-testing-commits mailing list