[Secure-testing-commits] r56074 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Sep 23 21:10:14 UTC 2017 

Author: sectracker
Date: 2017-09-23 21:10:14 +0000 (Sat, 23 Sep 2017)
New Revision: 56074

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-23 20:56:50 UTC (rev 56073)
+++ data/CVE/list	2017-09-23 21:10:14 UTC (rev 56074)
@@ -1,4 +1,22 @@
-CVE-2017-14727 [crash in logger plugin when converting date/time specifiers in file mask]
+CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site ...)
+	TODO: check
+CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open redirect ...)
+	TODO: check
+CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...)
+	TODO: check
+CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and additional ...)
+	TODO: check
+CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal attack in ...)
+	TODO: check
+CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting in the ...)
+	TODO: check
+CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...)
+	TODO: check
+CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory traversal ...)
+	TODO: check
+CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a Cross-Site ...)
+	TODO: check
+CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash ...)
 	- weechat <unfixed> (bug #876553)
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
 CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks ...)
@@ -223,8 +241,8 @@
 CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the ...)
 	- sam2p <removed>
 	NOTE: https://github.com/pts/sam2p/issues/14
-CVE-2017-14627
-	RESERVED
+CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
+	TODO: check
 CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/720
@@ -1464,6 +1482,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
 CVE-2017-14176 [bzr+ssh URLs don't strip SSH options]
 	RESERVED
+	{DLA-1107-1}
 	- bzr 2.7.0+bzr6622-7 (bug #874429)
 	NOTE: https://bugs.launchpad.net/bzr/+bug/1710979
 CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...)
@@ -137223,6 +137242,7 @@
 CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage ...)
 	NOT-FOR-US: Gentoo Portage binary package installer
 CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname ...)
+	{DLA-1107-1}
 	- python2.7 2.7.5-5 (low; bug #709066)
 	[wheezy] - python2.7 <not-affected> (Backport was introduced in 2.7.3-11)
 	- linkchecker 8.5-1 (low; bug #709067)

More information about the Secure-testing-commits mailing list