automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58969 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 111 insertions, 46 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 202b8c9aaa..67d41447cd 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,73 @@
+CVE-2018-3609
+	RESERVED
+CVE-2018-3608
+	RESERVED
+CVE-2018-3607
+	RESERVED
+CVE-2018-3606
+	RESERVED
+CVE-2018-3605
+	RESERVED
+CVE-2018-3604
+	RESERVED
+CVE-2018-3603
+	RESERVED
+CVE-2018-3602
+	RESERVED
+CVE-2018-3601
+	RESERVED
+CVE-2018-3600
+	RESERVED
+CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wireshark ...)
+	TODO: check
+CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, ...)
+	TODO: check
+CVE-2017-17933
+	RESERVED
+CVE-2017-17932
+	RESERVED
+CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17930 (PHP Scripts Mall Professional Service Script has CSRF via ...)
+	TODO: check
+CVE-2017-17929 (PHP Scripts Mall Professional Service Script has XSS via the ...)
+	TODO: check
+CVE-2017-17928 (PHP Scripts Mall Professional Service Script has SQL injection via the ...)
+	TODO: check
+CVE-2017-17927 (PHP Scripts Mall Professional Service Script allows remote attackers to ...)
+	TODO: check
+CVE-2017-17926 (PHP Scripts Mall Professional Service Script has a predicable ...)
+	TODO: check
+CVE-2017-17925 (PHP Scripts Mall Professional Service Script has XSS via the ...)
+	TODO: check
+CVE-2017-17924 (PHP Scripts Mall Professional Service Script allows remote attackers to ...)
+	TODO: check
+CVE-2017-17923
+	RESERVED
+CVE-2017-17922
+	RESERVED
+CVE-2017-17921
+	RESERVED
+CVE-2017-17920
+	RESERVED
+CVE-2017-17919
+	RESERVED
+CVE-2017-17918
+	RESERVED
+CVE-2017-17917
+	RESERVED
+CVE-2017-17916
+	RESERVED
+CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
+	TODO: check
+CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
+	TODO: check
+CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based ...)
+	TODO: check
+CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
+	TODO: check
+CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer ...)
+	TODO: check
 CVE-2017-17910
 	RESERVED
 CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the ...)
@@ -107,10 +177,10 @@ CVE-2017-17878 (An issue was discovered in Valve Steam Link build 643. Root pass
 	NOT-FOR-US: Valve Steam Link
 CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When the SSH ...)
 	NOT-FOR-US: Valve Steam Link
-CVE-2017-17876
-	RESERVED
-CVE-2017-17875
-	RESERVED
+CVE-2017-17876 (Biometric Shift Employee Management System 3.0 allows remote attackers ...)
+	TODO: check
+CVE-2017-17875 (The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the ...)
+	TODO: check
 CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file ...)
 	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
 CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the ...)
@@ -10608,8 +10678,8 @@ CVE-2017-16770
 	RESERVED
 CVE-2017-16769
 	RESERVED
-CVE-2017-16768
-	RESERVED
+CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in ...)
+	TODO: check
 CVE-2017-16767
 	RESERVED
 CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...)
@@ -21074,8 +21144,8 @@ CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/666
 CVE-2017-13057
 	RESERVED
-CVE-2017-13056
-	RESERVED
+CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might ...)
+	TODO: check
 CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
 	{DSA-3971-1 DLA-1097-1}
 	- tcpdump 4.9.2-1
@@ -25352,32 +25422,28 @@ CVE-2017-11700
 	RESERVED
 CVE-2017-11699
 	RESERVED
-CVE-2017-11698 [heap-buffer-overflow (write of size 2) in __get_page (lib/dbm/src/h_page.c:704)]
-	RESERVED
+CVE-2017-11698 (Heap-based buffer overflow in the __get_page function in ...)
 	- nss <unfixed> (bug #873259; unimportant)
 	NOTE: Issues triggered by crafted DBM databases, which would
 	NOTE: require local user access to a machine running NSS and
 	NOTE: crafting the local DBM files.
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779
-CVE-2017-11697 [Floating Point Exception in __hash_open (hash.c:229)]
-	RESERVED
+CVE-2017-11697 (The __hash_open function in hash.c:229 in Mozilla Network Security ...)
 	- nss <unfixed> (bug #873258; unimportant)
 	NOTE: Issues triggered by crafted DBM databases, which would
 	NOTE: require local user access to a machine running NSS and
 	NOTE: crafting the local DBM files.
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360900
-CVE-2017-11696 [heap-buffer-overflow (write of size 65544) in __hash_open (lib/dbm/src/hash.c:241)]
-	RESERVED
+CVE-2017-11696 (Heap-based buffer overflow in the __hash_open function in ...)
 	- nss <unfixed> (bug #873257; unimportant)
 	NOTE: Issues triggered by crafted DBM databases, which would
 	NOTE: require local user access to a machine running NSS and
 	NOTE: crafting the local DBM files.
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360778
-CVE-2017-11695 [heap-buffer-overflow (write of size 8) in alloc_segs (lib/dbm/src/hash.c:1105)]
-	RESERVED
+CVE-2017-11695 (Heap-based buffer overflow in the alloc_segs function in ...)
 	- nss <unfixed> (bug #873256; unimportant)
 	NOTE: Issues triggered by crafted DBM databases, which would
 	NOTE: require local user access to a machine running NSS and
@@ -27967,8 +28033,8 @@ CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attacker
 	NOT-FOR-US: IrfanView
 CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execute ...)
 	NOT-FOR-US: IrfanView
-CVE-2017-10910
-	RESERVED
+CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may ...)
+	TODO: check
 CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version ...)
 	NOT-FOR-US: Music Center for PC
 CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a ...)
@@ -31550,8 +31616,7 @@ CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghost
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06
 CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows ...)
 	NOT-FOR-US: Blackcat CMS
-CVE-2017-9608 [NULL pointer exception]
-	RESERVED
+CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 ...)
 	{DSA-3957-1}
 	- ffmpeg 7:3.3.3-1
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/14/1
@@ -55624,8 +55689,8 @@ CVE-2017-1700
 	RESERVED
 CVE-2017-1699
 	RESERVED
-CVE-2017-1698
-	RESERVED
+CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive ...)
+	TODO: check
 CVE-2017-1697
 	RESERVED
 CVE-2017-1696 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to ...)
@@ -56290,8 +56355,8 @@ CVE-2017-1367
 	RESERVED
 CVE-2017-1366
 	RESERVED
-CVE-2017-1365
-	RESERVED
+CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle ...)
+	TODO: check
 CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2017-1363 (IBM Team Concert (RTC) is vulnerable to cross-site scripting. This ...)
@@ -56638,8 +56703,8 @@ CVE-2017-1193 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow user
 	NOT-FOR-US: IBM
 CVE-2017-1192 (IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External ...)
 	NOT-FOR-US: IBM
-CVE-2017-1191
-	RESERVED
+CVE-2017-1191 (An undisclosed vulnerability in CLM applications (including IBM ...)
+	TODO: check
 CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could ...)
 	NOT-FOR-US: IBM
 CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is ...)
@@ -67955,8 +68020,8 @@ CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for .
 	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6915 (Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver ...)
 	NOT-FOR-US: Nvidia driver for Android
-CVE-2016-6914
-	RESERVED
+CVE-2016-6914 (Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions ...)
+	TODO: check
 CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...)
 	NOT-FOR-US: OSSIM
 CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the GD ...)
@@ -92896,8 +92961,8 @@ CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphic
 	NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
 CVE-2015-7890
 	RESERVED
-CVE-2015-7889
-	RESERVED
+CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung S6 Edge ...)
+	TODO: check
 CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...)
 	NOT-FOR-US: WifiHs20UtilityService on Samsung S6 Edge LRX22G.G925VVRU1AOE2
 CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users to list ...)
@@ -93632,14 +93697,14 @@ CVE-2015-7671
 	RESERVED
 CVE-2015-7670 (Multiple SQL injection vulnerabilities in includes/update.php in the ...)
 	NOT-FOR-US: Support Ticket System plugin for WordPress
-CVE-2015-7669
-	RESERVED
-CVE-2015-7668
-	RESERVED
-CVE-2015-7667
-	RESERVED
-CVE-2015-7666
-	RESERVED
+CVE-2015-7669 (Multiple directory traversal vulnerabilities in (1) ...)
+	TODO: check
+CVE-2015-7668 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2015-7667 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	TODO: check
+CVE-2015-7666 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
+	TODO: check
 CVE-2015-7664
 	RESERVED
 CVE-2015-7663 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
@@ -94613,8 +94678,8 @@ CVE-2015-7326 (XML External Entity (XXE) vulnerability in Milton Webdav before .
 	NOT-FOR-US: Milton Webdav
 CVE-2015-7325
 	RESERVED
-CVE-2015-7324
-	RESERVED
+CVE-2015-7324 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2015-7323 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...)
 	NOT-FOR-US: Pulse Connect Secure
 CVE-2015-7322 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...)
@@ -97390,8 +97455,8 @@ CVE-2015-6239
 	RESERVED
 CVE-2015-6238 (Multiple cross-site scripting (XSS) vulnerabilities in the Google ...)
 	NOT-FOR-US: Google Analyticator plugin for WordPress
-CVE-2015-6237
-	RESERVED
+CVE-2015-6237 (The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 ...)
+	TODO: check
 CVE-2015-6236
 	REJECTED
 CVE-2015-6235
@@ -104827,8 +104892,8 @@ CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input .
 	NOT-FOR-US: phpMyBackupPro
 CVE-2015-3638 (phpMyBackupPro before 2.5 does not validate integer input, which ...)
 	NOT-FOR-US: phpMyBackupPro
-CVE-2015-3637
-	RESERVED
+CVE-2015-3637 (SQL injection vulnerability in phpMyBackupPro when run in multi-user ...)
+	TODO: check
 CVE-2015-3635
 	RESERVED
 CVE-2015-3634 (The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function ...)
@@ -119640,8 +119705,8 @@ CVE-2014-8391 (The Web interface in Sendio before 7.2.4 does not properly handle
 	NOT-FOR-US: Sendio
 CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 ...)
 	NOT-FOR-US: Schneider Electric
-CVE-2014-8389
-	RESERVED
+CVE-2014-8389 (cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 ...)
+	TODO: check
 CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point ...)