automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@59006 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 261 insertions, 11 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 044fbc0946..02a62aacc9 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,249 @@
+CVE-2018-3709
+	RESERVED
+CVE-2018-3708
+	RESERVED
+CVE-2018-3707
+	RESERVED
+CVE-2018-3706
+	RESERVED
+CVE-2018-3705
+	RESERVED
+CVE-2018-3704
+	RESERVED
+CVE-2018-3703
+	RESERVED
+CVE-2018-3702
+	RESERVED
+CVE-2018-3701
+	RESERVED
+CVE-2018-3700
+	RESERVED
+CVE-2018-3699
+	RESERVED
+CVE-2018-3698
+	RESERVED
+CVE-2018-3697
+	RESERVED
+CVE-2018-3696
+	RESERVED
+CVE-2018-3695
+	RESERVED
+CVE-2018-3694
+	RESERVED
+CVE-2018-3693
+	RESERVED
+CVE-2018-3692
+	RESERVED
+CVE-2018-3691
+	RESERVED
+CVE-2018-3690
+	RESERVED
+CVE-2018-3689
+	RESERVED
+CVE-2018-3688
+	RESERVED
+CVE-2018-3687
+	RESERVED
+CVE-2018-3686
+	RESERVED
+CVE-2018-3685
+	RESERVED
+CVE-2018-3684
+	RESERVED
+CVE-2018-3683
+	RESERVED
+CVE-2018-3682
+	RESERVED
+CVE-2018-3681
+	RESERVED
+CVE-2018-3680
+	RESERVED
+CVE-2018-3679
+	RESERVED
+CVE-2018-3678
+	RESERVED
+CVE-2018-3677
+	RESERVED
+CVE-2018-3676
+	RESERVED
+CVE-2018-3675
+	RESERVED
+CVE-2018-3674
+	RESERVED
+CVE-2018-3673
+	RESERVED
+CVE-2018-3672
+	RESERVED
+CVE-2018-3671
+	RESERVED
+CVE-2018-3670
+	RESERVED
+CVE-2018-3669
+	RESERVED
+CVE-2018-3668
+	RESERVED
+CVE-2018-3667
+	RESERVED
+CVE-2018-3666
+	RESERVED
+CVE-2018-3665
+	RESERVED
+CVE-2018-3664
+	RESERVED
+CVE-2018-3663
+	RESERVED
+CVE-2018-3662
+	RESERVED
+CVE-2018-3661
+	RESERVED
+CVE-2018-3660
+	RESERVED
+CVE-2018-3659
+	RESERVED
+CVE-2018-3658
+	RESERVED
+CVE-2018-3657
+	RESERVED
+CVE-2018-3656
+	RESERVED
+CVE-2018-3655
+	RESERVED
+CVE-2018-3654
+	RESERVED
+CVE-2018-3653
+	RESERVED
+CVE-2018-3652
+	RESERVED
+CVE-2018-3651
+	RESERVED
+CVE-2018-3650
+	RESERVED
+CVE-2018-3649
+	RESERVED
+CVE-2018-3648
+	RESERVED
+CVE-2018-3647
+	RESERVED
+CVE-2018-3646
+	RESERVED
+CVE-2018-3645
+	RESERVED
+CVE-2018-3644
+	RESERVED
+CVE-2018-3643
+	RESERVED
+CVE-2018-3642
+	RESERVED
+CVE-2018-3641
+	RESERVED
+CVE-2018-3640
+	RESERVED
+CVE-2018-3639
+	RESERVED
+CVE-2018-3638
+	RESERVED
+CVE-2018-3637
+	RESERVED
+CVE-2018-3636
+	RESERVED
+CVE-2018-3635
+	RESERVED
+CVE-2018-3634
+	RESERVED
+CVE-2018-3633
+	RESERVED
+CVE-2018-3632
+	RESERVED
+CVE-2018-3631
+	RESERVED
+CVE-2018-3630
+	RESERVED
+CVE-2018-3629
+	RESERVED
+CVE-2018-3628
+	RESERVED
+CVE-2018-3627
+	RESERVED
+CVE-2018-3626
+	RESERVED
+CVE-2018-3625
+	RESERVED
+CVE-2018-3624
+	RESERVED
+CVE-2018-3623
+	RESERVED
+CVE-2018-3622
+	RESERVED
+CVE-2018-3621
+	RESERVED
+CVE-2018-3620
+	RESERVED
+CVE-2018-3619
+	RESERVED
+CVE-2018-3618
+	RESERVED
+CVE-2018-3617
+	RESERVED
+CVE-2018-3616
+	RESERVED
+CVE-2018-3615
+	RESERVED
+CVE-2018-3614
+	RESERVED
+CVE-2018-3613
+	RESERVED
+CVE-2018-3612
+	RESERVED
+CVE-2018-3611
+	RESERVED
+CVE-2018-3610
+	RESERVED
+CVE-2017-17968
+	RESERVED
+CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...)
+	TODO: check
+CVE-2017-17966
+	RESERVED
+CVE-2017-17965
+	RESERVED
+CVE-2017-17964
+	RESERVED
+CVE-2017-17963
+	RESERVED
+CVE-2017-17962
+	RESERVED
+CVE-2017-17961
+	RESERVED
+CVE-2017-17960 (PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via ...)
+	TODO: check
+CVE-2017-17959 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17958 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+	TODO: check
+CVE-2017-17957 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17956 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+	TODO: check
+CVE-2017-17955 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+	TODO: check
+CVE-2017-17954 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+	TODO: check
+CVE-2017-17953 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php ...)
+	TODO: check
+CVE-2017-17952 (PHP Scripts Mall PHP Multivendor Ecommerce has a predicable ...)
+	TODO: check
+CVE-2017-17951 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...)
+	TODO: check
+CVE-2017-17950 (Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid ...)
+	TODO: check
+CVE-2017-17949 (Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. ...)
+	TODO: check
+CVE-2017-17948 (Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic ...)
+	TODO: check
+CVE-2017-17947
+	RESERVED
+CVE-2017-1000411
+	RESERVED
 CVE-2017-17946
 	RESERVED
 CVE-2017-17945
@@ -214,6 +460,7 @@ CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/663b3b432c202cd2aeda7ea7e82b74cce51ab1cf
 	NOTE: webp support not enabled, see #806425
 CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based ...)
+	{DSA-4074-1}
 	- imagemagick <unfixed> (bug #885125)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
@@ -5822,6 +6069,7 @@ CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the funct
 	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
+	{DSA-4074-1}
 	- imagemagick <unfixed> (bug #885340)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
@@ -5844,6 +6092,7 @@ CVE-2017-17500 (ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a ...)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
 CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a ...)
+	{DSA-4074-1}
 	- imagemagick <unfixed> (bug #885339)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
@@ -6068,6 +6317,7 @@ CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync protoco
 	[wheezy] - fossil <no-dsa> (Minor issue)
 	NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c
 CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially malformed ...)
+	{DLA-1224-1}
 	- mercurial 4.4.1-1
 	NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730
 	NOTE: https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
@@ -11291,7 +11541,7 @@ CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
 CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...)
-	{DSA-4040-1}
+	{DSA-4074-1 DSA-4040-1}
 	- imagemagick <unfixed> (bug #881392)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
@@ -13279,8 +13529,8 @@ CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extrac
 	NOT-FOR-US: Synology DiskStation Manager
 CVE-2017-15893 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
 	NOT-FOR-US: Synology File Station
-CVE-2017-15892
-	RESERVED
+CVE-2017-15892 (Multiple cross-site scripting (XSS) vulnerabilities in Slash Command ...)
+	TODO: check
 CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in ...)
 	NOT-FOR-US: Synology Calendar
 CVE-2017-15890 (Cross-site scripting (XSS) vulnerability in Disclaimer in Synology ...)
@@ -13291,8 +13541,8 @@ CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radi
 	NOT-FOR-US: Synology
 CVE-2017-15887 (An improper restriction of excessive authentication attempts ...)
 	NOT-FOR-US: Synology
-CVE-2017-15886
-	RESERVED
+CVE-2017-15886 (Server-side request forgery (SSRF) vulnerability in Link Preview in ...)
+	TODO: check
 CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Network ...)
 	NOT-FOR-US: Axis
 CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
@@ -13695,7 +13945,7 @@ CVE-2017-15713
 CVE-2017-15712
 	RESERVED
 CVE-2017-15711
-	RESERVED
+	REJECTED
 CVE-2017-15710
 	RESERVED
 CVE-2017-15709
@@ -13807,8 +14057,8 @@ CVE-2017-15669
 	RESERVED
 CVE-2017-15668
 	RESERVED
-CVE-2017-15667
-	RESERVED
+CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a ...)
+	TODO: check
 CVE-2017-15666
 	RESERVED
 CVE-2017-15665
@@ -22328,7 +22578,7 @@ CVE-2014-10043
 CVE-2014-10039
 	RESERVED
 CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c ...)
-	{DSA-4040-1 DLA-1081-1}
+	{DSA-4074-1 DSA-4040-1 DLA-1081-1}
 	- imagemagick <unfixed> (bug #872373)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
@@ -44482,8 +44732,8 @@ CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF vi
 	NOT-FOR-US: Apache Camel
 CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server ...)
 	NOT-FOR-US: Apache Ambari
-CVE-2017-5641
-	RESERVED
+CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not ...)
+	TODO: check
 CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...)
 	NOT-FOR-US: Impala
 CVE-2017-5639