automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@56576 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 26 insertions, 32 deletions

diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 7356c4a893..0181ecba4c 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -6,8 +6,7 @@ CVE-2008-7316 (mm/filemap.c in the Linux kernel before 2.6.25 allows local users
 	- linux <not-affected> (Issue fixed before the src:linux-2.6 rename)
 	- linux-2.6 2.6.25-1
 	NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1)
-CVE-2008-7315 [Shell escape vulnerability]
-	RESERVED
+CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute ...)
 	- libui-dialog-perl <unfixed> (bug #496448)
 	[jessie] - libui-dialog-perl <no-dsa> (Minor issue)
 	[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index aa9cc34802..c5a73ffae5 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -3165,8 +3165,7 @@ CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a denia
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449
 	NOTE: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401
 	NOTE: fixed in experimental with 1:4.4.0~beta1-1
-CVE-2014-9092
-	RESERVED
+CVE-2014-9092 (libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial ...)
 	- libjpeg-turbo 1:1.3.1-11 (bug #768369)
 CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the Linux ...)
 	{DSA-3093-1 DLA-103-1}
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 5c1835b64a..e0ab8af81b 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -3486,8 +3486,7 @@ CVE-2015-8241 (The xmlNextChar function in libxml2 2.9.2 does not properly check
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
 	NOTE: Introduced/Uncovered by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/17/5
-CVE-2015-8239 [race condition checking digests/checksums in sudoers]
-	RESERVED
+CVE-2015-8239 (The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 ...)
 	- sudo 1.8.17p1-1 (bug #805563)
 	[jessie] - sudo <no-dsa> (Minor issue)
 	[wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
@@ -4832,8 +4831,8 @@ CVE-2015-7780 (Directory traversal vulnerability in ManageEngine Firewall Analyz
 	NOT-FOR-US: ManageEngine Firewall Analyzer
 CVE-2015-7779
 	REJECTED
-CVE-2015-7778
-	RESERVED
+CVE-2015-7778 (Gurunavi App for iOS before 6.0.0 does not verify SSL certificates ...)
+	TODO: check
 CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest ...)
 	NOT-FOR-US: JosephErnest Void
 CVE-2015-7776 (Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict ...)
@@ -5727,8 +5726,7 @@ CVE-2015-7504 [net: pcnet: heap overflow vulnerability in loopback mode]
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html
 	NOTE: Xen not affected in wheezy, CVE covered by XSA-162: https://marc.info/?l=oss-security&m=144888089404618&w=2
-CVE-2015-7503 [Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey]
-	RESERVED
+CVE-2015-7503 (Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before ...)
 	NOT-FOR-US: php-zend-crypt
 	NOTE: http://framework.zend.com/security/advisory/ZF2015-10
 CVE-2015-7502 (Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms ...)
@@ -5984,8 +5982,7 @@ CVE-2015-7386 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Gallery - Photo Albums - Portfolio plugin for WordPress
 CVE-2015-7385 (Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard ...)
 	NOT-FOR-US: Open-Xchange
-CVE-2015-7384 [HTTP Denial of Service Vulnerability]
-	RESERVED
+CVE-2015-7384 (Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a ...)
 	- nodejs 4.1.1~dfsg-3 (bug #800580)
 	[jessie] - nodejs <not-affected> (Vulnerability not present)
 	NOTE: https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I
@@ -7148,8 +7145,7 @@ CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the
 	NOT-FOR-US: sourceAFRICA plugin for WordPress
 CVE-2015-6919 (Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) ...)
 	NOT-FOR-US: googleSearch (CSE) component for Joomla!
-CVE-2015-6918 [git module leaks authentication details into log]
-	RESERVED
+CVE-2015-6918 (salt before 2015.5.5 leaks git usernames and passwords to the log. ...)
 	- salt 2015.8.1+ds-1 (bug #803182)
 	[jessie] - salt <no-dsa> (Minor issue)
 	NOTE: https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a
@@ -8288,8 +8284,8 @@ CVE-2015-6527 (The php_str_replace_in_subject function in ext/standard/string.c
 	- php5 <not-affected> (Specific to PHP 7)
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
 	NOTE: https://bugs.php.net/bug.php?id=70140
-CVE-2015-6521
-	RESERVED
+CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS ...)
+	TODO: check
 CVE-2015-6519 (SQL injection vulnerability in Arab Portal 3 allows remote attackers ...)
 	NOT-FOR-US: Arab Portal 3
 CVE-2015-6518 (Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin ...)
@@ -10410,8 +10406,7 @@ CVE-2015-5677 (bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readab
 	NOT-FOR-US: bsnmpd
 CVE-2015-5676
 	RESERVED
-CVE-2015-5675 [IRET privilege escalation]
-	RESERVED
+CVE-2015-5675 (The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 ...)
 	- kfreebsd-10 10.1~svn274115-10 (unimportant; bug #796996)
 	NOTE: kfreebsd not covered by security support in Jessie
 	- kfreebsd-9 <removed> (bug #796997)
@@ -10497,8 +10492,8 @@ CVE-2015-5641 (SQL injection vulnerability in baserCMS before 3.0.8 allows remot
 	NOT-FOR-US: baserCMS
 CVE-2015-5640 (baserCMS before 3.0.8 allows remote authenticated users to modify ...)
 	NOT-FOR-US: baserCMS
-CVE-2015-5639
-	RESERVED
+CVE-2015-5639 (niconico App for iOS before 6.38 does not verify SSL certificates ...)
+	TODO: check
 CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...)
 	NOT-FOR-US: H2O
 CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows ...)
@@ -18085,8 +18080,8 @@ CVE-2015-2990 (Directory traversal vulnerability in zhtml.cgi in NEOJAPAN deskne
 	NOT-FOR-US: desknet NEO
 CVE-2015-2989 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...)
 	NOT-FOR-US: LEMON-S
-CVE-2015-2988
-	RESERVED
+CVE-2015-2988 (Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL ...)
+	TODO: check
 CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, ...)
 	NOT-FOR-US: Type74 ED
 CVE-2015-2986 (Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji ...)
@@ -18351,8 +18346,8 @@ CVE-2015-2858 (Datalex airline booking software before 2015-09-03 allows remote
 	NOT-FOR-US: Datalex airline booking software
 CVE-2015-2857 (Accellion File Transfer Appliance before FTA_9_11_210 allows remote ...)
 	NOT-FOR-US: Accellion File Transfer Appliance
-CVE-2015-2856
-	RESERVED
+CVE-2015-2856 (Directory traversal vulnerability in the template function in ...)
+	TODO: check
 CVE-2015-2855 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...)
 	NOT-FOR-US: Blue Coat SSL Visibility Appliance
 CVE-2015-2854 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 471fc940cf..405a4c32db 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,5 @@
+CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete ...)
+	TODO: check
 CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated ...)
 	- shaarli <itp> (bug #864559)
 CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...)
@@ -4118,8 +4120,8 @@ CVE-2017-13708 (Buffer overflow in the web server service in VX Search Enterpris
 	NOT-FOR-US: VX Search Enterprise
 CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version ...)
 	NOT-FOR-US: Replibit
-CVE-2017-13706
-	RESERVED
+CVE-2017-13706 (XML external entity (XXE) vulnerability in the import package ...)
+	TODO: check
 CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...)
 	- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
 	[stretch] - flightgear <no-dsa> (Minor issue)
@@ -6143,10 +6145,10 @@ CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer ...
 	{DLA-1117-1}
 	- opencv <unfixed> (bug #875342)
 	NOTE: https://github.com/opencv/opencv/issues/9370
-CVE-2017-12861
-	RESERVED
-CVE-2017-12860
-	RESERVED
+CVE-2017-12861 (The Epson &quot;EasyMP&quot; software (tested on version 2.86) is designed to ...)
+	TODO: check
+CVE-2017-12860 (The Epson &quot;EasyMP&quot; software (tested on version 2.86) is designed to ...)
+	TODO: check
 CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...)
 	NOT-FOR-US: NetApp
 CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in ...)
@@ -6817,8 +6819,7 @@ CVE-2017-12625
 	RESERVED
 CVE-2017-12624
 	RESERVED
-CVE-2017-12623
-	RESERVED
+CVE-2017-12623 (An authorized user could upload a template which contained malicious ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2017-12622
 	RESERVED