automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@53390 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 22 insertions, 18 deletions

diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 4a506c023d..0efbbaa528 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1445,7 +1445,7 @@ CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 al
 	NOT-FOR-US: PHProjekt
 CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
 	NOT-FOR-US: PHProjekt
-CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...)
+CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ...)
 	NOT-FOR-US: PHProjekt
 CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
 	NOT-FOR-US: PHProjekt
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index eb7d31affc..56d93210c1 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -10344,7 +10344,7 @@ CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libU
 	- uim 1:0.4.6beta2-1
 CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
 	NOT-FOR-US: Xinkaa
-CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...)
+CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to ...)
 	NOT-FOR-US: Bontago
 CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
 	NOT-FOR-US: MSIE6
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 5a50d610ba..3978a71b21 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -13933,7 +13933,7 @@ CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...)
 	NOT-FOR-US: Sauerbraten / cube engine
 CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...)
 	NOT-FOR-US: logIT
-CVE-2006-1098 (** DISPUTED ** ...)
+CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce ...)
 	NOT-FOR-US: NZ Ecommerce
 CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...)
 	NOT-FOR-US: Woltlab Burning Board
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index ab05ef03c1..7d0de10178 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -22371,7 +22371,7 @@ CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace
 	NOT-FOR-US: IBM
 CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a ...)
 	NOT-FOR-US: IBM
-CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends password ...)
+CVE-2016-3052 (Under non-standard configurations, IBM WebSphere MQ might send ...)
 	NOT-FOR-US: IBM
 CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...)
 	NOT-FOR-US: IBM
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 46b62d45ab..b58d8a34fc 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,7 @@
+CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in ...)
+	TODO: check
+CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...)
+	TODO: check
 CVE-2017-11169
 	RESERVED
 CVE-2017-11168
@@ -1262,7 +1266,7 @@ CVE-2017-10690
 CVE-2017-10689
 	RESERVED
 CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...)
-	{DSA-3903-1}
+	{DSA-3903-1 DLA-1022-1}
 	- tiff 4.0.8-3 (bug #866611)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
@@ -1474,8 +1478,8 @@ CVE-2017-10602
 	RESERVED
 CVE-2017-10601
 	RESERVED
-CVE-2017-10600
-	RESERVED
+CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates ...)
+	TODO: check
 CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...)
 	- ffmpeg 7:3.2.5-1
 	- libav <undetermined>
@@ -1643,7 +1647,7 @@ CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c.
 	NOTE: to see this as an issue in libjbig itself.
 	TODO: wait for futher development on upstream
 CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
-	{DSA-3903-1}
+	{DSA-3903-1 DLA-1023-1 DLA-1022-1}
 	- tiff 4.0.8-3 (bug #866113)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
@@ -8891,16 +8895,16 @@ CVE-2017-7732
 	RESERVED
 CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...)
 	NOT-FOR-US: Fortinet FortiPortal
-CVE-2017-7730
-	RESERVED
-CVE-2017-7729
-	RESERVED
-CVE-2017-7728
-	RESERVED
+CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood ...)
+	TODO: check
+CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control because ...)
+	TODO: check
+CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass leading to ...)
+	TODO: check
 CVE-2017-7727
-	RESERVED
-CVE-2017-7726
-	RESERVED
+	REJECTED
+CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation ...)
+	TODO: check
 CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during ...)
 	NOT-FOR-US: concrete5
 CVE-2017-7724
@@ -11034,7 +11038,7 @@ CVE-2017-6973 (A cross-site scripting (XSS) vulnerability in the MantisBT ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
-CVE-2017-6972 (Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and ...)
+CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an ...)
 	NOT-FOR-US: AlienVault
 CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
 	NOT-FOR-US: AlienVault