diff options
author | security tracker role <sectracker@debian.org> | 2017-07-11 21:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-07-11 21:10:16 +0000 |
commit | b8f619717e3ab0c8f5c5e58499f560a57be3fede (patch) | |
tree | 3873a0d603ae5078693704cc8c36196bbf3e7024 | |
parent | 66b7df450c7aa1ae7454f5801e52a89f8a68aebe (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@53390 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2002.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 2 | ||||
-rw-r--r-- | data/CVE/2006.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 2 | ||||
-rw-r--r-- | data/CVE/2017.list | 32 |
5 files changed, 22 insertions, 18 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 4a506c023d..0efbbaa528 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1445,7 +1445,7 @@ CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 al NOT-FOR-US: PHProjekt CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...) NOT-FOR-US: PHProjekt -CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...) +CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ...) NOT-FOR-US: PHProjekt CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...) NOT-FOR-US: PHProjekt diff --git a/data/CVE/2005.list b/data/CVE/2005.list index eb7d31affc..56d93210c1 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -10344,7 +10344,7 @@ CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libU - uim 1:0.4.6beta2-1 CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...) NOT-FOR-US: Xinkaa -CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...) +CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to ...) NOT-FOR-US: Bontago CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) NOT-FOR-US: MSIE6 diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 5a50d610ba..3978a71b21 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -13933,7 +13933,7 @@ CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...) NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...) NOT-FOR-US: logIT -CVE-2006-1098 (** DISPUTED ** ...) +CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce ...) NOT-FOR-US: NZ Ecommerce CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...) NOT-FOR-US: Woltlab Burning Board diff --git a/data/CVE/2016.list b/data/CVE/2016.list index ab05ef03c1..7d0de10178 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -22371,7 +22371,7 @@ CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace NOT-FOR-US: IBM CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a ...) NOT-FOR-US: IBM -CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends password ...) +CVE-2016-3052 (Under non-standard configurations, IBM WebSphere MQ might send ...) NOT-FOR-US: IBM CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...) NOT-FOR-US: IBM diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 46b62d45ab..b58d8a34fc 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,7 @@ +CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in ...) + TODO: check +CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...) + TODO: check CVE-2017-11169 RESERVED CVE-2017-11168 @@ -1262,7 +1266,7 @@ CVE-2017-10690 CVE-2017-10689 RESERVED CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...) - {DSA-3903-1} + {DSA-3903-1 DLA-1022-1} - tiff 4.0.8-3 (bug #866611) - tiff3 <removed> [wheezy] - tiff3 <not-affected> (vulnerable code not present) @@ -1474,8 +1478,8 @@ CVE-2017-10602 RESERVED CVE-2017-10601 RESERVED -CVE-2017-10600 - RESERVED +CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates ...) + TODO: check CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...) - ffmpeg 7:3.2.5-1 - libav <undetermined> @@ -1643,7 +1647,7 @@ CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. NOTE: to see this as an issue in libjbig itself. TODO: wait for futher development on upstream CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...) - {DSA-3903-1} + {DSA-3903-1 DLA-1023-1 DLA-1022-1} - tiff 4.0.8-3 (bug #866113) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706 @@ -8891,16 +8895,16 @@ CVE-2017-7732 RESERVED CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...) NOT-FOR-US: Fortinet FortiPortal -CVE-2017-7730 - RESERVED -CVE-2017-7729 - RESERVED -CVE-2017-7728 - RESERVED +CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood ...) + TODO: check +CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control because ...) + TODO: check +CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass leading to ...) + TODO: check CVE-2017-7727 - RESERVED -CVE-2017-7726 - RESERVED + REJECTED +CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation ...) + TODO: check CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during ...) NOT-FOR-US: concrete5 CVE-2017-7724 @@ -11034,7 +11038,7 @@ CVE-2017-6973 (A cross-site scripting (XSS) vulnerability in the MantisBT ...) - mantis <removed> [wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS) NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4 -CVE-2017-6972 (Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and ...) +CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an ...) NOT-FOR-US: AlienVault CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...) NOT-FOR-US: AlienVault |