automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@49385 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-03-03 09:10:17 +0000
committer: security tracker role <sectracker@debian.org> 2017-03-03 09:10:17 +0000
commit: babc0ab7ca3d7969ed8a96014ac0bc7299e21882 (patch)
tree: e70ef3a39c3ad2fe4e17002fd20126ffad52b197
parent: 8b8b7c473176bbb69652350cfd4e3a10a5d69371 (diff)
3 files changed, 26 insertions, 24 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index f71a3834b2..2e3f31d842 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,3 +1,5 @@
+CVE-2002-2447
+	RESERVED
 CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password ...)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index d56c608f15..1a503cd579 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1213,8 +1213,8 @@ CVE-2016-9893
 	- icedove 1:45.6.0-2
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9893
-CVE-2016-9892
-	RESERVED
+CVE-2016-9892 (The esets_daemon service in ESET Endpoint Antivirus for macOS before ...)
+	TODO: check
 CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and ...)
 	- dotclear <removed>
 CVE-2016-9890
@@ -2710,8 +2710,7 @@ CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporar
 	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
 	- tomcat6 6.0.41-3
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
-CVE-2016-10071 [mat file out of bound]
-	RESERVED
+CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
@@ -2726,8 +2725,7 @@ CVE-2016-10070 [mat file out of bound]
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-10069 [Add check for invalid mat file]
-	RESERVED
+CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
@@ -2751,8 +2749,7 @@ CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master)
-CVE-2016-10068 [Prevent fault in MSL interpreter]
-	RESERVED
+CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote ...)
 	{DLA-756-1}
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
@@ -2765,8 +2762,7 @@ CVE-2016-10058 [Fixed memory leak in psd file handling]
 	[wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-10067
-	RESERVED
+CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
@@ -2785,20 +2781,17 @@ CVE-2016-10065 [Fix out of bound read in viff file handling]
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-10064 [Better check for bufferoverflow for TIFF handling]
-	RESERVED
+CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845202)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-10063 [Check validity of extend during TIFF file reading]
-	RESERVED
+CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845198)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-10062 [fwrite issue in ReadGROUP4Image]
-	RESERVED
+CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not ...)
 	{DSA-3799-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
@@ -2818,8 +2811,7 @@ CVE-2016-10061
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-10060
-	RESERVED
+CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ...)
 	{DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 57e0082e05..7ee8bba814 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,11 @@
+CVE-2017-6446
+	RESERVED
+CVE-2017-6445
+	RESERVED
+CVE-2017-6444
+	RESERVED
+CVE-2017-6443
+	RESERVED
 CVE-2017-XXXX [dns: out of bound memory read]
 	- suricata <unfixed>
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2022
@@ -828,12 +836,12 @@ CVE-2017-6106
 	RESERVED
 CVE-2017-6105
 	RESERVED
-CVE-2017-6104
-	RESERVED
-CVE-2017-6103
-	RESERVED
-CVE-2017-6102
-	RESERVED
+CVE-2017-6104 (Remote file upload vulnerability in Wordpress Plugin Mobile App Native ...)
+	TODO: check
+CVE-2017-6103 (Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. ...)
+	TODO: check
+CVE-2017-6102 (Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. ...)
+	TODO: check
 CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in ...)
 	- atheme-services 7.2.9-1 (bug #855588)
 	[jessie] - atheme-services <not-affected> (versions prior to 7.2.7 not vulnerable)
author	security tracker role <sectracker@debian.org>	2017-03-03 09:10:17 +0000
committer	security tracker role <sectracker@debian.org>	2017-03-03 09:10:17 +0000
commit	babc0ab7ca3d7969ed8a96014ac0bc7299e21882 (patch)
tree	e70ef3a39c3ad2fe4e17002fd20126ffad52b197
parent	8b8b7c473176bbb69652350cfd4e3a10a5d69371 (diff)