automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@53630 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 49 insertions, 24 deletions

diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index 430656ea1e..cca642087a 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -497,7 +497,7 @@ CVE-1999-0957 (MajorCool mj_key_cache program allows local users to modify files
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain ...)
+CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers to ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0954 (WWWBoard has a default username and default password. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index c9c75ebc0a..8b70e0f08b 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -210,7 +210,7 @@ CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly
 	- proftpd 1.2.4-1
 CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
 	NOT-FOR-US: Check Point
-CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
+CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary ...)
 	NOT-FOR-US: mod_bf
 CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
 	NOT-FOR-US: Microsoft
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 299ca50667..cf87a3b51e 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -3376,7 +3376,7 @@ CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and
 	{DSA-639-1}
 	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
 	- mc 1:4.6.0-4.6.1-pre3-1
-CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...)
+CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute ...)
 	{DSA-639-1}
 	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
 	- mc 1:4.6.0-4.6.1-pre3-1
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index f2585cb205..556d554ddc 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -10609,7 +10609,7 @@ CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and
 	NOT-FOR-US: Destiney
 CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...)
 	NOT-FOR-US: Destiney
-CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...)
+CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity ...)
 	NOT-FOR-US: Ipswitch
 CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
 	NOT-FOR-US: Snitz mod
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index f2b0837436..3e38181cc8 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,29 @@
+CVE-2017-11434
+	RESERVED
+CVE-2017-11433
+	RESERVED
+CVE-2017-11432
+	RESERVED
+CVE-2017-11431
+	RESERVED
+CVE-2017-11430
+	RESERVED
+CVE-2017-11429
+	RESERVED
+CVE-2017-11428
+	RESERVED
+CVE-2017-11427
+	RESERVED
+CVE-2017-11426
+	RESERVED
+CVE-2017-11425
+	RESERVED
+CVE-2017-11424
+	RESERVED
+CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...)
+	TODO: check
+CVE-2017-11422
+	RESERVED
 CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...)
 	NOT-FOR-US: ASUS
 CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
@@ -41,7 +67,7 @@ CVE-2017-11401
 	RESERVED
 CVE-2017-11400
 	RESERVED
-CVE-2017-11421 [Thumbnail generation for MSI files executes arbitrary VBScript]
+CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...)
 	- gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
 	[stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue)
 	NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
@@ -506,7 +532,7 @@ CVE-2017-11209
 	RESERVED
 CVE-2017-1000083 [Evince command injection vulnerability in CBT handler]
 	RESERVED
-	{DSA-3911-1}
+	{DSA-3911-1 DLA-1031-1}
 	- evince 3.22.1-4
 	- atril <unfixed> (bug #868500)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
@@ -1421,10 +1447,10 @@ CVE-2017-10964
 	RESERVED
 CVE-2017-10963
 	RESERVED
-CVE-2017-10962
-	RESERVED
-CVE-2017-10961
-	RESERVED
+CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...)
+	TODO: check
+CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File ...)
+	TODO: check
 CVE-2017-10960
 	RESERVED
 CVE-2017-10959
@@ -1945,8 +1971,8 @@ CVE-2017-10710
 	RESERVED
 CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...)
 	NOT-FOR-US: Elephone P9000 devices
-CVE-2017-10708
-	RESERVED
+CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...)
+	TODO: check
 CVE-2017-10707
 	RESERVED
 CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...)
@@ -2738,7 +2764,7 @@ CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling
 	- apache2 <not-affected> (Only affected 2.4.26)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
 CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value ...)
-	{DLA-1028-1}
+	{DSA-3913-1 DLA-1028-1}
 	- apache2 2.4.27-1 (bug #868467)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
 	NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955
@@ -10331,8 +10357,7 @@ CVE-2017-7507 (GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
-CVE-2017-7506
-	RESERVED
+CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds memory ...)
 	{DSA-3907-1}
 	- spice <unfixed> (bug #868083)
 CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...)
@@ -13527,8 +13552,8 @@ CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not ensu
 	NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
 CVE-2017-6321
 	RESERVED
-CVE-2017-6320
-	RESERVED
+CVE-2017-6320 (A remote command injection vulnerability exists in the Barracuda Load ...)
+	TODO: check
 CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
 	- radare2 1.1.0+dfsg-3 (bug #856579)
 	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
@@ -16790,12 +16815,12 @@ CVE-2017-5249
 	RESERVED
 CVE-2017-5248
 	RESERVED
-CVE-2017-5247
-	RESERVED
-CVE-2017-5246
-	RESERVED
+CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in ...)
+	TODO: check
+CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS expression ...)
+	TODO: check
 CVE-2017-5245
-	RESERVED
+	REJECTED
 CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones ...)
 	NOT-FOR-US: Metasploit
 CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...)
@@ -25591,8 +25616,8 @@ CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-
 	NOT-FOR-US: IBM
 CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
 	NOT-FOR-US: IBM
-CVE-2017-1318
-	RESERVED
+CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging ...)
+	TODO: check
 CVE-2017-1317
 	RESERVED
 CVE-2017-1316