automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@57437 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-11-08 09:10:21 +0000
committer: security tracker role <sectracker@debian.org> 2017-11-08 09:10:21 +0000
commit: deb774bd85189e7847a44e2c9d1962ba44011e75 (patch)
tree: 675e857ebb5d3cba922689184733177ef353df34
parent: 9000a20dc91bacdbf5f2b39fe9ca0b9598640533 (diff)
3 files changed, 54 insertions, 13 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 77c3b5fc63..3801f6c3f5 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,4 +1,4 @@
-CVE-2008-7319 [command injection via crafted arguments]
+CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not ...)
 	- libnet-ping-external-perl <unfixed> (bug #881097)
 	[stretch] - libnet-ping-external-perl <no-dsa> (Remove in next point update)
 	[jessie] - libnet-ping-external-perl <no-dsa> (Remove in next point update)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index dc982fc725..882a1bd579 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -29711,8 +29711,8 @@ CVE-2016-0874
 	RESERVED
 CVE-2016-0873
 	RESERVED
-CVE-2016-0872
-	RESERVED
+CVE-2016-0872 (A Plaintext Storage of a Password issue was discovered in Kabona AB ...)
+	TODO: check
 CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
 	NOT-FOR-US: Eaton Lighting EG2 Web Control
 CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows remote ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 510b9b8030..f2b54af588 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,7 +1,47 @@
-CVE-2017-16661 [Local File Read]
+CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-based ...)
+	TODO: check
+CVE-2017-16662
+	RESERVED
+CVE-2017-16659 (The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows ...)
+	TODO: check
+CVE-2017-16658
+	RESERVED
+CVE-2017-16657
+	RESERVED
+CVE-2017-16656
+	RESERVED
+CVE-2017-16655
+	RESERVED
+CVE-2017-16654
+	RESERVED
+CVE-2017-16653
+	RESERVED
+CVE-2017-16652
+	RESERVED
+CVE-2017-16651
+	RESERVED
+CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux ...)
+	TODO: check
+CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...)
+	TODO: check
+CVE-2017-16648 (The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c ...)
+	TODO: check
+CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 ...)
+	TODO: check
+CVE-2017-16646 (drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through ...)
+	TODO: check
+CVE-2017-16645 (The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c ...)
+	TODO: check
+CVE-2017-16644 (The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the ...)
+	TODO: check
+CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c ...)
+	TODO: check
+CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an ...)
+	TODO: check
+CVE-2017-16661 (Cacti 1.1.27 allows remote authenticated administrators to read ...)
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/issues/1066
-CVE-2017-16660 [RCE]
+CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to conduct ...)
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/issues/1066
 CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...)
@@ -52,14 +92,14 @@ CVE-2017-16620
 	RESERVED
 CVE-2017-16619
 	RESERVED
-CVE-2017-16618
-	RESERVED
+CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading functionality ...)
+	TODO: check
 CVE-2017-16617
 	RESERVED
-CVE-2017-16616
-	RESERVED
-CVE-2017-16615
-	RESERVED
+CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing functionality ...)
+	TODO: check
+CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...)
+	TODO: check
 CVE-2017-16614
 	RESERVED
 CVE-2017-16613
@@ -166,8 +206,8 @@ CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen o
 	NOT-FOR-US: Vonage
 CVE-2017-16562
 	RESERVED
-CVE-2017-16561
-	RESERVED
+CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 is ...)
+	TODO: check
 CVE-2017-16560
 	RESERVED
 CVE-2017-16559
@@ -2387,6 +2427,7 @@ CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via th
 CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho) ...)
 	NOT-FOR-US: IDEMIA
 CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD Slurm ...)
+	{DSA-4023-1}
 	- slurm-llnl 17.02.9-1 (bug #880530)
 	[jessie] - slurm-llnl <not-affected> (Vulnerable code introduced later)
 	[wheezy] - slurm-llnl <not-affected> (Vulnerable code introduced later)
author	security tracker role <sectracker@debian.org>	2017-11-08 09:10:21 +0000
committer	security tracker role <sectracker@debian.org>	2017-11-08 09:10:21 +0000
commit	deb774bd85189e7847a44e2c9d1962ba44011e75 (patch)
tree	675e857ebb5d3cba922689184733177ef353df34
parent	9000a20dc91bacdbf5f2b39fe9ca0b9598640533 (diff)