automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@56385 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 48 insertions, 22 deletions

diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 7ab57fd6f0..bd80d591a3 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -806,7 +806,7 @@ CVE-2008-6978 (Unrestricted file upload vulnerability in Full Revolution aspWebA
 	NOT-FOR-US: aspWebAlbum
 CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full ...)
 	NOT-FOR-US: aspWebAlbum
-CVE-2008-6976 (MicroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...)
+CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...)
 	NOT-FOR-US: MicroTik RouterOS
 CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: DD-WRT
@@ -15546,7 +15546,7 @@ CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew p
 	NOT-FOR-US: Wordspew plugin for Wordpress
 CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...)
 	NOT-FOR-US: PHPShop
-CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to ...)
+CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to ...)
 	NOT-FOR-US: MicroTik RouterOS
 CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...)
 	NOT-FOR-US: BlogPHP
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 9df3b282d2..5dde86b3a8 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,31 @@
+CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and ...)
+	TODO: check
+CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the ...)
+	TODO: check
+CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected ...)
+	TODO: check
+CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...)
+	TODO: check
+CVE-2017-15007
+	RESERVED
+CVE-2017-15006
+	RESERVED
+CVE-2017-15005
+	RESERVED
+CVE-2017-15004
+	RESERVED
+CVE-2017-15003
+	RESERVED
+CVE-2017-15002
+	RESERVED
+CVE-2017-15001
+	RESERVED
+CVE-2017-15000
+	RESERVED
+CVE-2017-14999
+	RESERVED
+CVE-2017-14998
+	RESERVED
 CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...)
 	- graphicsmagick <unfixed>
 	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
@@ -5467,7 +5495,7 @@ CVE-2017-12885
 	RESERVED
 CVE-2017-12884
 	RESERVED
-CVE-2017-12883 (Buffer overflow in the regular expression parser in PERL before ...)
+CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...)
 	{DSA-3982-1}
 	- perl 5.26.0-8 (bug #875597)
 	[wheezy] - perl <not-affected> (Vulnerable code introduced later)
@@ -5612,7 +5640,7 @@ CVE-2017-12839
 	RESERVED
 CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...)
 	NOT-FOR-US: NexusPHP
-CVE-2017-12837 (Heap-based buffer overflow in the regular expression compiler in PERL ...)
+CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in ...)
 	{DSA-3982-1}
 	- perl 5.26.0-8 (bug #875596)
 	[wheezy] - perl <not-affected> (Vulnerable code introduced after 5.14.4)
@@ -5646,16 +5674,16 @@ CVE-2017-12824
 	RESERVED
 CVE-2017-12823
 	RESERVED
-CVE-2017-12822
-	RESERVED
-CVE-2017-12821
-	RESERVED
-CVE-2017-12820
-	RESERVED
-CVE-2017-12819
-	RESERVED
-CVE-2017-12818
-	RESERVED
+CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...)
+	TODO: check
+CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel ...)
+	TODO: check
+CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in Gemalto's HASP ...)
+	TODO: check
+CVE-2017-12819 (Remote manipulations with language pack updater lead to NTLM-relay ...)
+	TODO: check
+CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel ...)
+	TODO: check
 CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the ...)
 	NOT-FOR-US: Kaspersky Internet Security for Android
 CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...)
@@ -6207,8 +6235,7 @@ CVE-2017-12619
 	RESERVED
 CVE-2017-12618
 	RESERVED
-CVE-2017-12617
-	RESERVED
+CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to ...)
 	- tomcat7 <not-affected> (Windows-specific)
 CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it ...)
 	{DLA-1108-1}
@@ -7287,8 +7314,7 @@ CVE-2017-12168 (The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in t
 CVE-2017-12167
 	RESERVED
 	TODO: check, possibly Red Hat specific issue
-CVE-2017-12166 [remote buffer overflow]
-	RESERVED
+CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...)
 	- openvpn <unfixed> (bug #877089)
 	[stretch] - openvpn <no-dsa> (Minor issue)
 	[jessie] - openvpn <no-dsa> (Minor issue)
@@ -35727,8 +35753,8 @@ CVE-2017-1543
 	RESERVED
 CVE-2017-1542
 	RESERVED
-CVE-2017-1541
-	RESERVED
+CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep ...)
+	TODO: check
 CVE-2017-1540
 	RESERVED
 CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
@@ -36557,8 +36583,8 @@ CVE-2017-1128 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerabl
 	NOT-FOR-US: IBM
 CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to ...)
 	NOT-FOR-US: IBM
-CVE-2017-1126
-	RESERVED
+CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could ...)
+	TODO: check
 CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...)
 	NOT-FOR-US: IBM
 CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local ...)