automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@53724 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-07-20 21:10:14 +0000
committer: security tracker role <sectracker@debian.org> 2017-07-20 21:10:14 +0000
commit: de7ac9d20edd53f193e544260de4c9a7f862728d (patch)
tree: 0f9afca70e61f831858cf3a35419756888956280 /data/CVE
parent: 624816237d35bf7d3c2ce7e04b7a097f54442f3d (diff)
3 files changed, 172 insertions, 141 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 556d554ddc..b3fb122d39 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -4462,7 +4462,7 @@ CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other crit
 	NOT-FOR-US: Eazy Cart
 CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ...)
 	NOT-FOR-US: Eazy Cart
-CVE-2006-5244 (Multilple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
+CVE-2006-5244 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
 	NOT-FOR-US: Easy Blog
 CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
 	NOT-FOR-US: Easy Blog
@@ -13443,7 +13443,7 @@ CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with .
 	- gnome-screensaver 2.14.1-1 (bug #357885)
 CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow ...)
 	NOT-FOR-US: Maian Weblog
-CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...)
+CVE-2006-1333 (Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...)
 	NOT-FOR-US: BetaParticle Blog
 CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain ...)
 	NOT-FOR-US: Noah's Classifieds
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 005ddaed08..6e68f849f2 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -5645,7 +5645,7 @@ CVE-2014-8108 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1
 	[squeeze] - subversion <not-affected> (Introduced in 1.7.0)
 	NOTE: http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
 CVE-2014-8107
-	RESERVED
+	REJECTED
 CVE-2014-8106 (Heap-based buffer overflow in the Cirrus VGA emulator ...)
 	{DSA-3088-1 DSA-3087-1}
 	- qemu 2.1+dfsg-9 (bug #772025)
@@ -25698,7 +25698,7 @@ CVE-2014-0054 (The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring
 CVE-2014-0053 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
 	- grails <itp> (bug #473213)
 CVE-2014-0052
-	RESERVED
+	REJECTED
 CVE-2014-0051
 	REJECTED
 CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index fc11aa342f..b065accd32 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,33 @@
+CVE-2017-11493
+	RESERVED
+CVE-2017-11492
+	RESERVED
+CVE-2017-11491
+	RESERVED
+CVE-2017-11490
+	RESERVED
+CVE-2017-11489
+	RESERVED
+CVE-2017-11488
+	RESERVED
+CVE-2017-11487
+	RESERVED
+CVE-2017-11486
+	RESERVED
+CVE-2017-11485
+	RESERVED
+CVE-2017-11484
+	RESERVED
+CVE-2017-11483
+	RESERVED
+CVE-2017-11482
+	RESERVED
+CVE-2017-11481
+	RESERVED
+CVE-2017-11480
+	RESERVED
+CVE-2017-11479
+	RESERVED
 CVE-2017-11477
 	RESERVED
 CVE-2017-11476
@@ -380,7 +410,8 @@ CVE-2017-XXXX [memory leak in ReadMATImage in mat.c]
 	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/525
-CVE-2017-11478 [CPU exhaustion in ReadOneDJVUImage]
+CVE-2017-11478 (The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through ...)
+	{DSA-3914-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867826)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/528
 CVE-2017-XXXX [CPU exhaustion in ReadOneMNGImage]
@@ -987,6 +1018,7 @@ CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable
 CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable ...)
 	NOT-FOR-US: Koozali Foundation SME Server
 CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable ...)
+	{DSA-3915-1}
 	- ruby-mixlib-archive <unfixed> (bug #868572)
 	NOTE: https://github.com/chef/mixlib-archive/pull/6
 	NOTE: https://github.com/chef/mixlib-archive/pull/6/commits/3a874a24aed6ee93fbccf97efe0ecc999bafe87d
@@ -2832,8 +2864,8 @@ CVE-2017-9824
 	RESERVED
 CVE-2017-9823
 	RESERVED
-CVE-2017-9822
-	RESERVED
+CVE-2017-9822 (DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a ...)
+	TODO: check
 CVE-2017-9821
 	RESERVED
 CVE-2017-9820
@@ -2925,8 +2957,8 @@ CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it
 	NOTE: Issue is specific to Struts 2.x.
 CVE-2017-9786
 	RESERVED
-CVE-2017-9785
-	RESERVED
+CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse ...)
+	TODO: check
 CVE-2017-9784
 	RESERVED
 CVE-2017-9783
@@ -11939,134 +11971,134 @@ CVE-2017-7071
 	RESERVED
 CVE-2017-7070
 	RESERVED
-CVE-2017-7069
-	RESERVED
-CVE-2017-7068
-	RESERVED
-CVE-2017-7067
-	RESERVED
+CVE-2017-7069 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7068 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7067 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
 CVE-2017-7066
 	RESERVED
 CVE-2017-7065
 	RESERVED
-CVE-2017-7064
-	RESERVED
-CVE-2017-7063
-	RESERVED
-CVE-2017-7062
-	RESERVED
-CVE-2017-7061
-	RESERVED
-CVE-2017-7060
-	RESERVED
-CVE-2017-7059
-	RESERVED
-CVE-2017-7058
-	RESERVED
+CVE-2017-7064 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7063 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7062 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7061 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7060 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7059 (A DOMParser XSS issue was discovered in certain Apple products. iOS ...)
+	TODO: check
+CVE-2017-7058 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
 CVE-2017-7057
 	RESERVED
-CVE-2017-7056
-	RESERVED
-CVE-2017-7055
-	RESERVED
-CVE-2017-7054
-	RESERVED
-CVE-2017-7053
-	RESERVED
-CVE-2017-7052
-	RESERVED
-CVE-2017-7051
-	RESERVED
-CVE-2017-7050
-	RESERVED
-CVE-2017-7049
-	RESERVED
-CVE-2017-7048
-	RESERVED
-CVE-2017-7047
-	RESERVED
-CVE-2017-7046
-	RESERVED
-CVE-2017-7045
-	RESERVED
-CVE-2017-7044
-	RESERVED
-CVE-2017-7043
-	RESERVED
-CVE-2017-7042
-	RESERVED
-CVE-2017-7041
-	RESERVED
-CVE-2017-7040
-	RESERVED
-CVE-2017-7039
-	RESERVED
-CVE-2017-7038
-	RESERVED
-CVE-2017-7037
-	RESERVED
-CVE-2017-7036
-	RESERVED
-CVE-2017-7035
-	RESERVED
-CVE-2017-7034
-	RESERVED
-CVE-2017-7033
-	RESERVED
-CVE-2017-7032
-	RESERVED
-CVE-2017-7031
-	RESERVED
-CVE-2017-7030
-	RESERVED
-CVE-2017-7029
-	RESERVED
-CVE-2017-7028
-	RESERVED
-CVE-2017-7027
-	RESERVED
-CVE-2017-7026
-	RESERVED
-CVE-2017-7025
-	RESERVED
-CVE-2017-7024
-	RESERVED
-CVE-2017-7023
-	RESERVED
-CVE-2017-7022
-	RESERVED
-CVE-2017-7021
-	RESERVED
-CVE-2017-7020
-	RESERVED
-CVE-2017-7019
-	RESERVED
-CVE-2017-7018
-	RESERVED
-CVE-2017-7017
-	RESERVED
-CVE-2017-7016
-	RESERVED
-CVE-2017-7015
-	RESERVED
-CVE-2017-7014
-	RESERVED
-CVE-2017-7013
-	RESERVED
-CVE-2017-7012
-	RESERVED
-CVE-2017-7011
-	RESERVED
-CVE-2017-7010
-	RESERVED
-CVE-2017-7009
-	RESERVED
-CVE-2017-7008
-	RESERVED
-CVE-2017-7007
-	RESERVED
-CVE-2017-7006
-	RESERVED
+CVE-2017-7056 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7055 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7054 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7053 (An issue was discovered in certain Apple products. iTunes before ...)
+	TODO: check
+CVE-2017-7052 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7051 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7050 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7049 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7048 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7047 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7046 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7045 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7044 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7043 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7042 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7041 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7040 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7039 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7038 (A DOMParser XSS issue was discovered in certain Apple products. iOS ...)
+	TODO: check
+CVE-2017-7037 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7036 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7035 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7034 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7033 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7032 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7031 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7030 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7029 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7028 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7027 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7026 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7025 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7024 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7023 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7022 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7021 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7020 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7019 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7018 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7017 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7016 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7015 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7014 (An issue was discovered in certain Apple products. macOS before ...)
+	TODO: check
+CVE-2017-7013 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7012 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7011 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7010 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7009 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7008 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7007 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
+CVE-2017-7006 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
 CVE-2017-7005
 	RESERVED
 CVE-2017-7004
@@ -13154,12 +13186,12 @@ CVE-2017-6534 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest
 	NOT-FOR-US: webpagetest
 CVE-2017-6533 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
 	NOT-FOR-US: webpagetest
-CVE-2017-6532
-	RESERVED
-CVE-2017-6531
-	RESERVED
-CVE-2017-6530
-	RESERVED
+CVE-2017-6532 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 ...)
+	TODO: check
+CVE-2017-6531 (On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, ...)
+	TODO: check
+CVE-2017-6530 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do ...)
+	TODO: check
 CVE-2017-6529 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is ...)
 	NOT-FOR-US: dnaLIMS
 CVE-2017-6528 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is ...)
@@ -23540,8 +23572,8 @@ CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 10.
 	- sqlite3 <undetermined>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199
 	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936
-CVE-2017-2517
-	RESERVED
+CVE-2017-2517 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
+	TODO: check
 CVE-2017-2516 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
 CVE-2017-2515 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
@@ -27912,8 +27944,7 @@ CVE-2017-0380
 	RESERVED
 CVE-2017-0379
 	RESERVED
-CVE-2017-0378 [reflected XSS]
-	RESERVED
+CVE-2017-0378 (XSS exists in the login_form function in views/helpers.php in Phamm ...)
 	- phamm <unfixed> (bug #868988)
 	[stretch] - phamm <no-dsa> (Minor issue)
 	[jessie] - phamm <no-dsa> (Minor issue)
author	security tracker role <sectracker@debian.org>	2017-07-20 21:10:14 +0000
committer	security tracker role <sectracker@debian.org>	2017-07-20 21:10:14 +0000
commit	de7ac9d20edd53f193e544260de4c9a7f862728d (patch)
tree	0f9afca70e61f831858cf3a35419756888956280 /data/CVE
parent	624816237d35bf7d3c2ce7e04b7a097f54442f3d (diff)