automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@56622 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-10-11 21:10:12 +0000
committer: security tracker role <sectracker@debian.org> 2017-10-11 21:10:12 +0000
commit: 6807ebf7dc8f9ffe61451b01ee6efde6bd387691 (patch)
tree: 6db20a89b6df5f991e5dfd32170c5eff9f34e5d5 /data
parent: 1c437b057f30d76d13b8fe910fd74f6cda0ce8fe (diff)
3 files changed, 103 insertions, 95 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index b7b3934640..96ffd9a76f 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -14766,7 +14766,7 @@ CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of
 	NOT-FOR-US: eStara SIP softphone
 CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...)
 	NOT-FOR-US: pam_micasa / Novell
-CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of ImageMagick ...)
+CVE-2006-2440 (Heap-based buffer overflow in the libMagick component of ImageMagick ...)
 	{DSA-1168-1}
 	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
 CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index aa14f06e68..dc0cae561f 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1622,8 +1622,8 @@ CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.
 	NOT-FOR-US: Siemens
 CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 ...)
 	NOT-FOR-US: Siemens
-CVE-2013-6924
-	RESERVED
+CVE-2013-6924 (Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow ...)
+	TODO: check
 CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate ...)
 	NOT-FOR-US: Seagate BlackArmor NAS 220 devices
 CVE-2013-6922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 9b86b9fda8..dea07dd9d6 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,60 +1,66 @@
+CVE-2017-15268
+	RESERVED
+CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in ...)
+	TODO: check
+CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...)
+	TODO: check
 CVE-2017-15265 [use-after-free in /dev/snd/seq]
 	RESERVED
 	- linux <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520
 	NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
-CVE-2017-15264
-	RESERVED
-CVE-2017-15263
-	RESERVED
-CVE-2017-15262
-	RESERVED
-CVE-2017-15261
-	RESERVED
-CVE-2017-15260
-	RESERVED
-CVE-2017-15259
-	RESERVED
-CVE-2017-15258
-	RESERVED
-CVE-2017-15257
-	RESERVED
-CVE-2017-15256
-	RESERVED
-CVE-2017-15255
-	RESERVED
-CVE-2017-15254
-	RESERVED
-CVE-2017-15253
-	RESERVED
-CVE-2017-15252
-	RESERVED
-CVE-2017-15251
-	RESERVED
-CVE-2017-15250
-	RESERVED
-CVE-2017-15249
-	RESERVED
-CVE-2017-15248
-	RESERVED
-CVE-2017-15247
-	RESERVED
-CVE-2017-15246
-	RESERVED
-CVE-2017-15245
-	RESERVED
-CVE-2017-15244
-	RESERVED
-CVE-2017-15243
-	RESERVED
-CVE-2017-15242
-	RESERVED
-CVE-2017-15241
-	RESERVED
-CVE-2017-15240
-	RESERVED
-CVE-2017-15239
-	RESERVED
+CVE-2017-15264 (IrfanView version 4.44 (32bit) allows attackers to cause a denial of ...)
+	TODO: check
+CVE-2017-15263 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15262 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15261 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15260 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15259 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15258 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15257 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15256 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15255 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15254 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15253 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15252 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15251 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15250 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15249 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15248 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15247 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15246 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15245 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15244 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15243 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15242 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15241 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15240 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
+	TODO: check
+CVE-2017-15239 (IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to ...)
+	TODO: check
 CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a ...)
 	- graphicsmagick <unfixed>
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=93bdb9b30076
@@ -105,8 +111,8 @@ CVE-2017-15222
 	RESERVED
 CVE-2017-15221
 	RESERVED
-CVE-2017-15220
-	RESERVED
+CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer ...)
+	TODO: check
 CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: dotCMS
 CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in ...)
@@ -412,7 +418,7 @@ CVE-2017-15085
 CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout ...)
 	NOT-FOR-US: Metasploit Framework
 CVE-2017-15083
-	RESERVED
+	REJECTED
 CVE-2017-15082
 	RESERVED
 CVE-2017-15081
@@ -746,6 +752,7 @@ CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel b
 CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
 	NOT-FOR-US: EMC
 CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-2 (bug #877629)
 	NOTE: https://core.trac.wordpress.org/ticket/38474
 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...)
@@ -1428,9 +1435,11 @@ CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descript
 CVE-2017-14728
 	RESERVED
 CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-1 (bug #876274)
 	NOTE: https://core.trac.wordpress.org/changeset/41395
 CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open redirect ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-1 (bug #876274)
 	NOTE: https://core.trac.wordpress.org/changeset/41398
 CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...)
@@ -1439,6 +1448,7 @@ CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scr
 	[jessie] - wordpress <not-affected> (Vulnerable code not present)
 	NOTE: https://core.trac.wordpress.org/changeset/41448
 CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and additional ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-1 (bug #876274)
 	NOTE: https://core.trac.wordpress.org/changeset/41470
 	NOTE: https://core.trac.wordpress.org/changeset/41496
@@ -1447,18 +1457,23 @@ CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and addi
 	NOTE: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
 	NOTE: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e
 CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal attack in ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-1 (bug #876274)
 	NOTE: https://core.trac.wordpress.org/changeset/41397
 CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting in the ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-1 (bug #876274)
 	NOTE: https://core.trac.wordpress.org/changeset/41412
 CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-1 (bug #876274)
 	NOTE: https://core.trac.wordpress.org/changeset/41412
 CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory traversal ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-1 (bug #876274)
 	NOTE: https://core.trac.wordpress.org/changeset/41457
 CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a Cross-Site ...)
+	{DSA-3997-1}
 	- wordpress 4.8.2+dfsg-1 (bug #876274)
 	NOTE: https://core.trac.wordpress.org/changeset/41393
 CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash ...)
@@ -1819,10 +1834,10 @@ CVE-2017-14590
 	RESERVED
 CVE-2017-14589
 	RESERVED
-CVE-2017-14588
-	RESERVED
-CVE-2017-14587
-	RESERVED
+CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version ...)
+	TODO: check
+CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and ...)
+	TODO: check
 CVE-2017-14586
 	RESERVED
 CVE-2017-14585
@@ -2412,14 +2427,14 @@ CVE-2017-14374
 	RESERVED
 CVE-2017-14373
 	RESERVED
-CVE-2017-14372
-	RESERVED
-CVE-2017-14371
-	RESERVED
-CVE-2017-14370
-	RESERVED
-CVE-2017-14369
-	RESERVED
+CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...)
+	TODO: check
+CVE-2017-14371 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...)
+	TODO: check
+CVE-2017-14370 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored ...)
+	TODO: check
+CVE-2017-14369 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege ...)
+	TODO: check
 CVE-2017-14368
 	RESERVED
 CVE-2017-14367
@@ -3503,8 +3518,8 @@ CVE-2017-14005
 	RESERVED
 CVE-2017-14004
 	RESERVED
-CVE-2017-14003
-	RESERVED
+CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in LAVA ...)
+	TODO: check
 CVE-2017-14002
 	RESERVED
 CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS Command ...)
@@ -4217,8 +4232,7 @@ CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a l
 	- xorg-server 2:1.19.4-1
 	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac
 	NOTE: This is in libxkbfile in wheezy
-CVE-2017-13722 [pcfGetProperties: Check string boundaries]
-	RESERVED
+CVE-2017-13722 (In the pcfGetProperties function in bitmap/pcfread.c in libXfont ...)
 	{DSA-3995-1 DLA-1126-1}
 	- libxfont 1:2.0.1-4
 	- libxfont1 <unfixed> (unimportant)
@@ -4228,8 +4242,7 @@ CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an
 	- xorg-server 2:1.19.4-1
 	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1
 	NOTE: In wheezy this is possibly libxext, src/XShm.c?
-CVE-2017-13720 [Check for end of string in PatternMatch]
-	RESERVED
+CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont through ...)
 	{DSA-3995-1 DLA-1126-1}
 	- libxfont 1:2.0.1-4
 	- libxfont1 <unfixed> (unimportant)
@@ -8065,8 +8078,7 @@ CVE-2017-12190 [memory leak when merging buffers in SCSI IO vectors]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089
 CVE-2017-12189
 	RESERVED
-CVE-2017-12188
-	RESERVED
+CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380
 CVE-2017-12187
@@ -19504,8 +19516,8 @@ CVE-2017-8027
 	RESERVED
 CVE-2017-8026
 	RESERVED
-CVE-2017-8025
-	RESERVED
+CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary ...)
+	TODO: check
 CVE-2017-8024
 	RESERVED
 CVE-2017-8023
@@ -19520,10 +19532,10 @@ CVE-2017-8019
 	RESERVED
 CVE-2017-8018 (EMC AppSync host plug-in versions 3.5 and below (Windows platform only) ...)
 	NOT-FOR-US: EMC AppSync
-CVE-2017-8017
-	RESERVED
-CVE-2017-8016
-	RESERVED
+CVE-2017-8017 (EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and ...)
+	TODO: check
+CVE-2017-8016 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored ...)
+	TODO: check
 CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL injection ...)
 	NOT-FOR-US: EMC
 CVE-2017-8014
@@ -20143,7 +20155,7 @@ CVE-2017-7806
 	- firefox 55.0-1
 CVE-2017-7805
 	RESERVED
-	{DSA-3987-1 DLA-1118-1}
+	{DSA-3998-1 DSA-3987-1 DLA-1118-1}
 	- firefox 56.0-1
 	- firefox-esr 52.4.0esr-2
 	- icedove <unfixed>
@@ -26074,13 +26086,12 @@ CVE-2017-5793
 	RESERVED
 CVE-2017-5792
 	RESERVED
-CVE-2017-5791
-	RESERVED
+CVE-2017-5791 (An Improper Authentication issue was discovered in JanTek JTC-200, all ...)
 	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5790
 	RESERVED
-CVE-2017-5789
-	RESERVED
+CVE-2017-5789 (A Cross-site Request Forgery issue was discovered in JanTek JTC-200, ...)
+	TODO: check
 CVE-2017-5788
 	RESERVED
 CVE-2017-5787
@@ -33497,14 +33508,12 @@ CVE-2017-2890
 	RESERVED
 CVE-2017-2889
 	RESERVED
-CVE-2017-2888 [Simple DirectMedia Layer Create RGB Surface Code Execution Vulnerability]
-	RESERVED
+CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a ...)
 	- libsdl2 <unfixed>
 	- libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
 	NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
-CVE-2017-2887 [Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability]
-	RESERVED
+CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF ...)
 	- libsdl2-image <unfixed>
 	- sdl-image1.2 <unfixed>
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
@@ -37861,8 +37870,7 @@ CVE-2017-0905
 	RESERVED
 CVE-2017-0904
 	RESERVED
-CVE-2017-0903 [Unsafe Object Deserialization Vulnerability]
-	RESERVED
+CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...)
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
author	security tracker role <sectracker@debian.org>	2017-10-11 21:10:12 +0000
committer	security tracker role <sectracker@debian.org>	2017-10-11 21:10:12 +0000
commit	6807ebf7dc8f9ffe61451b01ee6efde6bd387691 (patch)
tree	6db20a89b6df5f991e5dfd32170c5eff9f34e5d5 /data
parent	1c437b057f30d76d13b8fe910fd74f6cda0ce8fe (diff)