automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@50238 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-04-01 09:10:13 +0000
committer: security tracker role <sectracker@debian.org> 2017-04-01 09:10:13 +0000
commit: b99ff66211e3eb4512065cc22f602e4f7397dd65 (patch)
tree: 410bb2808c140865b74bad0108f743a20824db4d /data
parent: 329ef6408284ed9c9faa9c4801e6d1f49a52576d (diff)
5 files changed, 112 insertions, 49 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index d537fcf1e4..37aa2096c7 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -16,8 +16,7 @@ CVE-2008-7315 [Shell escape vulnerability]
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
 CVE-2008-7314
 	RESERVED
-CVE-2008-7313 [Incomplete fix for CVE-2008-4796]
-	RESERVED
+CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to ...)
 	{DSA-3248-1 DLA-357-1}
 	- libphp-snoopy 2.0.0-1 (bug #778634)
 	NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 5c6458449e..34fc45e014 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -2974,8 +2974,7 @@ CVE-2014-9116 (The write_one_header function in mutt 1.5.23 does not properly ha
 	- mutt 1.5.23-2 (bug #771125)
 	NOTE: Detailed analysis in https://bugzilla.redhat.com/show_bug.cgi?id=1168463#c4
 	NOTE: Upstream bugreport: http://dev.mutt.org/trac/ticket/3716
-CVE-2014-9114 [blkid command injection]
-	RESERVED
+CVE-2014-9114 (Blkid in util-linux before 2.26rc-1 allows local users to execute ...)
 	- util-linux 2.25.2-4 (bug #771274)
 	[squeeze] - util-linux <no-dsa> (Minor issue)
 	[wheezy] - util-linux <no-dsa> (Minor issue)
@@ -12876,13 +12875,11 @@ CVE-2014-5015 (bozotic HTTP server (aka bozohttpd) before 20140708, as used in .
 	- bozohttpd <removed> (bug #755197)
 	[squeeze] - bozohttpd <no-dsa> (Minor issue)
 	NOTE: Fixed by: http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.52&r2=1.53&only_with_tag=MAIN
-CVE-2014-5009 [Incorrect fix for CVE-2014-5008]
-	RESERVED
+CVE-2014-5009 (Snoopy allows remote attackers to execute arbitrary commands.  NOTE: ...)
 	- libphp-snoopy <not-affected> (Incorrect fix not applied)
 	NOTE: This issue exists because of an incorrect fix for CVE-2014-5008.
 	NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
-CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
-	RESERVED
+CVE-2014-5008 (Snoopy allows remote attackers to execute arbitrary commands. ...)
 	{DSA-3248-1 DLA-357-1}
 	- libphp-snoopy 2.0.0-1 (bug #778634)
 	NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
@@ -15461,8 +15458,8 @@ CVE-2014-3933 (Cross-site scripting (XSS) vulnerability in the address component
 	NOT-FOR-US: Drupal module AddressField Tokens
 CVE-2014-3932 (SQL injection vulnerability in the device registration component in ...)
 	NOT-FOR-US: CoSoSys Endpoint Protector
-CVE-2014-3931
-	RESERVED
+CVE-2014-3931 (fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 ...)
+	TODO: check
 CVE-2014-3930
 	RESERVED
 CVE-2014-3929
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index f91ceb7276..daed284baf 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -13138,8 +13138,8 @@ CVE-2015-4627
 	RESERVED
 CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, ...)
 	NOT-FOR-US: B.A.S C2Box
-CVE-2015-4624
-	RESERVED
+CVE-2015-4624 (Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. ...)
+	TODO: check
 CVE-2015-4623
 	RESERVED
 CVE-2015-4622
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 2cc9db3bd1..bf494f19c3 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -966,8 +966,8 @@ CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to
 	NOT-FOR-US: IBM
 CVE-2016-9991
 	RESERVED
-CVE-2016-9990
-	RESERVED
+CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
+	TODO: check
 CVE-2016-9989
 	RESERVED
 CVE-2016-9988
@@ -1927,8 +1927,8 @@ CVE-2016-9709
 	RESERVED
 CVE-2016-9708
 	RESERVED
-CVE-2016-9707
-	RESERVED
+CVE-2016-9707 (IBM Jazz Foundation is vulnerable to a denial of service, caused by an ...)
+	TODO: check
 CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP ...)
 	NOT-FOR-US: IBM
 CVE-2016-9705
@@ -4612,8 +4612,8 @@ CVE-2016-8937
 	RESERVED
 CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is ...)
 	NOT-FOR-US: IBM
-CVE-2016-8935
-	RESERVED
+CVE-2016-8935 (IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 ...)
+	TODO: check
 CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
 CVE-2016-8933 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse ...)
@@ -4648,8 +4648,8 @@ CVE-2016-8919 (IBM WebSphere Application Server may be vulnerable to a denial of
 	NOT-FOR-US: IBM
 CVE-2016-8918 (IBM Integration Bus, under non default configurations, could allow a ...)
 	NOT-FOR-US: IBM
-CVE-2016-8917
-	RESERVED
+CVE-2016-8917 (IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site ...)
+	TODO: check
 CVE-2016-8916
 	RESERVED
 CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...)
@@ -7219,8 +7219,8 @@ CVE-2016-8034
 	RESERVED
 CVE-2016-8033
 	RESERVED
-CVE-2016-8032
-	RESERVED
+CVE-2016-8032 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...)
+	TODO: check
 CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...)
 	NOT-FOR-US: Intel antivirus
 CVE-2016-8030
@@ -7939,7 +7939,7 @@ CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerabi
 	NOT-FOR-US: Exponent CMS
 CVE-2016-7789 (SQL injection vulnerability in framework/core/models/expConfig.php in ...)
 	NOT-FOR-US: Exponent CMS
-CVE-2016-7788 (SQL injection vulnerability in ramework/modules/users/models/user.php ...)
+CVE-2016-7788 (SQL injection vulnerability in framework/modules/users/models/user.php ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2016-7787 (A maliciously crafted command line for kdesu can result in the user ...)
 	- kde-cli-tools 4:5.8.0-1 (bug #839865)
@@ -11590,10 +11590,10 @@ CVE-2016-6563
 	RESERVED
 CVE-2016-6562
 	RESERVED
-CVE-2016-6561
-	RESERVED
-CVE-2016-6560
-	RESERVED
+CVE-2016-6561 (illumos smbsrv NULL pointer dereference allows system crash. ...)
+	TODO: check
+CVE-2016-6560 (illumos osnet-incorporation bcopy() and bzero() implementations make ...)
+	TODO: check
 CVE-2016-6559
 	RESERVED
 CVE-2016-6558
@@ -12934,8 +12934,7 @@ CVE-2016-6207 (Integer overflow in the _gdContributionsAlloc function in ...)
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
-CVE-2016-6209 [Reflected XSS vulnerability and possible phishing vector]
-	RESERVED
+CVE-2016-6209 (Cross-site scripting (XSS) vulnerability in Nagios. ...)
 	- nagios3 <removed> (bug #831698)
 	[jessie] - nagios3 <no-dsa> (Minor issue)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
@@ -13326,8 +13325,8 @@ CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerabili
 	NOT-FOR-US: IBM
 CVE-2016-6112
 	RESERVED
-CVE-2016-6111
-	RESERVED
+CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a ...)
+	TODO: check
 CVE-2016-6110 (IBM Tivoli Storage Manager undisclosed unencrypted login credentials ...)
 	NOT-FOR-US: IBM
 CVE-2016-6109
@@ -13476,8 +13475,8 @@ CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli .
 	NOT-FOR-US: Tivoli
 CVE-2016-6037
 	RESERVED
-CVE-2016-6036
-	RESERVED
+CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...)
+	TODO: check
 CVE-2016-6035
 	RESERVED
 CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware) could ...)
@@ -13486,8 +13485,8 @@ CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware)
 	NOT-FOR-US: IBM
 CVE-2016-6032 (IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
-CVE-2016-6031
-	RESERVED
+CVE-2016-6031 (IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to ...)
+	TODO: check
 CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2016-6029
@@ -13504,8 +13503,8 @@ CVE-2016-6024
 	RESERVED
 CVE-2016-6023 (Directory traversal vulnerability in the Configuration Manager in IBM ...)
 	NOT-FOR-US: IBM
-CVE-2016-6022
-	RESERVED
+CVE-2016-6022 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...)
+	TODO: check
 CVE-2016-6021
 	RESERVED
 CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...)
@@ -20030,7 +20029,7 @@ CVE-2016-3824 (omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Andro
 CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in ...)
 	NOT-FOR-US: Android
 CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android ...)
-	{DLA-864-1}
+	{DSA-3825-1 DLA-864-1}
 	- jhead 1:3.00-4 (bug #858213)
 CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...)
 	NOT-FOR-US: Android Mediaserver
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 02582576af..865a4c5728 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,71 @@
+CVE-2017-7397
+	RESERVED
+CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an ...)
+	TODO: check
+CVE-2017-7395 (In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by ...)
+	TODO: check
+CVE-2017-7394 (In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), ...)
+	TODO: check
+CVE-2017-7393 (In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an ...)
+	TODO: check
+CVE-2017-7392 (In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx ...)
+	TODO: check
+CVE-2017-7391 (A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The ...)
+	TODO: check
+CVE-2017-7390 (A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. ...)
+	TODO: check
+CVE-2017-7389 (Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass ...)
+	TODO: check
+CVE-2017-7388 (A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The ...)
+	TODO: check
+CVE-2017-7387 (TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a ...)
+	TODO: check
+CVE-2017-7386 (citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in ...)
+	TODO: check
+CVE-2017-7385
+	RESERVED
+CVE-2017-7384
+	RESERVED
+CVE-2017-7383
+	RESERVED
+CVE-2017-7382
+	RESERVED
+CVE-2017-7381
+	RESERVED
+CVE-2017-7380
+	RESERVED
+CVE-2017-7379
+	RESERVED
+CVE-2017-7378
+	RESERVED
+CVE-2017-7377
+	RESERVED
+CVE-2017-7376
+	RESERVED
+CVE-2017-7375
+	RESERVED
+CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before ...)
+	TODO: check
+CVE-2017-7373
+	RESERVED
+CVE-2017-7372
+	RESERVED
+CVE-2017-7371
+	RESERVED
+CVE-2017-7370
+	RESERVED
+CVE-2017-7369
+	RESERVED
+CVE-2017-7368
+	RESERVED
+CVE-2017-7367
+	RESERVED
+CVE-2017-7366
+	RESERVED
+CVE-2017-7365
+	RESERVED
+CVE-2017-7364
+	RESERVED
 CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=module&amp;x= XSS ...)
 	NOT-FOR-US: Pixie CMS
 CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=dynamic&amp;x= XSS ...)
@@ -10471,10 +10539,10 @@ CVE-2017-3012
 	RESERVED
 CVE-2017-3011
 	RESERVED
-CVE-2017-3010
-	RESERVED
-CVE-2017-3009
-	RESERVED
+CVE-2017-3010 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
+	TODO: check
+CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
+	TODO: check
 CVE-2017-3008
 	RESERVED
 CVE-2017-3007
@@ -10947,8 +11015,8 @@ CVE-2017-2777
 	RESERVED
 CVE-2017-2776
 	RESERVED
-CVE-2017-2775
-	RESERVED
+CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the ...)
+	TODO: check
 CVE-2017-2774
 	RESERVED
 CVE-2017-2773
@@ -14338,8 +14406,8 @@ CVE-2017-1173
 	RESERVED
 CVE-2017-1172
 	RESERVED
-CVE-2017-1171
-	RESERVED
+CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a ...)
+	TODO: check
 CVE-2017-1170
 	RESERVED
 CVE-2017-1169
@@ -14372,8 +14440,8 @@ CVE-2017-1156
 	RESERVED
 CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...)
 	NOT-FOR-US: IBM
-CVE-2017-1154
-	RESERVED
+CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...)
+	TODO: check
 CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability ...)
 	NOT-FOR-US: IBM
 CVE-2017-1152
@@ -14412,7 +14480,7 @@ CVE-2017-1136
 	RESERVED
 CVE-2017-1135
 	RESERVED
-CVE-2017-1134 (IBM Power Hardware Management Console (HMC) 3.3.2 and 4.1 could allow ...)
+CVE-2017-1134 (IBM Reliable Scalable Cluster Technology could allow a local user to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1133 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
author	security tracker role <sectracker@debian.org>	2017-04-01 09:10:13 +0000
committer	security tracker role <sectracker@debian.org>	2017-04-01 09:10:13 +0000
commit	b99ff66211e3eb4512065cc22f602e4f7397dd65 (patch)
tree	410bb2808c140865b74bad0108f743a20824db4d /data
parent	329ef6408284ed9c9faa9c4801e6d1f49a52576d (diff)