Author: sectracker
Date: 2017-11-18 21:10:12 +0000 (Sat, 18 Nov 2017)
New Revision: 57799
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-18 20:26:51 UTC (rev 57798)
+++ data/CVE/list 2017-11-18 21:10:12 UTC (rev 57799)
@@ -1,3 +1,9 @@
+CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in
libming <= ...)
+ TODO: check
+CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as
root but ...)
+ TODO: check
+CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS
in JSON ...)
+ TODO: check
CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops
before ...)
NOT-FOR-US: filp whoops
CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the
ItemCount field ...)
@@ -440,12 +446,12 @@
CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro
before ...)
NOT-FOR-US: Gemirro
CVE-2017-16853 (The DynamicMetadataProvider class in ...)
- {DSA-4039-1}
+ {DSA-4039-1 DLA-1178-1}
- opensaml2 <unfixed> (bug #881856)
NOTE:
https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic ...)
- {DSA-4038-1}
+ {DSA-4038-1 DLA-1179-1}
- shibboleth-sp2 <unfixed> (bug #881857)
NOTE:
https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16
NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
@@ -3768,6 +3774,7 @@
NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public)
NOTE: Fixed by:
https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971
CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the
...)
+ {DLA-1177-1}
- poppler <unfixed> (bug #879066)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016
NOTE: Fixed by:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d
@@ -5508,16 +5515,19 @@
CVE-2017-14978
RESERVED
CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in
Poppler ...)
+ {DLA-1177-1}
- poppler <unfixed> (low; bug #877952)
[stretch] - poppler <no-dsa> (Minor issue)
[jessie] - poppler <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045
NOTE:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c
CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in
Poppler ...)
+ {DLA-1177-1}
- poppler <unfixed> (low; bug #877954)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724
NOTE:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf
CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in
Poppler ...)
+ {DLA-1177-1}
- poppler <unfixed> (low; bug #877957)
[stretch] - poppler <no-dsa> (Minor issue)
[jessie] - poppler <no-dsa> (Minor issue)
@@ -14767,6 +14777,7 @@
- ming <removed>
NOTE: https://github.com/libming/libming/issues/83
CVE-2017-11733 (A null pointer dereference vulnerability was found in the
function ...)
+ {DLA-1176-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/78
CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the
function ...)
@@ -18296,9 +18307,11 @@
- libav <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879
CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation.
A ...)
+ {DLA-1176-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/86
CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8
mishandles ...)
+ {DLA-1176-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/85
CVE-2017-9987 (There is a heap-based buffer overflow in the function
hpel_motion in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
