Author: sectracker Date: 2017-11-18 21:10:12 +0000 (Sat, 18 Nov 2017) New Revision: 57799
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-18 20:26:51 UTC (rev 57798) +++ data/CVE/list 2017-11-18 21:10:12 UTC (rev 57799) @@ -1,3 +1,9 @@ +CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= ...) + TODO: check +CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but ...) + TODO: check +CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON ...) + TODO: check CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before ...) NOT-FOR-US: filp whoops CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...) @@ -440,12 +446,12 @@ CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) NOT-FOR-US: Gemirro CVE-2017-16853 (The DynamicMetadataProvider class in ...) - {DSA-4039-1} + {DSA-4039-1 DLA-1178-1} - opensaml2 <unfixed> (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic ...) - {DSA-4038-1} + {DSA-4038-1 DLA-1179-1} - shibboleth-sp2 <unfixed> (bug #881857) NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16 NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt @@ -3768,6 +3774,7 @@ NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public) NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...) + {DLA-1177-1} - poppler <unfixed> (bug #879066) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d @@ -5508,16 +5515,19 @@ CVE-2017-14978 RESERVED CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler ...) + {DLA-1177-1} - poppler <unfixed> (low; bug #877952) [stretch] - poppler <no-dsa> (Minor issue) [jessie] - poppler <no-dsa> (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...) + {DLA-1177-1} - poppler <unfixed> (low; bug #877954) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...) + {DLA-1177-1} - poppler <unfixed> (low; bug #877957) [stretch] - poppler <no-dsa> (Minor issue) [jessie] - poppler <no-dsa> (Minor issue) @@ -14767,6 +14777,7 @@ - ming <removed> NOTE: https://github.com/libming/libming/issues/83 CVE-2017-11733 (A null pointer dereference vulnerability was found in the function ...) + {DLA-1176-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/78 CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function ...) @@ -18296,9 +18307,11 @@ - libav <not-affected> (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879 CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A ...) + {DLA-1176-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/86 CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles ...) + {DLA-1176-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/85 CVE-2017-9987 (There is a heap-based buffer overflow in the function hpel_motion in ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits