Author: sectracker
Date: 2017-07-17 09:10:13 +0000 (Mon, 17 Jul 2017)
New Revision: 53565
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-17 08:37:47 UTC (rev 53564)
+++ data/CVE/list 2017-07-17 09:10:13 UTC (rev 53565)
@@ -1,7 +1,43 @@
-CVE-2017-11353 [race condition allows access to ssh and pgp keys]
+CVE-2017-11363
+ RESERVED
+CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...)
+ TODO: check
+CVE-2017-11361
+ RESERVED
+CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick
7.0.6-1 has a ...)
+ TODO: check
+CVE-2017-11359
+ RESERVED
+CVE-2017-11358
+ RESERVED
+CVE-2017-11357
+ RESERVED
+CVE-2017-11356
+ RESERVED
+CVE-2017-11355
+ RESERVED
+CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in ...)
+ TODO: check
+CVE-2017-11351
+ RESERVED
+CVE-2017-11350
+ RESERVED
+CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose
programs ...)
+ TODO: check
+CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user
with ...)
+ TODO: check
+CVE-2017-11347 (Authenticated Code Execution Vulnerability in MetInfo 5.3.17
allows a ...)
+ TODO: check
+CVE-2017-11346 (Zoho ManageEngine Desktop Central before build 100092 allows
remote ...)
+ TODO: check
+CVE-2017-11345 (Stack buffer overflow in networkmap in Asuswrt-Merlin firmware
for ASUS ...)
+ TODO: check
+CVE-2017-11344 (Global buffer overflow in networkmap in Asuswrt-Merlin
firmware for ...)
+ TODO: check
+CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition
...)
- yadm <unfixed> (bug #868300)
NOTE: https://github.com/TheLocehiliosan/yadm/issues/74
-CVE-2017-11343 [algorithmic complexity attack in hash tables]
+CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of
CHICKEN ...)
- chicken <unfixed>
NOTE:
http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass
3.4.5. A ...)
@@ -2151,8 +2187,8 @@
NOTE: again. Around that commit upstream source though does not build.
CVE-2017-9952
RESERVED
-CVE-2017-9951
- RESERVED
+CVE-2017-9951 (The try_read_command function in memcached.c in memcached
before 1.4.39 ...)
+ TODO: check
CVE-2017-9950
RESERVED
CVE-2017-9949 (The grub_memmove function in shlr/grub/kern/misc.c in radare2
1.5.0 ...)
@@ -2554,6 +2590,7 @@
- apache2 <not-affected> (Only affected 2.4.26)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the
value ...)
+ {DLA-1028-1}
- apache2 2.4.27-1 (bug #868467)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955
@@ -5881,7 +5918,7 @@
NOTE: https://github.com/Yeraze/ytnef/issues/47
CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x
does not ...)
- tikiwiki <removed>
-CVE-2017-11352 [Incomplete fix for CVE-2017-9144]
+CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can
trigger a crash ...)
- imagemagick 8:6.9.7.4+dfsg-12 (bug #868469)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/502
CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash
because ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
