[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Tue, 02 Jan 2018 13:10:51 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
705233da by security tracker role at 2018-01-02T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,55 @@
+CVE-2017-1000458 (Bro before Bro v2.5.2 is vulnerable to an out of bounds 
write in the ...)
+       TODO: check
+CVE-2017-1000457 (Cross-site scripting (XSS) vulnerability in Help.aspx in 
mojoPortal ...)
+       TODO: check
+CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate 
boundaries in ...)
+       TODO: check
+CVE-2017-1000455 (GuixSD prior to Git commit 
5e66574a128937e7f2fcf146d146225703ccfd5d ...)
+       TODO: check
+CVE-2017-1000454 (CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty 
Template ...)
+       TODO: check
+CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to 
Smarty ...)
+       TODO: check
+CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 
2.2.0 and ...)
+       TODO: check
+CVE-2017-1000451 (fs-git is a file system like api for git repository. The 
fs-git ...)
+       TODO: check
+CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions 
FillUniColor and ...)
+       TODO: check
+CVE-2017-1000449 (BitThunder 0.9.2 stable is vulnerable to a buffer overflow 
in ...)
+       TODO: check
+CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are 
vulnerable to a ...)
+       TODO: check
+CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null 
pointer ...)
+       TODO: check
+CVE-2017-1000444 (Eleix Openhacker version 0.1.47 is vulnerable to an SQL 
injection in ...)
+       TODO: check
+CVE-2017-1000443 (Eleix Openhacker version 0.1.47 is vulnerable to a XSS 
vulnerability ...)
+       TODO: check
+CVE-2017-1000442 (Passbolt API version 1.6.4 and older are vulnerable to a XSS 
in the ...)
+       TODO: check
+CVE-2017-1000431 (eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and 
older, is ...)
+       TODO: check
+CVE-2017-1000430 (rust-base64 version <= 0.5.1 is vulnerable to a buffer 
overflow when ...)
+       TODO: check
+CVE-2017-1000424 (Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is 
vulnerable ...)
+       TODO: check
+CVE-2017-1000423 (b2evolution version 6.6.0 - 6.8.10 is vulnerable to input 
validation ...)
+       TODO: check
+CVE-2017-1000422 (Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several 
integer ...)
+       TODO: check
+CVE-2017-1000421 (Gifsicle gifview 1.89 and older is vulnerable to a 
use-after-free in ...)
+       TODO: check
+CVE-2017-1000420 (Syncthing version 0.14.33 and older is vulnerable to symlink 
traversal ...)
+       TODO: check
+CVE-2017-1000419 (phpBB version 3.2.0 is vulnerable to SSRF in the Remote 
Avatar ...)
+       TODO: check
+CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit ...)
+       TODO: check
+CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 
2.4.0 (and ...)
+       TODO: check
+CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 
2.4.0 (and ...)
+       TODO: check
 CVE-2018-3816
        RESERVED
 CVE-2018-3815
@@ -8033,10 +8085,10 @@ CVE-2017-17100
        RESERVED
 CVE-2017-17099 (There exists an unauthenticated SEH based Buffer Overflow 
vulnerability ...)
        NOT-FOR-US: Flexense SyncBreeze Enterprise
-CVE-2017-17098
-       RESERVED
-CVE-2017-17097
-       RESERVED
+CVE-2017-17098 (The writeLog function in fn_common.php in gps-server.net GPS 
Tracking ...)
+       TODO: check
+CVE-2017-17097 (gps-server.net GPS Tracking Software (self hosted) 2.x has a 
password ...)
+       TODO: check
 CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards 
plugin ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open 
Source ...)
@@ -56710,8 +56762,8 @@ CVE-2017-1559
        RESERVED
 CVE-2017-1558 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote 
attacker ...)
        NOT-FOR-US: IBM Maximo Asset Management
-CVE-2017-1557
-       RESERVED
+CVE-2017-1557 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user 
with ...)
+       TODO: check
 CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a 
regular ...)
        NOT-FOR-US: IBM
 CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an 
authenticated ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/705233daa1a0a6bd62446c6903f85439435055a0

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/705233daa1a0a6bd62446c6903f85439435055a0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to