diff options
author | security tracker role <sectracker@debian.org> | 2017-05-27 09:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-05-27 09:10:17 +0000 |
commit | 4d36c653df2619fad957a2b546e97054ebcafdf2 (patch) | |
tree | b9e303799a77b0e29ca7beabde707f154c77171b | |
parent | a5e0ceb20bcece97bf66601a0d8d51eb6b81b448 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@51985 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/list.2006 | 2 | ||||
-rw-r--r-- | data/CVE/list.2009 | 12 | ||||
-rw-r--r-- | data/CVE/list.2016 | 8 | ||||
-rw-r--r-- | data/CVE/list.2017 | 40 |
4 files changed, 33 insertions, 29 deletions
diff --git a/data/CVE/list.2006 b/data/CVE/list.2006 index 1013b0e601..5a50d610ba 100644 --- a/data/CVE/list.2006 +++ b/data/CVE/list.2006 @@ -16381,7 +16381,7 @@ CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...) {DSA-1000-2} - libapreq2 2.07-1 CVE-2006-0041 - RESERVED + REJECTED CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...) - evolution 2.10.1 (bug #398064; low) [etch] - evolution <no-dsa> (Minor issue) diff --git a/data/CVE/list.2009 b/data/CVE/list.2009 index 0e784b9935..ee0f5ae387 100644 --- a/data/CVE/list.2009 +++ b/data/CVE/list.2009 @@ -1948,9 +1948,9 @@ CVE-2009-4278 CVE-2009-4277 RESERVED CVE-2009-4276 - RESERVED + REJECTED CVE-2009-4275 - RESERVED + REJECTED CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...) {DSA-2026-1 DTSA-206-1} - netpbm-free 2:10.0-12.2 (medium; bug #569060) @@ -1972,7 +1972,7 @@ CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsm CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...) NOT-FOR-US: Apache Derby CVE-2009-4268 - RESERVED + REJECTED CVE-2009-4267 RESERVED CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed] @@ -2595,7 +2595,7 @@ CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Softwa CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...) NOT-FOR-US: FrontAccounting CVE-2009-4036 - RESERVED + REJECTED CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...) - kdegraphics 4:4.0.0-1 - xpdf 3.01-1 @@ -7223,7 +7223,7 @@ CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function - webkit 1.1.10-1 [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps) CVE-2009-2418 - RESERVED + REJECTED CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...) {DSA-1869-1} - curl 7.19.5-1.1 (medium; bug #541991) @@ -11547,7 +11547,7 @@ CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers t {DSA-1786-1} - acpid 1.0.10-1 (medium) CVE-2009-0797 - RESERVED + REJECTED CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...) - libapache2-mod-perl2 2.0.4-6 (low; bug #567635) [lenny] - libapache2-mod-perl2 2.0.4-5+lenny1 diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 6902a5b911..66b745d449 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -6270,10 +6270,10 @@ CVE-2016-8499 REJECTED CVE-2016-8498 RESERVED -CVE-2016-8497 - RESERVED -CVE-2016-8496 - RESERVED +CVE-2016-8497 (An escalation of privilege vulnerability in Fortinet FortiClient ...) + TODO: check +CVE-2016-8496 (A potential execution of unauthorized code or commands vulnerability ...) + TODO: check CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...) NOT-FOR-US: FortiManager CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...) diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 8df1af9958..1285680453 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -1,3 +1,7 @@ +CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...) + TODO: check +CVE-2017-9241 + RESERVED CVE-2017-9240 RESERVED CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the ...) @@ -3691,8 +3695,8 @@ CVE-2017-7733 RESERVED CVE-2017-7732 RESERVED -CVE-2017-7731 - RESERVED +CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...) + TODO: check CVE-2017-7730 RESERVED CVE-2017-7729 @@ -4811,20 +4815,20 @@ CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manage NOT-FOR-US: NetApp CVE-2017-7344 RESERVED -CVE-2017-7343 - RESERVED +CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...) + TODO: check CVE-2017-7342 RESERVED CVE-2017-7341 RESERVED CVE-2017-7340 RESERVED -CVE-2017-7339 - RESERVED -CVE-2017-7338 - RESERVED -CVE-2017-7337 - RESERVED +CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions ...) + TODO: check +CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal versions ...) + TODO: check +CVE-2017-7337 (An improper Access Control vulnerability in Fortinet FortiPortal ...) + TODO: check CVE-2017-7336 RESERVED CVE-2017-7335 @@ -9292,8 +9296,8 @@ CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat NOTE: Fixed by: http://svn.apache.org/r1789024 (6.0.x) NOTE: Fixed by: http://svn.apache.org/r1789155 (6.0.x) NOTE: Fixed by: http://svn.apache.org/r1789856 (6.0.x) -CVE-2017-5646 - RESERVED +CVE-2017-5646 (For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated ...) + TODO: check CVE-2017-5645 (In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...) - apache-log4j2 2.7-2 (bug #860489) [jessie] - apache-log4j2 <no-dsa> (Minor issue, no consumers of liblog4j2-java in Jessie) @@ -15453,8 +15457,8 @@ CVE-2017-3135 [Assertion failure when using DNS64 and RPZ can lead to crash] - bind9 1:9.10.3.dfsg.P4-12 (bug #855520) NOTE: https://kb.isc.org/article/AA-01453 NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434 -CVE-2017-3134 - RESERVED +CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD ...) + TODO: check CVE-2017-3133 RESERVED CVE-2017-3132 @@ -15463,14 +15467,14 @@ CVE-2017-3131 RESERVED CVE-2017-3130 RESERVED -CVE-2017-3129 - RESERVED +CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions ...) + TODO: check CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-3127 RESERVED -CVE-2017-3126 - RESERVED +CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through ...) + TODO: check CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and ...) NOT-FOR-US: FortiMail CVE-2017-3124 |