automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@51985 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-05-27 09:10:17 +0000
committer: security tracker role <sectracker@debian.org> 2017-05-27 09:10:17 +0000
commit: 4d36c653df2619fad957a2b546e97054ebcafdf2 (patch)
tree: b9e303799a77b0e29ca7beabde707f154c77171b
parent: a5e0ceb20bcece97bf66601a0d8d51eb6b81b448 (diff)
4 files changed, 33 insertions, 29 deletions
diff --git a/data/CVE/list.2006 b/data/CVE/list.2006
index 1013b0e601..5a50d610ba 100644
--- a/data/CVE/list.2006
+++ b/data/CVE/list.2006
@@ -16381,7 +16381,7 @@ CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...)
 	{DSA-1000-2}
 	- libapreq2 2.07-1
 CVE-2006-0041
-	RESERVED
+	REJECTED
 CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
 	- evolution 2.10.1 (bug #398064; low)
 	[etch] - evolution <no-dsa> (Minor issue)
diff --git a/data/CVE/list.2009 b/data/CVE/list.2009
index 0e784b9935..ee0f5ae387 100644
--- a/data/CVE/list.2009
+++ b/data/CVE/list.2009
@@ -1948,9 +1948,9 @@ CVE-2009-4278
 CVE-2009-4277
 	RESERVED
 CVE-2009-4276
-	RESERVED
+	REJECTED
 CVE-2009-4275
-	RESERVED
+	REJECTED
 CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...)
 	{DSA-2026-1 DTSA-206-1}
 	- netpbm-free 2:10.0-12.2 (medium; bug #569060)
@@ -1972,7 +1972,7 @@ CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsm
 CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...)
 	NOT-FOR-US: Apache Derby
 CVE-2009-4268
-	RESERVED
+	REJECTED
 CVE-2009-4267
 	RESERVED
 CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed]
@@ -2595,7 +2595,7 @@ CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Softwa
 CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
 	NOT-FOR-US: FrontAccounting
 CVE-2009-4036
-	RESERVED
+	REJECTED
 CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
 	- kdegraphics 4:4.0.0-1
 	- xpdf 3.01-1
@@ -7223,7 +7223,7 @@ CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function
 	- webkit 1.1.10-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
 CVE-2009-2418
-	RESERVED
+	REJECTED
 CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...)
 	{DSA-1869-1}
 	- curl 7.19.5-1.1 (medium; bug #541991)
@@ -11547,7 +11547,7 @@ CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers t
 	{DSA-1786-1}
 	- acpid 1.0.10-1 (medium)
 CVE-2009-0797
-	RESERVED
+	REJECTED
 CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
 	- libapache2-mod-perl2 2.0.4-6 (low; bug #567635)
 	[lenny] - libapache2-mod-perl2 2.0.4-5+lenny1
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index 6902a5b911..66b745d449 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -6270,10 +6270,10 @@ CVE-2016-8499
 	REJECTED
 CVE-2016-8498
 	RESERVED
-CVE-2016-8497
-	RESERVED
-CVE-2016-8496
-	RESERVED
+CVE-2016-8497 (An escalation of privilege vulnerability in Fortinet FortiClient ...)
+	TODO: check
+CVE-2016-8496 (A potential execution of unauthorized code or commands vulnerability ...)
+	TODO: check
 CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...)
 	NOT-FOR-US: FortiManager
 CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...)
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 8df1af9958..1285680453 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -1,3 +1,7 @@
+CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...)
+	TODO: check
+CVE-2017-9241
+	RESERVED
 CVE-2017-9240
 	RESERVED
 CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the ...)
@@ -3691,8 +3695,8 @@ CVE-2017-7733
 	RESERVED
 CVE-2017-7732
 	RESERVED
-CVE-2017-7731
-	RESERVED
+CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...)
+	TODO: check
 CVE-2017-7730
 	RESERVED
 CVE-2017-7729
@@ -4811,20 +4815,20 @@ CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manage
 	NOT-FOR-US: NetApp
 CVE-2017-7344
 	RESERVED
-CVE-2017-7343
-	RESERVED
+CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...)
+	TODO: check
 CVE-2017-7342
 	RESERVED
 CVE-2017-7341
 	RESERVED
 CVE-2017-7340
 	RESERVED
-CVE-2017-7339
-	RESERVED
-CVE-2017-7338
-	RESERVED
-CVE-2017-7337
-	RESERVED
+CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions ...)
+	TODO: check
+CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal versions ...)
+	TODO: check
+CVE-2017-7337 (An improper Access Control vulnerability in Fortinet FortiPortal ...)
+	TODO: check
 CVE-2017-7336
 	RESERVED
 CVE-2017-7335
@@ -9292,8 +9296,8 @@ CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat
 	NOTE: Fixed by: http://svn.apache.org/r1789024 (6.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1789155 (6.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1789856 (6.0.x)
-CVE-2017-5646
-	RESERVED
+CVE-2017-5646 (For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated ...)
+	TODO: check
 CVE-2017-5645 (In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...)
 	- apache-log4j2 2.7-2 (bug #860489)
 	[jessie] - apache-log4j2 <no-dsa> (Minor issue, no consumers of liblog4j2-java in Jessie)
@@ -15453,8 +15457,8 @@ CVE-2017-3135 [Assertion failure when using DNS64 and RPZ can lead to crash]
 	- bind9 1:9.10.3.dfsg.P4-12 (bug #855520)
 	NOTE: https://kb.isc.org/article/AA-01453
 	NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434
-CVE-2017-3134
-	RESERVED
+CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD ...)
+	TODO: check
 CVE-2017-3133
 	RESERVED
 CVE-2017-3132
@@ -15463,14 +15467,14 @@ CVE-2017-3131
 	RESERVED
 CVE-2017-3130
 	RESERVED
-CVE-2017-3129
-	RESERVED
+CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions ...)
+	TODO: check
 CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2017-3127
 	RESERVED
-CVE-2017-3126
-	RESERVED
+CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through ...)
+	TODO: check
 CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and ...)
 	NOT-FOR-US: FortiMail
 CVE-2017-3124
author	security tracker role <sectracker@debian.org>	2017-05-27 09:10:17 +0000
committer	security tracker role <sectracker@debian.org>	2017-05-27 09:10:17 +0000
commit	4d36c653df2619fad957a2b546e97054ebcafdf2 (patch)
tree	b9e303799a77b0e29ca7beabde707f154c77171b
parent	a5e0ceb20bcece97bf66601a0d8d51eb6b81b448 (diff)