Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Sep 2017 16:28:22 +0000 (UTC)
From:      Ryan Steinmetz <zi@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r450911 - head/security/vuxml
Message-ID:  <201709291628.v8TGSMLD035850@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: zi
Date: Fri Sep 29 16:28:22 2017
New Revision: 450911
URL: https://svnweb.freebsd.org/changeset/ports/450911

Log:
  - Condense additional entries where description >4500 characters
  
  Approved by:	ports-secteam (with hat)

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Sep 29 16:06:29 2017	(r450910)
+++ head/security/vuxml/vuln.xml	Fri Sep 29 16:28:22 2017	(r450911)
@@ -1070,64 +1070,17 @@ Notes:
     <topic>GitLab -- multiple vulnerabilities</topic>
     <affects>
       <package>
-	      <name>gitlab</name>
-  <range><ge>1.0.0</ge><le>9.3.10</le></range>
-  <range><ge>9.4.0</ge><le>9.4.5</le></range>
-  <range><ge>9.5.0</ge><le>9.5.3</le></range>
+	<name>gitlab</name>
+	<range><ge>1.0.0</ge><le>9.3.10</le></range>
+	<range><ge>9.4.0</ge><le>9.4.5</le></range>
+	<range><ge>9.5.0</ge><le>9.5.3</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>GitLab reports:</p>
 	<blockquote cite="https://about.gitlab.com/2017/09/07/gitlab-9-dot-5-dot-4-security-release/">;
-    <h1>Cross-Site Scripting (XSS) vulnerability in profile names</h1>
-	  <p>An external security audit performed by Madison Gurkha disclosed a
-	  Cross-Site Scripting (XSS) vulnerability in user names that could be
-	  exploited in several locations.</p>
-    <h1>Open Redirect in go-get middleware</h1>
-    <p>Tim Goddard via HackerOne reported that GitLab was vulnerable to an open
-    redirect vulnerability caused when a specific flag is passed to the go-get
-    middleware. This vulnerability could also possibly be used to conduct
-    Cross-Site Scripting attacks.</p>
-    <h1>Race condition in project uploads</h1>
-    <p>Jobert Abma from HackerOne reported that GitLab was vulnerable to a race
-    condition in project uploads. While very difficult to exploit this race
-    condition could potentially allow an attacker to overwrite a victim's
-    uploaded project if the attacker can guess the name of the uploaded file
-    before it is extracted.</p>
-    <h1>Cross-Site Request Forgery (CSRF) token leakage</h1>
-    <p>naure via HackerOne reported that GitLab was vulnerable to CSRF token
-    leakage via improper filtering of external URLs in relative URL creation. A
-    specially crafted link configured in a project's environments settings could
-    be used to steal a visiting user's CSRF token.</p>
-    <h1>Potential project disclosure via project deletion bug</h1>
-    <p>An internal code review discovered that removed projects were not always
-    being deleted from the file system. This could allow an attacker who knew
-    the full path to a previously deleted project to steal a copy of the
-    repository. These releases prevent the leftover repository from being
-    accessed when creating a new project. The project deletion bug will be fixed
-    in a later release.</p>
-    <h1>White-listed style attribute for table contents in MD enables UI
-    redressing</h1>
-    <p>An external security audit performed by Recurity-Labs discovered a UI
-    redressing vulnerability in the GitLab markdown sanitization library.</p>
-    <h1>DOM clobbering in sanitized MD causes errors</h1>
-    <p>An external security audit performed by Recurity-Labs discovered a DOM
-    clobbering vulnerability in the GitLab markdown sanitization library that
-    could be used to render project pages unreadable.</p>
-    <h1>Nokogiri vendored libxslt library vulnerable to potential integer
-    overflow (CVE-2017-5029 and CVE-2016-4738)</h1>
-    <p>The bundled Nokogiri library has been updated to patch an integer
-    overflow vulnerability. Details are available in the Nokogiri issue.</p>
-    <h1>Security risk in recommended Geo configuration could give all users
-    access to all repositories</h1>
-    <p>An internal code review discovered that GitLab Geo instances could be
-    vulnerable to an attack that would allow any user on the primary Geo
-    instance to clone any repository on a secondary Geo instance.</p>
-    <h1>GitLab Pages private certificate disclosure via symlinks</h1>
-    <p>An external security review conducted by Recurity-Labs discovered a
-    vulnerability in GitLab Pages that could be used to disclose the contents of
-    private SSL keys.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -2183,47 +2136,9 @@ Notes:
 	<p>The cURL project reports:</p>
 	<blockquote cite="https://curl.haxx.se/docs/security.html">;
 	  <ul>
-	    <li><h2>FILE buffer read out of bounds</h2>
-	      <p>When asking to get a file from a file:// URL, libcurl provides
-		a feature that outputs meta-data about the file using HTTP-like
-		headers.</p>
-	      <p>The code doing this would send the wrong buffer to the user
-		(stdout or the application's provide callback), which could
-		lead to other private data from the heap to get inadvertently
-		displayed.</p>
-	      <p>The wrong buffer was an uninitialized memory area allocated on
-		the heap and if it turned out to not contain any zero byte, it
-		would continue and display the data following that buffer in
-		memory.</p>
-	    </li>
-	    <li><h2>TFTP sends more than buffer size</h2>
-	      <p>When doing a TFTP transfer and curl/libcurl is given a URL that
-		contains a very long file name (longer than about 515 bytes),
-		the file name is truncated to fit within the buffer boundaries,
-		but the buffer size is still wrongly updated to use the
-		untruncated length. This too large value is then used in the
-		sendto() call, making curl attempt to send more data than what
-		is actually put into the buffer. The sendto() function will then
-		read beyond the end of the heap based buffer.</p>
-	      <p>A malicious HTTP(S) server could redirect a vulnerable libcurl-
-		using client to a crafted TFTP URL (if the client hasn't
-		restricted which protocols it allows redirects to) and trick it
-		to send private memory contents to a remote server over UDP.
-		Limit curl's redirect protocols with --proto-redir and libcurl's
-		with CURLOPT_REDIR_PROTOCOLS.</p>
-	    </li>
-	    <li><h2>URL globbing out of bounds read</h2>
-	      <p>curl supports "globbing" of URLs, in which a user can pass a
-		numerical range to have the tool iterate over those numbers to
-		do a sequence of transfers.</p>
-	      <p>In the globbing function that parses the numerical range, there
-		was an omission that made curl read a byte beyond the end of the
-		URL if given a carefully crafted, or just wrongly written, URL.
-		The URL is stored in a heap based buffer, so it could then be
-		made to wrongly read something else instead of crashing.</p>
-	      <p>An example of a URL that triggers the flaw would be
-		http://ur%20[0-60000000000000000000.</p>;
-	    </li>
+	    <li>FILE buffer read out of bounds</li>
+	    <li>TFTP sends more than buffer size</li>
+	    <li>URL globbing out of bounds read</li>
 	  </ul>
 	</blockquote>
       </body>
@@ -2300,34 +2215,7 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/">;
-	  <p>CVE-2017-7798: XUL injection in the style editor in devtools</p>
-	  <p>CVE-2017-7800: Use-after-free in WebSockets during disconnection</p>
-	  <p>CVE-2017-7801: Use-after-free with marquee during window resizing</p>
-	  <p>CVE-2017-7784: Use-after-free with image observers</p>
-	  <p>CVE-2017-7802: Use-after-free resizing image elements</p>
-	  <p>CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM</p>
-	  <p>CVE-2017-7786: Buffer overflow while painting non-displayable SVG</p>
-	  <p>CVE-2017-7806: Use-after-free in layer manager with SVG</p>
-	  <p>CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements</p>
-	  <p>CVE-2017-7787: Same-origin policy bypass with iframes through page reloads</p>
-	  <p>CVE-2017-7807: Domain hijacking through AppCache fallback</p>
-	  <p>CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID</p>
-	  <p>CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher</p>
-	  <p>CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts</p>
-	  <p>CVE-2017-7808: CSP information leak with frame-ancestors containing paths</p>
-	  <p>CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections</p>
-	  <p>CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates</p>
-	  <p>CVE-2017-7794: Linux file truncation via sandbox broker</p>
-	  <p>CVE-2017-7803: CSP containing 'sandbox' improperly applied</p>
-	  <p>CVE-2017-7799: Self-XSS XUL injection in about:webrtc</p>
-	  <p>CVE-2017-7783: DOS attack through long username in URL</p>
-	  <p>CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives</p>
-	  <p>CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection</p>
-	  <p>CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values</p>
-	  <p>CVE-2017-7796: Windows updater can delete any file named update.log</p>
-	  <p>CVE-2017-7797: Response header name interning leaks across origins</p>
-	  <p>CVE-2017-7780: Memory safety bugs fixed in Firefox 55</p>
-	  <p>CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -2441,52 +2329,8 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Google Chrome releases reports:</p>
 	<blockquote cite="https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html">;
-	  <p>40 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[728887] High CVE-2017-5091: Use after free in IndexedDB. Reported by
-	      Ned Williamson on 2017-06-02</li>
-	    <li>[733549] High CVE-2017-5092: Use after free un PPAPI. Reported by
-	      Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab on 2017-06-15</li>
-	    <li>[550017] High CVE-2017-5093: UI spoofing in Blink. Reported by
-	      Luan Herrera on 2015-10-31</li>
-	    <li>[702946] High CVE-2017-5094: Type confusion in extensions. Reported by
-	      Anonymous on 2017-03-19</li>
-	    <li>[732661] High CVE-2017-5095: Out-of-bounds write in PDFium. Reported by
-	      Anonymous on 2017-06-13</li>
-	    <li>[714442] High CVE-2017-5096: User information leak via Android intents. Reported by
-	      Takeshi Terada on 2017-04-23</li>
-	    <li>[740789] High CVE-2017-5097: Out-of-bounds read in Skia. Reported by
-	      Anonymous on 2017-07-11</li>
-	    <li>[740803] High CVE-2017-5098: Use after free in V8. Reported by
-	      Jihoon Kim on 2017-07-11</li>
-	    <li>[733548] High CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by
-	      Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab on 2017-06-15</li>
-	    <li>[718292] Medium CVE-2017-5100: Use after free in Chrome Apps. Reported by
-	      Anonymous on 2017-05-04</li>
-	    <li>[681740] Medium CVE-2017-5101: URL spoofing in OmniBox. Reported by
-	      Luan Herrera on 2017-01-17</li>
-	    <li>[727678] Medium CVE-2017-5102: Uninitialized use in Skia. Reported by
-	      Anonymous on 2017-05-30</li>
-	    <li>[726199] Medium CVE-2017-5103: Uninitialized use in Skia. Reported by
-	      Anonymous on 2017-05-25</li>
-	    <li>[729105] Medium CVE-2017-5104: UI spoofing in browser. Reported by
-	      Khalil Zhani on 2017-06-02</li>
-	    <li>[742407] Medium CVE-2017-7000: Pointer disclosure in SQLite. Reported by
-	      Chaitin Security Research Lab working with Trend Micro's Zero Day Initiative</li>
-	    <li>[729979] Low CVE-2017-5105: URL spoofing in OmniBox. Reported by
-	      Rayyan Bijoora on 2017-06-06</li>
-	    <li>[714628] Medium CVE-2017-5106: URL spoofing in OmniBox. Reported by
-	      Jack Zac on 2017-04-24</li>
-	    <li>[686253] Low CVE-2017-5107: User information leak via SVG. Reported by
-	      David Kohlbrenner of UC San Diego on 2017-01-27</li>
-	    <li>[695830] Low CVE-2017-5108: Type of confusion in PDFium. Reported by
-	      Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24</li>
-	    <li>[710400] Low CVE-2017-5109: UI spoofing in browser. Reported by
-	      Jose Maria Acunia Morgado on 2017-04-11</li>
-	    <li>[717476] Low CVE-2017-5110: UI spoofing in payments dialog. Reported by
-	      xisigr of Tencent's Xuanwu Lab on 2017-05-02</li>
-	    <li>[748565] Various fixes from internal audits, fuzzing and other initiatives</li>
-	  </ul>
+	  <p>40 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -2698,60 +2542,19 @@ Notes:
     <topic>GitLab -- Various security issues</topic>
     <affects>
       <package>
-	      <name>gitlab</name>
-  <range><ge>8.0.0</ge><le>8.17.6</le></range>
+	<name>gitlab</name>
+	<range><ge>8.0.0</ge><le>8.17.6</le></range>
 	<range><ge>9.0.0</ge><le>9.0.10</le></range>
 	<range><ge>9.1.0</ge><le>9.1.7</le></range>
 	<range><ge>9.2.0</ge><le>9.2.7</le></range>
-  <range><ge>9.3.0</ge><le>9.3.7</le></range>
+	<range><ge>9.3.0</ge><le>9.3.7</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>GitLab reports:</p>
 	<blockquote cite="https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/">;
-    <h1>Projects in subgroups authorization bypass with SQL wildcards
-    (CVE-2017-11438)</h1>
-	  <p>An internal code review disclosed that by choosing a namespace with
-	  underscores an authenticated user could take advantage of a badly written
-	  SQL query to add themselves to any project inside a subgroup with
-	  permissions of their choice.<br/>
-    This vulnerability was caused by a SQL query that automatically adjusts
-    project permissions but does not escape wildcards. This vulnerability was
-    coincidentally patched when the affected code was rewritten for
-    9.3. Therefore, versions 9.3 and above are not vulnerable.<br/>
-    <br/>
-    This issue has been assigned CVE-2017-11438.<br/>
-    <br/>
-    Note: GitLab-CE+EE 8.17 is not vulnerable to this issue, however patches
-    have been included to improve the security of the SQL queries in 8.17.7.</p>
-    <h1>Symlink cleanup from a previous security release</h1>
-    <p>The 9.2.5 security release contained a fix for a data corruption
-    vulnerability involving file uploads. This fix utilized symlinks to migrate
-    file uploads to a new directory. Due to a typo in the included migration a
-    symlink was accidentally left behind after the migration finished. This
-    symlink can cause problems with instance backups. A fix is included with
-    these releases to remove the problematic symlink.</p>
-    <h1>Accidental or malicious use of reserved names in group names could cause
-    deletion of all snippet uploads</h1>
-    <p>The 9.2.5 security release contained a fix for a data corruption
-    vulnerability involving file uploads. After the release of 9.2.5 an internal
-    code review determined that the recently introduced snippet file uploads
-    feature was also vulnerable to file deletion. Snippet uploads have now been
-    moved into the protected system namespace.</p>
-    <h1>Project name leak on todos page</h1>
-    <p>An internal code review discovered that forceful browsing could be
-    utilized to disclose the names of private projects.</p>
-    <h1>Denial of Service via regular expressions in CI process</h1>
-    <p>Lukas Svoboda reported that regular expressions (regex) included with CI
-    scripts could be utilized to perform a denial-of-service attack on GitLab
-    instances. GitLab now uses the re2 Regex library to limit regex execution
-    time.</p>
-    <h1>Issue title leakage when external issue tracker is enabled</h1>
-    <p>An internal code review determined that when an external issue tracker is
-    configured it was possible to discover the titles of all issues in a given
-    GitLab instance, including issues in private projects and confidential
-    issues.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -2814,45 +2617,7 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Oracle reports:</p>
 	<blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL">;
-	  <ul>
-	    <li>Reserved [CVE-2017-3629]</li>
-	    <li>A remote user can exploit a flaw in the Server: Memcached component to partially
-	      modify data and cause denial of service conditions [CVE-2017-3633].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: DML component to
-	      cause denial of service conditions [CVE-2017-3634].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Connector/C component to
-	      cause denial of service conditions [CVE-2017-3635].</li>
-	    <li>A remote authenticated user can exploit a flaw in the C API component to cause
-	      denial of service conditions [CVE-2017-3635].</li>
-	    <li>A local user can exploit a flaw in the Client programs component to partially
-	      access data, partially modify data, and partially deny service
-	      [CVE-2017-3636].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: UDF component to
-		cause denial of service conditions [CVE-2017-3529].</li>
-	    <li>A remote authenticated user can exploit a flaw in the X Plugin component to
-	      cause denial of service conditions [CVE-2017-3637].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: DML component to
-	      cause denial of service conditions [CVE-2017-3639, CVE-2017-3640, CVE-2017-3641,
-	      CVE-2017-3643, CVE-2017-3644].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: Optimizer
-	      component to cause denial of service conditions [CVE-2017-3638, CVE-2017-3642,
-	      CVE-2017-3645].</li>
-	    <li>A remote authenticated user can exploit a flaw in the X Plugin component to
-	      cause denial of service conditions [CVE-2017-3646].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: Charsets component
-	      to cause denial of service conditions [CVE-2017-3648].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: Replication
-	      component to cause denial of service conditions [CVE-2017-3647,
-	      CVE-2017-3649].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Client mysqldump component
-	      to partially modify data [CVE-2017-3651].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: DDL component to
-	      partially access and partially modify data [CVE-2017-3652].</li>
-	    <li>A remote user can exploit a flaw in the C API component to partially access data
-	      [CVE-2017-3650].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: DDL component to
-	      partially modify data [CVE-2017-3653].</li>
-	  </ul>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -3455,46 +3220,7 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>GitLab reports:</p>
 	<blockquote cite="https://about.gitlab.com/2017/06/07/gitlab-9-dot-2-dot-5-security-release/">;
-    <h1>Cross-Site Scripting (XSS) vulnerability when editing comments</h1>
-	  <p>A GitLab.com user reported that recent changes to Markdown rendering
-	  designed to improve performance by allowing comments to be rendered
-	  client-side opened a persistent Cross-Site Scripting (XSS) vulnerability
-	  when comments are edited and then re-saved. This vulnerability is difficult
-	  to exploit because a victim must be tricked into editing and then saving
-	  another user's comment.</p>
-    <h1>API vulnerable to embedding in iFrames using Session Auth</h1>
-    <p>A tip from a Twitter user led to an internal code audit that discovered a
-    malicious website could embed a GitLab API URL inside an iFrame, possibly
-    tricking a user into thinking that the website had access to the user's
-    GitLab user information. This attack would not disclose the user's data to
-    the malicious website, but it could cause confusion and the API has added an
-    X-Frame-Options header to prevent content from the API being included in
-    iFrames.</p>
-    <h1>Accidental or malicious use of reserved names in group names could cause
-    deletion of all project avatars</h1>
-    <p>A GitLab.com user reported that creating a group named project and then
-    renaming the group would cause all project avatars to be deleted. This was
-    due to an improperly constructed path variable when renaming files. To help
-    prevent this from happening again all avatar uploads have been moved from
-    /public/uploads/(user|group|project) to
-    /public/uploads/system/(user|group|project) and system has been made a
-    reserved namespace. A migration included with this release will rename any
-    existing top-level system namespace to be system0 (or system1, system2,
-    etc.)</p>
-    <h1>Unauthenticated disclosure of usernames in autocomplete controller</h1>
-    <p>HackerOne reporter Evelyn Lee reported that usernames could be enumerated
-    using the autocomplete/users.json endpoint without authenticating. This
-    could allow an unauthenticated attacker to gather a list of all valid
-    usernames from a GitLab instance.</p>
-    <h1>Information leakage with references to private project snippets</h1>
-    <p>GitLab.com user Patrick Fiedler reported that titles of private project
-    snippets could leak when they were referenced in other issues, merge
-    requests, or comments.</p>
-    <h1>Elasticsearch does not implement external user checks correctly</h1>
-    <p>An internal code review discovered that on instances with Elasticsearch
-    enabled GitLab allowed external users to view internal project data. This
-    could unintentionally expose sensitive information to external users. This
-    vulnerability only affects EE installations with Elasticsearch enabled.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -3824,68 +3550,7 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>BestPractical reports:</p>
 	<blockquote cite="http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html">;
-	  <p>RT 4.0.0 and above are vulnerable to an information
-	    leak of cross-site request forgery (CSRF) verification
-	    tokens if a user visits a specific URL crafted by an
-	    attacker. This vulnerability is assigned CVE-2017-5943. It
-	    was discovered by a third-party security researcher.</p>
-
-	  <p>RT 4.0.0 and above are vulnerable to a cross-site
-	    scripting (XSS) attack if an attacker uploads a malicious
-	    file with a certain content type.  Installations which use
-	    the AlwaysDownloadAttachments config setting are
-	    unaffected. This fix addresses all existant and future
-	    uploaded attachments. This vulnerability is assigned
-	    CVE-2016-6127. This was responsibly disclosed to us first
-	    by Scott Russo and the GE Application Security Assessment
-	    Team.</p>
-
-	  <p>One of RT's dependencies, a Perl module named
-	    Email::Address, has a denial of service vulnerability
-	    which could induce a denial of service of RT itself. We
-	    recommend administrators install Email::Address version
-	    1.908 or above, though we additionally provide a new
-	    workaround within RT. Tss vulnerability was assigned
-	    CVE-2015-7686. This vulnerability's application to RT was
-	    brought to our attention by Pali Rohár.</p>
-
-	  <p>RT 4.0.0 and above are vulnerable to timing
-	    side-channel attacks for user passwords. By carefully
-	    measuring millions or billions of login attempts, an
-	    attacker could crack a user's password even over the
-	    internet. RT now uses a constant-time comparison algorithm
-	    for secrets to thwart such attacks. This vulnerability is
-	    assigned CVE-2017-5361.  This was responsibly disclosed to
-	    us by Aaron Kondziela.</p>
-
-	  <p>RT's ExternalAuth feature is vulnerable to a similar
-	    timing side-channel attack. Both RT 4.0/4.2 with the
-	    widely-deployed RT::Authen::ExternalAuth extension, as
-	    well as the core ExternalAuth feature in RT 4.4 are
-	    vulnerable. Installations which don't use ExternalAuth, or
-	    which use ExternalAuth for LDAP/ActiveDirectory
-	    authentication, or which use ExternalAuth for cookie-based
-	    authentication, are unaffected. Only ExternalAuth in DBI
-	    (database) mode is vulnerable.</p>
-
-	  <p>RT 4.0.0 and above are potentially vulnerable to a
-	    remote code execution attack in the dashboard subscription
-	    interface. A privileged attacker can cause unexpected code
-	    to be executed through carefully-crafted saved search
-	    names. Though we have not been able to demonstrate an
-	    actual attack owing to other defenses in place, it could
-	    be possible. This fix addresses all existant and future
-	    saved searches. This vulnerability is assigned
-	    CVE-2017-5944. It was discovered by an internal security
-	    audit.</p>
-
-	  <p>RT 4.0.0 and above have misleading documentation which
-	    could reduce system security. The RestrictLoginReferrer
-	    config setting (which has security implications) was
-	    inconsistent with its implementation, which checked for a
-	    slightly different variable name. RT will now check for
-	    the incorrect name and produce an error message. This was
-	    responsibly disclosed to us by Alex Vandiver.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -3975,29 +3640,7 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/">;
-	  <p>CVE-2017-5472: Use-after-free using destroyed node when regenerating trees</p>
-	  <p>CVE-2017-7749: Use-after-free during docshell reloading</p>
-	  <p>CVE-2017-7750: Use-after-free with track elements</p>
-	  <p>CVE-2017-7751: Use-after-free with content viewer listeners</p>
-	  <p>CVE-2017-7752: Use-after-free with IME input</p>
-	  <p>CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object</p>
-	  <p>CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files</p>
-	  <p>CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors</p>
-	  <p>CVE-2017-7757: Use-after-free in IndexedDB</p>
-	  <p>CVE-2017-7778: Vulnerabilities in the Graphite 2 library</p>
-	  <p>CVE-2017-7758: Out-of-bounds read in Opus encoder</p>
-	  <p>CVE-2017-7759: Android intent URLs can cause navigation to local file system</p>
-	  <p>CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service</p>
-	  <p>CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application</p>
-	  <p>CVE-2017-7762: Addressbar spoofing in Reader mode</p>
-	  <p>CVE-2017-7763: Mac fonts render some unicode characters as spaces</p>
-	  <p>CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks</p>
-	  <p>CVE-2017-7765: Mark of the Web bypass when saving executable files</p>
-	  <p>CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service</p>
-	  <p>CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service</p>
-	  <p>CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service</p>
-	  <p>CVE-2017-5471: Memory safety bugs fixed in Firefox 54</p>
-	  <p>CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -4135,42 +3778,8 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Google Chrome releases reports:</p>
 	<blockquote cite="https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html">;
-	  <p>30 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[722756] High CVE-2017-5070: Type confusion in V8. Reported by
-	      Zhao Qixun of Qihoo 360 Vulcan Team on 2017-05-16</li>
-	    <li>[715582] High CVE-2017-5071: Out of bounds read in V8. Reported by
-	      Choongwood Han on 2017-04-26</li>
-	    <li>[709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by
-	      Rayyan Bijoora on 2017-04-07</li>
-	    <li>[716474] High CVE-2017-5073: Use after free in print preview. Reported by
-	      Khalil Zhani on 2017-04-28</li>
-	    <li>[700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by
-	      anonymous on 2017-03-09</li>
-	    <li>[678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by
-	      Emmanuel Gil Peyrot on 2017-01-05</li>
-	    <li>[722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by
-	      Rayyan Bijoora on 2017-05-16</li>
-	    <li>[719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by
-	      Samuel Erb on 2017-05-06</li>
-	    <li>[716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by
-	      Sweetchip on 2017-04-28</li>
-	    <li>[711020] Medium CVE-2017-5078: Possible command injection in mailto handling.
-	      Reported by Jose Carlos Exposito Bueno on 2017-04-12</li>
-	    <li>[713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by
-	      Khalil Zhani on 2017-04-20</li>
-	    <li>[708819] Medium CVE-2017-5080: Use after free in credit card autofill.
-	      Reported by Khalil Zhani on 2017-04-05</li>
-	    <li>[672008] Medium CVE-2017-5081: Extension verification bypass. Reported by
-	      Andrey Kovalev of Yandex Security Team on 2016-12-07</li>
-	    <li>[721579] Low CVE-2017-5082: Insufficient hardening in credit card editor.
-	      Reported by Nightwatch Cybersecurity Research on 2017-05-11</li>
-	    <li>[714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by
-	      Khalil Zhani on 2017-04-24</li>
-	    <li>[692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages.
-	      Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15</li>
-	    <li>[729639] Various fixes from internal audits, fuzzing and other initiatives</li>
-	  </ul>
+	  <p>30 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -4831,57 +4440,7 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>GitLab reports:</p>
 	<blockquote cite="https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/">;
-    <h1>Cross-Site Scripting (XSS) vulnerability in project import file names
-    for gitlab_project import types</h1>
-    <p>Timo Schmid from ERNW reported a persistent Cross-Site Scripting
-    vulnerability in the new project import view for gitlab_project import
-    types. This XSS vulnerability was caused by the use of Hamlit filters inside
-    HAML views without manually escaping HTML. Unlike content outside of a
-    filter, content inside Hamlit filters (:css, :javascript, :preserve, :plain)
-    is not automatically escaped.</p>
-    <h1>Cross-Site Scripting (XSS) vulnerability in git submodule support</h1>
-    <p>Jobert Abma from HackerOne reported a persistent XSS vulnerability in the
-    GitLab repository files view that could be exploited by injecting malicious
-    script into a git submodule.</p>
-    <h1>Cross-Site Scripting (XSS) vulnerability in repository "new branch"
-    view</h1>
-    <p>A GitLab user reported a persistent XSS vulnerability in the repository
-    new branch view that allowed malicious branch names or git references to
-    execute arbitrary Javascript.</p>
-    <h1>Cross-Site Scripting (XSS) vulnerability in mirror errors display</h1>
-    <p>While investigating Timo Schmid's previously reported XSS vulnerability
-    in import filenames another persistent XSS vulnerability was discovered in
-    the GitLab Enterprise Edition's (EE) mirror view. This vulnerability was
-    also caused by the misuse of Hamlit filters.</p>
-    <h1>Potential XSS vulnerability in DropLab</h1>
-    <p>An internal code audit disclosed a vulnerability in DropLab's templating
-    that, while not currently exploitable, could become exploitable depending on
-    how the templates were used in the future.</p>
-    <h1>Tab Nabbing vulnerabilities in mardown link filter, Asciidoc files, and
-    other markup files</h1>
-    <p>edio via HackerOne reported two tab nabbing vulnerabilities. The first
-    tab nabbing vulnerability was caused by improper hostname filtering when
-    identifying user-supplied external links. GitLab did not properly filter
-    usernames from the URL. An attacker could construct a specially crafted link
-    including a username to bypass GitLab's external link filter. This allowed
-    an attacker to post links in Markdown that did not include the appropriate
-    "noreferrer noopener" options, allowing tab nabbing attacks.</p>
-    <p>The second vulnerability was in the AsciiDoctor markup
-    library. AsciiDoctor was not properly including the "noreferrer noopener"
-    options with external links. An internal investigation discovered other
-    markup libraries that were also vulnerable.</p>
-    <h1>Unauthorized disclosure of wiki pages in search</h1>
-    <p>M. Hasbini reported a flaw in the project search feature that allowed
-    authenticated users to disclose the contents of private wiki pages inside
-    public projects.</p>
-    <h1>External users can view internal snippets</h1>
-    <p>Christian Kühn discovered a vulnerability in GitLab snippets that allowed
-    an external user to view the contents of internal snippets.</p>
-    <h1>Subgroup visibility for private subgroups under a public parent
-    group</h1>
-    <p>Matt Harrison discovered a vulnerability with subgroups that allowed
-    private subgroup names to be disclosed when they belong to a parent group
-    that is public.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -5538,81 +5097,8 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>NVD reports:</p>
 	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-5225">;
-	  <p>LibTIFF version 4.0.7 is vulnerable to a heap buffer
-	    overflow in the tools/tiffcp resulting in DoS or code
-	    execution via a crafted BitsPerSample value.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7592">;
-	  <p>The putagreytile function in tif_getimage.c in LibTIFF
-	    4.0.7 has a left-shift undefined behavior issue, which
-	    might allow remote attackers to cause a denial of service
-	    (application crash) or possibly have unspecified other
-	    impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7593">;
-	  <p>tif_read.c in LibTIFF 4.0.7 does not ensure that
-	    tif_rawdata is properly initialized, which might allow
-	    remote attackers to obtain sensitive information from
-	    process memory via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7594">;
-	  <p>The OJPEGReadHeaderInfoSecTablesDcTable function in
-	    tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to
-	    cause a denial of service (memory leak) via a crafted
-	    image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7595">;
-	  <p>The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF
-	    4.0.7 allows remote attackers to cause a denial of service
-	    (divide-by-zero error and application crash) via a crafted
-	    image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7596">;
-	  <p>LibTIFF 4.0.7 has an "outside the range of
-	    representable values of type float" undefined behavior
-	    issue, which might allow remote attackers to cause a
-	    denial of service (application crash) or possibly have
-	    unspecified other impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7597">;
-	  <p>tif_dirread.c in LibTIFF 4.0.7 has an "outside the
-	    range of representable values of type float" undefined
-	    behavior issue, which might allow remote attackers to
-	    cause a denial of service (application crash) or possibly
-	    have unspecified other impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7598">;
-	  <p>tif_dirread.c in LibTIFF 4.0.7 might allow remote
-	    attackers to cause a denial of service (divide-by-zero
-	    error and application crash) via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7599">;
-	  <p>LibTIFF 4.0.7 has an "outside the range of
-	    representable values of type short" undefined behavior
-	    issue, which might allow remote attackers to cause a
-	    denial of service (application crash) or possibly have
-	    unspecified other impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7600">;
-	  <p>LibTIFF 4.0.7 has an "outside the range of
-	    representable values of type unsigned char" undefined
-	    behavior issue, which might allow remote attackers to
-	    cause a denial of service (application crash) or possibly
-	    have unspecified other impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7601">;
-	  <p>LibTIFF 4.0.7 has a "shift exponent too large for
-	    64-bit type long" undefined behavior issue, which might
-	    allow remote attackers to cause a denial of service
-	    (application crash) or possibly have unspecified other
-	    impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7602">;
-	  <p>LibTIFF 4.0.7 has a signed integer overflow, which
-	    might allow remote attackers to cause a denial of service
-	    (application crash) or possibly have unspecified other
-	    impact via a crafted image.</p>
-	</blockquote>
       </body>
     </description>
     <references>
@@ -5934,45 +5420,7 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/">;
-	  <p>CVE-2017-5433: Use-after-free in SMIL animation functions</p>
-	  <p>CVE-2017-5435: Use-after-free during transaction processing in the editor</p>
-	  <p>CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2</p>
-	  <p>CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS</p>
-	  <p>CVE-2017-5459: Buffer overflow in WebGL</p>
-	  <p>CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL</p>
-	  <p>CVE-2017-5434: Use-after-free during focus handling</p>
-	  <p>CVE-2017-5432: Use-after-free in text input selection</p>
-	  <p>CVE-2017-5460: Use-after-free in frame selection</p>
-	  <p>CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing</p>
-	  <p>CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing</p>
-	  <p>CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing</p>
-	  <p>CVE-2017-5441: Use-after-free with selection during scroll events</p>
-	  <p>CVE-2017-5442: Use-after-free during style changes</p>
-	  <p>CVE-2017-5464: Memory corruption with accessibility and DOM manipulation</p>
-	  <p>CVE-2017-5443: Out-of-bounds write during BinHex decoding</p>
-	  <p>CVE-2017-5444: Buffer overflow while parsing application/http-index-format content</p>
-	  <p>CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data</p>
-	  <p>CVE-2017-5447: Out-of-bounds read during glyph processing</p>
-	  <p>CVE-2017-5465: Out-of-bounds read in ConvolvePixel</p>
-	  <p>CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor</p>
-	  <p>CVE-2017-5437: Vulnerabilities in Libevent library</p>
-	  <p>CVE-2017-5454: Sandbox escape allowing file system read access through file picker</p>
-	  <p>CVE-2017-5455: Sandbox escape through internal feed reader APIs</p>
-	  <p>CVE-2017-5456: Sandbox escape allowing local file system access</p>
-	  <p>CVE-2017-5469: Potential Buffer overflow in flex-generated code</p>
-	  <p>CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content</p>
-	  <p>CVE-2017-5449: Crash during bidirectional unicode manipulation with animation</p>
-	  <p>CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android</p>
-	  <p>CVE-2017-5451: Addressbar spoofing with onblur event</p>
-	  <p>CVE-2017-5462: DRBG flaw in NSS</p>
-	  <p>CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android</p>
-	  <p>CVE-2017-5467: Memory corruption when drawing Skia content</p>
-	  <p>CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android</p>
-	  <p>CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element</p>
-	  <p>CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS</p>
-	  <p>CVE-2017-5468: Incorrect ownership model for Private Browsing information</p>
-	  <p>CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1</p>
-	  <p>CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -6984,46 +6432,8 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Google Chrome Releases reports:</p>
 	<blockquote cite="https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html">;
-	  <p>36 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[682194] High CVE-2017-5030: Memory corruption in V8. Credit to
-	      Brendon Tiszka</li>
-	    <li>[682020] High CVE-2017-5031: Use after free in ANGLE. Credit to
-	      Looben Yang</li>
-	    <li>[668724] High CVE-2017-5032: Out of bounds write in PDFium. Credit to
-	      Ashfaq Ansari - Project Srishti</li>
-	    <li>[676623] High CVE-2017-5029: Integer overflow in libxslt. Credit to
-	      Holger Fuhrmannek</li>
-	    <li>[678461] High CVE-2017-5034: Use after free in PDFium. Credit to
-	      Ke Liu of Tencent's Xuanwu Lab</li>
-	    <li>[688425] High CVE-2017-5035: Incorrect security UI in Omnibox. Credit to
-	      Enzo Aguado</li>
-	    <li>[691371] High CVE-2017-5036: Use after free in PDFium. Credit to
-	      Anonymous</li>
-	    <li>[679640] High CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
-	      Credit to Yongke Wang of Tecent's Xuanwu Lab</li>
-	    <li>[679649] High CVE-2017-5039: Use after free in PDFium. Credit to
-	      jinmo123</li>
-	    <li>[691323] Medium CVE-2017-5040: Information disclosure in V8. Credit to
-	      Choongwoo Han</li>
-	    <li>[642490] Medium CVE-2017-5041: Address spoofing in Omnibox. Credit to
-	      Jordi Chancel</li>
-	    <li>[669086] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink.
-	      Credit to Nicolai Grodum</li>
-	    <li>[671932] Medium CVE-2017-5042: Incorrect handling of cookies in Cast.
-	      Credit to Mike Ruddy</li>
-	    <li>[695476] Medium CVE-2017-5038: Use after free in GuestView. Credit to
-	      Anonymous</li>
-	    <li>[683523] Medium CVE-2017-5043: Use after free in GuestView. Credit to
-	      Anonymous</li>
-	    <li>[688987] Medium CVE-2017-5044: Heap overflow in Skia. Credit to
-	      Kushal Arvind Shah of Fortinet's FortiGuard Labs</li>
-	    <li>[667079] Medium CVE-2017-5045: Information disclosure in XSS Auditor.
-	      Credit to Dhaval Kapil</li>
-	    <li>[680409] Medium CVE-2017-5046: Information disclosure in Blink. Credit to
-	      Masato Kinugawa</li>
-	    <li>[699618] Various fixes from internal audits, fuzzing and other initiatives</li>
-	  </ul>
+	  <p>36 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -7257,34 +6667,7 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/">;
-	  <p>CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP</p>
-	  <p>CVE-2017-5401: Memory Corruption when handling ErrorResult</p>
-	  <p>CVE-2017-5402: Use-after-free working with events in FontFace objects</p>
-	  <p>CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object</p>
-	  <p>CVE-2017-5404: Use-after-free working with ranges in selections</p>
-	  <p>CVE-2017-5406: Segmentation fault in Skia with canvas operations</p>
-	  <p>CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters</p>
-	  <p>CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping</p>
-	  <p>CVE-2017-5411: Use-after-free in Buffer Storage in libGLES</p>
-	  <p>CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service</p>
-	  <p>CVE-2017-5408: Cross-origin reading of video captions in violation of CORS</p>
-	  <p>CVE-2017-5412: Buffer overflow read in SVG filters</p>
-	  <p>CVE-2017-5413: Segmentation fault during bidirectional operations</p>
-	  <p>CVE-2017-5414: File picker can choose incorrect default directory</p>
-	  <p>CVE-2017-5415: Addressbar spoofing through blob URL</p>
-	  <p>CVE-2017-5416: Null dereference crash in HttpChannel</p>
-	  <p>CVE-2017-5417: Addressbar spoofing by draging and dropping URLs</p>
-	  <p>CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access</p>
-	  <p>CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running</p>
-	  <p>CVE-2017-5427: Non-existent chrome.manifest file loaded during startup</p>
-	  <p>CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses</p>
-	  <p>CVE-2017-5419: Repeated authentication prompts lead to DOS attack</p>
-	  <p>CVE-2017-5420: Javascript: URLs can obfuscate addressbar location</p>
-	  <p>CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports</p>
-	  <p>CVE-2017-5421: Print preview spoofing</p>
-	  <p>CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink</p>
-	  <p>CVE-2017-5399: Memory safety bugs fixed in Firefox 52</p>
-	  <p>CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -8059,43 +7442,7 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Jenkins Security Advisory:</p>
 	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01">;
-	  <h1>Description</h1>
-	  <h5>SECURITY-304 / CVE-2017-2598</h5>
-	  <p>Use of AES ECB block cipher mode without IV for encrypting secrets</p>
-	  <h5>SECURITY-321 / CVE-2017-2599</h5>
-	  <p>Items could be created with same name as existing item</p>
-	  <h5>SECURITY-343 / CVE-2017-2600</h5>
-	  <p>Node monitor data could be viewed by low privilege users</p>
-	  <h5>SECURITY-349 / CVE-2011-4969</h5>
-	  <p>Possible cross-site scripting vulnerability in jQuery bundled with timeline widget</p>
-	  <h5>SECURITY-353 / CVE-2017-2601</h5>
-	  <p>Persisted cross-site scripting vulnerability in parameter names and descriptions</p>
-	  <h5>SECURITY-354 / CVE-2015-0886</h5>
-	  <p>Outdated jbcrypt version bundled with Jenkins</p>
-	  <h5>SECURITY-358 / CVE-2017-2602</h5>
-	  <p>Pipeline metadata files not blacklisted in agent-to-master security subsystem</p>
-	  <h5>SECURITY-362 / CVE-2017-2603</h5>
-	  <p>User data leak in disconnected agents' config.xml API</p>
-	  <h5>SECURITY-371 / CVE-2017-2604</h5>
-	  <p>Low privilege users were able to act on administrative monitors</p>
-	  <h5>SECURITY-376 / CVE-2017-2605</h5>
-	  <p>Re-key admin monitor leaves behind unencrypted credentials in upgraded installations</p>
-	  <h5>SECURITY-380 / CVE-2017-2606</h5>
-	  <p>Internal API allowed access to item names that should not be visible</p>
-	  <h5>SECURITY-382 / CVE-2017-2607</h5>
-	  <p>Persisted cross-site scripting vulnerability in console notes</p>
-	  <h5>SECURITY-383 / CVE-2017-2608</h5>
-	  <p>XStream remote code execution vulnerability</p>
-	  <h5>SECURITY-385 / CVE-2017-2609</h5>
-	  <p>Information disclosure vulnerability in search suggestions</p>
-	  <h5>SECURITY-388 / CVE-2017-2610</h5>
-	  <p>Persisted cross-site scripting vulnerability in search suggestions</p>
-	  <h5>SECURITY-389 / CVE-2017-2611</h5>
-	  <p>Insufficient permission check for periodic processes</p>
-	  <h5>SECURITY-392 / CVE-2017-2612</h5>
-	  <p>Low privilege users were able to override JDK download credentials</p>
-	  <h5>SECURITY-406 / CVE-2017-2613</h5>
-	  <p>User creation CSRF using GET by admins</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -8217,51 +7564,8 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Google Chrome Releases reports:</p>
 	<blockquote cite="https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html">;
-	  <p>51 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[671102] High CVE-2017-5007: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[673170] High CVE-2017-5006: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[668552] High CVE-2017-5008: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[663476] High CVE-2017-5010: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[662859] High CVE-2017-5011: Unauthorised file access in Devtools.
-	      Credit to Khalil Zhani</li>
-	    <li>[667504] High CVE-2017-5009: Out of bounds memory access in WebRTC.
-	      Credit to Sean Stanek and Chip Bradford</li>
-	    <li>[681843] High CVE-2017-5012: Heap overflow in V8. Credit to
-	      Gergely Nagy (Tresorit)</li>
-	    <li>[677716] Medium CVE-2017-5013: Address spoofing in Omnibox.
-	      Credit to Haosheng Wang (@gnehsoah)</li>
-	    <li>[675332] Medium CVE-2017-5014: Heap overflow in Skia. Credit to
-	      sweetchip</li>
-	    <li>[673971] Medium CVE-2017-5015: Address spoofing in Omnibox.
-	      Credit to Armin Razmdjou</li>
-	    <li>[666714] Medium CVE-2017-5019: Use after free in Renderer.
-	      Credit to Wadih Matar</li>
-	    <li>[673163] Medium CVE-2017-5016: UI spoofing in Blink. Credit to
-	      Haosheng Wang (@gnehsoah)</li>
-	    <li>[676975] Medium CVE-2017-5017: Uninitialised memory access in webm video.
-	      Credit to danberm</li>
-	    <li>[668665] Medium CVE-2017-5018: Universal XSS in chrome://apps.
-	      Credit to Rob Wu</li>
-	    <li>[668653] Medium CVE-2017-5020: Universal XSS in chrome://downloads.
-	      Credit to Rob Wu</li>
-	    <li>[663726] Low CVE-2017-5021: Use after free in Extensions. Credit to
-	      Rob Wu</li>
-	    <li>[663620] Low CVE-2017-5022: Bypass of Content Security Policy in Blink.
-	      Credit to Pujun Li of PKAV Team</li>
-	    <li>[651443] Low CVE-2017-5023: Type confunsion in metrics. Credit to the
-	      UK's National Cyber Security Centre (NCSC)</li>
-	    <li>[643951] Low CVE-2017-5024: Heap overflow in FFmpeg. Credit to
-	      Paul Mehta</li>
-	    <li>[643950] Low CVE-2017-5025: Heap overflow in FFmpeg. Credit to
-	      Paul Mehta</li>
-	    <li>[634108] Low CVE-2017-5026: UI spoofing. Credit to Ronni Skansing</li>
-	    <li>[685349] Various fixes from internal audits, fuzzing and other initiatives</li>
-	  </ul>
+	  <p>51 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -8325,38 +7629,10 @@ maliciously crafted GET request to the Horde server.</
 	<p>The OpenSSL project reports:</p>
 	<blockquote cite="https://www.openssl.org/news/secadv/20170126.txt">;
 	  <ul>
-	    <li>Truncated packet could crash via OOB read (CVE-2017-3731)<br/>
-	      Severity: Moderate<br/>
-	      If an SSL/TLS server or client is running on a 32-bit host, and a specific
-	      cipher is being used, then a truncated packet can cause that server or client
-	      to perform an out-of-bounds read, usually resulting in a crash.</li>
-	    <li>Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)<br/>
-	      Severity: Moderate<br/>
-	      If a malicious server supplies bad parameters for a DHE or ECDHE key exchange
-	      then this can result in the client attempting to dereference a NULL pointer
-	      leading to a client crash. This could be exploited in a Denial of Service
-	      attack.</li>
-	    <li>BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)<br/>
-	      Severity: Moderate<br/>
-	      There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
-	      EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
-	      as a result of this defect would be very difficult to perform and are not
-	      believed likely. Attacks against DH are considered just feasible (although very
-	      difficult) because most of the work necessary to deduce information
-	      about a private key may be performed offline. The amount of resources
-	      required for such an attack would be very significant and likely only
-	      accessible to a limited number of attackers. An attacker would
-	      additionally need online access to an unpatched system using the target
-	      private key in a scenario with persistent DH parameters and a private
-	      key that is shared between multiple clients. For example this can occur by
-	      default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
-	      similar to CVE-2015-3193 but must be treated as a separate problem.</li>
-	    <li>Montgomery multiplication may produce incorrect results (CVE-2016-7055)<br/>
-	      Severity: Low<br/>
-	      There is a carry propagating bug in the Broadwell-specific Montgomery
-	      multiplication procedure that handles input lengths divisible by, but
-	      longer than 256 bits. (OpenSSL 1.0.2 only)<br/>
-	      This issue was previously fixed in 1.1.0c</li>
+	    <li>Truncated packet could crash via OOB read (CVE-2017-3731)</li>
+	    <li>Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)</li>
+	    <li>BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)</li>
+	    <li>Montgomery multiplication may produce incorrect results (CVE-2016-7055)</li>
 	  </ul>
 	</blockquote>
       </body>
@@ -8407,30 +7683,7 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/">;
-	  <p>CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7</p>
-	  <p>CVE-2017-5374: Memory safety bugs fixed in Firefox 51</p>
-	  <p>CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP</p>
-	  <p>CVE-2017-5376: Use-after-free in XSL</p>
-	  <p>CVE-2017-5377: Memory corruption with transforms to create gradients in Skia</p>
-	  <p>CVE-2017-5378: Pointer and frame data leakage of Javascript objects</p>
-	  <p>CVE-2017-5379: Use-after-free in Web Animations</p>
-	  <p>CVE-2017-5380: Potential use-after-free during DOM manipulations</p>
-	  <p>CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations</p>
-	  <p>CVE-2017-5382: Feed preview can expose privileged content errors and exceptions</p>
-	  <p>CVE-2017-5383: Location bar spoofing with unicode characters</p>
-	  <p>CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)</p>
-	  <p>CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers</p>
-	  <p>CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions</p>
-	  <p>CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages</p>
-	  <p>CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks</p>
-	  <p>CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests</p>
-	  <p>CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer</p>
-	  <p>CVE-2017-5391: Content about: pages can load privileged about: pages</p>
-	  <p>CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage</p>
-	  <p>CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager</p>
-	  <p>CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events</p>
-	  <p>CVE-2017-5395: Android location bar spoofing during scrolling</p>
-	  <p>CVE-2017-5396: Use-after-free with Media Decoder</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -8480,69 +7733,25 @@ maliciously crafted GET request to the Horde server.</
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>The phpMyAdmin development team reports:</p>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-1/">;
-	  <h3>Summary</h3>
 	  <p>Open redirect</p>
-	  <h3>Description</h3>
-	  <p>It was possible to trick phpMyAdmin to redirect to
-	    insecure using special request path.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be non critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-2/">;
-	  <h3>Summary</h3>
 	  <p>php-gettext code execution</p>
-	  <h3>Description</h3>
-	  <p>The php-gettext library can suffer to code
-	    execution. However there is no way to trigger this inside
-	    phpMyAdmin.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be minor.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-3/">;
-	  <h3>Summary</h3>
 	  <p>DOS vulnerability in table editing</p>
-	  <h3>Description</h3>
-	  <p>It was possible to trigger recursive include operation by
-	    crafted parameters when editing table data.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be non critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-4/">;

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709291628.v8TGSMLD035850>