- Condense additional entries where description >4500 characters

Approved by:	ports-secteam (with hat)

1 files changed, 49 insertions, 1501 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 96acdb002a44..076d8b2e28df 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -1070,64 +1070,17 @@ Notes:
     <topic>GitLab -- multiple vulnerabilities</topic>
     <affects>
       <package>
-	      <name>gitlab</name>
-  <range><ge>1.0.0</ge><le>9.3.10</le></range>
-  <range><ge>9.4.0</ge><le>9.4.5</le></range>
-  <range><ge>9.5.0</ge><le>9.5.3</le></range>
+	<name>gitlab</name>
+	<range><ge>1.0.0</ge><le>9.3.10</le></range>
+	<range><ge>9.4.0</ge><le>9.4.5</le></range>
+	<range><ge>9.5.0</ge><le>9.5.3</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>GitLab reports:</p>
 	<blockquote cite="https://about.gitlab.com/2017/09/07/gitlab-9-dot-5-dot-4-security-release/">
-    <h1>Cross-Site Scripting (XSS) vulnerability in profile names</h1>
-	  <p>An external security audit performed by Madison Gurkha disclosed a
-	  Cross-Site Scripting (XSS) vulnerability in user names that could be
-	  exploited in several locations.</p>
-    <h1>Open Redirect in go-get middleware</h1>
-    <p>Tim Goddard via HackerOne reported that GitLab was vulnerable to an open
-    redirect vulnerability caused when a specific flag is passed to the go-get
-    middleware. This vulnerability could also possibly be used to conduct
-    Cross-Site Scripting attacks.</p>
-    <h1>Race condition in project uploads</h1>
-    <p>Jobert Abma from HackerOne reported that GitLab was vulnerable to a race
-    condition in project uploads. While very difficult to exploit this race
-    condition could potentially allow an attacker to overwrite a victim's
-    uploaded project if the attacker can guess the name of the uploaded file
-    before it is extracted.</p>
-    <h1>Cross-Site Request Forgery (CSRF) token leakage</h1>
-    <p>naure via HackerOne reported that GitLab was vulnerable to CSRF token
-    leakage via improper filtering of external URLs in relative URL creation. A
-    specially crafted link configured in a project's environments settings could
-    be used to steal a visiting user's CSRF token.</p>
-    <h1>Potential project disclosure via project deletion bug</h1>
-    <p>An internal code review discovered that removed projects were not always
-    being deleted from the file system. This could allow an attacker who knew
-    the full path to a previously deleted project to steal a copy of the
-    repository. These releases prevent the leftover repository from being
-    accessed when creating a new project. The project deletion bug will be fixed
-    in a later release.</p>
-    <h1>White-listed style attribute for table contents in MD enables UI
-    redressing</h1>
-    <p>An external security audit performed by Recurity-Labs discovered a UI
-    redressing vulnerability in the GitLab markdown sanitization library.</p>
-    <h1>DOM clobbering in sanitized MD causes errors</h1>
-    <p>An external security audit performed by Recurity-Labs discovered a DOM
-    clobbering vulnerability in the GitLab markdown sanitization library that
-    could be used to render project pages unreadable.</p>
-    <h1>Nokogiri vendored libxslt library vulnerable to potential integer
-    overflow (CVE-2017-5029 and CVE-2016-4738)</h1>
-    <p>The bundled Nokogiri library has been updated to patch an integer
-    overflow vulnerability. Details are available in the Nokogiri issue.</p>
-    <h1>Security risk in recommended Geo configuration could give all users
-    access to all repositories</h1>
-    <p>An internal code review discovered that GitLab Geo instances could be
-    vulnerable to an attack that would allow any user on the primary Geo
-    instance to clone any repository on a secondary Geo instance.</p>
-    <h1>GitLab Pages private certificate disclosure via symlinks</h1>
-    <p>An external security review conducted by Recurity-Labs discovered a
-    vulnerability in GitLab Pages that could be used to disclose the contents of
-    private SSL keys.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -2183,47 +2136,9 @@ Notes:
 	<p>The cURL project reports:</p>
 	<blockquote cite="https://curl.haxx.se/docs/security.html">
 	  <ul>
-	    <li><h2>FILE buffer read out of bounds</h2>
-	      <p>When asking to get a file from a file:// URL, libcurl provides
-		a feature that outputs meta-data about the file using HTTP-like
-		headers.</p>
-	      <p>The code doing this would send the wrong buffer to the user
-		(stdout or the application's provide callback), which could
-		lead to other private data from the heap to get inadvertently
-		displayed.</p>
-	      <p>The wrong buffer was an uninitialized memory area allocated on
-		the heap and if it turned out to not contain any zero byte, it
-		would continue and display the data following that buffer in
-		memory.</p>
-	    </li>
-	    <li><h2>TFTP sends more than buffer size</h2>
-	      <p>When doing a TFTP transfer and curl/libcurl is given a URL that
-		contains a very long file name (longer than about 515 bytes),
-		the file name is truncated to fit within the buffer boundaries,
-		but the buffer size is still wrongly updated to use the
-		untruncated length. This too large value is then used in the
-		sendto() call, making curl attempt to send more data than what
-		is actually put into the buffer. The sendto() function will then
-		read beyond the end of the heap based buffer.</p>
-	      <p>A malicious HTTP(S) server could redirect a vulnerable libcurl-
-		using client to a crafted TFTP URL (if the client hasn't
-		restricted which protocols it allows redirects to) and trick it
-		to send private memory contents to a remote server over UDP.
-		Limit curl's redirect protocols with --proto-redir and libcurl's
-		with CURLOPT_REDIR_PROTOCOLS.</p>
-	    </li>
-	    <li><h2>URL globbing out of bounds read</h2>
-	      <p>curl supports "globbing" of URLs, in which a user can pass a
-		numerical range to have the tool iterate over those numbers to
-		do a sequence of transfers.</p>
-	      <p>In the globbing function that parses the numerical range, there
-		was an omission that made curl read a byte beyond the end of the
-		URL if given a carefully crafted, or just wrongly written, URL.
-		The URL is stored in a heap based buffer, so it could then be
-		made to wrongly read something else instead of crashing.</p>
-	      <p>An example of a URL that triggers the flaw would be
-		http://ur%20[0-60000000000000000000.</p>
-	    </li>
+	    <li>FILE buffer read out of bounds</li>
+	    <li>TFTP sends more than buffer size</li>
+	    <li>URL globbing out of bounds read</li>
 	  </ul>
 	</blockquote>
       </body>
@@ -2300,34 +2215,7 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/">
-	  <p>CVE-2017-7798: XUL injection in the style editor in devtools</p>
-	  <p>CVE-2017-7800: Use-after-free in WebSockets during disconnection</p>
-	  <p>CVE-2017-7801: Use-after-free with marquee during window resizing</p>
-	  <p>CVE-2017-7784: Use-after-free with image observers</p>
-	  <p>CVE-2017-7802: Use-after-free resizing image elements</p>
-	  <p>CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM</p>
-	  <p>CVE-2017-7786: Buffer overflow while painting non-displayable SVG</p>
-	  <p>CVE-2017-7806: Use-after-free in layer manager with SVG</p>
-	  <p>CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements</p>
-	  <p>CVE-2017-7787: Same-origin policy bypass with iframes through page reloads</p>
-	  <p>CVE-2017-7807: Domain hijacking through AppCache fallback</p>
-	  <p>CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID</p>
-	  <p>CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher</p>
-	  <p>CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts</p>
-	  <p>CVE-2017-7808: CSP information leak with frame-ancestors containing paths</p>
-	  <p>CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections</p>
-	  <p>CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates</p>
-	  <p>CVE-2017-7794: Linux file truncation via sandbox broker</p>
-	  <p>CVE-2017-7803: CSP containing 'sandbox' improperly applied</p>
-	  <p>CVE-2017-7799: Self-XSS XUL injection in about:webrtc</p>
-	  <p>CVE-2017-7783: DOS attack through long username in URL</p>
-	  <p>CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives</p>
-	  <p>CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection</p>
-	  <p>CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values</p>
-	  <p>CVE-2017-7796: Windows updater can delete any file named update.log</p>
-	  <p>CVE-2017-7797: Response header name interning leaks across origins</p>
-	  <p>CVE-2017-7780: Memory safety bugs fixed in Firefox 55</p>
-	  <p>CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -2441,52 +2329,8 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Google Chrome releases reports:</p>
 	<blockquote cite="https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html">
-	  <p>40 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[728887] High CVE-2017-5091: Use after free in IndexedDB. Reported by
-	      Ned Williamson on 2017-06-02</li>
-	    <li>[733549] High CVE-2017-5092: Use after free un PPAPI. Reported by
-	      Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab on 2017-06-15</li>
-	    <li>[550017] High CVE-2017-5093: UI spoofing in Blink. Reported by
-	      Luan Herrera on 2015-10-31</li>
-	    <li>[702946] High CVE-2017-5094: Type confusion in extensions. Reported by
-	      Anonymous on 2017-03-19</li>
-	    <li>[732661] High CVE-2017-5095: Out-of-bounds write in PDFium. Reported by
-	      Anonymous on 2017-06-13</li>
-	    <li>[714442] High CVE-2017-5096: User information leak via Android intents. Reported by
-	      Takeshi Terada on 2017-04-23</li>
-	    <li>[740789] High CVE-2017-5097: Out-of-bounds read in Skia. Reported by
-	      Anonymous on 2017-07-11</li>
-	    <li>[740803] High CVE-2017-5098: Use after free in V8. Reported by
-	      Jihoon Kim on 2017-07-11</li>
-	    <li>[733548] High CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by
-	      Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab on 2017-06-15</li>
-	    <li>[718292] Medium CVE-2017-5100: Use after free in Chrome Apps. Reported by
-	      Anonymous on 2017-05-04</li>
-	    <li>[681740] Medium CVE-2017-5101: URL spoofing in OmniBox. Reported by
-	      Luan Herrera on 2017-01-17</li>
-	    <li>[727678] Medium CVE-2017-5102: Uninitialized use in Skia. Reported by
-	      Anonymous on 2017-05-30</li>
-	    <li>[726199] Medium CVE-2017-5103: Uninitialized use in Skia. Reported by
-	      Anonymous on 2017-05-25</li>
-	    <li>[729105] Medium CVE-2017-5104: UI spoofing in browser. Reported by
-	      Khalil Zhani on 2017-06-02</li>
-	    <li>[742407] Medium CVE-2017-7000: Pointer disclosure in SQLite. Reported by
-	      Chaitin Security Research Lab working with Trend Micro's Zero Day Initiative</li>
-	    <li>[729979] Low CVE-2017-5105: URL spoofing in OmniBox. Reported by
-	      Rayyan Bijoora on 2017-06-06</li>
-	    <li>[714628] Medium CVE-2017-5106: URL spoofing in OmniBox. Reported by
-	      Jack Zac on 2017-04-24</li>
-	    <li>[686253] Low CVE-2017-5107: User information leak via SVG. Reported by
-	      David Kohlbrenner of UC San Diego on 2017-01-27</li>
-	    <li>[695830] Low CVE-2017-5108: Type of confusion in PDFium. Reported by
-	      Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24</li>
-	    <li>[710400] Low CVE-2017-5109: UI spoofing in browser. Reported by
-	      Jose Maria Acunia Morgado on 2017-04-11</li>
-	    <li>[717476] Low CVE-2017-5110: UI spoofing in payments dialog. Reported by
-	      xisigr of Tencent's Xuanwu Lab on 2017-05-02</li>
-	    <li>[748565] Various fixes from internal audits, fuzzing and other initiatives</li>
-	  </ul>
+	  <p>40 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -2698,60 +2542,19 @@ Notes:
     <topic>GitLab -- Various security issues</topic>
     <affects>
       <package>
-	      <name>gitlab</name>
-  <range><ge>8.0.0</ge><le>8.17.6</le></range>
+	<name>gitlab</name>
+	<range><ge>8.0.0</ge><le>8.17.6</le></range>
 	<range><ge>9.0.0</ge><le>9.0.10</le></range>
 	<range><ge>9.1.0</ge><le>9.1.7</le></range>
 	<range><ge>9.2.0</ge><le>9.2.7</le></range>
-  <range><ge>9.3.0</ge><le>9.3.7</le></range>
+	<range><ge>9.3.0</ge><le>9.3.7</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>GitLab reports:</p>
 	<blockquote cite="https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/">
-    <h1>Projects in subgroups authorization bypass with SQL wildcards
-    (CVE-2017-11438)</h1>
-	  <p>An internal code review disclosed that by choosing a namespace with
-	  underscores an authenticated user could take advantage of a badly written
-	  SQL query to add themselves to any project inside a subgroup with
-	  permissions of their choice.<br/>
-    This vulnerability was caused by a SQL query that automatically adjusts
-    project permissions but does not escape wildcards. This vulnerability was
-    coincidentally patched when the affected code was rewritten for
-    9.3. Therefore, versions 9.3 and above are not vulnerable.<br/>
-    <br/>
-    This issue has been assigned CVE-2017-11438.<br/>
-    <br/>
-    Note: GitLab-CE+EE 8.17 is not vulnerable to this issue, however patches
-    have been included to improve the security of the SQL queries in 8.17.7.</p>
-    <h1>Symlink cleanup from a previous security release</h1>
-    <p>The 9.2.5 security release contained a fix for a data corruption
-    vulnerability involving file uploads. This fix utilized symlinks to migrate
-    file uploads to a new directory. Due to a typo in the included migration a
-    symlink was accidentally left behind after the migration finished. This
-    symlink can cause problems with instance backups. A fix is included with
-    these releases to remove the problematic symlink.</p>
-    <h1>Accidental or malicious use of reserved names in group names could cause
-    deletion of all snippet uploads</h1>
-    <p>The 9.2.5 security release contained a fix for a data corruption
-    vulnerability involving file uploads. After the release of 9.2.5 an internal
-    code review determined that the recently introduced snippet file uploads
-    feature was also vulnerable to file deletion. Snippet uploads have now been
-    moved into the protected system namespace.</p>
-    <h1>Project name leak on todos page</h1>
-    <p>An internal code review discovered that forceful browsing could be
-    utilized to disclose the names of private projects.</p>
-    <h1>Denial of Service via regular expressions in CI process</h1>
-    <p>Lukas Svoboda reported that regular expressions (regex) included with CI
-    scripts could be utilized to perform a denial-of-service attack on GitLab
-    instances. GitLab now uses the re2 Regex library to limit regex execution
-    time.</p>
-    <h1>Issue title leakage when external issue tracker is enabled</h1>
-    <p>An internal code review determined that when an external issue tracker is
-    configured it was possible to discover the titles of all issues in a given
-    GitLab instance, including issues in private projects and confidential
-    issues.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -2814,45 +2617,7 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Oracle reports:</p>
 	<blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL">
-	  <ul>
-	    <li>Reserved [CVE-2017-3629]</li>
-	    <li>A remote user can exploit a flaw in the Server: Memcached component to partially
-	      modify data and cause denial of service conditions [CVE-2017-3633].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: DML component to
-	      cause denial of service conditions [CVE-2017-3634].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Connector/C component to
-	      cause denial of service conditions [CVE-2017-3635].</li>
-	    <li>A remote authenticated user can exploit a flaw in the C API component to cause
-	      denial of service conditions [CVE-2017-3635].</li>
-	    <li>A local user can exploit a flaw in the Client programs component to partially
-	      access data, partially modify data, and partially deny service
-	      [CVE-2017-3636].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: UDF component to
-		cause denial of service conditions [CVE-2017-3529].</li>
-	    <li>A remote authenticated user can exploit a flaw in the X Plugin component to
-	      cause denial of service conditions [CVE-2017-3637].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: DML component to
-	      cause denial of service conditions [CVE-2017-3639, CVE-2017-3640, CVE-2017-3641,
-	      CVE-2017-3643, CVE-2017-3644].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: Optimizer
-	      component to cause denial of service conditions [CVE-2017-3638, CVE-2017-3642,
-	      CVE-2017-3645].</li>
-	    <li>A remote authenticated user can exploit a flaw in the X Plugin component to
-	      cause denial of service conditions [CVE-2017-3646].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: Charsets component
-	      to cause denial of service conditions [CVE-2017-3648].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: Replication
-	      component to cause denial of service conditions [CVE-2017-3647,
-	      CVE-2017-3649].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Client mysqldump component
-	      to partially modify data [CVE-2017-3651].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: DDL component to
-	      partially access and partially modify data [CVE-2017-3652].</li>
-	    <li>A remote user can exploit a flaw in the C API component to partially access data
-	      [CVE-2017-3650].</li>
-	    <li>A remote authenticated user can exploit a flaw in the Server: DDL component to
-	      partially modify data [CVE-2017-3653].</li>
-	  </ul>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -3455,46 +3220,7 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>GitLab reports:</p>
 	<blockquote cite="https://about.gitlab.com/2017/06/07/gitlab-9-dot-2-dot-5-security-release/">
-    <h1>Cross-Site Scripting (XSS) vulnerability when editing comments</h1>
-	  <p>A GitLab.com user reported that recent changes to Markdown rendering
-	  designed to improve performance by allowing comments to be rendered
-	  client-side opened a persistent Cross-Site Scripting (XSS) vulnerability
-	  when comments are edited and then re-saved. This vulnerability is difficult
-	  to exploit because a victim must be tricked into editing and then saving
-	  another user's comment.</p>
-    <h1>API vulnerable to embedding in iFrames using Session Auth</h1>
-    <p>A tip from a Twitter user led to an internal code audit that discovered a
-    malicious website could embed a GitLab API URL inside an iFrame, possibly
-    tricking a user into thinking that the website had access to the user's
-    GitLab user information. This attack would not disclose the user's data to
-    the malicious website, but it could cause confusion and the API has added an
-    X-Frame-Options header to prevent content from the API being included in
-    iFrames.</p>
-    <h1>Accidental or malicious use of reserved names in group names could cause
-    deletion of all project avatars</h1>
-    <p>A GitLab.com user reported that creating a group named project and then
-    renaming the group would cause all project avatars to be deleted. This was
-    due to an improperly constructed path variable when renaming files. To help
-    prevent this from happening again all avatar uploads have been moved from
-    /public/uploads/(user|group|project) to
-    /public/uploads/system/(user|group|project) and system has been made a
-    reserved namespace. A migration included with this release will rename any
-    existing top-level system namespace to be system0 (or system1, system2,
-    etc.)</p>
-    <h1>Unauthenticated disclosure of usernames in autocomplete controller</h1>
-    <p>HackerOne reporter Evelyn Lee reported that usernames could be enumerated
-    using the autocomplete/users.json endpoint without authenticating. This
-    could allow an unauthenticated attacker to gather a list of all valid
-    usernames from a GitLab instance.</p>
-    <h1>Information leakage with references to private project snippets</h1>
-    <p>GitLab.com user Patrick Fiedler reported that titles of private project
-    snippets could leak when they were referenced in other issues, merge
-    requests, or comments.</p>
-    <h1>Elasticsearch does not implement external user checks correctly</h1>
-    <p>An internal code review discovered that on instances with Elasticsearch
-    enabled GitLab allowed external users to view internal project data. This
-    could unintentionally expose sensitive information to external users. This
-    vulnerability only affects EE installations with Elasticsearch enabled.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -3824,68 +3550,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>BestPractical reports:</p>
 	<blockquote cite="http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html">
-	  <p>RT 4.0.0 and above are vulnerable to an information
-	    leak of cross-site request forgery (CSRF) verification
-	    tokens if a user visits a specific URL crafted by an
-	    attacker. This vulnerability is assigned CVE-2017-5943. It
-	    was discovered by a third-party security researcher.</p>
-
-	  <p>RT 4.0.0 and above are vulnerable to a cross-site
-	    scripting (XSS) attack if an attacker uploads a malicious
-	    file with a certain content type.  Installations which use
-	    the AlwaysDownloadAttachments config setting are
-	    unaffected. This fix addresses all existant and future
-	    uploaded attachments. This vulnerability is assigned
-	    CVE-2016-6127. This was responsibly disclosed to us first
-	    by Scott Russo and the GE Application Security Assessment
-	    Team.</p>
-
-	  <p>One of RT's dependencies, a Perl module named
-	    Email::Address, has a denial of service vulnerability
-	    which could induce a denial of service of RT itself. We
-	    recommend administrators install Email::Address version
-	    1.908 or above, though we additionally provide a new
-	    workaround within RT. Tss vulnerability was assigned
-	    CVE-2015-7686. This vulnerability's application to RT was
-	    brought to our attention by Pali Rohár.</p>
-
-	  <p>RT 4.0.0 and above are vulnerable to timing
-	    side-channel attacks for user passwords. By carefully
-	    measuring millions or billions of login attempts, an
-	    attacker could crack a user's password even over the
-	    internet. RT now uses a constant-time comparison algorithm
-	    for secrets to thwart such attacks. This vulnerability is
-	    assigned CVE-2017-5361.  This was responsibly disclosed to
-	    us by Aaron Kondziela.</p>
-
-	  <p>RT's ExternalAuth feature is vulnerable to a similar
-	    timing side-channel attack. Both RT 4.0/4.2 with the
-	    widely-deployed RT::Authen::ExternalAuth extension, as
-	    well as the core ExternalAuth feature in RT 4.4 are
-	    vulnerable. Installations which don't use ExternalAuth, or
-	    which use ExternalAuth for LDAP/ActiveDirectory
-	    authentication, or which use ExternalAuth for cookie-based
-	    authentication, are unaffected. Only ExternalAuth in DBI
-	    (database) mode is vulnerable.</p>
-
-	  <p>RT 4.0.0 and above are potentially vulnerable to a
-	    remote code execution attack in the dashboard subscription
-	    interface. A privileged attacker can cause unexpected code
-	    to be executed through carefully-crafted saved search
-	    names. Though we have not been able to demonstrate an
-	    actual attack owing to other defenses in place, it could
-	    be possible. This fix addresses all existant and future
-	    saved searches. This vulnerability is assigned
-	    CVE-2017-5944. It was discovered by an internal security
-	    audit.</p>
-
-	  <p>RT 4.0.0 and above have misleading documentation which
-	    could reduce system security. The RestrictLoginReferrer
-	    config setting (which has security implications) was
-	    inconsistent with its implementation, which checked for a
-	    slightly different variable name. RT will now check for
-	    the incorrect name and produce an error message. This was
-	    responsibly disclosed to us by Alex Vandiver.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -3975,29 +3640,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/">
-	  <p>CVE-2017-5472: Use-after-free using destroyed node when regenerating trees</p>
-	  <p>CVE-2017-7749: Use-after-free during docshell reloading</p>
-	  <p>CVE-2017-7750: Use-after-free with track elements</p>
-	  <p>CVE-2017-7751: Use-after-free with content viewer listeners</p>
-	  <p>CVE-2017-7752: Use-after-free with IME input</p>
-	  <p>CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object</p>
-	  <p>CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files</p>
-	  <p>CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors</p>
-	  <p>CVE-2017-7757: Use-after-free in IndexedDB</p>
-	  <p>CVE-2017-7778: Vulnerabilities in the Graphite 2 library</p>
-	  <p>CVE-2017-7758: Out-of-bounds read in Opus encoder</p>
-	  <p>CVE-2017-7759: Android intent URLs can cause navigation to local file system</p>
-	  <p>CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service</p>
-	  <p>CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application</p>
-	  <p>CVE-2017-7762: Addressbar spoofing in Reader mode</p>
-	  <p>CVE-2017-7763: Mac fonts render some unicode characters as spaces</p>
-	  <p>CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks</p>
-	  <p>CVE-2017-7765: Mark of the Web bypass when saving executable files</p>
-	  <p>CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service</p>
-	  <p>CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service</p>
-	  <p>CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service</p>
-	  <p>CVE-2017-5471: Memory safety bugs fixed in Firefox 54</p>
-	  <p>CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -4135,42 +3778,8 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Google Chrome releases reports:</p>
 	<blockquote cite="https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html">
-	  <p>30 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[722756] High CVE-2017-5070: Type confusion in V8. Reported by
-	      Zhao Qixun of Qihoo 360 Vulcan Team on 2017-05-16</li>
-	    <li>[715582] High CVE-2017-5071: Out of bounds read in V8. Reported by
-	      Choongwood Han on 2017-04-26</li>
-	    <li>[709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by
-	      Rayyan Bijoora on 2017-04-07</li>
-	    <li>[716474] High CVE-2017-5073: Use after free in print preview. Reported by
-	      Khalil Zhani on 2017-04-28</li>
-	    <li>[700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by
-	      anonymous on 2017-03-09</li>
-	    <li>[678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by
-	      Emmanuel Gil Peyrot on 2017-01-05</li>
-	    <li>[722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by
-	      Rayyan Bijoora on 2017-05-16</li>
-	    <li>[719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by
-	      Samuel Erb on 2017-05-06</li>
-	    <li>[716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by
-	      Sweetchip on 2017-04-28</li>
-	    <li>[711020] Medium CVE-2017-5078: Possible command injection in mailto handling.
-	      Reported by Jose Carlos Exposito Bueno on 2017-04-12</li>
-	    <li>[713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by
-	      Khalil Zhani on 2017-04-20</li>
-	    <li>[708819] Medium CVE-2017-5080: Use after free in credit card autofill.
-	      Reported by Khalil Zhani on 2017-04-05</li>
-	    <li>[672008] Medium CVE-2017-5081: Extension verification bypass. Reported by
-	      Andrey Kovalev of Yandex Security Team on 2016-12-07</li>
-	    <li>[721579] Low CVE-2017-5082: Insufficient hardening in credit card editor.
-	      Reported by Nightwatch Cybersecurity Research on 2017-05-11</li>
-	    <li>[714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by
-	      Khalil Zhani on 2017-04-24</li>
-	    <li>[692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages.
-	      Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15</li>
-	    <li>[729639] Various fixes from internal audits, fuzzing and other initiatives</li>
-	  </ul>
+	  <p>30 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -4831,57 +4440,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>GitLab reports:</p>
 	<blockquote cite="https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/">
-    <h1>Cross-Site Scripting (XSS) vulnerability in project import file names
-    for gitlab_project import types</h1>
-    <p>Timo Schmid from ERNW reported a persistent Cross-Site Scripting
-    vulnerability in the new project import view for gitlab_project import
-    types. This XSS vulnerability was caused by the use of Hamlit filters inside
-    HAML views without manually escaping HTML. Unlike content outside of a
-    filter, content inside Hamlit filters (:css, :javascript, :preserve, :plain)
-    is not automatically escaped.</p>
-    <h1>Cross-Site Scripting (XSS) vulnerability in git submodule support</h1>
-    <p>Jobert Abma from HackerOne reported a persistent XSS vulnerability in the
-    GitLab repository files view that could be exploited by injecting malicious
-    script into a git submodule.</p>
-    <h1>Cross-Site Scripting (XSS) vulnerability in repository "new branch"
-    view</h1>
-    <p>A GitLab user reported a persistent XSS vulnerability in the repository
-    new branch view that allowed malicious branch names or git references to
-    execute arbitrary Javascript.</p>
-    <h1>Cross-Site Scripting (XSS) vulnerability in mirror errors display</h1>
-    <p>While investigating Timo Schmid's previously reported XSS vulnerability
-    in import filenames another persistent XSS vulnerability was discovered in
-    the GitLab Enterprise Edition's (EE) mirror view. This vulnerability was
-    also caused by the misuse of Hamlit filters.</p>
-    <h1>Potential XSS vulnerability in DropLab</h1>
-    <p>An internal code audit disclosed a vulnerability in DropLab's templating
-    that, while not currently exploitable, could become exploitable depending on
-    how the templates were used in the future.</p>
-    <h1>Tab Nabbing vulnerabilities in mardown link filter, Asciidoc files, and
-    other markup files</h1>
-    <p>edio via HackerOne reported two tab nabbing vulnerabilities. The first
-    tab nabbing vulnerability was caused by improper hostname filtering when
-    identifying user-supplied external links. GitLab did not properly filter
-    usernames from the URL. An attacker could construct a specially crafted link
-    including a username to bypass GitLab's external link filter. This allowed
-    an attacker to post links in Markdown that did not include the appropriate
-    "noreferrer noopener" options, allowing tab nabbing attacks.</p>
-    <p>The second vulnerability was in the AsciiDoctor markup
-    library. AsciiDoctor was not properly including the "noreferrer noopener"
-    options with external links. An internal investigation discovered other
-    markup libraries that were also vulnerable.</p>
-    <h1>Unauthorized disclosure of wiki pages in search</h1>
-    <p>M. Hasbini reported a flaw in the project search feature that allowed
-    authenticated users to disclose the contents of private wiki pages inside
-    public projects.</p>
-    <h1>External users can view internal snippets</h1>
-    <p>Christian Kühn discovered a vulnerability in GitLab snippets that allowed
-    an external user to view the contents of internal snippets.</p>
-    <h1>Subgroup visibility for private subgroups under a public parent
-    group</h1>
-    <p>Matt Harrison discovered a vulnerability with subgroups that allowed
-    private subgroup names to be disclosed when they belong to a parent group
-    that is public.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -5538,80 +5097,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>NVD reports:</p>
 	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-5225">
-	  <p>LibTIFF version 4.0.7 is vulnerable to a heap buffer
-	    overflow in the tools/tiffcp resulting in DoS or code
-	    execution via a crafted BitsPerSample value.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7592">
-	  <p>The putagreytile function in tif_getimage.c in LibTIFF
-	    4.0.7 has a left-shift undefined behavior issue, which
-	    might allow remote attackers to cause a denial of service
-	    (application crash) or possibly have unspecified other
-	    impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7593">
-	  <p>tif_read.c in LibTIFF 4.0.7 does not ensure that
-	    tif_rawdata is properly initialized, which might allow
-	    remote attackers to obtain sensitive information from
-	    process memory via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7594">
-	  <p>The OJPEGReadHeaderInfoSecTablesDcTable function in
-	    tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to
-	    cause a denial of service (memory leak) via a crafted
-	    image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7595">
-	  <p>The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF
-	    4.0.7 allows remote attackers to cause a denial of service
-	    (divide-by-zero error and application crash) via a crafted
-	    image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7596">
-	  <p>LibTIFF 4.0.7 has an "outside the range of
-	    representable values of type float" undefined behavior
-	    issue, which might allow remote attackers to cause a
-	    denial of service (application crash) or possibly have
-	    unspecified other impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7597">
-	  <p>tif_dirread.c in LibTIFF 4.0.7 has an "outside the
-	    range of representable values of type float" undefined
-	    behavior issue, which might allow remote attackers to
-	    cause a denial of service (application crash) or possibly
-	    have unspecified other impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7598">
-	  <p>tif_dirread.c in LibTIFF 4.0.7 might allow remote
-	    attackers to cause a denial of service (divide-by-zero
-	    error and application crash) via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7599">
-	  <p>LibTIFF 4.0.7 has an "outside the range of
-	    representable values of type short" undefined behavior
-	    issue, which might allow remote attackers to cause a
-	    denial of service (application crash) or possibly have
-	    unspecified other impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7600">
-	  <p>LibTIFF 4.0.7 has an "outside the range of
-	    representable values of type unsigned char" undefined
-	    behavior issue, which might allow remote attackers to
-	    cause a denial of service (application crash) or possibly
-	    have unspecified other impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7601">
-	  <p>LibTIFF 4.0.7 has a "shift exponent too large for
-	    64-bit type long" undefined behavior issue, which might
-	    allow remote attackers to cause a denial of service
-	    (application crash) or possibly have unspecified other
-	    impact via a crafted image.</p>
-	</blockquote>
-	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7602">
-	  <p>LibTIFF 4.0.7 has a signed integer overflow, which
-	    might allow remote attackers to cause a denial of service
-	    (application crash) or possibly have unspecified other
-	    impact via a crafted image.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -5934,45 +5420,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/">
-	  <p>CVE-2017-5433: Use-after-free in SMIL animation functions</p>
-	  <p>CVE-2017-5435: Use-after-free during transaction processing in the editor</p>
-	  <p>CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2</p>
-	  <p>CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS</p>
-	  <p>CVE-2017-5459: Buffer overflow in WebGL</p>
-	  <p>CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL</p>
-	  <p>CVE-2017-5434: Use-after-free during focus handling</p>
-	  <p>CVE-2017-5432: Use-after-free in text input selection</p>
-	  <p>CVE-2017-5460: Use-after-free in frame selection</p>
-	  <p>CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing</p>
-	  <p>CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing</p>
-	  <p>CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing</p>
-	  <p>CVE-2017-5441: Use-after-free with selection during scroll events</p>
-	  <p>CVE-2017-5442: Use-after-free during style changes</p>
-	  <p>CVE-2017-5464: Memory corruption with accessibility and DOM manipulation</p>
-	  <p>CVE-2017-5443: Out-of-bounds write during BinHex decoding</p>
-	  <p>CVE-2017-5444: Buffer overflow while parsing application/http-index-format content</p>
-	  <p>CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data</p>
-	  <p>CVE-2017-5447: Out-of-bounds read during glyph processing</p>
-	  <p>CVE-2017-5465: Out-of-bounds read in ConvolvePixel</p>
-	  <p>CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor</p>
-	  <p>CVE-2017-5437: Vulnerabilities in Libevent library</p>
-	  <p>CVE-2017-5454: Sandbox escape allowing file system read access through file picker</p>
-	  <p>CVE-2017-5455: Sandbox escape through internal feed reader APIs</p>
-	  <p>CVE-2017-5456: Sandbox escape allowing local file system access</p>
-	  <p>CVE-2017-5469: Potential Buffer overflow in flex-generated code</p>
-	  <p>CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content</p>
-	  <p>CVE-2017-5449: Crash during bidirectional unicode manipulation with animation</p>
-	  <p>CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android</p>
-	  <p>CVE-2017-5451: Addressbar spoofing with onblur event</p>
-	  <p>CVE-2017-5462: DRBG flaw in NSS</p>
-	  <p>CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android</p>
-	  <p>CVE-2017-5467: Memory corruption when drawing Skia content</p>
-	  <p>CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android</p>
-	  <p>CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element</p>
-	  <p>CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS</p>
-	  <p>CVE-2017-5468: Incorrect ownership model for Private Browsing information</p>
-	  <p>CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1</p>
-	  <p>CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -6984,46 +6432,8 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Google Chrome Releases reports:</p>
 	<blockquote cite="https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html">
-	  <p>36 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[682194] High CVE-2017-5030: Memory corruption in V8. Credit to
-	      Brendon Tiszka</li>
-	    <li>[682020] High CVE-2017-5031: Use after free in ANGLE. Credit to
-	      Looben Yang</li>
-	    <li>[668724] High CVE-2017-5032: Out of bounds write in PDFium. Credit to
-	      Ashfaq Ansari - Project Srishti</li>
-	    <li>[676623] High CVE-2017-5029: Integer overflow in libxslt. Credit to
-	      Holger Fuhrmannek</li>
-	    <li>[678461] High CVE-2017-5034: Use after free in PDFium. Credit to
-	      Ke Liu of Tencent's Xuanwu Lab</li>
-	    <li>[688425] High CVE-2017-5035: Incorrect security UI in Omnibox. Credit to
-	      Enzo Aguado</li>
-	    <li>[691371] High CVE-2017-5036: Use after free in PDFium. Credit to
-	      Anonymous</li>
-	    <li>[679640] High CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
-	      Credit to Yongke Wang of Tecent's Xuanwu Lab</li>
-	    <li>[679649] High CVE-2017-5039: Use after free in PDFium. Credit to
-	      jinmo123</li>
-	    <li>[691323] Medium CVE-2017-5040: Information disclosure in V8. Credit to
-	      Choongwoo Han</li>
-	    <li>[642490] Medium CVE-2017-5041: Address spoofing in Omnibox. Credit to
-	      Jordi Chancel</li>
-	    <li>[669086] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink.
-	      Credit to Nicolai Grodum</li>
-	    <li>[671932] Medium CVE-2017-5042: Incorrect handling of cookies in Cast.
-	      Credit to Mike Ruddy</li>
-	    <li>[695476] Medium CVE-2017-5038: Use after free in GuestView. Credit to
-	      Anonymous</li>
-	    <li>[683523] Medium CVE-2017-5043: Use after free in GuestView. Credit to
-	      Anonymous</li>
-	    <li>[688987] Medium CVE-2017-5044: Heap overflow in Skia. Credit to
-	      Kushal Arvind Shah of Fortinet's FortiGuard Labs</li>
-	    <li>[667079] Medium CVE-2017-5045: Information disclosure in XSS Auditor.
-	      Credit to Dhaval Kapil</li>
-	    <li>[680409] Medium CVE-2017-5046: Information disclosure in Blink. Credit to
-	      Masato Kinugawa</li>
-	    <li>[699618] Various fixes from internal audits, fuzzing and other initiatives</li>
-	  </ul>
+	  <p>36 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -7257,34 +6667,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/">
-	  <p>CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP</p>
-	  <p>CVE-2017-5401: Memory Corruption when handling ErrorResult</p>
-	  <p>CVE-2017-5402: Use-after-free working with events in FontFace objects</p>
-	  <p>CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object</p>
-	  <p>CVE-2017-5404: Use-after-free working with ranges in selections</p>
-	  <p>CVE-2017-5406: Segmentation fault in Skia with canvas operations</p>
-	  <p>CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters</p>
-	  <p>CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping</p>
-	  <p>CVE-2017-5411: Use-after-free in Buffer Storage in libGLES</p>
-	  <p>CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service</p>
-	  <p>CVE-2017-5408: Cross-origin reading of video captions in violation of CORS</p>
-	  <p>CVE-2017-5412: Buffer overflow read in SVG filters</p>
-	  <p>CVE-2017-5413: Segmentation fault during bidirectional operations</p>
-	  <p>CVE-2017-5414: File picker can choose incorrect default directory</p>
-	  <p>CVE-2017-5415: Addressbar spoofing through blob URL</p>
-	  <p>CVE-2017-5416: Null dereference crash in HttpChannel</p>
-	  <p>CVE-2017-5417: Addressbar spoofing by draging and dropping URLs</p>
-	  <p>CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access</p>
-	  <p>CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running</p>
-	  <p>CVE-2017-5427: Non-existent chrome.manifest file loaded during startup</p>
-	  <p>CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses</p>
-	  <p>CVE-2017-5419: Repeated authentication prompts lead to DOS attack</p>
-	  <p>CVE-2017-5420: Javascript: URLs can obfuscate addressbar location</p>
-	  <p>CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports</p>
-	  <p>CVE-2017-5421: Print preview spoofing</p>
-	  <p>CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink</p>
-	  <p>CVE-2017-5399: Memory safety bugs fixed in Firefox 52</p>
-	  <p>CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -8059,43 +7442,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Jenkins Security Advisory:</p>
 	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01">
-	  <h1>Description</h1>
-	  <h5>SECURITY-304 / CVE-2017-2598</h5>
-	  <p>Use of AES ECB block cipher mode without IV for encrypting secrets</p>
-	  <h5>SECURITY-321 / CVE-2017-2599</h5>
-	  <p>Items could be created with same name as existing item</p>
-	  <h5>SECURITY-343 / CVE-2017-2600</h5>
-	  <p>Node monitor data could be viewed by low privilege users</p>
-	  <h5>SECURITY-349 / CVE-2011-4969</h5>
-	  <p>Possible cross-site scripting vulnerability in jQuery bundled with timeline widget</p>
-	  <h5>SECURITY-353 / CVE-2017-2601</h5>
-	  <p>Persisted cross-site scripting vulnerability in parameter names and descriptions</p>
-	  <h5>SECURITY-354 / CVE-2015-0886</h5>
-	  <p>Outdated jbcrypt version bundled with Jenkins</p>
-	  <h5>SECURITY-358 / CVE-2017-2602</h5>
-	  <p>Pipeline metadata files not blacklisted in agent-to-master security subsystem</p>
-	  <h5>SECURITY-362 / CVE-2017-2603</h5>
-	  <p>User data leak in disconnected agents' config.xml API</p>
-	  <h5>SECURITY-371 / CVE-2017-2604</h5>
-	  <p>Low privilege users were able to act on administrative monitors</p>
-	  <h5>SECURITY-376 / CVE-2017-2605</h5>
-	  <p>Re-key admin monitor leaves behind unencrypted credentials in upgraded installations</p>
-	  <h5>SECURITY-380 / CVE-2017-2606</h5>
-	  <p>Internal API allowed access to item names that should not be visible</p>
-	  <h5>SECURITY-382 / CVE-2017-2607</h5>
-	  <p>Persisted cross-site scripting vulnerability in console notes</p>
-	  <h5>SECURITY-383 / CVE-2017-2608</h5>
-	  <p>XStream remote code execution vulnerability</p>
-	  <h5>SECURITY-385 / CVE-2017-2609</h5>
-	  <p>Information disclosure vulnerability in search suggestions</p>
-	  <h5>SECURITY-388 / CVE-2017-2610</h5>
-	  <p>Persisted cross-site scripting vulnerability in search suggestions</p>
-	  <h5>SECURITY-389 / CVE-2017-2611</h5>
-	  <p>Insufficient permission check for periodic processes</p>
-	  <h5>SECURITY-392 / CVE-2017-2612</h5>
-	  <p>Low privilege users were able to override JDK download credentials</p>
-	  <h5>SECURITY-406 / CVE-2017-2613</h5>
-	  <p>User creation CSRF using GET by admins</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -8217,51 +7564,8 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Google Chrome Releases reports:</p>
 	<blockquote cite="https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html">
-	  <p>51 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[671102] High CVE-2017-5007: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[673170] High CVE-2017-5006: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[668552] High CVE-2017-5008: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[663476] High CVE-2017-5010: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[662859] High CVE-2017-5011: Unauthorised file access in Devtools.
-	      Credit to Khalil Zhani</li>
-	    <li>[667504] High CVE-2017-5009: Out of bounds memory access in WebRTC.
-	      Credit to Sean Stanek and Chip Bradford</li>
-	    <li>[681843] High CVE-2017-5012: Heap overflow in V8. Credit to
-	      Gergely Nagy (Tresorit)</li>
-	    <li>[677716] Medium CVE-2017-5013: Address spoofing in Omnibox.
-	      Credit to Haosheng Wang (@gnehsoah)</li>
-	    <li>[675332] Medium CVE-2017-5014: Heap overflow in Skia. Credit to
-	      sweetchip</li>
-	    <li>[673971] Medium CVE-2017-5015: Address spoofing in Omnibox.
-	      Credit to Armin Razmdjou</li>
-	    <li>[666714] Medium CVE-2017-5019: Use after free in Renderer.
-	      Credit to Wadih Matar</li>
-	    <li>[673163] Medium CVE-2017-5016: UI spoofing in Blink. Credit to
-	      Haosheng Wang (@gnehsoah)</li>
-	    <li>[676975] Medium CVE-2017-5017: Uninitialised memory access in webm video.
-	      Credit to danberm</li>
-	    <li>[668665] Medium CVE-2017-5018: Universal XSS in chrome://apps.
-	      Credit to Rob Wu</li>
-	    <li>[668653] Medium CVE-2017-5020: Universal XSS in chrome://downloads.
-	      Credit to Rob Wu</li>
-	    <li>[663726] Low CVE-2017-5021: Use after free in Extensions. Credit to
-	      Rob Wu</li>
-	    <li>[663620] Low CVE-2017-5022: Bypass of Content Security Policy in Blink.
-	      Credit to Pujun Li of PKAV Team</li>
-	    <li>[651443] Low CVE-2017-5023: Type confunsion in metrics. Credit to the
-	      UK's National Cyber Security Centre (NCSC)</li>
-	    <li>[643951] Low CVE-2017-5024: Heap overflow in FFmpeg. Credit to
-	      Paul Mehta</li>
-	    <li>[643950] Low CVE-2017-5025: Heap overflow in FFmpeg. Credit to
-	      Paul Mehta</li>
-	    <li>[634108] Low CVE-2017-5026: UI spoofing. Credit to Ronni Skansing</li>
-	    <li>[685349] Various fixes from internal audits, fuzzing and other initiatives</li>
-	  </ul>
+	  <p>51 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -8325,38 +7629,10 @@ maliciously crafted GET request to the Horde server.</p>
 	<p>The OpenSSL project reports:</p>
 	<blockquote cite="https://www.openssl.org/news/secadv/20170126.txt">
 	  <ul>
-	    <li>Truncated packet could crash via OOB read (CVE-2017-3731)<br/>
-	      Severity: Moderate<br/>
-	      If an SSL/TLS server or client is running on a 32-bit host, and a specific
-	      cipher is being used, then a truncated packet can cause that server or client
-	      to perform an out-of-bounds read, usually resulting in a crash.</li>
-	    <li>Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)<br/>
-	      Severity: Moderate<br/>
-	      If a malicious server supplies bad parameters for a DHE or ECDHE key exchange
-	      then this can result in the client attempting to dereference a NULL pointer
-	      leading to a client crash. This could be exploited in a Denial of Service
-	      attack.</li>
-	    <li>BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)<br/>
-	      Severity: Moderate<br/>
-	      There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
-	      EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
-	      as a result of this defect would be very difficult to perform and are not
-	      believed likely. Attacks against DH are considered just feasible (although very
-	      difficult) because most of the work necessary to deduce information
-	      about a private key may be performed offline. The amount of resources
-	      required for such an attack would be very significant and likely only
-	      accessible to a limited number of attackers. An attacker would
-	      additionally need online access to an unpatched system using the target
-	      private key in a scenario with persistent DH parameters and a private
-	      key that is shared between multiple clients. For example this can occur by
-	      default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
-	      similar to CVE-2015-3193 but must be treated as a separate problem.</li>
-	    <li>Montgomery multiplication may produce incorrect results (CVE-2016-7055)<br/>
-	      Severity: Low<br/>
-	      There is a carry propagating bug in the Broadwell-specific Montgomery
-	      multiplication procedure that handles input lengths divisible by, but
-	      longer than 256 bits. (OpenSSL 1.0.2 only)<br/>
-	      This issue was previously fixed in 1.1.0c</li>
+	    <li>Truncated packet could crash via OOB read (CVE-2017-3731)</li>
+	    <li>Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)</li>
+	    <li>BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)</li>
+	    <li>Montgomery multiplication may produce incorrect results (CVE-2016-7055)</li>
 	  </ul>
 	</blockquote>
       </body>
@@ -8407,30 +7683,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/">
-	  <p>CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7</p>
-	  <p>CVE-2017-5374: Memory safety bugs fixed in Firefox 51</p>
-	  <p>CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP</p>
-	  <p>CVE-2017-5376: Use-after-free in XSL</p>
-	  <p>CVE-2017-5377: Memory corruption with transforms to create gradients in Skia</p>
-	  <p>CVE-2017-5378: Pointer and frame data leakage of Javascript objects</p>
-	  <p>CVE-2017-5379: Use-after-free in Web Animations</p>
-	  <p>CVE-2017-5380: Potential use-after-free during DOM manipulations</p>
-	  <p>CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations</p>
-	  <p>CVE-2017-5382: Feed preview can expose privileged content errors and exceptions</p>
-	  <p>CVE-2017-5383: Location bar spoofing with unicode characters</p>
-	  <p>CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)</p>
-	  <p>CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers</p>
-	  <p>CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions</p>
-	  <p>CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages</p>
-	  <p>CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks</p>
-	  <p>CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests</p>
-	  <p>CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer</p>
-	  <p>CVE-2017-5391: Content about: pages can load privileged about: pages</p>
-	  <p>CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage</p>
-	  <p>CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager</p>
-	  <p>CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events</p>
-	  <p>CVE-2017-5395: Android location bar spoofing during scrolling</p>
-	  <p>CVE-2017-5396: Use-after-free with Media Decoder</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -8480,69 +7733,25 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The phpMyAdmin development team reports:</p>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-1/">
-	  <h3>Summary</h3>
 	  <p>Open redirect</p>
-	  <h3>Description</h3>
-	  <p>It was possible to trick phpMyAdmin to redirect to
-	    insecure using special request path.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be non critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-2/">
-	  <h3>Summary</h3>
 	  <p>php-gettext code execution</p>
-	  <h3>Description</h3>
-	  <p>The php-gettext library can suffer to code
-	    execution. However there is no way to trigger this inside
-	    phpMyAdmin.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be minor.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-3/">
-	  <h3>Summary</h3>
 	  <p>DOS vulnerability in table editing</p>
-	  <h3>Description</h3>
-	  <p>It was possible to trigger recursive include operation by
-	    crafted parameters when editing table data.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be non critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-4/">
-	  <h3>Summary</h3>
 	  <p>CSS injection in themes</p>
-	  <h3>Description</h3>
-	  <p>It was possible to cause CSS injection in themes by
-	    crafted cookie parameters.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be non critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-5/">
-	  <h3>Summary</h3>
 	  <p>Cookie attribute injection attack</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was found where, under some
-	    circumstances, an attacker can inject arbitrary values in
-	    the browser cookies. This was incompletely fixed in <a href="https://www.phpmyadmin.net/security/PMASA-2016-18/">PMASA-2016-18</a>.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be non-critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-6/">
-	  <h3>Summary</h3>
 	  <p>SSRF in replication</p>
-	  <h3>Description</h3>
-	  <p>For a user with appropriate MySQL privileges it was
-	    possible to connect to arbitrary host.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be non-critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-7/">
-	  <h3>Summary</h3>
 	  <p>DOS in replication status</p>
-	  <h3>Description</h3>
-	  <p>It was possible to trigger DOS in replication status by
-	    specially crafted table name.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be non critical.</p>
 	</blockquote>
       </body>
     </description>
@@ -10663,81 +9872,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Apache Software Foundation reports:</p>
 	<blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html">
-	  <ul>
-	    <li>Important: Apache HTTP Request Parsing Whitespace Defects CVE-2016-8743<br/>
-	      Apache HTTP Server, prior to release 2.4.25, accepted a broad
-	      pattern of unusual whitespace patterns from the user-agent,
-	      including bare CR, FF, VTAB in parsing the request line and
-	      request header lines, as well as HTAB in parsing the request line.
-	      Any bare CR present in request lines was treated as whitespace and
-	      remained in the request field member "the_request", while a bare
-	      CR in the request header field name would be honored as
-	      whitespace, and a bare CR in the request header field value was
-	      retained the input headers array.  Implied additional whitespace
-	      was accepted in the request line and prior to the
-	      ':' delimiter of any request header lines.<br/><br/>
-	      RFC7230 Section 3.5 calls out some of these whitespace exceptions,
-	      and section 3.2.3 eliminated and clarified the role of implied
-	      whitespace in the grammar of this specification. Section 3.1.1
-	      requires exactly one single SP between the method and
-	      request-target, and between the request-target and HTTP-version,
-	      followed immediately by a CRLF sequence. None of these
-	      fields permit any (unencoded) CTL character whatsoever. Section
-	      3.2.4 explicitly disallowed any whitespace from the request header
-	      field prior to the ':' character, while Section 3.2 disallows all
-	      CTL characters in the request header line other than the HTAB
-	      character as whitespace.<br/><br/>
-	      These defects represent a security concern when httpd is
-	      participating in any chain of proxies or interacting with back-end
-	      application servers, either through mod_proxy or using conventional
-	      CGI mechanisms. In each case where one agent accepts such CTL
-	      characters and does not treat them as whitespace, there is the
-	      possibility in a proxy chain of generating two responses from a
-	      server behind the uncautious proxy agent. In a sequence of two
-	      requests, this results in request A to the first proxy being
-	      interpreted as requests A + A' by the backend server, and if
-	      requests A and B were submitted to the first proxy in a keepalive
-	      connection, the proxy may interpret response A' as the response to
-	      request B, polluting the cache or potentially serving the A' content
-	      to a different downstream user-agent.<br/><br/>
-	      These defects are addressed with the release of Apache HTTP Server
-	      2.4.25 and coordinated by a new directive<br/>
-	      HttpProtocolOptions Strict<br/>
-	    </li>
-	    </ul><ul>
-	    <li>low: DoS vulnerability in mod_auth_digest CVE-2016-2161<br/>
-	      Malicious input to mod_auth_digest will cause the server to crash,
-	      and each instance continues to crash even for subsequently valid
-	      requests.<br/>
-	    </li>
-	    </ul><ul>
-	    <li>low: Padding Oracle in Apache mod_session_crypto CVE-2016-0736<br/>
-	      Authenticate the session data/cookie presented to mod_session_crypto
-	      with a MAC (SipHash) to prevent deciphering or tampering with a
-	      padding oracle attack.<br/>
-	    </li>
-	    </ul><ul>
-	    <li>low: Padding Oracle in Apache mod_session_crypto CVE-2016-0736<br/>
-	      Authenticate the session data/cookie presented to mod_session_crypto
-	      with a MAC (SipHash) to prevent deciphering or tampering with a
-	      padding oracle attack.<br/>
-	    </li>
-	    </ul><ul>
-	    <li>low: HTTP/2 CONTINUATION denial of service CVE-2016-8740<br/>
-	      The HTTP/2 protocol implementation (mod_http2) had an incomplete
-	      handling of the LimitRequestFields directive. This allowed an
-	      attacker to inject unlimited request headers into the server,
-	      leading to eventual memory exhaustion.<br/>
-	    </li>
-	    </ul><ul>
-	    <li>n/a: HTTP_PROXY environment variable "httpoxy" mitigation CVE-2016-5387<br/>
-	      HTTP_PROXY is a well-defined environment variable in a CGI process,
-	      which collided with a number of libraries which failed to avoid
-	      colliding with this CGI namespace. A mitigation is provided for the
-	      httpd CGI environment to avoid populating the "HTTP_PROXY" variable
-	      from a "Proxy:" header, which has never been registered by IANA.
-	    </li>
-	  </ul>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -11294,63 +10429,8 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Google Chrome Releases reports:</p>
 	<blockquote cite="https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html">
-	  <p>36 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[664411] High CVE-2016-9651: Private property access in V8.
-	      Credit to Guang Gong of Alpha Team Of Qihoo 360</li>
-	    <li>[658535] High CVE-2016-5208: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[655904] High CVE-2016-5207: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[653749] High CVE-2016-5206: Same-origin bypass in PDFium.
-	      Credit to Rob Wu (robwu.nl)</li>
-	    <li>[646610] High CVE-2016-5205: Universal XSS in Blink. Credit to
-	      Anonymous</li>
-	    <li>[630870] High CVE-2016-5204: Universal XSS in Blink. Credit to
-	      Mariusz Mlynski</li>
-	    <li>[664139] High CVE-2016-5209: Out of bounds write in Blink.
-	      Credit to Giwan Go of STEALIEN</li>
-	    <li>[644219] High CVE-2016-5203: Use after free in PDFium. Credit
-	      to Anonymous</li>
-	    <li>[654183] High CVE-2016-5210: Out of bounds write in PDFium.
-	      Credit to Ke Liu of Tencent's Xuanwu LAB</li>
-	    <li>[653134] High CVE-2016-5212: Local file disclosure in DevTools.
-	      Credit to Khalil Zhani</li>
-	    <li>[649229] High CVE-2016-5211: Use after free in PDFium. Credit
-	      to Anonymous</li>
-	    <li>[652548] High CVE-2016-5213: Use after free in V8. Credit to
-	      Khalil Zhani</li>
-	    <li>[601538] Medium CVE-2016-5214: File download protection bypass.
-	      Credit to Jonathan Birch and MSVR</li>
-	    <li>[653090] Medium CVE-2016-5216: Use after free in PDFium. Credit
-	      to Anonymous</li>
-	    <li>[619463] Medium CVE-2016-5215: Use after free in Webaudio.
-	      Credit to Looben Yang</li>
-	    <li>[654280] Medium CVE-2016-5217: Use of unvalidated data in
-	      PDFium. Credit to Rob Wu (robwu.nl)</li>
-	    <li>[660498] Medium CVE-2016-5218: Address spoofing in Omnibox.
-	      Credit to Abdulrahman Alqabandi (@qab)</li>
-	    <li>[657568] Medium CVE-2016-5219: Use after free in V8. Credit to
-	      Rob Wu (robwu.nl)</li>
-	    <li>[660854] Medium CVE-2016-5221: Integer overflow in ANGLE.
-	      Credit to Tim Becker of ForAllSecure</li>
-	    <li>[654279] Medium CVE-2016-5220: Local file access in PDFium.
-	      Credit to Rob Wu (robwu.nl)</li>
-	    <li>[657720] Medium CVE-2016-5222: Address spoofing in Omnibox.
-	      Credit to xisigr of Tencent's Xuanwu Lab</li>
-	    <li>[653034] Low CVE-2016-9650: CSP Referrer disclosure. Credit to
-	      Jakub Żoczek</li>
-	    <li>[652038] Low CVE-2016-5223: Integer overflow in PDFium. Credit
-	      to Hwiwon Lee</li>
-	    <li>[639750] Low CVE-2016-5226: Limited XSS in Blink. Credit to Jun
-	      Kokatsu (@shhnjk)</li>
-	    <li>[630332] Low CVE-2016-5225: CSP bypass in Blink. Credit to
-	      Scott Helme (@Scott_Helme, scotthelme.co.uk)</li>
-	    <li>[615851] Low CVE-2016-5224: Same-origin bypass in SVG. Credit
-	      to Roeland Krak</li>
-	    <li>[669928] CVE-2016-9652: Various fixes from internal audits,
-	     fuzzing and other initiatives</li>
-	  </ul>
+	  <p>36 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -12699,33 +11779,7 @@ maliciously crafted GET request to the Horde server.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/">
-	<p>CVE-2016-5289: Memory safety bugs fixed in Firefox 50</p>
-	<p>CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5</p>
-	<p>CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file</p>
-	<p>CVE-2016-5292: URL parsing causes crash</p>
-	<p>CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log h</p>
-	<p>CVE-2016-5294: Arbitrary target directory for result files of update process</p>
-	<p>CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM</p>
-	<p>CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1</p>
-	<p>CVE-2016-5297: Incorrect argument length checking in Javascript</p>
-	<p>CVE-2016-5298: SSL indicator can mislead the user about the real URL visited</p>
-	<p>CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an app</p>
-	<p>CVE-2016-9061: API Key (glocation) in broadcast protected with signature-level permission can be accessed by an a</p>
-	<p>CVE-2016-9062: Private browsing browser traces (android) in browser.db and wal file</p>
-	<p>CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat</p>
-	<p>CVE-2016-9064: Addons update must verify IDs match between current and new versions</p>
-	<p>CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen</p>
-	<p>CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler</p>
-	<p>CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore</p>
-	<p>CVE-2016-9068: heap-use-after-free in nsRefreshDriver</p>
-	<p>CVE-2016-9070: Sidebar bookmark can have reference to chrome window</p>
-	<p>CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP</p>
-	<p>CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile</p>
-	<p>CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"</p>
-	<p>CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler</p>
-	<p>CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges</p>
-	<p>CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s</p>
-	<p>CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing atta</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -14982,52 +14036,8 @@ and CVE-2013-0155.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Google Chrome Releases reports:</p>
 	<blockquote cite="https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html">
-	  <p>33 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[628942] High CVE-2016-5147: Universal XSS in Blink. Credit to
-	      anonymous</li>
-	    <li>[621362] High CVE-2016-5148: Universal XSS in Blink. Credit to
-	      anonymous</li>
-	    <li>[573131] High CVE-2016-5149: Script injection in extensions.
-	      Credit to Max Justicz  (http://web.mit.edu/maxj/www/)</li>
-	    <li>[637963] High CVE-2016-5150: Use after free in Blink. Credit to
-	      anonymous</li>
-	    <li>[634716] High CVE-2016-5151: Use after free in PDFium. Credit to
-	      anonymous</li>
-	    <li>[629919] High CVE-2016-5152: Heap overflow in PDFium. Credit to
-	      GiWan Go of Stealien</li>
-	    <li>[631052] High CVE-2016-5153: Use after destruction in Blink.
-	      Credit to Atte Kettunen of OUSPG</li>
-	    <li>[633002] High CVE-2016-5154: Heap overflow in PDFium. Credit to
-	      anonymous</li>
-	    <li>[630662] High CVE-2016-5155: Address bar spoofing. Credit to
-	      anonymous</li>
-	    <li>[625404] High CVE-2016-5156: Use after free in event bindings.
-	      Credit to jinmo123</li>
-	    <li>[632622] High CVE-2016-5157: Heap overflow in PDFium. Credit to
-	      anonymous</li>
-	    <li>[628890] High CVE-2016-5158: Heap overflow in PDFium. Credit to
-	      GiWan Go of Stealien</li>
-	    <li>[628304] High CVE-2016-5159: Heap overflow in PDFium. Credit to
-	      GiWan Go of Stealien</li>
-	    <li>[622420] Medium CVE-2016-5161: Type confusion in Blink. Credit
-	      to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro's
-	      Zero Day Initiative</li>
-	    <li>[589237] Medium CVE-2016-5162: Extensions web accessible
-	      resources bypass. Credit to Nicolas Golubovic</li>
-	    <li>[609680] Medium CVE-2016-5163: Address bar spoofing. Credit to
-	      Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net)</li>
-	    <li>[637594] Medium CVE-2016-5164: Universal XSS using DevTools.
-	      Credit to anonymous</li>
-	    <li>[618037] Medium CVE-2016-5165: Script injection in DevTools.
-	      Credit to Gregory Panakkal</li>
-	    <li>[616429] Medium CVE-2016-5166: SMB Relay Attack via Save Page
-	      As. Credit to Gregory Panakkal</li>
-	    <li>[576867] Low CVE-2016-5160: Extensions web accessible resources
-	      bypass. Credit to @l33terally, FogMarks.com (@FogMarks)</li>
-	    <li>[642598] CVE-2016-5167: Various fixes from internal audits,
-	      fuzzing and other initiatives.</li>
-	  </ul>
+	  <p>33 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -15291,49 +14301,7 @@ and CVE-2013-0155.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Mozilla Foundation reports:</p>
 	<blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48">
-	  <p>MFSA2016-84 Information disclosure through Resource Timing API \
-	    during page navigation</p>
-	  <p>MFSA2016-83 Spoofing attack through text injection into \
-	    internal error pages</p>
-	  <p>MFSA2016-82 Addressbar spoofing with right-to-left characters \
-	    on Firefox for Android</p>
-	  <p>MFSA2016-81 Information disclosure and local file \
-	    manipulation through drag and drop</p>
-	  <p>MFSA2016-80 Same-origin policy violation using local HTML
-	    file and saved shortcut file</p>
-	  <p>MFSA2016-79 Use-after-free when applying SVG effects</p>
-	  <p>MFSA2016-78 Type confusion in display transformation</p>
-	  <p>MFSA2016-77 Buffer overflow in ClearKey Content Decryption
-	    Module (CDM) during video playback</p>
-	  <p>MFSA2016-76 Scripts on marquee tag can execute in sandboxed
-	    iframes</p>
-	  <p>MFSA2016-75 Integer overflow in WebSockets during data \
-	    buffering</p>
-	  <p>MFSA2016-74 Form input type change from password to text \
-	    can store plain text password in session restore file</p>
-	  <p>MFSA2016-73 Use-after-free in service workers with nested
-	    sync events</p>
-	  <p>MFSA2016-72 Use-after-free in DTLS during WebRTC session
-	    shutdown</p>
-	  <p>MFSA2016-71 Crash in incremental garbage collection in \
-	    JavaScript</p>
-	  <p>MFSA2016-70 Use-after-free when using alt key and toplevel
-	    menus</p>
-	  <p>MFSA2016-69 Arbitrary file manipulation by local user through \
-	    Mozilla updater and callback application path parameter</p>
-	  <p>MFSA2016-68 Out-of-bounds read during XML parsing in \
-	    Expat library</p>
-	  <p>MFSA2016-67 Stack underflow during 2D graphics rendering</p>
-	  <p>MFSA2016-66 Location bar spoofing via data URLs with \
-	    malformed/invalid mediatypes</p>
-	  <p>MFSA2016-65 Cairo rendering crash due to memory allocation
-	    issue with FFmpeg 0.10</p>
-	  <p>MFSA2016-64 Buffer overflow rendering SVG with bidirectional
-	    content</p>
-	  <p>MFSA2016-63 Favicon network connection can persist when page
-	    is closed</p>
-	  <p>MFSA2016-62 Miscellaneous memory safety hazards (rv:48.0 /
-	    rv:45.3)</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -15923,107 +14891,82 @@ and CVE-2013-0155.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The phpmyadmin development team reports:</p>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-29/">
-	  <h3>Summary</h3>
 	  <p>Weakness with cookie encryption</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-30/">
-	  <h3>Summary</h3>
 	  <p>Multiple XSS vulnerabilities</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-31/">
-	  <h3>Summary</h3>
 	  <p>Multiple XSS vulnerabilities</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-32/">
-	  <h3>Summary</h3>
 	  <p>PHP code injection</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-33/">
-	  <h3>Summary</h3>
 	  <p>Full path disclosure</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-34/">
-	  <h3>Summary</h3>
 	  <p>SQL injection attack</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-35/">
-	  <h3>Summary</h3>
 	  <p>Local file exposure</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-36/">
-	  <h3>Summary</h3>
 	  <p>Local file exposure through symlinks with
 	    UploadDir</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-37/">
-	  <h3>Summary</h3>
 	  <p>Path traversal with SaveDir and UploadDir</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-38/">
-	  <h3>Summary</h3>
 	  <p>Multiple XSS vulnerabilities</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-39/">
-	  <h3>Summary</h3>
 	  <p>SQL injection attack</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-40/">
-	  <h3>Summary</h3>
 	  <p>SQL injection attack</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-41/">
-	  <h3>Summary</h3>
 	  <p>Denial of service (DOS) attack in transformation
 	    feature</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-42/">
-	  <h3>Summary</h3>
 	  <p>SQL injection attack as control user</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-43/">
-	  <h3>Summary</h3>
 	  <p>Unvalidated data passed to unserialize()</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-45/">
-	  <h3>Summary</h3>
 	  <p>DOS attack with forced persistent connections</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-46/">
-	  <h3>Summary</h3>
 	  <p>Denial of service (DOS) attack by for loops</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-47/">
-	  <h3>Summary</h3>
 	  <p>IPv6 and proxy server IP-based authentication rule
 	    circumvention</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-48/">
-	  <h3>Summary</h3>
 	  <p>Detect if user is logged in</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-49/">
-	  <h3>Summary</h3>
 	  <p>Bypass URL redirect protection</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-50/">
-	  <h3>Summary</h3>
 	  <p>Referrer leak in url.php</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-51/">
-	  <h3>Summary</h3>
 	  <p>Reflected File Download attack</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-52/">
-	  <h3>Summary</h3>
 	  <p>ArbitraryServerRegexp bypass</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-53/">
-	  <h3>Summary</h3>
 	  <p>Denial of service (DOS) attack by changing password to a
 	    very long string</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-54/">
-	  <h3>Summary</h3>
 	  <p>Remote code execution vulnerability when run as CGI</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-55/">
@@ -16031,7 +14974,6 @@ and CVE-2013-0155.</p>
 	  <p>Denial of service (DOS) attack with dbase extension</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-56/">
-	  <h3>Summary</h3>
 	  <p>Remote code execution vulnerability when PHP is running
 	    with dbase extension</p>
 	</blockquote>
@@ -20380,61 +19322,7 @@ and CVE-2013-0155.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The PHP Group reports:</p>
 	<blockquote cite="http://php.net/ChangeLog-5.php#5.5.37">
-	<ul><li>Core:
-	  <ul>
-	    <li>Fixed bug #72268 (Integer Overflow in nl2br())</li>
-	    <li>Fixed bug #72275 (Integer Overflow in json_encode()/
-	      json_decode()/ json_utf8_to_utf16())</li>
-	    <li>Fixed bug #72400 (Integer Overflow in addcslashes/
-	      addslashes)</li>
-	    <li>Fixed bug #72403 (Integer Overflow in Length of String-typed
-	      ZVAL)</li>
-	  </ul></li>
-	  <li>GD:
-	  <ul>
-	    <li>Fixed bug #66387 (Stack overflow with imagefilltoborder)
-	      (CVE-2015-8874)</li>
-	    <li>Fixed bug #72298 (pass2_no_dither out-of-bounds access)</li>
-	    <li>Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting
-	      in heap overflow) (CVE-2016-5766)</li>
-	    <li>Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert)</li>
-	    <li>Fixed bug #72446 (Integer Overflow in
-	      gdImagePaletteToTrueColor() resulting in heap overflow)
-	      (CVE-2016-5767)</li>
-	  </ul></li>
-	  <li>mbstring:
-	  <ul>
-	    <li>Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free)
-	      (CVE-2016-5768)</li>
-	  </ul></li>
-	  <li>mcrypt:
-	  <ul>
-	    <li>Fixed bug #72455 (Heap Overflow due to integer overflows)
-	      (CVE-2016-5769)</li>
-	  </ul></li>
-	  <li>Phar:
-	  <ul>
-	    <li>Fixed bug #72321 (invalid free in phar_extract_file()). (PHP
-	      5.6/7.0 only)</li>
-	  </ul></li>
-	  <li>SPL:
-	  <ul>
-	    <li>Fixed bug #72262 (int/size_t confusion in SplFileObject::fread)
-	      (CVE-2016-5770)</li>
-	    <li>Fixed bug #72433 (Use After Free Vulnerability in PHP's GC
-	      algorithm and unserialize) (CVE-2016-5771)</li>
-	  </ul></li>
-	  <li>WDDX:
-	  <ul>
-	    <li>Fixed bug #72340 (Double Free Courruption in wddx_deserialize)
-	      (CVE-2016-5772)</li>
-	  </ul></li>
-	  <li>zip:
-	  <ul>
-	    <li>Fixed bug #72434 (ZipArchive class Use After Free Vulnerability
-	      in PHP's GC algorithm and unserialize). (CVE-2016-5773)</li>
-	  </ul></li>
-	  </ul>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -21604,53 +20492,8 @@ and CVE-2013-0155.</p>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Google Chrome Releases reports:</p>
 	<blockquote cite="http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update_25.html">
-	  <p>42 security fixes in this release, including:</p>
-	  <ul>
-	    <li>[590118] High CVE-2016-1672: Cross-origin bypass in extension
-	      bindings. Credit to Mariusz Mlynski.</li>
-	    <li>[597532] High CVE-2016-1673: Cross-origin bypass in Blink.
-	      Credit to Mariusz Mlynski.</li>
-	    <li>[598165] High CVE-2016-1674: Cross-origin bypass in extensions.i
-	      Credit to Mariusz Mlynski.</li>
-	    <li>[600182] High CVE-2016-1675: Cross-origin bypass in Blink.
-	      Credit to Mariusz Mlynski.</li>
-	    <li>[604901] High CVE-2016-1676: Cross-origin bypass in extension
-	      bindings. Credit to Rob Wu.</li>
-	    <li>[602970] Medium CVE-2016-1677: Type confusion in V8. Credit to
-	      Guang Gong of Qihoo 360.</li>
-	    <li>[595259] High CVE-2016-1678: Heap overflow in V8. Credit to
-	      Christian Holler.</li>
-	    <li>[606390] High CVE-2016-1679: Heap use-after-free in V8
-	      bindings. Credit to Rob Wu.</li>
-	    <li>[589848] High CVE-2016-1680: Heap use-after-free in Skia.
-	      Credit to Atte Kettunen of OUSPG.</li>
-	    <li>[613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to
-	      Aleksandar Nikolic of Cisco Talos.</li>
-	    <li>[579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker.
-	      Credit to KingstonTime.</li>
-	    <li>[601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium.
-	      Credit to Ke Liu of Tencent's Xuanwu LAB.</li>
-	    <li>[603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium.
-	      Credit to Ke Liu of Tencent's Xuanwu LAB.</li>
-	    <li>[603748] Medium CVE-2016-1687: Information leak in extensions.
-	      Credit to Rob Wu.</li>
-	    <li>[604897] Medium CVE-2016-1688: Out-of-bounds read in V8.
-	      Credit to Max Korenko.</li>
-	    <li>[606185] Medium CVE-2016-1689: Heap buffer overflow in media.
-	      Credit to Atte Kettunen of OUSPG.</li>
-	    <li>[608100] Medium CVE-2016-1690: Heap use-after-free in Autofill.
-	      Credit to Rob Wu.</li>
-	    <li>[597926] Low CVE-2016-1691: Heap buffer-overflow in Skia.
-	      Credit to Atte Kettunen of OUSPG.</li>
-	    <li>[598077] Low CVE-2016-1692: Limited cross-origin bypass in
-	      ServiceWorker. Credit to Til Jasper Ullrich.</li>
-	    <li>[598752] Low CVE-2016-1693: HTTP Download of Software Removal
-	      Tool. Credit to Khalil Zhani.</li>
-	    <li>[603682] Low CVE-2016-1694: HPKP pins removed on cache
-	      clearance. Credit to Ryan Lester and Bryant Zadegan.</li>
-	    <li>[614767] CVE-2016-1695: Various fixes from internal audits,
-	      fuzzing and other initiatives.</li>
-	  </ul>
+	  <p>42 security fixes in this release</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -22304,54 +21147,7 @@ and CVE-2013-0155.</p>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The squid development team reports:</p>
-	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_7.txt">
-	  <dl>
-	    <dt>Problem Description:</dt>
-	    <dd>Due to incorrect data validation of intercepted HTTP
-	      Request messages Squid is vulnerable to clients bypassing
-	      the protection against CVE-2009-0801 related issues. This
-	      leads to cache poisoning.</dd>
-	    <dt>Severity:</dt>
-	    <dd>This problem is serious because it allows any client,
-	      including browser scripts, to bypass local security and
-	      poison the proxy cache and any downstream caches with
-	      content from an arbitrary source.</dd>
-	  </dl>
-	</blockquote>
-	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_8.txt">
-	  <dl>
-	    <dt>Problem Description:</dt>
-	    <dd>Due to incorrect input validation Squid is vulnerable
-	      to a header smuggling attack leading to cache poisoning
-	      and to bypass of same-origin security policy in Squid and
-	      some client browsers.</dd>
-	    <dt>Severity:</dt>
-	    <dd>This problem allows a client to smuggle Host header
-	      value past same-origin security protections to cause Squid
-	      operating as interception or reverse-proxy to contact the
-	      wrong origin server. Also poisoning any downstream cache
-	      which stores the response.</dd>
-	    <dd>However, the cache poisoning is only possible if the
-	      caching agent (browser or explicit/forward proxy) is not
-	      following RFC 7230 processing guidelines and lets the
-	      smuggled value through.</dd>
-	  </dl>
-	</blockquote>
-	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_9.txt">
-	  <dl>
-	    <dt>Problem Description:</dt>
-	    <dd>Due to incorrect pointer handling and reference
-	      counting Squid is vulnerable to a denial of service attack
-	      when processing ESI responses.</dd>
-	    <dt>Severity:</dt>
-	    <dd>These problems allow a remote server delivering
-	      certain ESI response syntax to trigger a denial of service
-	      for all clients accessing the Squid service.</dd>
-	    <dd>Due to unrelated changes Squid-3.5 has become
-	      vulnerable to some regular ESI server responses also
-	      triggering one or more of these issues.</dd>
-	  </dl>
-	</blockquote>
+	<p>Please reference CVE/URL list for details</p>
       </body>
     </description>
     <references>
@@ -55722,107 +54518,7 @@ JavaScript code would be executed.</p>
 	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14">
 	  <p>This advisory announces multiple security vulnerabilities that
 	    were found in Jenkins core.</p>
-	  <ol>
-	    <li>
-	      <p>iSECURITY-105</p>
-	      <p>In some places, Jenkins XML API uses XStream to deserialize
-		 arbitrary content, which is affected by CVE-2013-7285 reported
-		 against XStream. This allows malicious users of Jenkins with
-		 a limited set of permissions to execute arbitrary code inside
-		 Jenkins master.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-76 &amp; SECURITY-88 / CVE-2013-5573</p>
-	      <p>Restrictions of HTML tags for user-editable contents are too
-		 lax. This allows malicious users of Jenkins to trick other
-		 unsuspecting users into providing sensitive information.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-109</p>
-	      <p>Plugging a hole in the earlier fix to SECURITY-55. Under some
-		 circimstances, a malicious user of Jenkins can configure job
-		 X to trigger another job Y that the user has no access to.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-108</p>
-	      <p>CLI job creation had a directory traversal vulnerability. This
-		 allows a malicious user of Jenkins with a limited set of
-		 permissions to overwrite files in the Jenkins master and
-		 escalate privileges.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-106</p>
-	      <p>The embedded Winstone servlet container is susceptive to
-		 session hijacking attack.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-93</p>
-	      <p>The password input control in the password parameter
-		 definition in the Jenkins UI was serving the actual value of
-		 the password in HTML, not an encrypted one. If a sensitive
-		 value is set as the default value of such a parameter
-		 definition, it can be exposed to unintended audience.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-89</p>
-	      <p>Deleting the user was not invalidating the API token,
-		 allowing users to access Jenkins when they shouldn't be
-		 allowed to do so.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-80</p>
-	      <p>Jenkins UI was vulnerable to click jacking attacks.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-79</p>
-	      <p>"Jenkins' own user database" was revealing the
-		 presence/absence of users when login attempts fail.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-77</p>
-	      <p>Jenkins had a cross-site scripting vulnerability in one of its
-		 cookies. If Jenkins is deployed in an environment that allows
-		 an attacker to override Jenkins cookies in victim's browser,
-		 this vulnerability can be exploited.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-75</p>
-	      <p>Jenkins was vulnerable to session fixation attack. If Jenkins
-		 is deployed in an environment that allows an attacker to
-		 override Jenkins cookies in victim's browser, this
-		 vulnerability can be exploited.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-74</p>
-	      <p>Stored XSS vulnerability. A malicious user of Jenkins with a
-		 certain set of permissions can cause Jenkins to store
-		 arbitrary HTML fragment.</p>
-	    </li>
-	    <li>
-	      <p>SECURITY-73</p>
-	      <p>Some of the system diagnostic functionalities were checking a
-		 lesser permission than it should have. In a very limited
-		 circumstances, this can cause an attacker to gain information
-		 that he shouldn't have access to.</p>
-	    </li>
-	  </ol>
-	  <p>Severity</p>
-	  <ol>
-	    <li>SECURITY-106, and SECURITY-80 are rated <strong>high</strong>. An attacker only
-		needs direct HTTP access to the server to mount this attack.</li>
-	    <li>SECURITY-105, SECURITY-109, SECURITY-108, and SECURITY-74 are
-		rated <strong>high</strong>. These vulnerabilities allow attackes with valid
-		Jenkins user accounts to escalate privileges in various ways.</li>
-	    <li>SECURITY-76, SECURIT-88, and SECURITY-89 are rated <strong>medium.</strong>
-		These vulnerabilities requires an attacker to be an user of
-		Jenkins, and the mode of the attack is limited.</li>
-	    <li>SECURITY-93, and SECURITY-79 are <strong>rated</strong> low. These
-		vulnerabilities only affect a small part of Jenkins and has
-		limited impact.</li>
-	    <li>SECURITY-77, SECURITY-75, and SECURITY-73 are <strong>rated</strong> low. These
-		vulnerabilities are hard to exploit unless combined with other
-		exploit in the network.</li>
-	  </ol>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -59066,97 +57762,29 @@ affected..</p>
 	<p>The phpMyAdmin development team reports:</p>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php">
 	  <p>XSS due to unescaped HTML Output when executing a SQL query.</p>
-	  <p>Using a crafted SQL query, it was possible to produce an
-	  XSS on the SQL query form.</p>
-	  <p>This vulnerability can be triggered only by someone who
-	  logged in to phpMyAdmin, as the usual token protection
-	  prevents non-logged-in users from accessing the required
-	  form.</p>
 	</blockquote>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php">
 	  <p>5 XSS vulnerabilities in setup, chart display, process
 	  list, and logo link.</p>
-	  <ul>
-	    <li>In the setup/index.php, using a crafted # hash with a
-	    Javascript event, untrusted JS code could be
-	    executed.</li>
-	    <li>In the Display chart view, a chart title containing
-	    HTML code was rendered unescaped, leading to possible
-	    JavaScript code execution via events.</li>
-	    <li>A malicious user with permission to create databases
-	    or users having HTML tags in their name, could trigger an
-	    XSS vulnerability by issuing a sleep query with a long
-	    delay. In the server status monitor, the query parameters
-	    were shown unescaped.</li>
-	    <li>By configuring a malicious URL for the phpMyAdmin logo
-	    link in the navigation sidebar, untrusted script code
-	    could be executed when a user clicked the logo.</li>
-	    <li>The setup field for "List of trusted proxies for IP
-	    allow/deny" Ajax validation code returned the unescaped
-	    input on errors, leading to possible JavaScript execution
-	    by entering arbitrary HTML.</li>
-	  </ul>
 	</blockquote>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php">
 	  <p>If a crafted version.json would be presented, an XSS
 	  could be introduced.</p>
-	  <p>Due to not properly validating the version.json file,
-	  which is fetched from the phpMyAdmin.net website, could lead
-	  to an XSS attack, if a crafted version.json file would be
-	  presented.</p>
-	  <p>This vulnerability can only be exploited with a
-	  combination of complicated techniques and tricking the user
-	  to visit a page.</p>
 	</blockquote>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php">
 	  <p>Full path disclosure vulnerabilities.</p>
-	  <p>By calling some scripts that are part of phpMyAdmin in an
-	  unexpected way, it is possible to trigger phpMyAdmin to
-	  display a PHP error message which contains the full path of
-	  the directory where phpMyAdmin is installed.</p>
-	  <p>This path disclosure is possible on servers where the
-	  recommended setting of the PHP configuration directive
-	  display_errors is set to on, which is against the
-	  recommendations given in the PHP manual.</p>
 	</blockquote>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php">
 	  <p> XSS vulnerability when a text to link transformation is
 	  used.</p>
-	  <p>When the TextLinkTransformationPlugin is used to create a
-	  link to an object when displaying the contents of a table,
-	  the object name is not properly escaped, which could lead to
-	  an XSS, if the object name has a crafted value.</p>
-	  <p>The stored XSS vulnerabilities can be triggered only by
-	  someone who logged in to phpMyAdmin, as the usual token
-	  protection prevents non-logged-in users from accessing the
-	  required forms.</p>
 	</blockquote>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php">
 	  <p>Self-XSS due to unescaped HTML output in schema
 	  export.</p>
-	  <p>When calling schema_export.php with crafted parameters,
-	  it is possible to trigger an XSS.</p>
-	  <p>This vulnerability can be triggered only by someone who
-	  logged in to phpMyAdmin, as the usual token protection
-	  prevents non-logged-in users from accessing the required
-	  form.</p>
 	</blockquote>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php">
 	  <p>SQL injection vulnerabilities, producing a privilege
 	  escalation (control user).</p>
-	  <p>Due to a missing validation of parameters passed to
-	  schema_export.php and pmd_pdf.php, it was possible to inject
-	  SQL statements that would run with the privileges of the
-	  control user. This gives read and write access to the tables
-	  of the configuration storage database, and if the control
-	  user has the necessary privileges, read access to some
-	  tables of the mysql database.</p>
-	  <p>These vulnerabilities can be triggered only by someone
-	  who logged in to phpMyAdmin, as the usual token protection
-	  prevents non-logged-in users from accessing the required
-	  form. Moreover, a control user must have been created and
-	  configured as part of the phpMyAdmin configuration storage
-	  installation.</p>
 	</blockquote>
       </body>
     </description>
@@ -119620,88 +118248,8 @@ executed in your Internet Explorer while displaying the email.</p>
 	<p>An Ethreal Security Advisories reports:</p>
 	<blockquote cite="http://www.ethereal.com/appnotes/enpa-sa-00019.html">
 	  <p>An aggressive testing program as well as independent
-	    discovery has turned up a multitude of security issues:</p>
-	  <ul>
-	    <li>The ANSI A dissector was susceptible to format string
-	      vulnerabilities. Discovered by Bryan Fulton.</li>
-	    <li>The GSM MAP dissector could crash.</li>
-	    <li>The AIM dissector could cause a crash.</li>
-	    <li>The DISTCC dissector was susceptible to a buffer
-	      overflow. Discovered by Ilja van Sprundel</li>
-	    <li>The FCELS dissector was susceptible to a buffer
-	      overflow. Discovered by Neil Kettle</li>
-	    <li>The SIP dissector was susceptible to a buffer
-	      overflow. Discovered by Ejovi Nuwere.</li>
-	    <li>The KINK dissector was susceptible to a null pointer
-	      exception, endless looping, and other problems.</li>
-	    <li>The LMP dissector was susceptible to an endless
-	      loop.</li>
-	    <li>The Telnet dissector could abort.</li>
-	    <li>The TZSP dissector could cause a segmentation
-	      fault.</li>
-	    <li>The WSP dissector was susceptible to a null pointer
-	      exception and assertions.</li>
-	    <li>The 802.3 Slow protocols dissector could throw an
-	      assertion.</li>
-	    <li>The BER dissector could throw assertions.</li>
-	    <li>The SMB Mailslot dissector was susceptible to a null
-	      pointer exception and could throw assertions.</li>
-	    <li>The H.245 dissector was susceptible to a null pointer
-	      exception.</li>
-	    <li>The Bittorrent dissector could cause a segmentation
-	      fault.</li>
-	    <li>The SMB dissector could cause a segmentation fault and
-	      throw assertions.</li>
-	    <li>The Fibre Channel dissector could cause a crash.</li>
-	    <li>The DICOM dissector could attempt to allocate large
-	      amounts of memory.</li>
-	    <li>The MGCP dissector was susceptible to a null pointer
-	      exception, could loop indefinitely, and segfault.</li>
-	    <li>The RSVP dissector could loop indefinitely.</li>
-	    <li>The DHCP dissector was susceptible to format string
-	      vulnerabilities, and could abort.</li>
-	    <li>The SRVLOC dissector could crash unexpectedly or go
-	      into an infinite loop.</li>
-	    <li>The EIGRP dissector could loop indefinitely.</li>
-	    <li>The ISIS dissector could overflow a buffer.</li>
-	    <li>The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit,
-	      PKIX Qualified, and X.509 dissectors could overflow
-	      buffers.</li>
-	    <li>The NDPS dissector could exhaust system memory or
-	      cause an assertion, or crash.</li>
-	    <li>The Q.931 dissector could try to free a null pointer
-	      and overflow a buffer.</li>
-	    <li>The IAX2 dissector could throw an assertion.</li>
-	    <li>The ICEP dissector could try to free the same memory
-	      twice.</li>
-	    <li>The MEGACO dissector was susceptible to an infinite
-	      loop and a buffer overflow.</li>
-	    <li>The DLSw dissector was susceptible to an infinite
-	      loop.</li>
-	    <li>The RPC dissector was susceptible to a null pointer
-	      exception.</li>
-	    <li>The NCP dissector could overflow a buffer or loop for
-	      a large amount of time.</li>
-	    <li>The RADIUS dissector could throw an assertion.</li>
-	    <li>The GSM dissector could access an invalid
-	      pointer.</li>
-	    <li>The SMB PIPE dissector could throw an assertion.</li>
-	    <li>The L2TP dissector was susceptible to an infinite loop.</li>
-	    <li>The SMB NETLOGON dissector could dereference a null
-	      pointer.</li>
-	    <li>The MRDISC dissector could throw an assertion.</li>
-	    <li>The ISUP dissector could overflow a buffer or cause a
-	      segmentation fault.</li>
-	    <li>The LDAP dissector could crash.</li>
-	    <li>The TCAP dissector could overflow a buffer or throw an
-	      assertion.</li>
-	    <li>The NTLMSSP dissector could crash.</li>
-	    <li>The Presentation dissector could overflow a
-	      buffer.</li>
-	    <li>Additionally, a number of dissectors could throw an
-	      assertion when passing an invalid protocol tree item
-	      length.</li>
-	  </ul>
+	    discovery has turned up a multitude of security issues</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>