[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Mon Apr 2 08:10:24 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77af6ecb by security tracker role at 2018-04-02T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-9176
+	RESERVED
+CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via ...)
+	TODO: check
+CVE-2018-9174 (sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute ...)
+	TODO: check
+CVE-2018-9173 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2018-9172 (The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress ...)
+	TODO: check
+CVE-2018-9171
+	RESERVED
+CVE-2018-9170
+	RESERVED
+CVE-2018-9169
+	RESERVED
 CVE-2018-9168
 	RESERVED
 CVE-2018-9167
@@ -5612,6 +5628,7 @@ CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potenti
 CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the ...)
 	NOT-FOR-US: RoomWizard
 CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
+	{DSA-4162-1}
 	- irssi 1.0.7-1 (bug #890674)
 	[jessie] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
 	[wheezy] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
@@ -5622,25 +5639,26 @@ CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.
 	NOTE: https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92
 	NOTE: But the CVE is specifically for the use-after-free issue.
 CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
+	{DSA-4162-1}
 	- irssi 1.0.7-1 (bug #890674)
 	[jessie] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
 	[wheezy] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
 	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
 	NOTE: Fixed by: https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c
 CVE-2018-7052 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
-	{DLA-1289-1}
+	{DSA-4162-1 DLA-1289-1}
 	- irssi 1.0.7-1 (bug #890676)
 	[jessie] - irssi <ignored> (Minor issue)
 	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
 	NOTE: Fixed by: https://github.com/irssi/irssi/commit/5b5bfef03596d95079c728f65f523570dd7b03aa
 CVE-2018-7051 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
-	{DLA-1318-1}
+	{DSA-4162-1 DLA-1318-1}
 	- irssi 1.0.7-1 (bug #890677)
 	[jessie] - irssi <ignored> (Minor issue)
 	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
 	NOTE: Fixed by: https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af
 CVE-2018-7050 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A ...)
-	{DLA-1289-1}
+	{DSA-4162-1 DLA-1289-1}
 	- irssi 1.0.7-1 (bug #890678)
 	[jessie] - irssi <ignored> (Minor issue)
 	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
@@ -10855,24 +10873,28 @@ CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipset
 CVE-2018-5209
 	RESERVED
 CVE-2018-5208 (In Irssi before 1.0.6, a calculation error in the completion code could ...)
+	{DSA-4162-1}
 	- irssi 1.0.7-1 (bug #886475)
 	[jessie] - irssi <ignored> (Minor issue)
 	[wheezy] - irssi <no-dsa> (Minor issue)
 	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
 	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5207 (When using an incomplete variable argument, Irssi before 1.0.6 may ...)
+	{DSA-4162-1}
 	- irssi 1.0.7-1 (bug #886475)
 	[jessie] - irssi <ignored> (Minor issue)
 	[wheezy] - irssi <no-dsa> (Minor issue)
 	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
 	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5206 (When the channel topic is set without specifying a sender, Irssi before ...)
+	{DSA-4162-1}
 	- irssi 1.0.7-1 (bug #886475)
 	[jessie] - irssi <ignored> (Minor issue)
 	[wheezy] - irssi <no-dsa> (Minor issue)
 	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
 	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may access data ...)
+	{DSA-4162-1}
 	- irssi 1.0.7-1 (bug #886475)
 	[jessie] - irssi <ignored> (Minor issue)
 	[wheezy] - irssi <no-dsa> (Minor issue)
@@ -21759,20 +21781,16 @@ CVE-2018-1096 [SQL injection in dashboard page]
 	- foreman <itp> (bug #663101)
 	NOTE: http://projects.theforeman.org/issues/23028
 	NOTE: https://github.com/theforeman/foreman/pull/5363
-CVE-2018-1095 [NULL pointer dereference in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image]
-	RESERVED
+CVE-2018-1095 (The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199185
-CVE-2018-1094 [NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image]
-	RESERVED
+CVE-2018-1094 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199183
-CVE-2018-1093 [Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image]
-	RESERVED
+CVE-2018-1093 (The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199181
-CVE-2018-1092 [NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image]
-	RESERVED
+CVE-2018-1092 (The ext4_iget function in fs/ext4/inode.c in the Linux kernel through ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199179
 CVE-2018-1091 (In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/77af6ecb291dae4fa7b3b5081e326a05b66df627

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/77af6ecb291dae4fa7b3b5081e326a05b66df627
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180402/715a62da/attachment-0001.html>
