[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Thu Apr 5 08:10:29 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ffc1f82 by security tracker role at 2018-04-05T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,53 @@
+CVE-2018-9310
+	RESERVED
+CVE-2018-9309 (An issue was discovered in zzcms 8.2. It allows SQL injection via the ...)
+	TODO: check
+CVE-2018-9308
+	RESERVED
+CVE-2018-9307 (dsmall v20180320 allows XSS via the pdr_sn parameter to ...)
+	TODO: check
+CVE-2018-9306 (In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in ...)
+	TODO: check
+CVE-2018-9305 (In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in ...)
+	TODO: check
+CVE-2018-9304 (In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in ...)
+	TODO: check
+CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in ...)
+	TODO: check
+CVE-2018-9302
+	RESERVED
+CVE-2018-9301
+	RESERVED
+CVE-2018-9300
+	RESERVED
+CVE-2018-9299
+	RESERVED
+CVE-2018-9298
+	RESERVED
+CVE-2018-9297
+	RESERVED
+CVE-2018-9296
+	RESERVED
+CVE-2018-9295
+	RESERVED
+CVE-2018-9294
+	RESERVED
+CVE-2018-9293
+	RESERVED
+CVE-2018-9292
+	RESERVED
+CVE-2018-9291
+	RESERVED
+CVE-2018-9290
+	RESERVED
+CVE-2018-9289
+	RESERVED
+CVE-2018-9288
+	RESERVED
+CVE-2018-9287
+	RESERVED
+CVE-2018-9286
+	RESERVED
 CVE-2018-XXXX [Persistent XSS in filename of merge request]
 	- gitlab <unfixed> (bug #894869)
 	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
@@ -38,7 +88,7 @@ CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_y
 CVE-2017-18257 (The __get_data_block function in fs/f2fs/data.c in the Linux kernel ...)
 	- linux 4.11.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/b86e33075ed1909d8002745b56ecf73b833db143
-CVE-2018-1002150 [koji: Dist Repo call missing authorization check]
+CVE-2018-1002150 (Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access ...)
 	- koji <unfixed> (bug #894832)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/04/04/1
 	NOTE: https://docs.pagure.org/koji/CVE-2018-1002150/
@@ -22193,8 +22243,7 @@ CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and ear
 	- etcd <unfixed>
 	NOTE: https://github.com/coreos/etcd/issues/9353
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714
-CVE-2018-1097 [Ovirt admin password exposed by foreman API]
-	RESERVED
+CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows users with ...)
 	- foreman <itp> (bug #663101)
 	NOTE: https://projects.theforeman.org/issues/22546
 	NOTE: https://github.com/theforeman/foreman/pull/5369
@@ -22241,10 +22290,10 @@ CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflo
 	[stretch] - zsh <no-dsa> (Minor issue)
 	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
-CVE-2018-1082
-	RESERVED
-CVE-2018-1081
-	RESERVED
+CVE-2018-1082 (A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user ...)
+	TODO: check
+CVE-2018-1081 (A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, ...)
+	TODO: check
 CVE-2018-1080 [Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access]
 	RESERVED
 	- dogtag-pki <unfixed> (bug #893690)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ffc1f82203aa5f717f841fb0fa3ccbd1f757587

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ffc1f82203aa5f717f841fb0fa3ccbd1f757587
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180405/0d76fbf8/attachment.html>
