[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 14 21:10:42 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a220980c by security tracker role at 2018-04-14T20:10:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,29 @@
+CVE-2018-10115
+	RESERVED
+CVE-2018-10114 (An issue was discovered in GEGL through 0.3.32. The ...)
+	TODO: check
+CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process function in ...)
+	TODO: check
+CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The ...)
+	TODO: check
+CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The render_rectangle ...)
+	TODO: check
+CVE-2018-10110
+	RESERVED
+CVE-2018-10109 (Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has ...)
+	TODO: check
+CVE-2018-10108
+	RESERVED
+CVE-2018-10107
+	RESERVED
+CVE-2018-10106
+	RESERVED
+CVE-2018-10105
+	RESERVED
+CVE-2018-10104
+	RESERVED
+CVE-2018-10103
+	RESERVED
 CVE-2018-10099
 	RESERVED
 CVE-2018-10098
@@ -618,15 +644,15 @@ CVE-2018-9838 (The caml_ba_deserialize function in byterun/bigarray.c in the sta
 	NOTE: https://caml.inria.fr/mantis/view.php?id=7765
 	NOTE: https://github.com/ocaml/ocaml/pull/1718
 	NOTE: Before 4.06.0+beta1 the code is present in otherlibs/bigarray/bigarray_stubs.c
-CVE-2018-10101 [wordpress: Don't treat localhost as same host by default]
+CVE-2018-10101 (Before WordPress 4.9.5, the URL validator assumed URLs with the ...)
 	- wordpress 4.9.5+dfsg1-1 (bug #895034)
 	NOTE: https://core.trac.wordpress.org/changeset/42894
 	NOTE: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
-CVE-2018-10100 [wordpress: Use safe redirects when redirecting the login page if SSL is forced]
+CVE-2018-10100 (Before WordPress 4.9.5, the redirection URL for the login page was not ...)
 	- wordpress 4.9.5+dfsg1-1 (bug #895034)
 	NOTE: https://core.trac.wordpress.org/changeset/42892
 	NOTE: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
-CVE-2018-10102 [wordpress: Make sure the version string is correctly escaped for use in generator tags]
+CVE-2018-10102 (Before WordPress 4.9.5, the version string was not escaped in the ...)
 	- wordpress 4.9.5+dfsg1-1 (bug #895034)
 	NOTE: https://core.trac.wordpress.org/changeset/42893
 	NOTE: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
@@ -8232,6 +8258,7 @@ CVE-2017-18175 (Progress Sitefinity 9.1 has XSS via the Content Management Templ
 	NOT-FOR-US: Progress Sitefinity
 CVE-2018-6913 [heap-buffer-overflow in S_pack_rec]
 	RESERVED
+	{DSA-4172-1}
 	- perl 5.26.1-6
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131844
 	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/0fcf83230df5f8c52602ae22fde57c7ea885534d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a220980cee41e254099e6f25e858b37416c9ac1e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a220980cee41e254099e6f25e858b37416c9ac1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180414/fc55bdee/attachment.html>
