[Git][security-tracker-team/security-tracker][master] automatic update

Mon Apr 23 09:10:28 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ece9e1d by security tracker role at 2018-04-23T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,9 @@
-CVE-2018-10299
+CVE-2018-10301
 	RESERVED
+CVE-2018-10300
+	RESERVED
+CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart contract ...)
+	TODO: check
 CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...)
 	NOT-FOR-US: DiscuzX
 CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...)
@@ -3606,6 +3610,7 @@ CVE-2018-8782
 CVE-2018-8781
 	RESERVED
 CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
+	{DLA-1359-1 DLA-1358-1}
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -3616,6 +3621,7 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10)
 CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
+	{DLA-1359-1 DLA-1358-1}
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -3627,6 +3633,7 @@ CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10)
 	NOTE: ruby1.8: test examples from hackerone doesn't work. ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
 CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
+	{DLA-1359-1 DLA-1358-1}
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -3637,6 +3644,7 @@ CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)
 CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
+	{DLA-1359-1 DLA-1358-1}
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -7662,7 +7670,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 
 	NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
 	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
-	{DLA-1337-1 DLA-1336-1}
+	{DLA-1358-1 DLA-1337-1 DLA-1336-1}
 	- ruby2.5 2.5.0-5
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -7672,7 +7680,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 
 	NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
 	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
-	{DLA-1337-1 DLA-1336-1}
+	{DLA-1358-1 DLA-1337-1 DLA-1336-1}
 	- ruby2.5 2.5.0-5
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -7682,7 +7690,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 
 	NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
 	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
-	{DLA-1337-1 DLA-1336-1}
+	{DLA-1358-1 DLA-1337-1 DLA-1336-1}
 	- ruby2.5 2.5.0-5
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -7692,7 +7700,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 
 	NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
 	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
-	{DLA-1337-1 DLA-1336-1}
+	{DLA-1358-1 DLA-1337-1 DLA-1336-1}
 	- ruby2.5 2.5.0-5
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -8741,6 +8749,7 @@ CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...)
 CVE-2018-6915
 	RESERVED
 CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the ...)
+	{DLA-1359-1 DLA-1358-1}
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -18510,6 +18519,7 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu
 CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
 	NOT-FOR-US: UCOPIA Wireless Appliance
 CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
+	{DLA-1359-1 DLA-1358-1}
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ece9e1ded186c03e69f669f0a4fc53ea423a1a3

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ece9e1ded186c03e69f669f0a4fc53ea423a1a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180423/136487e8/attachment-0001.html>
