[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 28 21:10:20 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
628fa1bd by security tracker role at 2018-04-28T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields ...)
+	TODO: check
+CVE-2018-10526
+	RESERVED
 CVE-2018-10525
 	RESERVED
 CVE-2017-18263 (Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has ...)
@@ -110,8 +114,8 @@ CVE-2018-10470
 	RESERVED
 CVE-2018-10469 (b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and ...)
 	NOT-FOR-US: b3log Symphony (aka Sym)
-CVE-2018-10468
-	RESERVED
+CVE-2018-10468 (The transferFrom function of a smart contract implementation for ...)
+	TODO: check
 CVE-2018-10467
 	RESERVED
 CVE-2018-10466
@@ -8949,6 +8953,7 @@ CVE-2018-7035 (Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2
 CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 ...)
 	NOT-FOR-US: TRENDnet devices
 CVE-2018-7033 (SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL ...)
+	{DLA-1367-1}
 	- slurm-llnl 17.11.5-1 (bug #893044)
 	NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4792 (not yet public)
 	NOTE: https://github.com/SchedMD/slurm/commit/db468895240ad6817628d07054fe54e71273b2fe
@@ -17477,19 +17482,19 @@ CVE-2018-3841
 CVE-2018-3840
 	RESERVED
 CVE-2018-3839 (An exploitable code execution vulnerability exists in the XCF image ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://hg.libsdl.org/SDL_image/rev/fb643e371806910f1973abfdfe7f981e8dba60f5
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521
 CVE-2018-3838 (An exploitable information vulnerability exists in the XCF image ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520
 CVE-2018-3837 (An exploitable information disclosure vulnerability exists in the PCX ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://hg.libsdl.org/SDL_image/rev/2938fc80591abeae74b971cbdf966eff3213297e
@@ -36792,7 +36797,7 @@ CVE-2017-14452
 CVE-2017-14451
 	RESERVED
 CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499
@@ -36804,7 +36809,7 @@ CVE-2017-14449 (A double-Free vulnerability exists in the XCF image rendering ..
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498
 	NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c
 CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF image ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
@@ -36820,19 +36825,19 @@ CVE-2017-14444
 CVE-2017-14443
 	RESERVED
 CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP image ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491
 	NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8
 CVE-2017-14441 (An exploitable code execution vulnerability exists in the ICO image ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490
 	NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10
 CVE-2017-14440 (An exploitable code execution vulnerability exists in the ILBM image ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489
@@ -43788,7 +43793,7 @@ CVE-2017-12124
 CVE-2017-12123
 	RESERVED
 CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM image ...)
-	{DSA-4177-1 DLA-1341-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488
@@ -72531,7 +72536,7 @@ CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creatin
 	NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
 	NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0
 CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF ...)
-	{DSA-4177-1 DLA-1134-1}
+	{DSA-4184-1 DSA-4177-1 DLA-1134-1}
 	- libsdl2-image 2.0.1+dfsg-4 (bug #878266)
 	- sdl-image1.2 1.2.12-7 (bug #878267)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/628fa1bd7a040a4e4d5c4d72cd28f5ac0bc2eaee

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/628fa1bd7a040a4e4d5c4d72cd28f5ac0bc2eaee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180428/578e594a/attachment-0001.html>
