[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Apr 29 09:10:22 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df34f4fa by security tracker role at 2018-04-29T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-10530
+	RESERVED
+CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds ...)
+	TODO: check
+CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer ...)
+	TODO: check
 CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields ...)
 	NOT-FOR-US: EasyCMS
 CVE-2018-10526
@@ -1601,7 +1607,7 @@ CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physical
 CVE-2018-9839
 	RESERVED
 CVE-2018-1000164 (gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of ...)
-	{DLA-1357-1}
+	{DSA-4186-1 DLA-1357-1}
 	- gunicorn 19.5.0-1 (bug #896548)
 	NOTE: https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
 	NOTE: https://github.com/benoitc/gunicorn/issues/1227
@@ -20763,12 +20769,14 @@ CVE-2018-2816 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
 CVE-2018-2815 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
@@ -20810,37 +20818,44 @@ CVE-2018-2802 (Vulnerability in the Oracle Hospitality Simphony component of Ora
 CVE-2018-2801 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2018-2800 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...)
+	{DSA-4185-1}
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2799 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
 CVE-2018-2798 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2797 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2796 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
 CVE-2018-2795 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2794 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>
@@ -20853,6 +20868,7 @@ CVE-2018-2792 (Vulnerability in the Hardware Management Pack component of Oracle
 CVE-2018-2791 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2018-2790 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+	{DSA-4185-1}
 	- openjdk-10 <unfixed>
 	- openjdk-8 8u171-b11-1
 	- openjdk-7 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df34f4fa80c24b57e666cdd37d5ca7e0db6c4f07

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df34f4fa80c24b57e666cdd37d5ca7e0db6c4f07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180429/be4ea31d/attachment.html>

More information about the debian-security-tracker-commits mailing list