[Git][security-tracker-team/security-tracker][master] automatic update

Mon Apr 30 09:10:22 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
969bbeb6 by security tracker role at 2018-04-30T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-10560
+	RESERVED
+CVE-2018-10559
+	RESERVED
+CVE-2018-10558
+	RESERVED
+CVE-2018-10557
+	RESERVED
+CVE-2018-10556
+	RESERVED
+CVE-2018-10555
+	RESERVED
+CVE-2018-10554 (An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable ...)
+	TODO: check
+CVE-2018-10553 (An issue was discovered in Nagios XI 5.4.13. A registered user is able ...)
+	TODO: check
+CVE-2018-10552
+	RESERVED
+CVE-2018-10551
+	RESERVED
+CVE-2018-10550 (In Octopus Deploy before 2018.4.7, target and tenant tag variable ...)
+	TODO: check
+CVE-2018-10549 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
+	TODO: check
+CVE-2018-10548 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
+	TODO: check
+CVE-2018-10547 (An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, ...)
+	TODO: check
+CVE-2018-10546 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
+	TODO: check
+CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, ...)
+	TODO: check
 CVE-2018-10544
 	RESERVED
 CVE-2018-10543
@@ -14578,7 +14610,7 @@ CVE-2018-5147 [out-of-bound write]
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
 CVE-2018-5146 [out-of-bound write]
 	RESERVED
-	{DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1327-1 DLA-1319-1}
+	{DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1368-1 DLA-1327-1 DLA-1319-1}
 	- firefox 59.0.1-1
 	- firefox-esr 52.7.2esr-1
 	- thunderbird 1:52.7.0-1
@@ -36276,13 +36308,13 @@ CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the funct
 	NOTE: https://github.com/erikd/libsndfile/issues/318
 	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
 CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
-	{DSA-4113-1}
+	{DSA-4113-1 DLA-1368-1}
 	- libvorbis 1.3.5-4.1 (bug #876778)
 	[jessie] - libvorbis <postponed> (Minor issue, can be fixed along later)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
 	NOTE: https://github.com/xiph/vorbis/pull/34
 CVE-2017-14632 (Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ...)
-	{DSA-4113-1}
+	{DSA-4113-1 DLA-1368-1}
 	- libvorbis 1.3.5-4.1 (bug #876779)
 	[jessie] - libvorbis <not-affected> (Vulnerable code not present)
 	[wheezy] - libvorbis <not-affected> (Vulnerable code not present)
@@ -46218,7 +46250,7 @@ CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka
 	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece
 	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
 CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...)
-	{DSA-4113-1}
+	{DSA-4113-1 DLA-1368-1}
 	- libvorbis 1.3.5-4.1 (low; bug #870341)
 	[jessie] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/82



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/969bbeb6c245ff26978a4578db48208dc271d97f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/969bbeb6c245ff26978a4578db48208dc271d97f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180430/684404dc/attachment.html>
