[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Aug 8 21:10:46 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de85f1e5 by security tracker role at 2018-08-08T20:10:35Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -975,6 +975,7 @@ CVE-2018-1999034 (A man in the middle vulnerability exists in Jenkins Inedo ProG
 CVE-2018-1999035 (A man in the middle vulnerability exists in Jenkins Inedo BuildMaster ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-14767 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
+	{DSA-4267-1}
 	- kamailio 5.1.4-1
 	NOTE: https://skalatan.de/blog/advisory-hw-2018-05
 	NOTE: https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamailio-core/
@@ -1616,8 +1617,7 @@ CVE-2018-14528
 	RESERVED
 CVE-2018-14527 (Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection ...)
 	NOT-FOR-US: Xiao5uCompany
-CVE-2018-14526 [Unauthenticated EAPOL-Key decryption in wpa_supplicant]
-	RESERVED
+CVE-2018-14526 (An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 ...)
 	- wpa <unfixed> (bug #905739)
 	[stretch] - wpa <no-dsa> (Minor issue)
 	NOTE: https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
@@ -2013,7 +2013,8 @@ CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses 
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
 	[jessie] - mp4v2 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
-CVE-2018-14378 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur ...)
+CVE-2018-14378
+	REJECTED
 	- tiff <unfixed>
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2806
@@ -2021,15 +2022,18 @@ CVE-2018-14377
 	RESERVED
 CVE-2018-14376
 	RESERVED
-CVE-2018-14375 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow ...)
+CVE-2018-14375
+	REJECTED
 	- tiff <unfixed>
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2803
-CVE-2018-14374 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur ...)
+CVE-2018-14374
+	REJECTED
 	- tiff <unfixed>
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2802
-CVE-2018-14373 (An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in ...)
+CVE-2018-14373
+	REJECTED
 	- tiff <unfixed>
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2801
@@ -6896,8 +6900,8 @@ CVE-2018-12410
 	RESERVED
 CVE-2018-12409
 	RESERVED
-CVE-2018-12408
-	RESERVED
+CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ...)
+	TODO: check
 CVE-2018-12407
 	RESERVED
 CVE-2018-12406
@@ -8465,8 +8469,7 @@ CVE-2018-11771
 	RESERVED
 CVE-2018-11770
 	RESERVED
-CVE-2018-11769 [Remote Code Execution]
-	RESERVED
+CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the database ...)
 	- couchdb <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/08/2
 CVE-2018-11768
@@ -9035,8 +9038,8 @@ CVE-2018-11563
 	RESERVED
 CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in ...)
 	NOT-FOR-US: MISP
-CVE-2018-11561
-	RESERVED
+CVE-2018-11561 (An integer overflow in the unprotected distributeToken function of a ...)
+	TODO: check
 CVE-2018-11560 (The webService binary on Insteon HD IP Camera White 2864-222 devices ...)
 	NOT-FOR-US: Insteon
 CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" ...)
@@ -33848,6 +33851,7 @@ CVE-2018-2769 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DLA-1407-1}
 	- mariadb-10.2 <removed>
 	- mariadb-10.1 1:10.1.34-1
 	[stretch] - mariadb-10.1 <postponed> (Wait for next upstream security/bugfix release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de85f1e5c41f724b96683e1c8f57ed3760b4d328

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de85f1e5c41f724b96683e1c8f57ed3760b4d328
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180808/4823962d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list