[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 10 09:10:26 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e892bcf by security tracker role at 2018-08-10T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1067,8 +1067,8 @@ CVE-2018-14737 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-
 	NOT-FOR-US: cloudwu PBC
 CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
 	NOT-FOR-US: cloudwu PBC
-CVE-2018-14735
-	RESERVED
+CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite ...)
+	TODO: check
 CVE-2018-14733
 	RESERVED
 CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 ...)
@@ -10732,8 +10732,7 @@ CVE-2018-10933
 	RESERVED
 CVE-2018-10932
 	RESERVED
-CVE-2018-10931 [CobblerXMLRPCInterface exports internal only functions over XMLRPC]
-	RESERVED
+CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its ...)
 	- cobbler <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/9
 CVE-2018-10930
@@ -10746,8 +10745,7 @@ CVE-2018-10927
 	RESERVED
 CVE-2018-10926
 	RESERVED
-CVE-2018-10925 [Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE]
-	RESERVED
+CVE-2018-10925 (It was discovered that PostgreSQL versions before 10.5, 9.6.10, ...)
 	- postgresql-10 10.5-1
 	- postgresql-9.6 <removed>
 	- postgresql-9.5 <removed>
@@ -10780,8 +10778,7 @@ CVE-2018-10916 (It has been discovered that lftp up to and including version 4.8
 	[jessie] - lftp <no-dsa> (Minor issue)
 	NOTE: https://github.com/lavv17/lftp/issues/452
 	NOTE: https://github.com/lavv17/lftp/commit/a27e07d90a4608ceaf928b1babb27d4d803e1992
-CVE-2018-10915 [Certain host connection parameters defeat client-side security defenses]
-	RESERVED
+CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL client ...)
 	- postgresql-10 10.5-1
 	- postgresql-9.6 <removed>
 	- postgresql-9.5 <removed>
@@ -18986,8 +18983,8 @@ CVE-2018-7694
 	RESERVED
 CVE-2018-7693
 	RESERVED
-CVE-2018-7692
-	RESERVED
+CVE-2018-7692 (Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 ...)
+	TODO: check
 CVE-2018-7691
 	RESERVED
 CVE-2018-7690
@@ -19004,8 +19001,8 @@ CVE-2018-7688 (A missing permission check in the review handling of openSUSE Ope
 	NOTE: https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553
 CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a ...)
 	NOT-FOR-US: Micro Focus Client for OES
-CVE-2018-7686
-	RESERVED
+CVE-2018-7686 (Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 ...)
+	TODO: check
 CVE-2018-7685
 	RESERVED
 CVE-2018-7684
@@ -41152,8 +41149,8 @@ CVE-2018-0431
 	RESERVED
 CVE-2018-0430
 	RESERVED
-CVE-2018-0429
-	RESERVED
+CVE-2018-0429 (Stack-based buffer overflow in the Cisco Thor decoder before commit ...)
+	TODO: check
 CVE-2018-0428
 	RESERVED
 CVE-2018-0427
@@ -69131,7 +69128,7 @@ CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior to
 	NOT-FOR-US: Cloud Foundry
 CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to v0.163.0 ...)
 	NOT-FOR-US: Cloud Foundry
-CVE-2017-8046 (Malicious PATCH requests submitted to spring-data-rest servers in ...)
+CVE-2017-8046 (Malicious PATCH requests submitted to servers using Spring Data REST ...)
 	NOT-FOR-US: Spring Data REST
 CVE-2017-8045 (In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an ...)
 	NOT-FOR-US: Spring AMQP



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e892bcf9063245964022f40c0472f2d05209bf6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e892bcf9063245964022f40c0472f2d05209bf6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180810/20b44e14/attachment.html>

More information about the debian-security-tracker-commits mailing list