[Git][security-tracker-team/security-tracker][master] automatic update

Fri Aug 17 09:10:32 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cfb057d5 by security tracker role at 2018-08-17T08:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -533,8 +533,8 @@ CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox Smart Home Controller B
 	NOT-FOR-US: Zipato
 CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home Controller ...)
 	NOT-FOR-US: Zipato
-CVE-2018-15122
-	RESERVED
+CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 2018.1.323.2 ...)
+	TODO: check
 CVE-2018-15121
 	RESERVED
 CVE-2018-15120
@@ -1882,8 +1882,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST
 	[stretch] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2501
-CVE-2018-14567
-	RESERVED
+CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to ...)
 	- libxml2 <unfixed>
 	[stretch] - libxml2 <postponed> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
@@ -4565,8 +4564,8 @@ CVE-2018-13448 (SQL injection vulnerability in product/card.php in Dolibarr ERP/
 CVE-2018-13447 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ...)
 	- dolibarr <removed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
-CVE-2018-13446
-	RESERVED
+CVE-2018-13446 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line ...)
+	TODO: check
 CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability ...)
 	NOT-FOR-US: SeaCMS
 CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability ...)
@@ -4591,10 +4590,10 @@ CVE-2018-13437
 	RESERVED
 CVE-2018-13436
 	RESERVED
-CVE-2018-13435
-	RESERVED
-CVE-2018-13434
-	RESERVED
+CVE-2018-13435 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line ...)
+	TODO: check
+CVE-2018-13434 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line ...)
+	TODO: check
 CVE-2018-13433 (Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as ...)
 	NOT-FOR-US: Boostnote
 CVE-2018-13432
@@ -7687,8 +7686,8 @@ CVE-2018-12258 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. Cus
 	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
 CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is ...)
 	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
-CVE-2018-12256
-	RESERVED
+CVE-2018-12256 (admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote ...)
+	TODO: check
 CVE-2018-12255 (An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF ...)
 	NOT-FOR-US: InvoicePlane
 CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for ...)
@@ -9557,12 +9556,12 @@ CVE-2018-11513
 	RESERVED
 CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the "Website's name" ...)
 	NOT-FOR-US: wityCMS
-CVE-2018-11511
-	RESERVED
+CVE-2018-11511 (The tree list functionality in the photo gallery application in ...)
+	TODO: check
 CVE-2018-11510 (ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin ...)
 	NOT-FOR-US: ASUSTOR
-CVE-2018-11509
-	RESERVED
+CVE-2018-11509 (ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and ...)
+	TODO: check
 CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux kernel ...)
 	- linux 4.16.12-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -49857,7 +49856,7 @@ CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x be
 	NOTE: https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5 (rel-3_3)
 	NOTE: https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/
 CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Horde_Image ...)
-	{DLA-1395-1}
+	{DSA-4276-1 DLA-1395-1}
 	- php-horde-image 2.5.2-1 (bug #876400)
 	NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2
 	NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
@@ -64179,12 +64178,13 @@ CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler bef
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540
 	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9
 CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...)
-	{DLA-1395-1}
+	{DSA-4276-1 DLA-1395-1}
 	- php-horde-image 2.5.1-1 (bug #865505)
 	NOTE: https://lists.horde.org/archives/announce/2017/001234.html
 	NOTE: https://github.com/horde/horde/commit/01a11ccd37149101d67e0b20261fa48ab07dae13
 	NOTE: Regression in upstream patch, fixing in https://github.com/horde/Image/pull/1
 CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via a ...)
+	{DSA-4276-1}
 	- php-horde-image 2.5.1-1 (bug #865504)
 	[jessie] - php-horde-image <not-affected> (Only Horde_Image above 2.3.0 affected)
 	NOTE: https://lists.horde.org/archives/announce/2017/001234.html
@@ -92344,13 +92344,11 @@ CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer ...)
 	NOTE: Not suitable for code injection, hardly denial of service
 CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an ...)
 	NOT-FOR-US: puppet-tripleo
-CVE-2016-9598 [out-of-bounds read]
-	RESERVED
+CVE-2016-9598 (libxml2, as used in Red Hat JBoss Core Services, allows ...)
 	- libxml2 <not-affected> (Red Hat specific security regressions)
 CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 ...)
 	- libxml2 <not-affected> (Red Hat specific security regressions)
-CVE-2016-9596 [stack exhaustion while parsing xml files in recovery mode]
-	RESERVED
+CVE-2016-9596 (libxml2, as used in Red Hat JBoss Core Services and when in recovery ...)
 	- libxml2 <not-affected> (Red Hat specific security regressions)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769658
 CVE-2016-9595 (A flaw was found in katello-debug before 3.4.0 where certain scripts ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfb057d50633a271db0082576e0c8f383031a800

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfb057d50633a271db0082576e0c8f383031a800
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180817/44786fd3/attachment.html>
