[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Aug 28 21:10:41 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f258acd1 by security tracker role at 2018-08-28T20:10:33Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,282 @@
-CVE-2018-15919 [OpenSSH user enumeration]
+CVE-2018-16051
+	RESERVED
+CVE-2018-16050
+	RESERVED
+CVE-2018-16049
+	RESERVED
+CVE-2018-16048
+	RESERVED
+CVE-2018-16047
+	RESERVED
+CVE-2018-16046
+	RESERVED
+CVE-2018-16045
+	RESERVED
+CVE-2018-16044
+	RESERVED
+CVE-2018-16043
+	RESERVED
+CVE-2018-16042
+	RESERVED
+CVE-2018-16041
+	RESERVED
+CVE-2018-16040
+	RESERVED
+CVE-2018-16039
+	RESERVED
+CVE-2018-16038
+	RESERVED
+CVE-2018-16037
+	RESERVED
+CVE-2018-16036
+	RESERVED
+CVE-2018-16035
+	RESERVED
+CVE-2018-16034
+	RESERVED
+CVE-2018-16033
+	RESERVED
+CVE-2018-16032
+	RESERVED
+CVE-2018-16031
+	RESERVED
+CVE-2018-16030
+	RESERVED
+CVE-2018-16029
+	RESERVED
+CVE-2018-16028
+	RESERVED
+CVE-2018-16027
+	RESERVED
+CVE-2018-16026
+	RESERVED
+CVE-2018-16025
+	RESERVED
+CVE-2018-16024
+	RESERVED
+CVE-2018-16023
+	RESERVED
+CVE-2018-16022
+	RESERVED
+CVE-2018-16021
+	RESERVED
+CVE-2018-16020
+	RESERVED
+CVE-2018-16019
+	RESERVED
+CVE-2018-16018
+	RESERVED
+CVE-2018-16017
+	RESERVED
+CVE-2018-16016
+	RESERVED
+CVE-2018-16015
+	RESERVED
+CVE-2018-16014
+	RESERVED
+CVE-2018-16013
+	RESERVED
+CVE-2018-16012
+	RESERVED
+CVE-2018-16011
+	RESERVED
+CVE-2018-16010
+	RESERVED
+CVE-2018-16009
+	RESERVED
+CVE-2018-16008
+	RESERVED
+CVE-2018-16007
+	RESERVED
+CVE-2018-16006
+	RESERVED
+CVE-2018-16005
+	RESERVED
+CVE-2018-16004
+	RESERVED
+CVE-2018-16003
+	RESERVED
+CVE-2018-16002
+	RESERVED
+CVE-2018-16001
+	RESERVED
+CVE-2018-16000
+	RESERVED
+CVE-2018-15999
+	RESERVED
+CVE-2018-15998
+	RESERVED
+CVE-2018-15997
+	RESERVED
+CVE-2018-15996
+	RESERVED
+CVE-2018-15995
+	RESERVED
+CVE-2018-15994
+	RESERVED
+CVE-2018-15993
+	RESERVED
+CVE-2018-15992
+	RESERVED
+CVE-2018-15991
+	RESERVED
+CVE-2018-15990
+	RESERVED
+CVE-2018-15989
+	RESERVED
+CVE-2018-15988
+	RESERVED
+CVE-2018-15987
+	RESERVED
+CVE-2018-15986
+	RESERVED
+CVE-2018-15985
+	RESERVED
+CVE-2018-15984
+	RESERVED
+CVE-2018-15983
+	RESERVED
+CVE-2018-15982
+	RESERVED
+CVE-2018-15981
+	RESERVED
+CVE-2018-15980
+	RESERVED
+CVE-2018-15979
+	RESERVED
+CVE-2018-15978
+	RESERVED
+CVE-2018-15977
+	RESERVED
+CVE-2018-15976
+	RESERVED
+CVE-2018-15975
+	RESERVED
+CVE-2018-15974
+	RESERVED
+CVE-2018-15973
+	RESERVED
+CVE-2018-15972
+	RESERVED
+CVE-2018-15971
+	RESERVED
+CVE-2018-15970
+	RESERVED
+CVE-2018-15969
+	RESERVED
+CVE-2018-15968
+	RESERVED
+CVE-2018-15967
+	RESERVED
+CVE-2018-15966
+	RESERVED
+CVE-2018-15965
+	RESERVED
+CVE-2018-15964
+	RESERVED
+CVE-2018-15963
+	RESERVED
+CVE-2018-15962
+	RESERVED
+CVE-2018-15961
+	RESERVED
+CVE-2018-15960
+	RESERVED
+CVE-2018-15959
+	RESERVED
+CVE-2018-15958
+	RESERVED
+CVE-2018-15957
+	RESERVED
+CVE-2018-15956
+	RESERVED
+CVE-2018-15955
+	RESERVED
+CVE-2018-15954
+	RESERVED
+CVE-2018-15953
+	RESERVED
+CVE-2018-15952
+	RESERVED
+CVE-2018-15951
+	RESERVED
+CVE-2018-15950
+	RESERVED
+CVE-2018-15949
+	RESERVED
+CVE-2018-15948
+	RESERVED
+CVE-2018-15947
+	RESERVED
+CVE-2018-15946
+	RESERVED
+CVE-2018-15945
+	RESERVED
+CVE-2018-15944
+	RESERVED
+CVE-2018-15943
+	RESERVED
+CVE-2018-15942
+	RESERVED
+CVE-2018-15941
+	RESERVED
+CVE-2018-15940
+	RESERVED
+CVE-2018-15939
+	RESERVED
+CVE-2018-15938
+	RESERVED
+CVE-2018-15937
+	RESERVED
+CVE-2018-15936
+	RESERVED
+CVE-2018-15935
+	RESERVED
+CVE-2018-15934
+	RESERVED
+CVE-2018-15933
+	RESERVED
+CVE-2018-15932
+	RESERVED
+CVE-2018-15931
+	RESERVED
+CVE-2018-15930
+	RESERVED
+CVE-2018-15929
+	RESERVED
+CVE-2018-15928
+	RESERVED
+CVE-2018-15927
+	RESERVED
+CVE-2018-15926
+	RESERVED
+CVE-2018-15925
+	RESERVED
+CVE-2018-15924
+	RESERVED
+CVE-2018-15923
+	RESERVED
+CVE-2018-15922
+	RESERVED
+CVE-2018-15921
+	RESERVED
+CVE-2018-15920
+	RESERVED
+CVE-2018-15918
+	RESERVED
+CVE-2018-15917
+	RESERVED
+CVE-2018-15916
+	RESERVED
+CVE-2018-15915
+	RESERVED
+CVE-2018-15914
+	RESERVED
+CVE-2018-15913
+	RESERVED
+CVE-2018-15912
+	RESERVED
+CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 ...)
 	- openssh <unfixed>
 	[stretch] - openssh <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
@@ -32,8 +310,8 @@ CVE-2018-15903
 	RESERVED
 CVE-2018-15902
 	RESERVED
-CVE-2018-15901
-	RESERVED
+CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing ...)
+	TODO: check
 CVE-2018-15900
 	RESERVED
 CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS ...)
@@ -77,8 +355,8 @@ CVE-2018-15886
 	RESERVED
 CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission of ...)
 	NOT-FOR-US: Ovation FindMe
-CVE-2018-15884
-	RESERVED
+CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...)
+	TODO: check
 CVE-2018-15883
 	RESERVED
 CVE-2018-15882
@@ -112,8 +390,8 @@ CVE-2018-15875 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 route
 	NOT-FOR-US: D-Link
 CVE-2018-15874 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers ...)
 	NOT-FOR-US: D-Link
-CVE-2018-15873
-	RESERVED
+CVE-2018-15873 (A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid ...)
+	TODO: check
 CVE-2018-15872
 	RESERVED
 CVE-2018-15871 (An invalid memory address dereference was discovered in ...)
@@ -218,8 +496,8 @@ CVE-2018-15841
 	RESERVED
 CVE-2018-15840
 	RESERVED
-CVE-2018-15839
-	RESERVED
+CVE-2018-15839 (D-Link DIR-615 devices have a buffer overflow via a long Authorization ...)
+	TODO: check
 CVE-2018-15838
 	RESERVED
 CVE-2018-15837
@@ -423,8 +701,8 @@ CVE-2018-15742
 	RESERVED
 CVE-2018-15741
 	RESERVED
-CVE-2018-15740
-	RESERVED
+CVE-2018-15740 (Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow ...)
+	TODO: check
 CVE-2018-15739
 	RESERVED
 CVE-2018-15738
@@ -701,8 +979,8 @@ CVE-2018-15610
 	RESERVED
 CVE-2018-15609
 	RESERVED
-CVE-2018-15608
-	RESERVED
+CVE-2018-15608 (Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the ...)
+	TODO: check
 CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 ...)
 	- imagemagick <unfixed> (low)
 	[stretch] - imagemagick <ignored> (Minor issue)
@@ -741,8 +1019,8 @@ CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, expos
 	NOT-FOR-US: Traefik
 CVE-2018-15597
 	RESERVED
-CVE-2018-15596
-	RESERVED
+CVE-2018-15596 (An issue was discovered in inc/class_feedgeneration.php in MyBB ...)
+	TODO: check
 CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but ...)
 	- cobbler <removed>
 CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but ...)
@@ -900,8 +1178,8 @@ CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mis
 CVE-2018-15572 (The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c ...)
 	- linux 4.17.15-1
 	NOTE: https://git.kernel.org/linus/fdf82a7856b32d905c39afc85e34364491e46346
-CVE-2018-15571
-	RESERVED
+CVE-2018-15571 (The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV ...)
+	TODO: check
 CVE-2018-15570 (In waimai Super Cms 20150505, there is stored XSS via the ...)
 	NOT-FOR-US: waimai Super Cms
 CVE-2018-15569 (my little forum 2.4.12 allows CSRF for deletion of users. ...)
@@ -987,8 +1265,8 @@ CVE-2018-15531
 	RESERVED
 CVE-2018-15530
 	RESERVED
-CVE-2018-15529
-	RESERVED
+CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny ...)
+	TODO: check
 CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
 	NOT-FOR-US: Java System Solutions SSO plugin
 CVE-2018-15527
@@ -3154,8 +3432,8 @@ CVE-2018-14574 (django.middleware.common.CommonMiddleware in Django 1.11.x befor
 	NOTE: https://github.com/django/django/commit/434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (vuln. introduced here?)
 CVE-2018-14573 (A Local File Inclusion (LFI) vulnerability exists in the Web Interface ...)
 	NOT-FOR-US: TightRope Media Carousel Digital Signage
-CVE-2018-14572
-	RESERVED
+CVE-2018-14572 (In conference-scheduler-cli, a pickle.load call on imported data ...)
+	TODO: check
 CVE-2018-14571
 	RESERVED
 CVE-2018-14570 (A file upload vulnerability in application/shop/controller/member.php ...)
@@ -3655,8 +3933,8 @@ CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the ...)
 	NOT-FOR-US: axmldec
 CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an ...)
 	NOT-FOR-US: AXML Parser
-CVE-2018-14400
-	RESERVED
+CVE-2018-14400 (In pycparser, a pickle.load call (within the read_pickle function of ...)
+	TODO: check
 CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote ...)
 	NOT-FOR-US: PHPCMS
 CVE-2018-14398
@@ -6034,16 +6312,16 @@ CVE-2018-13397
 	RESERVED
 CVE-2018-13396
 	RESERVED
-CVE-2018-13395
-	RESERVED
+CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...)
+	TODO: check
 CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...)
 	NOT-FOR-US: Atlassian Confluence Questions
 CVE-2018-13393 (The convertCommentToAnswer resource in Atlassian Confluence Questions ...)
 	NOT-FOR-US: Atlassian Confluence Questions
 CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version ...)
 	NOT-FOR-US: Atlassian
-CVE-2018-13391
-	RESERVED
+CVE-2018-13391 (The ProfileLinkUserFormat component of Jira Server before version ...)
+	TODO: check
 CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-13389 (The attachment resource in Atlassian Confluence before version 6.6.1 ...)
@@ -24030,8 +24308,8 @@ CVE-2018-6645
 	RESERVED
 CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) ...)
 	- sblim-sfcb <itp> (bug #754493)
-CVE-2018-6643
-	RESERVED
+CVE-2018-6643 (Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the ...)
+	TODO: check
 CVE-2018-6642
 	RESERVED
 CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered in ...)
@@ -31907,8 +32185,8 @@ CVE-2018-3928
 	RESERVED
 CVE-2018-3927 (An exploitable information disclosure vulnerability exists in the ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3926
-	RESERVED
+CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the ZigBee ...)
+	TODO: check
 CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the remote ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
@@ -31943,8 +32221,8 @@ CVE-2018-3910
 	RESERVED
 CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of video-core's ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3908
-	RESERVED
+CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-core's ...)
+	TODO: check
 CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of video-core's ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3906
@@ -31969,8 +32247,8 @@ CVE-2018-3897
 	RESERVED
 CVE-2018-3896
 	RESERVED
-CVE-2018-3895
-	RESERVED
+CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the ...)
+	TODO: check
 CVE-2018-3894
 	RESERVED
 CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
@@ -32866,7 +33144,7 @@ CVE-2018-3648
 CVE-2018-3647
 	RESERVED
 CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and ...)
-	{DSA-4279-1 DSA-4274-1}
+	{DSA-4279-1 DSA-4274-1 DLA-1481-1}
 	- linux 4.17.15-1
 	- xen <unfixed>
 	- intel-microcode 3.20180703.1
@@ -32944,7 +33222,7 @@ CVE-2018-3622
 CVE-2018-3621
 	RESERVED
 CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and ...)
-	{DSA-4279-1 DSA-4274-1}
+	{DSA-4279-1 DSA-4274-1 DLA-1481-1}
 	- linux 4.17.15-1
 	- xen <unfixed>
 	- intel-microcode 3.20180703.1
@@ -38112,8 +38390,8 @@ CVE-2018-1707
 	RESERVED
 CVE-2018-1706
 	RESERVED
-CVE-2018-1705
-	RESERVED
+CVE-2018-1705 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...)
+	TODO: check
 CVE-2018-1704
 	RESERVED
 CVE-2018-1703
@@ -48612,8 +48890,8 @@ CVE-2017-15432
 	REJECTED
 CVE-2017-15431
 	RESERVED
-CVE-2017-15430
-	RESERVED
+CVE-2017-15430 (Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 ...)
+	TODO: check
 CVE-2017-15429
 	RESERVED
 	{DSA-4103-1}
@@ -48624,38 +48902,32 @@ CVE-2017-15429
 	NOTE: libv8 not covered by security support
 CVE-2017-15428
 	RESERVED
-CVE-2017-15427
-	RESERVED
+CVE-2017-15427 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15426
-	RESERVED
+CVE-2017-15426 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15425
-	RESERVED
+CVE-2017-15425 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15424
-	RESERVED
+CVE-2017-15424 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15423
-	RESERVED
+CVE-2017-15423 (Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15422 [integer overflow in icu]
-	RESERVED
+CVE-2017-15422 (Integer overflow in international date handling in International ...)
 	{DSA-4150-1}
 	- icu 57.1-9 (bug #892766)
 	[wheezy] - icu <not-affected> (Vulnerable code not present)
@@ -48664,83 +48936,70 @@ CVE-2017-15422 [integer overflow in icu]
 	NOTE: Issue fixed in: https://ssl.icu-project.org/trac/changeset/40654
 CVE-2017-15421
 	RESERVED
-CVE-2017-15420
-	RESERVED
+CVE-2017-15420 (Inappropriate implementation in browser navigation in Google Chrome ...)
 	{DSA-4103-1 DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15419
-	RESERVED
+CVE-2017-15419 (Insufficient policy enforcement in Resource Timing API in Google Chrome ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15418
-	RESERVED
+CVE-2017-15418 (Use of uninitialized memory in Skia in Google Chrome prior to ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15417
-	RESERVED
+CVE-2017-15417 (Inappropriate implementation in Skia canvas composite operations in ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15416
-	RESERVED
+CVE-2017-15416 (Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15415
-	RESERVED
+CVE-2017-15415 (Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2017-15414
 	RESERVED
-CVE-2017-15413
-	RESERVED
+CVE-2017-15413 (Type confusion in WebAssembly in V8 in Google Chrome prior to ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15412 [use after free]
-	RESERVED
+CVE-2017-15412 (Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ...)
 	{DSA-4086-1 DLA-1211-1}
 	- libxml2 2.9.4+dfsg1-5.2 (bug #883790)
 	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=727039
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783160 (not public)
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
-CVE-2017-15411
-	RESERVED
+CVE-2017-15411 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15410
-	RESERVED
+CVE-2017-15410 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15409
-	RESERVED
+CVE-2017-15409 (Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15408
-	RESERVED
+CVE-2017-15408 (Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15407
-	RESERVED
+CVE-2017-15407 (Out-of-bounds Write in the QUIC networking stack in Google Chrome prior ...)
 	{DSA-4064-1}
 	- chromium-browser 63.0.3239.84-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -69964,7 +70223,7 @@ CVE-2017-8400 (In SWFTools 0.9.2, an out-of-bounds write of heap data can occur
 	[jessie] - swftools <no-dsa> (Minor issue)
 	NOTE: https://github.com/matthiaskramm/swftools/issues/13
 	NOTE: https://github.com/matthiaskramm/swftools/commit/7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a
-CVE-2017-8399 (PCRE2 before 2017-03-10 has an out-of-bounds write caused by a ...)
+CVE-2017-8399 (PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based ...)
 	- pcre2 <not-affected> (Did only affect revision after r670 upstream; not in a released version)
 	NOTE: Fixed by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783
 	NOTE: https://vcs.pcre.org/pcre2?view=revision&revision=674
@@ -160091,18 +160350,18 @@ CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c
 	{DSA-3081-1 DLA-197-1}
 	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
 	NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
-CVE-2014-6050
-	RESERVED
-CVE-2014-6049
-	RESERVED
-CVE-2014-6048
-	RESERVED
-CVE-2014-6047
-	RESERVED
-CVE-2014-6046
-	RESERVED
-CVE-2014-6045
-	RESERVED
+CVE-2014-6050 (phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA ...)
+	TODO: check
+CVE-2014-6049 (phpMyFAQ before 2.8.13 allows remote authenticated users with admin ...)
+	TODO: check
+CVE-2014-6048 (phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary ...)
+	TODO: check
+CVE-2014-6047 (phpMyFAQ before 2.8.13 allows remote authenticated users with certain ...)
+	TODO: check
+CVE-2014-6046 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ ...)
+	TODO: check
+CVE-2014-6045 (SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote ...)
+	TODO: check
 CVE-2014-6044
 	RESERVED
 CVE-2014-6043 (ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 ...)
@@ -162751,8 +163010,8 @@ CVE-2014-4934
 	RESERVED
 CVE-2014-4933
 	RESERVED
-CVE-2014-4932
-	RESERVED
+CVE-2014-4932 (Cross-site scripting (XSS) vulnerability in the Wordfence Security ...)
+	TODO: check
 CVE-2014-4931
 	RESERVED
 CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f258acd1f9831f400a7207f67a625712f7dd51a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f258acd1f9831f400a7207f67a625712f7dd51a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180828/bcdb3ced/attachment.html>


More information about the debian-security-tracker-commits mailing list