[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Dec 26 20:10:37 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
689f569d by security tracker role at 2018-12-26T20:10:30Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php ...)
+	TODO: check
+CVE-2018-20485 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in ...)
+	TODO: check
+CVE-2018-20484 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in ...)
+	TODO: check
+CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget through 1.20 stores a file's ...)
+	TODO: check
+CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...)
+	TODO: check
 CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef ...)
 	- poppler <unfixed> (low; bug #917325)
 	[stretch] - poppler <no-dsa> (Minor issue)
@@ -5931,12 +5941,14 @@ CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the ...
 CVE-2018-19663
 	RESERVED
 CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (low)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/429
 	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
 	NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
 CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (low)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/429
@@ -9220,6 +9232,7 @@ CVE-2018-19434 (An issue was discovered on the "Bank Account Matching - Rec
 CVE-2018-19433 (ShowDoc 2.4.1 has XSS via the lang parameter because ...)
 	NOT-FOR-US: ShowDoc
 CVE-2018-19432 (An issue was discovered in libsndfile 1.0.28. There is a NULL pointer ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (low; bug #914381)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/427
@@ -13369,8 +13382,8 @@ CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl81
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
-CVE-2018-17957
-	RESERVED
+CVE-2018-17957 (The YaST2 RMT module for configuring the SUSE Repository Mirroring ...)
+	TODO: check
 CVE-2018-17956
 	RESERVED
 CVE-2018-17955
@@ -25325,6 +25338,7 @@ CVE-2018-13141
 CVE-2018-13140 (Druide Antidote through 9.5.1 on Windows and Linux allows remote code ...)
 	NOT-FOR-US: Druide Antidote
 CVE-2018-13139 (A stack-based buffer overflow in psf_memset in common.c in libsndfile ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (unimportant)
 	NOTE: https://github.com/erikd/libsndfile/issues/397
 	NOTE: https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077
@@ -59137,6 +59151,7 @@ CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to
 	- kubernetes 1.7.16+dfsg-1 (bug #892801)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/60813
 CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (low; bug #884735)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
@@ -59144,6 +59159,7 @@ CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 m
 	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
 	NOTE: Might be a duplicate of CVE-2017-14245/CVE-2017-14246
 CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (low; bug #884735)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
@@ -61629,10 +61645,10 @@ CVE-2018-0726
 	RESERVED
 CVE-2018-0725
 	RESERVED
-CVE-2018-0724
-	RESERVED
-CVE-2018-0723
-	RESERVED
+CVE-2018-0724 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...)
+	TODO: check
+CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...)
+	TODO: check
 CVE-2018-0722
 	RESERVED
 CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and ...)
@@ -70751,6 +70767,7 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord
 	NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2
 	NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
 CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (bug #876783)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
@@ -71915,12 +71932,14 @@ CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/res
 CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) ...)
 	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (low; bug #876682)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/317
 	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
 CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of ...)
+	{DLA-1618-1}
 	- libsndfile <unfixed> (low; bug #876682)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
@@ -89585,7 +89604,7 @@ CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows r
 	NOTE: https://github.com/Ettercap/ettercap/issues/792
 	NOTE: Fixed by: https://github.com/Ettercap/ettercap/commit/1083d604930ebb9f350126b83802ecd2cbc17f90
 CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote ...)
-	{DLA-956-1}
+	{DLA-1618-1 DLA-956-1}
 	- libsndfile 1.0.27-3 (bug #862202)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/
 	NOTE: https://github.com/erikd/libsndfile/issues/230
@@ -89597,20 +89616,20 @@ CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attac
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
 	NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm
 CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
-	{DLA-956-1}
+	{DLA-1618-1 DLA-956-1}
 	- libsndfile 1.0.27-3 (bug #862203)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/
 	NOTE: https://github.com/erikd/libsndfile/issues/233
 	NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
 	NOTE: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8
 CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
-	{DLA-956-1}
+	{DLA-1618-1 DLA-956-1}
 	- libsndfile 1.0.27-3 (bug #862204)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/
 	NOTE: https://github.com/erikd/libsndfile/issues/231
 	NOTE: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
 CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
-	{DLA-956-1}
+	{DLA-1618-1 DLA-956-1}
 	- libsndfile 1.0.27-3 (bug #862205)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/
 	NOTE: https://github.com/erikd/libsndfile/issues/232



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/689f569d367612122e9f863ac8a634bc1911e010

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/689f569d367612122e9f863ac8a634bc1911e010
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181226/9f3ff8f1/attachment.html>


More information about the debian-security-tracker-commits mailing list