[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 1 21:10:26 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3567300 by security tracker role at 2018-02-01T21:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,150 @@
-CVE-2018-6485 [Integer overflow in posix_memalign]
+CVE-2018-6518
+ RESERVED
+CVE-2018-6517
+ RESERVED
+CVE-2018-6516
+ RESERVED
+CVE-2018-6515
+ RESERVED
+CVE-2018-6514
+ RESERVED
+CVE-2018-6513
+ RESERVED
+CVE-2018-6512
+ RESERVED
+CVE-2018-6511
+ RESERVED
+CVE-2018-6510
+ RESERVED
+CVE-2018-6509
+ RESERVED
+CVE-2018-6508
+ RESERVED
+CVE-2018-6507
+ RESERVED
+CVE-2018-6506
+ RESERVED
+CVE-2018-6505
+ RESERVED
+CVE-2018-6504
+ RESERVED
+CVE-2018-6503
+ RESERVED
+CVE-2018-6502
+ RESERVED
+CVE-2018-6501
+ RESERVED
+CVE-2018-6500
+ RESERVED
+CVE-2018-6499
+ RESERVED
+CVE-2018-6498
+ RESERVED
+CVE-2018-6497
+ RESERVED
+CVE-2018-6496
+ RESERVED
+CVE-2018-6495
+ RESERVED
+CVE-2018-6494
+ RESERVED
+CVE-2018-6493
+ RESERVED
+CVE-2018-6492
+ RESERVED
+CVE-2018-6491
+ RESERVED
+CVE-2018-6490
+ RESERVED
+CVE-2018-6489
+ RESERVED
+CVE-2018-6488
+ RESERVED
+CVE-2018-6487
+ RESERVED
+CVE-2018-6486
+ RESERVED
+CVE-2017-18119
+ RESERVED
+CVE-2017-18118
+ RESERVED
+CVE-2017-18117
+ RESERVED
+CVE-2017-18116
+ RESERVED
+CVE-2017-18115
+ RESERVED
+CVE-2017-18114
+ RESERVED
+CVE-2017-18113
+ RESERVED
+CVE-2017-18112
+ RESERVED
+CVE-2017-18111
+ RESERVED
+CVE-2017-18110
+ RESERVED
+CVE-2017-18109
+ RESERVED
+CVE-2017-18108
+ RESERVED
+CVE-2017-18107
+ RESERVED
+CVE-2017-18106
+ RESERVED
+CVE-2017-18105
+ RESERVED
+CVE-2017-18104
+ RESERVED
+CVE-2017-18103
+ RESERVED
+CVE-2017-18102
+ RESERVED
+CVE-2017-18101
+ RESERVED
+CVE-2017-18100
+ RESERVED
+CVE-2017-18099
+ RESERVED
+CVE-2017-18098
+ RESERVED
+CVE-2017-18097
+ RESERVED
+CVE-2017-18096
+ RESERVED
+CVE-2017-18095
+ RESERVED
+CVE-2017-18094
+ RESERVED
+CVE-2017-18093
+ RESERVED
+CVE-2017-18092
+ RESERVED
+CVE-2017-18091
+ RESERVED
+CVE-2017-18090
+ RESERVED
+CVE-2017-18089
+ RESERVED
+CVE-2017-18088
+ RESERVED
+CVE-2017-18087
+ RESERVED
+CVE-2017-18086
+ RESERVED
+CVE-2017-18085
+ RESERVED
+CVE-2017-18084
+ RESERVED
+CVE-2017-18083
+ RESERVED
+CVE-2017-18082
+ RESERVED
+CVE-2017-18081
+ RESERVED
+CVE-2017-18080
+ RESERVED
+CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign in ...)
- glibc <unfixed> (bug #878159)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
@@ -36,8 +182,8 @@ CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file
NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
NOT-FOR-US: SUPERAntiSpyware Professional Trial
-CVE-2018-6470
- RESERVED
+CVE-2018-6470 (Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each ...)
+ TODO: check
CVE-2018-6469
RESERVED
CVE-2018-6468
@@ -724,8 +870,8 @@ CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ..
[stretch] - mupdf <no-dsa> (Minor issue)
[jessie] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908
-CVE-2018-6186
- RESERVED
+CVE-2018-6186 (Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via ...)
+ TODO: check
CVE-2018-6185
RESERVED
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...)
@@ -13523,8 +13669,8 @@ CVE-2018-1194
RESERVED
CVE-2018-1193
RESERVED
-CVE-2018-1192
- RESERVED
+CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; ...)
+ TODO: check
CVE-2018-1191
RESERVED
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all ...)
@@ -15924,14 +16070,14 @@ CVE-2018-0513
RESERVED
CVE-2018-0512
RESERVED
-CVE-2018-0511
- RESERVED
-CVE-2018-0510
- RESERVED
-CVE-2018-0509
- RESERVED
-CVE-2018-0508
- RESERVED
+CVE-2018-0511 (Cross-site scripting vulnerability in WP Retina 2x prior to version ...)
+ TODO: check
+CVE-2018-0510 (Buffer overflow in epg search result viewer (kkcald) 0.7.19 and ...)
+ TODO: check
+CVE-2018-0509 (Cross-site request forgery (CSRF) vulnerability in epg search result ...)
+ TODO: check
+CVE-2018-0508 (Cross-site scripting vulnerability in epg search result viewer ...)
+ TODO: check
CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & ...)
NOT-FOR-US: FLET'S VIRUS CLEAR
CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...)
@@ -117053,14 +117199,11 @@ CVE-2015-2675 (The OAuth implementation in librest before 0.7.93 incorrectly ...
NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
NOTE: Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
NOTE: http://www.openwall.com/lists/oss-security/2015/03/04/6
-CVE-2015-2204
- RESERVED
+CVE-2015-2204 (Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 ...)
NOT-FOR-US: Evergreen library
-CVE-2015-2203
- RESERVED
+CVE-2015-2203 (Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users ...)
NOT-FOR-US: Evergreen library
-CVE-2013-7435
- RESERVED
+CVE-2013-7435 (The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before ...)
NOT-FOR-US: Evergreen library
CVE-2015-2192 (Integer overflow in the dissect_osd2_cdb_continuation function in ...)
- wireshark 1.12.1+g01b65bf-4 (bug #780372)
@@ -122700,12 +122843,12 @@ CVE-2014-9508 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.
NOTE: https://review.typo3.org/gitweb?p=Packages/TYPO3.CMS.git;a=commitdiff;h=63ae7ddd11d284a121f23ce86282e3149bc16f96
CVE-2014-9505 (Cross-site scripting (XSS) vulnerability in the School Administration ...)
NOT-FOR-US: School Administration module for Drupal
-CVE-2014-9504
- RESERVED
-CVE-2014-9503
- RESERVED
-CVE-2014-9502
- RESERVED
+CVE-2014-9504 (The OG Subgroups module, when used with the Open Atrium module 7.x-2.x ...)
+ TODO: check
+CVE-2014-9503 (The Discussions sub module in the Open Atrium module 7.x-2.x before ...)
+ TODO: check
+CVE-2014-9502 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2014-9501 (Cross-site scripting (XSS) vulnerability in the Poll Chart Block ...)
NOT-FOR-US: Poll Chart Block module for Drupal
CVE-2014-9500 (Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x ...)
@@ -138683,8 +138826,7 @@ CVE-2014-3754
RESERVED
CVE-2014-3753
RESERVED
-CVE-2014-3752
- RESERVED
+CVE-2014-3752 (The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and ...)
NOT-FOR-US: G Data TotalProtection
CVE-2014-3751
RESERVED
@@ -139534,8 +139676,7 @@ CVE-2014-3521 (The component in (1) /luci/homebase and (2) /luci/cluster menu in
CVE-2014-3520 (OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, ...)
- keystone 2014.1.1-3 (bug #753511)
[wheezy] - keystone <not-affected> (Vulnerable code not present)
-CVE-2014-3519
- RESERVED
+CVE-2014-3519 (The open_by_handle_at function in vzkernel before 042stab090.5 in the ...)
- linux-2.6 <not-affected> (Vulnerable code not yet present)
- linux <not-affected> (Kernels after squeeze no longer contain the openvz flavour)
CVE-2014-3518 (jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss ...)
@@ -140318,8 +140459,8 @@ CVE-2014-3246 (SQL injection vulnerability in Collabtive 1.2 allows remote ...)
[wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2014-3245
RESERVED
-CVE-2014-3244
- RESERVED
+CVE-2014-3244 (XML external entity (XXE) vulnerability in the RSSDashlet dashlet in ...)
+ TODO: check
CVE-2014-3241
RESERVED
CVE-2014-3240
@@ -141012,8 +141153,7 @@ CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might
NOTE: details what is covered exactly by this CVE relating to CVE-2014-1932 and CVE-2014-1933 is missing
CVE-2014-3006 (Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when ...)
NOT-FOR-US: Sitepark Information Enterprise Server
-CVE-2014-3005 [zabbix: local file inclusion via XXE]
- RESERVED
+CVE-2014-3005 (XML external entity (XXE) vulnerability in Zabbix 1.8.x before ...)
- zabbix 1:2.2.5+dfsg-1 (bug #751910)
[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://seclists.org/fulldisclosure/2014/Jun/87
@@ -188758,10 +188898,10 @@ CVE-2011-4071
RESERVED
CVE-2011-4070
RESERVED
-CVE-2011-4069
- RESERVED
-CVE-2011-4068
- RESERVED
+CVE-2011-4069 (html/admin/login.php in PacketFence before 3.0.2 allows remote ...)
+ TODO: check
+CVE-2011-4068 (The check_password function in html/admin/login.php in PacketFence ...)
+ TODO: check
CVE-2011-4067
RESERVED
CVE-2011-4066 (SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3567300f5bdcf09b9af3e5dc7b8a4191cf89be0
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3567300f5bdcf09b9af3e5dc7b8a4191cf89be0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180201/0e4db1fd/attachment-0001.html>
More information about the Secure-testing-commits
mailing list