[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 2 09:10:24 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc15190e by security tracker role at 2018-02-02T09:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,14 +1,72 @@
-CVE-2018-6521 [Use of insecure connection charset (sqlauth module)]
+CVE-2018-6549
+	RESERVED
+CVE-2018-6548
+	RESERVED
+CVE-2018-6547
+	RESERVED
+CVE-2018-6546
+	RESERVED
+CVE-2018-6545
+	RESERVED
+CVE-2018-6544
+	RESERVED
+CVE-2018-6543
+	RESERVED
+CVE-2018-6542
+	RESERVED
+CVE-2018-6541
+	RESERVED
+CVE-2018-6540
+	RESERVED
+CVE-2018-6539
+	RESERVED
+CVE-2018-6538
+	RESERVED
+CVE-2018-6537
+	RESERVED
+CVE-2018-6536
+	RESERVED
+CVE-2018-6535
+	RESERVED
+CVE-2018-6534
+	RESERVED
+CVE-2018-6533
+	RESERVED
+CVE-2018-6532
+	RESERVED
+CVE-2018-6531
+	RESERVED
+CVE-2018-6530
+	RESERVED
+CVE-2018-6529
+	RESERVED
+CVE-2018-6528
+	RESERVED
+CVE-2018-6527
+	RESERVED
+CVE-2018-6526
+	RESERVED
+CVE-2018-6525 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows ...)
+	TODO: check
+CVE-2018-6524 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows ...)
+	TODO: check
+CVE-2018-6523 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows ...)
+	TODO: check
+CVE-2018-6522 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) allows ...)
+	TODO: check
+CVE-2017-18120
+	RESERVED
+CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...)
 	- simplesamlphp 1.15.2-1
 	[stretch] - simplesamlphp <no-dsa> (Minor issue)
 	[jessie] - simplesamlphp <no-dsa> (Minor issue)
 	NOTE: https://simplesamlphp.org/security/201801-03
-CVE-2018-6520 [Open redirection protection bypass]
+CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open ...)
 	- simplesamlphp 1.15.2-1
 	[stretch] - simplesamlphp <no-dsa> (Minor issue)
 	[jessie] - simplesamlphp <no-dsa> (Minor issue)
 	NOTE: https://simplesamlphp.org/security/201801-02
-CVE-2018-6519 [Denial of Service in timestamp validation function]
+CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 ...)
 	- simplesamlphp 1.15.2-1
 	[stretch] - simplesamlphp <no-dsa> (Minor issue)
 	[jessie] - simplesamlphp <no-dsa> (Minor issue)
@@ -59788,8 +59846,8 @@ CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse th
 	- hadoop <itp> (bug #793644)
 CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a ...)
 	- hadoop <itp> (bug #793644)
-CVE-2017-3160
-	RESERVED
+CVE-2017-3160 (After the Android platform is added to Cordova the first time, or ...)
+	TODO: check
 CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java object ...)
 	NOT-FOR-US: Apache Camel
 CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions 0.9.5 ...)
@@ -62263,10 +62321,10 @@ CVE-2017-2299 (Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.
 	NOTE: https://github.com/puppetlabs/puppetlabs-apache/commit/7bb35c2293c12ce52329a4391fe1f20389efef06
 CVE-2017-2298 (The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a ...)
 	NOT-FOR-US: mcollective-sshkey-security plugin
-CVE-2017-2297
-	RESERVED
-CVE-2017-2296
-	RESERVED
+CVE-2017-2297 (Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not ...)
+	TODO: check
+CVE-2017-2296 (In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted ...)
+	TODO: check
 CVE-2017-2295 (Versions of Puppet prior to 4.10.1 will deserialize data off the wire ...)
 	{DSA-3862-1 DLA-1012-1}
 	- puppet 4.8.2-5 (bug #863212)
@@ -62275,8 +62333,8 @@ CVE-2017-2295 (Versions of Puppet prior to 4.10.1 will deserialize data off the 
 CVE-2017-2294 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to ...)
 	- puppet <not-affected> (Doesn't affect Puppet as shipped in Debian)
 	NOTE: Puppet as shipped in Debian doesn't provide puppetdb yet
-CVE-2017-2293
-	RESERVED
+CVE-2017-2293 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped ...)
+	TODO: check
 CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...)
 	- mcollective <unfixed> (bug #866711)
 	[jessie] - mcollective <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc15190e4920392b7fc5dcfa2ebd8a754ba29283

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc15190e4920392b7fc5dcfa2ebd8a754ba29283
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180202/77b1eed5/attachment.html>

More information about the Secure-testing-commits mailing list