[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 2 21:10:22 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4edcda9d by security tracker role at 2018-02-02T21:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,31 +1,107 @@
-CVE-2018-6549
+CVE-2018-6585
RESERVED
-CVE-2018-6548
+CVE-2018-6584
RESERVED
-CVE-2018-6547
+CVE-2018-6583
RESERVED
-CVE-2018-6546
+CVE-2018-6582
RESERVED
-CVE-2018-6545
+CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a ...)
+ TODO: check
+CVE-2018-6580 (Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component ...)
+ TODO: check
+CVE-2018-6579 (SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for ...)
+ TODO: check
+CVE-2018-6578 (SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! ...)
+ TODO: check
+CVE-2018-6577 (SQL Injection exists in the JEXTN Membership 3.1.0 component for ...)
+ TODO: check
+CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id ...)
+ TODO: check
+CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component for ...)
+ TODO: check
+CVE-2018-6574
RESERVED
-CVE-2018-6544
+CVE-2018-6573
RESERVED
-CVE-2018-6543
+CVE-2018-6572
RESERVED
-CVE-2018-6542
+CVE-2018-6571
RESERVED
-CVE-2018-6541
+CVE-2018-6570
RESERVED
-CVE-2018-6540
+CVE-2018-6569
RESERVED
-CVE-2018-6539
+CVE-2018-6568
RESERVED
-CVE-2018-6538
+CVE-2018-6567
+ RESERVED
+CVE-2018-6566
+ RESERVED
+CVE-2018-6565
+ RESERVED
+CVE-2018-6564
+ RESERVED
+CVE-2018-6563
+ RESERVED
+CVE-2018-6562
+ RESERVED
+CVE-2018-6561 (dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute ...)
+ TODO: check
+CVE-2018-6560 (In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and ...)
+ TODO: check
+CVE-2018-6559
+ RESERVED
+CVE-2018-6558
+ RESERVED
+CVE-2018-6557
+ RESERVED
+CVE-2018-6556
+ RESERVED
+CVE-2018-6555
+ RESERVED
+CVE-2018-6554
RESERVED
-CVE-2018-6537
+CVE-2018-6553
RESERVED
-CVE-2018-6536
+CVE-2018-6552
RESERVED
+CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), ...)
+ TODO: check
+CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in ...)
+ TODO: check
+CVE-2017-18122 (A signature-validation bypass issue was discovered in SimpleSAMLphp ...)
+ TODO: check
+CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable ...)
+ TODO: check
+CVE-2018-6549
+ RESERVED
+CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 2018-02-02. If ...)
+ TODO: check
+CVE-2018-6547
+ RESERVED
+CVE-2018-6546
+ RESERVED
+CVE-2018-6545 (Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting ...)
+ TODO: check
+CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could ...)
+ TODO: check
+CVE-2018-6543 (In GNU Binutils 2.30, there's an integer overflow in the function ...)
+ TODO: check
+CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...)
+ TODO: check
+CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
+ TODO: check
+CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
+ TODO: check
+CVE-2018-6539
+ RESERVED
+CVE-2018-6538
+ RESERVED
+CVE-2018-6537 (A buffer overflow vulnerability in the control protocol of Flexense ...)
+ TODO: check
+CVE-2018-6536 (An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates ...)
+ TODO: check
CVE-2018-6535
RESERVED
CVE-2018-6534
@@ -44,8 +120,8 @@ CVE-2018-6528
RESERVED
CVE-2018-6527
RESERVED
-CVE-2018-6526
- RESERVED
+CVE-2018-6526 (view_all_bug_page.php in MantisBT before 2018-02-02 allows remote ...)
+ TODO: check
CVE-2018-6525 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows ...)
NOT-FOR-US: nProtect AVS
CVE-2018-6524 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows ...)
@@ -54,19 +130,19 @@ CVE-2018-6523 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allow
NOT-FOR-US: nProtect AVS
CVE-2018-6522 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) allows ...)
NOT-FOR-US: nProtect AVS
-CVE-2017-18120
- RESERVED
+CVE-2017-18120 (A double-free bug in the read_gif function in gifread.c in gifsicle ...)
+ TODO: check
CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...)
- simplesamlphp 1.15.2-1
[stretch] - simplesamlphp <no-dsa> (Minor issue)
[jessie] - simplesamlphp <no-dsa> (Minor issue)
- [wheezy] - simplesamlphp <no-dsa> (Minor issue)
+ [wheezy] - simplesamlphp <no-dsa> (Minor issue)
NOTE: https://simplesamlphp.org/security/201801-03
CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open ...)
- simplesamlphp 1.15.2-1
[stretch] - simplesamlphp <no-dsa> (Minor issue)
[jessie] - simplesamlphp <no-dsa> (Minor issue)
- [wheezy] - simplesamlphp <not-affected> (Vulnerable code introduced in 1.12)
+ [wheezy] - simplesamlphp <not-affected> (Vulnerable code introduced in 1.12)
NOTE: https://simplesamlphp.org/security/201801-02
CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 ...)
- simplesamlphp 1.15.2-1
@@ -141,8 +217,8 @@ CVE-2018-6488
RESERVED
CVE-2018-6487
RESERVED
-CVE-2018-6486
- RESERVED
+CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit ...)
+ TODO: check
CVE-2017-18119
RESERVED
CVE-2017-18118
@@ -209,20 +285,20 @@ CVE-2017-18088
RESERVED
CVE-2017-18087
RESERVED
-CVE-2017-18086
- RESERVED
-CVE-2017-18085
- RESERVED
-CVE-2017-18084
- RESERVED
-CVE-2017-18083
- RESERVED
-CVE-2017-18082
- RESERVED
-CVE-2017-18081
- RESERVED
-CVE-2017-18080
- RESERVED
+CVE-2017-18086 (Various resources in Atlassian Confluence Server before version 6.4.2 ...)
+ TODO: check
+CVE-2017-18085 (The viewdefaultdecorator resource in Atlassian Confluence Server ...)
+ TODO: check
+CVE-2017-18084 (The usermacros resource in Atlassian Confluence Server before version ...)
+ TODO: check
+CVE-2017-18083 (The editinword resource in Atlassian Confluence Server before version ...)
+ TODO: check
+CVE-2017-18082 (The plan configure branches resource in Atlassian Bamboo before ...)
+ TODO: check
+CVE-2017-18081 (The signupUser resource in Atlassian Bamboo before version 6.3.1 ...)
+ TODO: check
+CVE-2017-18080 (The saveConfigureSecurity resource in Atlassian Bamboo before version ...)
+ TODO: check
CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign in ...)
- glibc <unfixed> (bug #878159)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -2107,24 +2183,24 @@ CVE-2018-5752
RESERVED
CVE-2018-5751
RESERVED
-CVE-2017-18042
- RESERVED
-CVE-2017-18041
- RESERVED
-CVE-2017-18040
- RESERVED
-CVE-2017-18039
- RESERVED
-CVE-2017-18038
- RESERVED
-CVE-2017-18037
- RESERVED
-CVE-2017-18036
- RESERVED
-CVE-2017-18035
- RESERVED
-CVE-2017-18034
- RESERVED
+CVE-2017-18042 (The update user administration resource in Atlassian Bamboo before ...)
+ TODO: check
+CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo ...)
+ TODO: check
+CVE-2017-18040 (The viewDeploymentVersionCommits resource in Atlassian Bamboo before ...)
+ TODO: check
+CVE-2017-18039 (The IncomingMailServers resource in Atlassian Jira from version 6.2.1 ...)
+ TODO: check
+CVE-2017-18038 (The repository settings resource in Atlassian Bitbucket Server before ...)
+ TODO: check
+CVE-2017-18037 (The git repository tag rest resource in Atlassian Bitbucket Server ...)
+ TODO: check
+CVE-2017-18036 (The Github repository importer in Atlassian Bitbucket Server before ...)
+ TODO: check
+CVE-2017-18035 (The /rest/review-coverage-chart/1.0/data/<repository_name>/.json ...)
+ TODO: check
+CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible before ...)
+ TODO: check
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 ...)
NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux ...)
@@ -3244,6 +3320,7 @@ CVE-2018-1000028 [nfsd: auth: Fix gid sorting when rootsquash enabled]
NOTE: did never contain the vulnerable code alone without the fix.
CVE-2018-1000027 [SQUID-2018:2 Denial of Service issue in HTTP Message processing]
RESERVED
+ {DLA-1267-1 DLA-1266-1}
[experimental] - squid 4.0.23-1~exp8
- squid <removed>
- squid3 <unfixed> (bug #888720)
@@ -3253,6 +3330,7 @@ CVE-2018-1000027 [SQUID-2018:2 Denial of Service issue in HTTP Message processin
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024 [SQUID-2018:1 Denial of Service issue in ESI Response processing]
RESERVED
+ {DLA-1266-1}
[experimental] - squid 4.0.23-1~exp8
- squid <removed>
[wheezy] - squid <not-affected> (Not affected according to upstream advisory)
@@ -7014,6 +7092,7 @@ CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import]
CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...)
NOT-FOR-US: Muviko
CVE-2017-17969 (Heap-based buffer overflow in the ...)
+ {DLA-1268-1}
- p7zip 16.02+dfsg-5 (bug #888297)
NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
NOTE: fixed in upstream 18.00-beta, backport available for testing in bug#888297
@@ -25849,14 +25928,14 @@ CVE-2017-14183
RESERVED
CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to ...)
NOT-FOR-US: Fortinet
-CVE-2017-14180
- RESERVED
-CVE-2017-14179
- RESERVED
-CVE-2017-14178
- RESERVED
-CVE-2017-14177
- RESERVED
+CVE-2017-14180 (Apport 2.13 through 2.20.7 does not properly handle crashes ...)
+ TODO: check
+CVE-2017-14179 (Apport before 2.13 does not properly handle crashes originating from a ...)
+ TODO: check
+CVE-2017-14178 (In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...)
+ TODO: check
+CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from setuid ...)
+ TODO: check
CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...)
NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due ...)
@@ -51753,8 +51832,8 @@ CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band
NOT-FOR-US: Intel
CVE-2017-5728
RESERVED
-CVE-2017-5727
- RESERVED
+CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, ...)
+ TODO: check
CVE-2017-5726
RESERVED
CVE-2017-5725
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4edcda9d900ec6bbb25ab5eb9020ea3bc9b28f64
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4edcda9d900ec6bbb25ab5eb9020ea3bc9b28f64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180202/287cfe36/attachment-0001.html>
More information about the Secure-testing-commits
mailing list