[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Feb 5 21:10:29 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b73113f by security tracker role at 2018-02-05T21:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,181 @@
+CVE-2018-6643
+	RESERVED
+CVE-2018-6642
+	RESERVED
+CVE-2018-6641
+	RESERVED
+CVE-2018-6640
+	RESERVED
+CVE-2018-6639
+	RESERVED
+CVE-2018-6638
+	RESERVED
+CVE-2018-6637
+	RESERVED
+CVE-2018-6636
+	RESERVED
+CVE-2018-6635 (System Manager in Avaya Aura before 7.1.2 does not properly use SSL in ...)
+	TODO: check
+CVE-2018-6634
+	RESERVED
+CVE-2018-6633 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
+	TODO: check
+CVE-2018-6632 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
+	TODO: check
+CVE-2018-6631 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
+	TODO: check
+CVE-2018-6630 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
+	TODO: check
+CVE-2018-6629 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
+	TODO: check
+CVE-2018-6628 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
+	TODO: check
+CVE-2018-6627 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) ...)
+	TODO: check
+CVE-2018-6626 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
+	TODO: check
+CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) ...)
+	TODO: check
+CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass ...)
+	TODO: check
+CVE-2018-6623
+	RESERVED
+CVE-2018-1000058
+	RESERVED
+CVE-2018-1000057
+	RESERVED
+CVE-2018-1000056
+	RESERVED
+CVE-2018-1000055
+	RESERVED
+CVE-2018-1000054
+	RESERVED
+CVE-2018-1000053
+	RESERVED
+CVE-2018-1000052
+	RESERVED
+CVE-2018-1000051
+	RESERVED
+CVE-2018-1000050
+	RESERVED
+CVE-2018-1000049
+	RESERVED
+CVE-2018-1000048
+	RESERVED
+CVE-2018-1000047
+	RESERVED
+CVE-2018-1000046
+	RESERVED
+CVE-2018-1000045
+	RESERVED
+CVE-2018-1000044
+	RESERVED
+CVE-2018-1000043
+	RESERVED
+CVE-2018-1000042
+	RESERVED
+CVE-2018-1000041
+	RESERVED
+CVE-2017-18173
+	RESERVED
+CVE-2017-18172
+	RESERVED
+CVE-2017-18171
+	RESERVED
+CVE-2017-18170
+	RESERVED
+CVE-2017-18169
+	RESERVED
+CVE-2017-18168
+	RESERVED
+CVE-2017-18167
+	RESERVED
+CVE-2017-18166
+	RESERVED
+CVE-2017-18165
+	RESERVED
+CVE-2017-18164
+	RESERVED
+CVE-2017-18163
+	RESERVED
+CVE-2017-18162
+	RESERVED
+CVE-2017-18161
+	RESERVED
+CVE-2017-18160
+	RESERVED
+CVE-2017-18159
+	RESERVED
+CVE-2017-18158
+	RESERVED
+CVE-2017-18157
+	RESERVED
+CVE-2017-18156
+	RESERVED
+CVE-2017-18155
+	RESERVED
+CVE-2017-18154
+	RESERVED
+CVE-2017-18153
+	RESERVED
+CVE-2017-18152
+	RESERVED
+CVE-2017-18151
+	RESERVED
+CVE-2017-18150
+	RESERVED
+CVE-2017-18149
+	RESERVED
+CVE-2017-18148
+	RESERVED
+CVE-2017-18147
+	RESERVED
+CVE-2017-18146
+	RESERVED
+CVE-2017-18145
+	RESERVED
+CVE-2017-18144
+	RESERVED
+CVE-2017-18143
+	RESERVED
+CVE-2017-18142
+	RESERVED
+CVE-2017-18141
+	RESERVED
+CVE-2017-18140
+	RESERVED
+CVE-2017-18139
+	RESERVED
+CVE-2017-18138
+	RESERVED
+CVE-2017-18137
+	RESERVED
+CVE-2017-18136
+	RESERVED
+CVE-2017-18135
+	RESERVED
+CVE-2017-18134
+	RESERVED
+CVE-2017-18133
+	RESERVED
+CVE-2017-18132
+	RESERVED
+CVE-2017-18131
+	RESERVED
+CVE-2017-18130
+	RESERVED
+CVE-2017-18129
+	RESERVED
+CVE-2017-18128
+	RESERVED
+CVE-2017-18127
+	RESERVED
+CVE-2017-18126
+	RESERVED
+CVE-2017-18125
+	RESERVED
+CVE-2017-18124
+	RESERVED
 CVE-2018-6622
 	RESERVED
 CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
@@ -3104,8 +3282,8 @@ CVE-2018-5444
 	RESERVED
 CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA ...)
 	NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2018-5442
-	RESERVED
+CVE-2018-5442 (A Stack-based Buffer Overflow issue was discovered in Fuji Electric ...)
+	TODO: check
 CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...)
 	NOT-FOR-US: PHOENIX CONTACT mGuard firmware
 CVE-2018-5440
@@ -40133,8 +40311,8 @@ CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0,
 	NOT-FOR-US: Odoo
 CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 ...)
 	NOT-FOR-US: Subsonic
-CVE-2017-9414
-	RESERVED
+CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to ...)
+	TODO: check
 CVE-2017-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: Subsonic
 CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the ...)
@@ -107160,8 +107338,8 @@ CVE-2015-5675 (The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 
 	- kfreebsd-8 <removed>
 	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
 	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
-CVE-2015-5674
-	RESERVED
+CVE-2015-5674 (The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 ...)
+	TODO: check
 CVE-2015-5673 (eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) ...)
 	NOT-FOR-US: ISUCON5 qualifier portal
 CVE-2015-5672 (TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy ...)
@@ -110712,8 +110890,8 @@ CVE-2015-4463 (The file_manager component in eFront CMS before 3.6.15.5 allows r
 	NOT-FOR-US: eFront CMS
 CVE-2015-4462 (Absolute path traversal vulnerability in the file_manager component of ...)
 	NOT-FOR-US: eFront CMS
-CVE-2015-4461
-	RESERVED
+CVE-2015-4461 (Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and ...)
+	TODO: check
 CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: C2Box
 CVE-2015-4459
@@ -111366,8 +111544,7 @@ CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function 
 	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
 	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
 	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228
-CVE-2015-4412 [ruby-bson: DoS and possible injection, with durran 2013-04-07 commit]
-	RESERVED
+CVE-2015-4412 (BSON injection vulnerability in the legal? function in BSON ...)
 	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
 	NOTE: Originating from  https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
 CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
@@ -111415,8 +111592,7 @@ CVE-2015-5522 (Heap-based buffer overflow in the ParseValue function in lexer.c 
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
 CVE-2015-6593
 	REJECTED
-CVE-2015-4179
-	RESERVED
+CVE-2015-4179 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: WordPress plugin codestyling-localization
 CVE-2015-4176 (fs/namespace.c in the Linux kernel before 4.0.2 does not properly ...)
 	- linux <not-affected> (Introducing commit was applied to 4.0.2 but e0c9c0afd2fc958ffa34b697972721d81df8a56f as well backported into 4.0.2)
@@ -119997,13 +120173,12 @@ CVE-2015-1419 (Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remo
 	[jessie] - vsftpd 3.0.2-17+deb8u1
 	NOTE: http://seclists.org/oss-sec/2015/q1/389
 	NOTE: Not a real security feature according the manpage and upstream
-CVE-2015-1418
-	RESERVED
+CVE-2015-1418 (patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before ...)
+	TODO: check
 CVE-2015-1417 (The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, ...)
 	- kfreebsd-10 10.2-1 (unimportant)
 	NOTE: kfreebsd not covered by security support in Jessie
-CVE-2015-1416
-	RESERVED
+CVE-2015-1416 (Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 ...)
 	- patch 2.5-1
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/02/6
 	NOTE: CVE assignment applies as well to GNU patch before 2.3 and 2.2.5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b73113f0a0385763c37479148cfe0f185689156

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b73113f0a0385763c37479148cfe0f185689156
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180205/0efd3718/attachment.html>

More information about the Secure-testing-commits mailing list