[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 7 09:10:26 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
87baaf23 by security tracker role at 2018-02-07T09:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,101 @@
-CVE-2018-6767 [wavpack: stack buffer overflow via crafted wav file]
+CVE-2018-6807
+	RESERVED
+CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read arbitrary files ...)
+	TODO: check
+CVE-2018-6805
+	RESERVED
+CVE-2018-6804
+	RESERVED
+CVE-2018-6803
+	RESERVED
+CVE-2018-6802
+	RESERVED
+CVE-2018-6801
+	RESERVED
+CVE-2018-6800
+	RESERVED
+CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
+	TODO: check
+CVE-2018-6798
+	RESERVED
+CVE-2018-6797
+	RESERVED
+CVE-2018-6796
+	RESERVED
+CVE-2018-6795
+	RESERVED
+CVE-2018-6794 (Suricata before 4.1 is prone to an HTTP detection bypass vulnerability ...)
+	TODO: check
+CVE-2018-6793
+	RESERVED
+CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow ...)
+	TODO: check
+CVE-2018-6791 (An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE ...)
+	TODO: check
+CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. ...)
+	TODO: check
+CVE-2018-6789
+	RESERVED
+CVE-2018-6788 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows ...)
+	TODO: check
+CVE-2018-6787 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows ...)
+	TODO: check
+CVE-2018-6786 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows ...)
+	TODO: check
+CVE-2018-6785 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6784 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6783 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6782 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6781 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6780 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6779 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6778 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6777 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows ...)
+	TODO: check
+CVE-2018-6776 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6775 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
+	TODO: check
+CVE-2018-6774 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6773 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6772 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
+	TODO: check
+CVE-2018-6771 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
+	TODO: check
+CVE-2018-6770 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
+	TODO: check
+CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
+	TODO: check
+CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
+	TODO: check
+CVE-2018-6766
+	RESERVED
+CVE-2018-6765
+	RESERVED
+CVE-2018-6763
+	RESERVED
+CVE-2018-6762
+	RESERVED
+CVE-2018-6761
+	RESERVED
+CVE-2018-6760
+	RESERVED
+CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig function of ...)
 	- wavpack <unfixed> (bug #889276)
 	NOTE: https://github.com/dbry/WavPack/issues/27
 	NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
 CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init]
+	RESERVED
 	- libvirt <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1541444
 	TODO: check, Red Hat does not provide much references
@@ -469,8 +562,8 @@ CVE-2018-6605 (SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joo
 	NOT-FOR-US: Zh BaiduMap component for Joomla!
 CVE-2018-6604 (SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! ...)
 	NOT-FOR-US: Zh YandexMap component for Joomla!
-CVE-2018-6603
-	RESERVED
+CVE-2018-6603 (Promise Technology WebPam Pro-E devices allow remote attackers to ...)
+	TODO: check
 CVE-2018-6602
 	RESERVED
 CVE-2018-6601
@@ -1229,6 +1322,7 @@ CVE-2018-6362
 CVE-2018-6361
 	RESERVED
 CVE-2018-6360 (mpv through 0.28.0 allows remote attackers to execute arbitrary code ...)
+	{DSA-4105-1}
 	- mpv 0.27.0-3 (bug #888654)
 	[jessie] - mpv <not-affected> (Vulnerable code not present, youtube-dl hook script added in 0.7.0)
 	NOTE: https://github.com/mpv-player/mpv/issues/5456



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/87baaf23091d0e75766c5784099ec5c1779e8af9

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/87baaf23091d0e75766c5784099ec5c1779e8af9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180207/a0a9e12c/attachment.html>

More information about the Secure-testing-commits mailing list