[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 7 21:10:22 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ceafe59 by security tracker role at 2018-02-07T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,43 @@
+CVE-2018-6827
+	RESERVED
+CVE-2018-6826
+	RESERVED
+CVE-2018-6825
+	RESERVED
+CVE-2018-6824 (Cozy has XSS allowing remote attackers to obtain administrative access ...)
+	TODO: check
+CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the ...)
+	TODO: check
+CVE-2018-6822 (In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an ...)
+	TODO: check
+CVE-2018-6821
+	RESERVED
+CVE-2018-6820
+	RESERVED
+CVE-2018-6819
+	RESERVED
+CVE-2018-6818
+	RESERVED
+CVE-2018-6817
+	RESERVED
+CVE-2018-6816
+	RESERVED
+CVE-2018-6815
+	RESERVED
+CVE-2018-6814
+	RESERVED
+CVE-2018-6813
+	RESERVED
+CVE-2018-6812
+	RESERVED
+CVE-2018-6811
+	RESERVED
+CVE-2018-6810
+	RESERVED
+CVE-2018-6809
+	RESERVED
+CVE-2018-6808
+	RESERVED
 CVE-2018-6807
 	RESERVED
 CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read arbitrary files ...)
@@ -2330,6 +2370,7 @@ CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID compariso
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...)
 	NOT-FOR-US: axTLS
 CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...)
+	{DSA-4106-1}
 	- libtasn1-6 4.13-2
 	[jessie] - libtasn1-6 <not-affected> (Vulnerable code introduced in 4.3)
 	- libtasn1-3 <not-affected> (Vulnerable code introduced in 4.3)
@@ -13492,8 +13533,8 @@ CVE-2018-1390
 	RESERVED
 CVE-2018-1389
 	RESERVED
-CVE-2018-1388
-	RESERVED
+CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...)
+	TODO: check
 CVE-2018-1387
 	RESERVED
 CVE-2018-1386
@@ -13504,8 +13545,8 @@ CVE-2018-1384
 	RESERVED
 CVE-2018-1383
 	RESERVED
-CVE-2018-1382
-	RESERVED
+CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This ...)
+	TODO: check
 CVE-2018-1381
 	RESERVED
 CVE-2018-1380
@@ -13536,8 +13577,8 @@ CVE-2018-1368
 	RESERVED
 CVE-2018-1367
 	RESERVED
-CVE-2018-1366
-	RESERVED
+CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated ...)
+	TODO: check
 CVE-2018-1365
 	RESERVED
 CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External ...)
@@ -13867,8 +13908,8 @@ CVE-2017-17554 (A NULL pointer dereference (DoS) Vulnerability was found in the 
 	NOTE: https://github.com/aubio/aubio/issues/137
 CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing ...)
 	NOT-FOR-US: Dolphin Browser for Android
-CVE-2017-17552
-	RESERVED
+CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 ...)
+	TODO: check
 CVE-2018-1360
 	RESERVED
 CVE-2018-1359
@@ -14184,8 +14225,8 @@ CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International .
 	NOTE: Introduced by https://ssl.icu-project.org/trac/changeset/40455/
 CVE-2017-17483
 	RESERVED
-CVE-2017-17482
-	RESERVED
+CVE-2017-17482 (An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and ...)
+	TODO: check
 CVE-2017-17481
 	RESERVED
 CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
@@ -15069,6 +15110,7 @@ CVE-2018-1054
 	RESERVED
 CVE-2018-1053 [Ensure that all temp files made during pg_upgrade are non-world-readable]
 	RESERVED
+	{DLA-1271-1}
 	- postgresql-10 10.2-1
 	- postgresql-9.6 <removed>
 	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
@@ -31922,28 +31964,28 @@ CVE-2017-12475 (The AP4_Processor::Process function in Core/Ap4Processor.cpp in 
 	NOT-FOR-US: Bento4
 CVE-2017-12474 (The AP4_AtomSampleTable::GetSample function in ...)
 	NOT-FOR-US: Bento4
-CVE-2017-12473
-	RESERVED
-CVE-2017-12472
-	RESERVED
-CVE-2017-12471
-	RESERVED
-CVE-2017-12470
-	RESERVED
-CVE-2017-12469
-	RESERVED
-CVE-2017-12468
-	RESERVED
-CVE-2017-12467
-	RESERVED
-CVE-2017-12466
-	RESERVED
-CVE-2017-12465
-	RESERVED
-CVE-2017-12464
-	RESERVED
-CVE-2017-12463
-	RESERVED
+CVE-2017-12473 (ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers ...)
+	TODO: check
+CVE-2017-12472 (ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent ...)
+	TODO: check
+CVE-2017-12471 (The cnb_parse_lev function in CCN-lite before 2.00 allows ...)
+	TODO: check
+CVE-2017-12470 (Integer overflow in the ndn_parse_sequence function in CCN-lite before ...)
+	TODO: check
+CVE-2017-12469 (Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows ...)
+	TODO: check
+CVE-2017-12468 (Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows ...)
+	TODO: check
+CVE-2017-12467 (Memory leak in CCN-lite before 2.00 allows context-dependent attackers ...)
+	TODO: check
+CVE-2017-12466 (CCN-lite before 2.00 allows context-dependent attackers to have ...)
+	TODO: check
+CVE-2017-12465 (Multiple integer overflows in CCN-lite before 2.00 allow ...)
+	TODO: check
+CVE-2017-12464 (ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent ...)
+	TODO: check
+CVE-2017-12463 (Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite ...)
+	TODO: check
 CVE-2017-12462
 	RESERVED
 CVE-2017-12461
@@ -32151,8 +32193,8 @@ CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because a
 	NOT-FOR-US: Format Factory
 CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related to ...)
 	NOT-FOR-US: AXIS 2100 devices
-CVE-2017-12412
-	RESERVED
+CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent ...)
+	TODO: check
 CVE-2017-12411
 	RESERVED
 CVE-2017-12410
@@ -36848,7 +36890,7 @@ CVE-2017-10791 (There is an Integer overflow in the hash_int function of the lib
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
 	NOTE: No security impact as built in Debian
 CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes ...)
-	{DLA-1038-1}
+	{DSA-4106-1 DLA-1038-1}
 	- libtasn1-6 4.12-2.1 (bug #867398)
 	[stretch] - libtasn1-6 <no-dsa> (Minor issue)
 	[jessie] - libtasn1-6 <no-dsa> (Minor issue)
@@ -64207,8 +64249,8 @@ CVE-2017-1787
 	RESERVED
 CVE-2017-1786
 	RESERVED
-CVE-2017-1785
-	RESERVED
+CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote ...)
+	TODO: check
 CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files ...)
 	NOT-FOR-US: IBM Cognos Analytics
 CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change ...)
@@ -64393,8 +64435,8 @@ CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in pl
 	NOT-FOR-US: IBM Integration Bus
 CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that has ...)
 	NOT-FOR-US: IBM Integration Bus
-CVE-2017-1692
-	RESERVED
+CVE-2017-1692 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability ...)
+	TODO: check
 CVE-2017-1691
 	RESERVED
 CVE-2017-1690
@@ -79634,10 +79676,10 @@ CVE-2016-6175 (Eval injection vulnerability in php-gettext 1.0.12 and earlier al
 	NOTE: https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html
 CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision Power ...)
 	NOT-FOR-US: Inivision
-CVE-2016-6169
-	RESERVED
-CVE-2016-6168
-	RESERVED
+CVE-2016-6169 (Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 ...)
+	TODO: check
+CVE-2016-6168 (Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 ...)
+	TODO: check
 CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta 0.67 ...)
 	- putty <not-affected> (Windows-specific)
 CVE-2016-6166
@@ -90993,10 +91035,10 @@ CVE-2016-3171 (Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x b
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-2541
-	RESERVED
-CVE-2016-2540
-	RESERVED
+CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...)
+	TODO: check
 CVE-2016-2539 (Cross-site request forgery (CSRF) vulnerability in install_modules.php ...)
 	NOT-FOR-US: ATutor
 CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ceafe5952dedf5344fefc6b158242cc0eb114fb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ceafe5952dedf5344fefc6b158242cc0eb114fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180207/d2977001/attachment.html>

More information about the Secure-testing-commits mailing list