[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 9 21:10:30 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e172e2c1 by security tracker role at 2018-02-09T21:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-6881
+ RESERVED
+CVE-2018-6880
+ RESERVED
+CVE-2018-6879
+ RESERVED
+CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...)
+ TODO: check
+CVE-2018-6877
+ RESERVED
+CVE-2018-6876 (THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ...)
+ TODO: check
+CVE-2018-6875
+ RESERVED
+CVE-2018-6874
+ RESERVED
+CVE-2018-6873
+ RESERVED
CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descriptor ...)
- binutils 2.30-4
[stretch] - binutils <ignored> (Minor issue)
@@ -103,12 +121,12 @@ CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt
NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
CVE-2018-6828
RESERVED
-CVE-2018-6827
- RESERVED
-CVE-2018-6826
- RESERVED
-CVE-2018-6825
- RESERVED
+CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates ...)
+ TODO: check
+CVE-2018-6826 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. ...)
+ TODO: check
+CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH ...)
+ TODO: check
CVE-2018-6824 (Cozy has XSS allowing remote attackers to obtain administrative access ...)
NOT-FOR-US: Cozy
CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the ...)
@@ -1039,8 +1057,7 @@ CVE-2018-6510
RESERVED
CVE-2018-6509
RESERVED
-CVE-2018-6508 [Unparameterized input in multiple modules can allow a remote user to execute arbitrary code]
- RESERVED
+CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a ...)
- puppet-module-puppetlabs-apt <unfixed>
- puppet-module-puppetlabs-apache <unfixed>
- puppet-module-puppetlabs-mysql <unfixed>
@@ -13644,8 +13661,8 @@ CVE-2018-1403
RESERVED
CVE-2018-1402
RESERVED
-CVE-2018-1401
- RESERVED
+CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2018-1400
RESERVED
CVE-2018-1399
@@ -13710,8 +13727,8 @@ CVE-2018-1370
RESERVED
CVE-2018-1369
RESERVED
-CVE-2018-1368
- RESERVED
+CVE-2018-1368 (IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 ...)
+ TODO: check
CVE-2018-1367
RESERVED
CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated ...)
@@ -14475,8 +14492,7 @@ CVE-2018-1309
RESERVED
CVE-2018-1308
RESERVED
-CVE-2018-1307
- RESERVED
+CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java ...)
NOT-FOR-US: Apache juddi-client
CVE-2018-1306
RESERVED
@@ -14494,8 +14510,7 @@ CVE-2018-1300
RESERVED
CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may retrieve ...)
NOT-FOR-US: Apache Allura
-CVE-2018-1298 [Incorrect implementation of some SASL mechanisms can allow a remote unauthenticated attacker to cause a denial of service]
- RESERVED
+CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ...)
- qpid-java <itp> (bug #840131)
NOTE: https://issues.apache.org/jira/browse/QPID-8046
NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=de509dd
@@ -15256,8 +15271,7 @@ CVE-2018-1055
REJECTED
CVE-2018-1054
RESERVED
-CVE-2018-1053 [Ensure that all temp files made during pg_upgrade are non-world-readable]
- RESERVED
+CVE-2018-1053 (In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before ...)
{DLA-1271-1}
- postgresql-10 10.2-1
- postgresql-9.6 <removed>
@@ -15267,8 +15281,7 @@ CVE-2018-1053 [Ensure that all temp files made during pg_upgrade are non-world-r
- postgresql-9.1 <removed>
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca
-CVE-2018-1052 [Fix processing of partition keys containing multiple expressions]
- RESERVED
+CVE-2018-1052 (Memory disclosure vulnerability in table partitioning was found in ...)
- postgresql-10 10.2-1
- postgresql-9.6 <not-affected> (code introduced in 10)
- postgresql-9.4 <not-affected> (code introduced in 10)
@@ -37302,10 +37315,9 @@ CVE-2017-10692
RESERVED
CVE-2017-10691
RESERVED
-CVE-2017-10690
- RESERVED
-CVE-2017-10689 [Unpacking of tarballs in tar/mini.rb can create files with insecure permissions]
- RESERVED
+CVE-2017-10690 (In previous versions of Puppet Agent it was possible for the agent to ...)
+ TODO: check
+CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install a ...)
- puppet <unfixed>
NOTE: https://puppet.com/security/cve/CVE-2017-10689
NOTE: https://tickets.puppetlabs.com/browse/PUP-7866
@@ -64473,8 +64485,8 @@ CVE-2017-1763
RESERVED
CVE-2017-1762
RESERVED
-CVE-2017-1761
- RESERVED
+CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
+ TODO: check
CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1759
@@ -92012,7 +92024,7 @@ CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
-CVE-2016-10712 [Output of stream_get_meta_data can be falsified by its input]
+CVE-2016-10712 (In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of ...)
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 5.4.45-0+deb7u7
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e172e2c1cbae3122e74977d3f78581eb632b12c2
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e172e2c1cbae3122e74977d3f78581eb632b12c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180209/61bedeb8/attachment.html>
More information about the Secure-testing-commits
mailing list