[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sun Feb 11 21:10:28 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6f50f47 by security tracker role at 2018-02-11T21:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthenticated ...)
+	TODO: check
 CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a ...)
 	NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
 CVE-2018-6890
@@ -54,6 +56,7 @@ CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descript
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6
 CVE-2018-6871 (LibreOffice through 6.0.1 allows remote attackers to read arbitrary ...)
+	{DSA-4111-1}
 	- libreoffice 1:6.0.1-1
 	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
@@ -644,7 +647,7 @@ CVE-2018-1000042 (Security Onion Solutions Squert version 1.3.0 through 1.6.7 co
 CVE-2018-1000041 (GNOME librsvg version before commit ...)
 	- librsvg 2.40.20-1
 	NOTE: Fixed by: https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
-CVE-2017-18174 [pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration]
+CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in ...)
 	- linux 4.7.2-1
 	NOTE: Fixed by: https://git.kernel.org/linus/251e22abde21833b3d29577e4d8c7aaccd650eee
 CVE-2017-18173
@@ -7848,7 +7851,7 @@ CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...)
 	[wheezy] - linux <not-affected> (Vulnerable code path not present)
 CVE-2017-17974 (BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv ...)
 	NOT-FOR-US: BA SYSTEMS BAS Web on BAS920 devices
-CVE-2017-17973 (In LibTIFF 4.0.8, there is a heap-based use-after-free in the ...)
+CVE-2017-17973 (** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free ...)
 	- tiff <unfixed>
 	[stretch] - tiff <not-affected> (Vulnerable code introduced later)
 	[jessie] - tiff <not-affected> (Vulnerable code introduced later)
@@ -22359,6 +22362,7 @@ CVE-2017-15699
 	RESERVED
 	TODO: check, this is possibly specific to AMQ Interconnect as used by Red Hat JBoss, although based on Apache Qpid project
 CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache ...)
+	{DLA-1276-1}
 	- tomcat-native 1.2.16-1
 	NOTE: https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E
 	NOTE: http://svn.apache.org/r1815200



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6f50f4790bfaf6461f41dc990b92468cef47b4b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6f50f4790bfaf6461f41dc990b92468cef47b4b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180211/c823e61a/attachment.html>
