[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Feb 12 09:10:32 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6131f624 by security tracker role at 2018-02-12T09:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,55 @@
+CVE-2018-6913
+	RESERVED
+CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...)
+	TODO: check
+CVE-2018-6911
+	RESERVED
+CVE-2018-6910
+	RESERVED
+CVE-2018-6909
+	RESERVED
+CVE-2018-6908
+	RESERVED
+CVE-2018-6907
+	RESERVED
+CVE-2018-6906
+	RESERVED
+CVE-2018-6905
+	RESERVED
+CVE-2018-6904
+	RESERVED
+CVE-2018-6903
+	RESERVED
+CVE-2018-6902
+	RESERVED
+CVE-2018-6901
+	RESERVED
+CVE-2018-6900
+	RESERVED
+CVE-2018-6899
+	RESERVED
+CVE-2018-6898
+	RESERVED
+CVE-2018-6897
+	RESERVED
+CVE-2018-6896
+	RESERVED
+CVE-2018-6895
+	RESERVED
+CVE-2018-6894
+	RESERVED
+CVE-2018-6893
+	RESERVED
 CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthenticated ...)
 	NOT-FOR-US: CloudMe
 CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a ...)
 	NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
 CVE-2018-6890
 	RESERVED
-CVE-2018-6889
-	RESERVED
-CVE-2018-6888
-	RESERVED
+CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host ...)
+	TODO: check
+CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ...)
+	TODO: check
 CVE-2018-6887
 	RESERVED
 CVE-2018-6886
@@ -30,10 +72,10 @@ CVE-2018-1000060 (Sensu, Inc. Sensu Core version Before 1.2.0 & before commi
 	- sensu <itp> (bug #838484)
 CVE-2018-1000059 (ValidFormBuilder version 4.5.4 contains a PHP Object Injection ...)
 	NOT-FOR-US: ValidFormBuilder
-CVE-2018-6881
-	RESERVED
-CVE-2018-6880
-	RESERVED
+CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path via an ...)
+	TODO: check
+CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...)
+	TODO: check
 CVE-2018-6879
 	RESERVED
 CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...)
@@ -75,20 +117,20 @@ CVE-2018-6866
 	RESERVED
 CVE-2018-6865
 	RESERVED
-CVE-2018-6864
-	RESERVED
-CVE-2018-6863
-	RESERVED
-CVE-2018-6862
-	RESERVED
-CVE-2018-6861
-	RESERVED
-CVE-2018-6860
-	RESERVED
+CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion ...)
+	TODO: check
+CVE-2018-6863 (SQL Injection exists in PHP Scripts Mall Select Your College Script ...)
+	TODO: check
+CVE-2018-6862 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM ...)
+	TODO: check
+CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search ...)
+	TODO: check
+CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts ...)
+	TODO: check
 CVE-2018-6859
 	RESERVED
-CVE-2018-6858
-	RESERVED
+CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone ...)
+	TODO: check
 CVE-2018-6857
 	RESERVED
 CVE-2018-6856
@@ -113,8 +155,8 @@ CVE-2018-6847
 	RESERVED
 CVE-2018-6846 (Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a ...)
 	NOT-FOR-US: Z-BlogPHP
-CVE-2018-6845
-	RESERVED
+CVE-2018-6845 (PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the ...)
+	TODO: check
 CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the Edit ...)
 	NOT-FOR-US: MyBB
 CVE-2018-6843
@@ -1113,8 +1155,8 @@ CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a 
 	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c
 CVE-2018-6507
 	RESERVED
-CVE-2018-6506
-	RESERVED
+CVE-2018-6506 (Cross-Site Scripting (XSS) exists in the Add Forum feature in the ...)
+	TODO: check
 CVE-2018-6505
 	RESERVED
 CVE-2018-6504
@@ -91371,6 +91413,7 @@ CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial o
 	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
 	NOTE: https://github.com/audacity/audacity/commit/85026f98958a8dcc09188be24a8db0385988e23f
 CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...)
+	{DLA-1277-1}
 	- audacity 2.1.2-1
 	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
 	NOTE: https://github.com/audacity/audacity/commit/407c1dc4b209111e4dbb3eec88f333aa8f69094c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6131f624768e8fa9770d6e6923fa82dfb157a329

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6131f624768e8fa9770d6e6923fa82dfb157a329
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180212/9eb2c7cb/attachment.html>

More information about the Secure-testing-commits mailing list