[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 13 21:10:30 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
46ee12e8 by security tracker role at 2018-02-13T21:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,81 @@
+CVE-2018-6954 (systemd-tmpfiles in systemd through 237 mishandles symlinks present in ...)
+ TODO: check
+CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain ...)
+ TODO: check
+CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in GNU patch ...)
+ TODO: check
+CVE-2018-6951 (An issue was discovered in GNU patch through 2.7.6. There is a ...)
+ TODO: check
+CVE-2018-6950
+ RESERVED
+CVE-2018-6949
+ RESERVED
+CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a ...)
+ TODO: check
+CVE-2018-6947
+ RESERVED
+CVE-2018-6946
+ RESERVED
+CVE-2018-6945
+ RESERVED
+CVE-2018-6944
+ RESERVED
+CVE-2018-6943
+ RESERVED
+CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL pointer ...)
+ TODO: check
+CVE-2018-6941
+ RESERVED
+CVE-2018-6940
+ RESERVED
+CVE-2018-6939
+ RESERVED
+CVE-2018-6938
+ RESERVED
+CVE-2018-6937
+ RESERVED
+CVE-2018-6936
+ RESERVED
+CVE-2018-6935
+ RESERVED
+CVE-2018-6934
+ RESERVED
+CVE-2018-6933
+ RESERVED
+CVE-2018-6932
+ RESERVED
+CVE-2018-6931
+ RESERVED
+CVE-2018-6930 (A stack-based buffer over-read in the ComputeResizeImage function in ...)
+ TODO: check
+CVE-2018-6929
+ RESERVED
+CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a ...)
+ TODO: check
+CVE-2018-1000066
+ RESERVED
+CVE-2018-1000065
+ RESERVED
+CVE-2018-1000064
+ RESERVED
+CVE-2017-18186 (An issue was discovered in QPDF before 7.0.0. There is an infinite loop ...)
+ TODO: check
+CVE-2017-18185 (An issue was discovered in QPDF before 7.0.0. There is a large ...)
+ TODO: check
+CVE-2017-18184 (An issue was discovered in QPDF before 7.0.0. There is a stack-based ...)
+ TODO: check
+CVE-2017-18183 (An issue was discovered in QPDF before 7.0.0. There is an infinite loop ...)
+ TODO: check
+CVE-2017-18182
+ RESERVED
+CVE-2017-18181
+ RESERVED
+CVE-2017-18180
+ RESERVED
+CVE-2016-10713 (An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access ...)
+ TODO: check
+CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion causes ...)
+ TODO: check
CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel before ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
@@ -46,8 +124,8 @@ CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg th
[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
- libav <undetermined>
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
-CVE-2018-6911
- RESERVED
+CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess ...)
+ TODO: check
CVE-2018-6910
RESERVED
CVE-2018-6909
@@ -142,7 +220,7 @@ CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descript
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6
CVE-2018-6871 (LibreOffice through 6.0.1 allows remote attackers to read arbitrary ...)
- {DSA-4111-1}
+ {DSA-4111-2 DSA-4111-1}
- libreoffice 1:6.0.1-1
[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
@@ -1634,6 +1712,7 @@ CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XS
CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site Scripting ...)
NOT-FOR-US: Mautic
CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted headers, a ...)
+ {DLA-1280-1}
- pound <unfixed> (bug #888786)
NOTE: http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000
NOTE: https://www.suse.com/de-de/security/cve/CVE-2016-10711/
@@ -1857,10 +1936,10 @@ CVE-2018-6295
RESERVED
CVE-2018-6294
RESERVED
-CVE-2018-6293
- RESERVED
-CVE-2018-6292
- RESERVED
+CVE-2018-6293 (Arbitrary File Read in Saperion Web Client version 7.5.2 83166. ...)
+ TODO: check
+CVE-2018-6292 (Remote Code Execution in Saperion Web Client version 7.5.2 83166. ...)
+ TODO: check
CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway ...)
NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway version ...)
@@ -9264,14 +9343,14 @@ CVE-2017-17727 (DedeCMS through 5.6 allows arbitrary file upload and PHP code ex
NOT-FOR-US: DedeCMS
CVE-2017-17726
RESERVED
-CVE-2017-17725
- RESERVED
-CVE-2017-17724
- RESERVED
-CVE-2017-17723
- RESERVED
-CVE-2017-17722
- RESERVED
+CVE-2017-17725 (In Exiv2 0.26, there is an integer overflow leading to a heap-based ...)
+ TODO: check
+CVE-2017-17724 (In Exiv2 0.26, there is a heap-based buffer over-read in the ...)
+ TODO: check
+CVE-2017-17723 (In Exiv2 0.26, there is a heap-based buffer over-read in the ...)
+ TODO: check
+CVE-2017-17722 (In Exiv2 0.26, there is a reachable assertion in the readHeader ...)
+ TODO: check
CVE-2017-17721 (CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 ...)
NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2017-17720
@@ -13851,8 +13930,8 @@ CVE-2018-1385
RESERVED
CVE-2018-1384
RESERVED
-CVE-2018-1383
- RESERVED
+CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and ...)
+ TODO: check
CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM API Connect
CVE-2018-1381
@@ -14677,8 +14756,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker
NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=de509dd
NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=30ca170
NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
-CVE-2018-1297 [Apache JMeter uses an unsecure RMI connection in Distributed mode]
- RESERVED
+CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and ...)
- jakarta-jmeter <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
@@ -14907,8 +14985,8 @@ CVE-2018-1216
RESERVED
CVE-2018-1215
RESERVED
-CVE-2018-1214
- RESERVED
+CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...)
+ TODO: check
CVE-2018-1213
RESERVED
CVE-2018-1212
@@ -15433,6 +15511,7 @@ CVE-2018-1057
RESERVED
CVE-2018-1056 [heap buffer overflow while running advzip]
RESERVED
+ {DLA-1281-1}
- advancecomp 2.1-1 (bug #889270)
NOTE: https://sourceforge.net/p/advancemame/bugs/259/
NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
@@ -17419,13 +17498,11 @@ CVE-2018-0490
RESERVED
CVE-2018-0489
RESERVED
-CVE-2018-0488 [Risk of remote code execution when truncated HMAC is enabled]
- RESERVED
+CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...)
- mbedtls <unfixed> (bug #890287)
- polarssl <removed>
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
-CVE-2018-0487 [Risk of remote code execution when verifying RSASSA-PSS signatures]
- RESERVED
+CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...)
- mbedtls <unfixed> (bug #890288)
- polarssl <removed>
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
@@ -22429,8 +22506,7 @@ CVE-2017-15711
REJECTED
CVE-2017-15710
RESERVED
-CVE-2017-15709 [Information Leak]
- RESERVED
+CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...)
- activemq <unfixed> (bug #890352)
[stretch] - activemq <no-dsa> (Minor issue)
[jessie] - activemq <not-affected> (Issue introduced with OpenWire protocol support)
@@ -35343,7 +35419,7 @@ CVE-2017-11424 (In PyJWT 1.5.0 and below the `invalid_strings` check in ...)
- pyjwt 1.4.2-1.1 (bug #873244)
NOTE: https://github.com/jpadilla/pyjwt/pull/277
CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...)
- {DSA-3946-1}
+ {DSA-3946-1 DLA-1279-1}
- libmspack 0.6-1 (bug #868956)
- clamav 0.99.3~beta1+dfsg-1 (unimportant)
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public)
@@ -37879,22 +37955,22 @@ CVE-2017-9972
RESERVED
CVE-2017-9971
RESERVED
-CVE-2017-9970
- RESERVED
-CVE-2017-9969
- RESERVED
-CVE-2017-9968
- RESERVED
-CVE-2017-9967
- RESERVED
-CVE-2017-9966 (An Improper Access Control issue was discovered in Schneider Electric ...)
+CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's ...)
+ TODO: check
+CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...)
+ TODO: check
+CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider ...)
+ TODO: check
+CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider ...)
+ TODO: check
+CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider Electric's ...)
NOT-FOR-US: Schneider Electric
-CVE-2017-9965 (A Path Traversal issue was discovered in Schneider Electric Pelco ...)
+CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schneider ...)
NOT-FOR-US: Schneider Electric
CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric Pelco ...)
NOT-FOR-US: Schneider Electric
-CVE-2017-9963
- RESERVED
+CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure ...)
+ TODO: check
CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...)
NOT-FOR-US: Schneider Electric
CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX ...)
@@ -51083,7 +51159,7 @@ CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 al
NOTE: https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc
NOTE: https://github.com/vrtadmin/clamav-devel/commit/60671e3deb1df6c626e5c7e13752c2eec1649f98
CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows ...)
- {DSA-3946-1}
+ {DSA-3946-1 DLA-1279-1}
- libmspack 0.6-1 (bug #871263)
- clamav 0.99.3~beta1+dfsg-1 (unimportant)
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11701
@@ -64796,8 +64872,8 @@ CVE-2017-1722
RESERVED
CVE-2017-1721
RESERVED
-CVE-2017-1720
- RESERVED
+CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute ...)
+ TODO: check
CVE-2017-1719
RESERVED
CVE-2017-1718
@@ -64808,14 +64884,14 @@ CVE-2017-1716 (IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could discl
NOT-FOR-US: IBM Tivoli Workload Scheduler
CVE-2017-1715
RESERVED
-CVE-2017-1714
- RESERVED
+CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated ...)
+ TODO: check
CVE-2017-1713
RESERVED
CVE-2017-1712
RESERVED
-CVE-2017-1711
- RESERVED
+CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running ...)
+ TODO: check
CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize V7000 ...)
NOT-FOR-US: IBM
CVE-2017-1709
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46ee12e8e7b2c548d20057d84be760ec3886b45f
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46ee12e8e7b2c548d20057d84be760ec3886b45f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180213/fe893718/attachment-0001.html>
More information about the Secure-testing-commits
mailing list