[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 15 09:10:22 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f03870f by security tracker role at 2018-02-15T09:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-7057
+ RESERVED
+CVE-2018-7056
+ RESERVED
+CVE-2018-7055
+ RESERVED
+CVE-2018-7054
+ RESERVED
+CVE-2018-7053
+ RESERVED
+CVE-2018-7052
+ RESERVED
+CVE-2018-7051
+ RESERVED
+CVE-2018-7050
+ RESERVED
+CVE-2017-18189
+ RESERVED
CVE-2018-7049
RESERVED
CVE-2018-7048
@@ -1218,6 +1236,7 @@ CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is
CVE-2018-6595
RESERVED
CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates ...)
+ {DLA-1283-1}
- pycryptodome <unfixed> (bug #889998)
- python-crypto <unfixed> (bug #889999)
NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
@@ -1839,7 +1858,7 @@ CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for J
NOT-FOR-US: Visual Calendar component for Joomla!
CVE-2018-6394
RESERVED
-CVE-2018-6393 (FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow ...)
+CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
- ffmpeg 7:3.4.2-1
@@ -3053,6 +3072,7 @@ CVE-2018-5970
CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...)
NOT-FOR-US: Photography CMS
CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...)
+ {DSA-4114-1}
- jackson-databind 2.9.4-1 (bug #888316)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
@@ -14499,19 +14519,19 @@ CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.1
CVE-2017-17559
RESERVED
CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
- {DLA-1230-1}
+ {DSA-4112-1 DLA-1230-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-251.html
CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
- {DLA-1230-1}
+ {DSA-4112-1 DLA-1230-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-250.html
CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
- {DLA-1230-1}
+ {DSA-4112-1 DLA-1230-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-249.html
CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
- {DLA-1230-1}
+ {DSA-4112-1 DLA-1230-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
@@ -14847,6 +14867,7 @@ CVE-2017-17487
CVE-2017-17486
RESERVED
CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 ...)
+ {DSA-4114-1}
- jackson-databind 2.9.4-1 (bug #888318)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0
NOTE: https://github.com/FasterXML/jackson-databind/issues/1855
@@ -16772,106 +16793,106 @@ CVE-2018-0871
RESERVED
CVE-2018-0870
RESERVED
-CVE-2018-0869
- RESERVED
+CVE-2018-0869 (SharePoint Server 2016 allows an elevation of privilege vulnerability ...)
+ TODO: check
CVE-2018-0868
RESERVED
CVE-2018-0867
RESERVED
-CVE-2018-0866
- RESERVED
+CVE-2018-0866 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
+ TODO: check
CVE-2018-0865
RESERVED
-CVE-2018-0864
- RESERVED
+CVE-2018-0864 (SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 ...)
+ TODO: check
CVE-2018-0863
RESERVED
CVE-2018-0862 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
NOT-FOR-US: Microsoft
-CVE-2018-0861
- RESERVED
-CVE-2018-0860
- RESERVED
-CVE-2018-0859
- RESERVED
-CVE-2018-0858
- RESERVED
-CVE-2018-0857
- RESERVED
-CVE-2018-0856
- RESERVED
-CVE-2018-0855
- RESERVED
+CVE-2018-0861 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
+ TODO: check
+CVE-2018-0860 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
+ TODO: check
+CVE-2018-0859 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
+ TODO: check
+CVE-2018-0858 (ChakraCore allows remote code execution, due to how the ChakraCore ...)
+ TODO: check
+CVE-2018-0857 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
+ TODO: check
+CVE-2018-0856 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 ...)
+ TODO: check
+CVE-2018-0855 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
+ TODO: check
CVE-2018-0854
RESERVED
-CVE-2018-0853
- RESERVED
-CVE-2018-0852
- RESERVED
-CVE-2018-0851
- RESERVED
-CVE-2018-0850
- RESERVED
+CVE-2018-0853 (Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, ...)
+ TODO: check
+CVE-2018-0852 (Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft ...)
+ TODO: check
+CVE-2018-0851 (Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft ...)
+ TODO: check
+CVE-2018-0850 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook ...)
+ TODO: check
CVE-2018-0849 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
NOT-FOR-US: Microsoft
CVE-2018-0848 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
NOT-FOR-US: Microsoft
-CVE-2018-0847
- RESERVED
-CVE-2018-0846
- RESERVED
+CVE-2018-0847 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
+ TODO: check
+CVE-2018-0846 (The Windows Common Log File System (CLFS) driver in Windows 7 SP1, ...)
+ TODO: check
CVE-2018-0845 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
NOT-FOR-US: Microsoft
-CVE-2018-0844
- RESERVED
-CVE-2018-0843
- RESERVED
-CVE-2018-0842
- RESERVED
-CVE-2018-0841
- RESERVED
-CVE-2018-0840
- RESERVED
-CVE-2018-0839
- RESERVED
-CVE-2018-0838
- RESERVED
-CVE-2018-0837
- RESERVED
-CVE-2018-0836
- RESERVED
-CVE-2018-0835
- RESERVED
-CVE-2018-0834
- RESERVED
-CVE-2018-0833
- RESERVED
-CVE-2018-0832
- RESERVED
-CVE-2018-0831
- RESERVED
-CVE-2018-0830
- RESERVED
-CVE-2018-0829
- RESERVED
-CVE-2018-0828
- RESERVED
-CVE-2018-0827
- RESERVED
-CVE-2018-0826
- RESERVED
-CVE-2018-0825
- RESERVED
+CVE-2018-0844 (The Windows Common Log File System (CLFS) driver in Windows 7 SP1, ...)
+ TODO: check
+CVE-2018-0843 (The Windows kernel in Windows 10 version 1709 and Windows Server, ...)
+ TODO: check
+CVE-2018-0842 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...)
+ TODO: check
+CVE-2018-0841 (Microsoft Office 2016 Click-to-Run allows a remote code execution ...)
+ TODO: check
+CVE-2018-0840 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
+ TODO: check
+CVE-2018-0839 (Microsoft Edge in Microsoft Windows 10 1703 allows information ...)
+ TODO: check
+CVE-2018-0838 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
+ TODO: check
+CVE-2018-0837 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
+ TODO: check
+CVE-2018-0836 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 ...)
+ TODO: check
+CVE-2018-0835 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
+ TODO: check
+CVE-2018-0834 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
+ TODO: check
+CVE-2018-0833 (The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in ...)
+ TODO: check
+CVE-2018-0832 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, ...)
+ TODO: check
+CVE-2018-0831 (The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows ...)
+ TODO: check
+CVE-2018-0830 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
+ TODO: check
+CVE-2018-0829 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
+ TODO: check
+CVE-2018-0828 (Windows 10 version 1607 and Windows Server 2016 allow an elevation of ...)
+ TODO: check
+CVE-2018-0827 (Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and ...)
+ TODO: check
+CVE-2018-0826 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and ...)
+ TODO: check
+CVE-2018-0825 (StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
+ TODO: check
CVE-2018-0824
RESERVED
-CVE-2018-0823
- RESERVED
-CVE-2018-0822
- RESERVED
-CVE-2018-0821
- RESERVED
-CVE-2018-0820
- RESERVED
+CVE-2018-0823 (The Named Pipe File System in Windows 10 version 1709 and Windows ...)
+ TODO: check
+CVE-2018-0822 (NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server ...)
+ TODO: check
+CVE-2018-0821 (AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows ...)
+ TODO: check
+CVE-2018-0820 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
+ TODO: check
CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a specially ...)
NOT-FOR-US: Microsoft
CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow Guard ...)
@@ -16890,10 +16911,10 @@ CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007,
NOT-FOR-US: Microsoft
CVE-2018-0811
RESERVED
-CVE-2018-0810
- RESERVED
-CVE-2018-0809
- RESERVED
+CVE-2018-0810 (The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, ...)
+ TODO: check
+CVE-2018-0809 (The Windows kernel in Windows 10, versions 1703 and 1709, and Windows ...)
+ TODO: check
CVE-2018-0808
RESERVED
CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
@@ -16968,8 +16989,8 @@ CVE-2018-0773 (Microsoft Edge in Windows 10 1709 allows an attacker to execute .
NOT-FOR-US: Microsoft
CVE-2018-0772 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
NOT-FOR-US: Microsoft
-CVE-2018-0771
- RESERVED
+CVE-2018-0771 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
+ TODO: check
CVE-2018-0770 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
NOT-FOR-US: Microsoft
CVE-2018-0769 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
@@ -16984,24 +17005,24 @@ CVE-2018-0765
RESERVED
CVE-2018-0764 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
NOT-FOR-US: Microsoft
-CVE-2018-0763
- RESERVED
+CVE-2018-0763 (Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows ...)
+ TODO: check
CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
NOT-FOR-US: Microsoft
-CVE-2018-0761
- RESERVED
-CVE-2018-0760
- RESERVED
+CVE-2018-0761 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
+ TODO: check
+CVE-2018-0760 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
+ TODO: check
CVE-2018-0759
RESERVED
CVE-2018-0758 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
NOT-FOR-US: Microsoft
-CVE-2018-0757
- RESERVED
-CVE-2018-0756
- RESERVED
-CVE-2018-0755
- RESERVED
+CVE-2018-0757 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
+ TODO: check
+CVE-2018-0756 (The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, ...)
+ TODO: check
+CVE-2018-0755 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
+ TODO: check
CVE-2018-0754 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
NOT-FOR-US: Microsoft
CVE-2018-0753 (Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, ...)
@@ -17026,8 +17047,8 @@ CVE-2018-0744 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012
NOT-FOR-US: Microsoft
CVE-2018-0743 (Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 ...)
NOT-FOR-US: Microsoft
-CVE-2018-0742
- RESERVED
+CVE-2018-0742 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
+ TODO: check
CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows ...)
NOT-FOR-US: Microsoft
CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote authenticated ...)
@@ -26115,11 +26136,13 @@ CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the funct
NOTE: https://github.com/erikd/libsndfile/issues/318
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
+ {DSA-4113-1}
- libvorbis 1.3.5-4.1 (bug #876778)
[jessie] - libvorbis <postponed> (Minor issue, can be fixed along later)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
NOTE: https://github.com/xiph/vorbis/pull/34
CVE-2017-14632 (Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ...)
+ {DSA-4113-1}
- libvorbis 1.3.5-4.1 (bug #876779)
[jessie] - libvorbis <not-affected> (Vulnerable code not present)
[wheezy] - libvorbis <not-affected> (Vulnerable code not present)
@@ -29869,8 +29892,8 @@ CVE-2017-13275
RESERVED
CVE-2017-13274
RESERVED
-CVE-2017-13273
- RESERVED
+CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient ...)
+ TODO: check
CVE-2017-13272
RESERVED
CVE-2017-13271
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f03870f5476b30453d7c5e2b091f125ca48a1d7
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f03870f5476b30453d7c5e2b091f125ca48a1d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180215/0010e1c5/attachment.html>
More information about the Secure-testing-commits
mailing list