[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 16 21:10:21 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0cf8f634 by security tracker role at 2018-02-16T21:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,24 @@
-CVE-2018-7186 [stack buffer overflows]
+CVE-2018-7190
+ RESERVED
+CVE-2018-7189
+ RESERVED
+CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an ...)
+ TODO: check
+CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure ...)
+ TODO: check
+CVE-2018-7185
+ RESERVED
+CVE-2018-7184
+ RESERVED
+CVE-2018-7183
+ RESERVED
+CVE-2018-7182
+ RESERVED
+CVE-2018-7181
+ RESERVED
+CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
+ TODO: check
+CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters in a %s ...)
- leptonlib <unfixed> (bug #890548)
NOTE: https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
CVE-2018-7180
@@ -9,7 +29,7 @@ CVE-2018-7178
RESERVED
CVE-2018-7177
RESERVED
-CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php...)
+CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a ...)
- frontaccounting <removed> (bug #890604)
[wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, already vulnerable to SQL injection in CVE-2014-3973)
NOTE: https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html
@@ -529,10 +549,10 @@ CVE-2018-6946
RESERVED
CVE-2018-6945
RESERVED
-CVE-2018-6944
- RESERVED
-CVE-2018-6943
- RESERVED
+CVE-2018-6944 (core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for ...)
+ TODO: check
+CVE-2018-6943 (core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 ...)
+ TODO: check
CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL pointer ...)
- freetype <unfixed> (bug #890450)
[stretch] - freetype <not-affected> (Vulnerable code introduced later)
@@ -571,11 +591,11 @@ CVE-2018-6929
CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a ...)
NOT-FOR-US: PHP Scripts Mall News Website Script
CVE-2018-1000066
- RESERVED
+ REJECTED
CVE-2018-1000065
- RESERVED
+ REJECTED
CVE-2018-1000064
- RESERVED
+ REJECTED
CVE-2017-18186 (An issue was discovered in QPDF before 7.0.0. There is an infinite loop ...)
- qpdf 7.0.0-1
[stretch] - qpdf <no-dsa> (Minor issue)
@@ -646,7 +666,7 @@ CVE-2018-6915
CVE-2018-6914
RESERVED
CVE-2018-1000063
- RESERVED
+ REJECTED
CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring ...)
NOT-FOR-US: Progress Sitefinity
CVE-2017-18178 (Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue ...)
@@ -943,6 +963,7 @@ CVE-2018-6793
CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow ...)
NOT-FOR-US: Saifor CVMS HUB
CVE-2018-6791 (An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE ...)
+ {DSA-4116-1}
- plasma-workspace 4:5.12.0-2
- kde-runtime <not-affected> (Performs correct escaping)
NOTE: https://bugs.kde.org/show_bug.cgi?id=389815
@@ -1922,12 +1943,12 @@ CVE-2017-18093
RESERVED
CVE-2017-18092
RESERVED
-CVE-2017-18091
- RESERVED
-CVE-2017-18090
- RESERVED
-CVE-2017-18089
- RESERVED
+CVE-2017-18091 (The admin backupprogress action in Atlassian Fisheye and Crucible ...)
+ TODO: check
+CVE-2017-18090 (Various resources in Atlassian Fisheye before version 4.5.1 (the fixed ...)
+ TODO: check
+CVE-2017-18089 (The view review history resource in Atlassian Crucible before version ...)
+ TODO: check
CVE-2017-18088 (Various plugin servlet resources in Atlassian Bitbucket Server before ...)
NOT-FOR-US: Atlassian Bitbucket Server
CVE-2017-18087 (The download commit resource in Atlassian Bitbucket Server from ...)
@@ -18039,10 +18060,10 @@ CVE-2018-0518
RESERVED
CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...)
NOT-FOR-US: Anshin net security for Windows
-CVE-2018-0516
- RESERVED
-CVE-2018-0515
- RESERVED
+CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address ...)
+ TODO: check
+CVE-2018-0515 (Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" ...)
+ TODO: check
CVE-2018-0514 (MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows ...)
NOT-FOR-US: MP Form Mail CGI eCommerce Edition
CVE-2018-0513 (Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple ...)
@@ -64393,7 +64414,7 @@ CVE-2017-2254 (Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial
NOT-FOR-US: Cybozu
CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo! Toolbar ...)
NOT-FOR-US: Installer of Yahoo! Toolbar (for Internet explorer)
-CVE-2017-2252 (Untrusted search path vulnerability in Self-extracting archive files ...)
+CVE-2017-2252 (Untrusted search path vulnerability in self-extracting archive files ...)
NOT-FOR-US: File Compact
CVE-2017-2251
RESERVED
@@ -67091,7 +67112,7 @@ CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks]
RESERVED
- gitlab <unfixed> (bug #888508)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
- NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
+ NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import]
RESERVED
- gitlab <unfixed> (bug #888508)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cf8f63449884d389524c8c870ef76e076878105
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0cf8f63449884d389524c8c870ef76e076878105
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180216/c9f0e70f/attachment.html>
More information about the Secure-testing-commits
mailing list