[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Feb 20 09:10:29 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
525c8455 by security tracker role at 2018-02-20T09:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,10 +1,40 @@
-CVE-2018-7254 [global buffer overflow while running wavpack]
+CVE-2018-7261
+	RESERVED
+CVE-2018-7260
+	RESERVED
+CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...)
+	TODO: check
+CVE-2018-7258
+	RESERVED
+CVE-2018-7257
+	RESERVED
+CVE-2018-7256
+	RESERVED
+CVE-2018-7255
+	RESERVED
+CVE-2018-7252
+	RESERVED
+CVE-2018-7251 (An issue was discovered in config/error.php in Anchor 0.12.3. The error ...)
+	TODO: check
+CVE-2018-7250
+	RESERVED
+CVE-2018-7249
+	RESERVED
+CVE-2017-18192 (smart/calculator/gallerylock/CalculatorActivity.java in the ...)
+	TODO: check
+CVE-2015-9256 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2015-9255 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2015-9254 (Datto ALTO and SIRIS devices have a default VNC password. ...)
+	TODO: check
+CVE-2018-7254 (The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack ...)
 	- wavpack <unfixed> (bug #889274)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/dbry/WavPack/issues/26
 	NOTE: https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
-CVE-2018-7253 [heap buffer overflow while running wavpack]
+CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of ...)
 	- wavpack <unfixed> (bug #889559)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
@@ -949,7 +979,7 @@ CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descript
 	[wheezy] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6
-CVE-2018-6871 (LibreOffice through 6.0.1 allows remote attackers to read arbitrary ...)
+CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers ...)
 	{DSA-4111-2 DSA-4111-1}
 	- libreoffice 1:6.0.1-1
 	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
@@ -1059,7 +1089,7 @@ CVE-2018-6826 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. ..
 	NOT-FOR-US: VOBOT CLOCK
 CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH ...)
 	NOT-FOR-US: VOBOT CLOCK
-CVE-2018-6824 (Cozy has XSS allowing remote attackers to obtain administrative access ...)
+CVE-2018-6824 (Cozy version 2 has XSS allowing remote attackers to obtain ...)
 	NOT-FOR-US: Cozy
 CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the ...)
 	NOT-FOR-US: Mailbutler Shimo
@@ -4067,8 +4097,8 @@ CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync befo
 	[stretch] - rsync <no-dsa> (Minor issue)
 	[jessie] - rsync <no-dsa> (Minor issue)
 	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
-CVE-2018-5763
-	RESERVED
+CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 ...)
+	TODO: check
 CVE-2018-5762
 	RESERVED
 CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was found ...)
@@ -20065,8 +20095,8 @@ CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 
 	- tboot <itp> (bug #803180)
 CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...)
 	NOT-FOR-US: Arris TG1682G devices
-CVE-2017-16835
-	RESERVED
+CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has ...)
+	TODO: check
 CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an ...)
 	- pnp4nagios <not-affected> (/etc/pnp4nagios and its content is installed as root by the Debian package)
 	NOTE: https://github.com/lingej/pnp4nagios/issues/140
@@ -20200,6 +20230,7 @@ CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to ca
 	NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d
 	NOTE: https://github.com/radare/radare2/issues/8813
 CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...)
+	{DSA-4119-1}
 	- libav <removed> (low)
 	- ffmpeg 7:2.2.1-1
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098
@@ -48266,7 +48297,7 @@ CVE-2017-7518 [debug exception via syscall emulation]
 CVE-2017-7517
 	RESERVED
 	NOT-FOR-US: OpenShift
-CVE-2017-7516 (It was found that the cpio --no-absolute-filenames option since ...)
+CVE-2017-7516 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-1197.  Reason: This ...)
 	- cpio 2.11+dfsg-4.1 (low)
 	[wheezy] - cpio <ignored> (Minor issue, same motivation as CVE-2015-1197)
 	NOTE: https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html
@@ -59951,10 +59982,10 @@ CVE-2016-9953
 	RESERVED
 CVE-2016-9952
 	RESERVED
-CVE-2016-10008
-	RESERVED
-CVE-2016-10007
-	RESERVED
+CVE-2016-10008 (SQL injection vulnerability in the "Content Types > Content Types" ...)
+	TODO: check
+CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in ...)
+	TODO: check
 CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input ...)
 	NOT-FOR-US: OWASP AntiSamy
 CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ...)
@@ -119716,8 +119747,8 @@ CVE-2015-2083 (Cross-site request forgery (CSRF) vulnerability in Ilch CMS allow
 	NOT-FOR-US: Ilch CMS
 CVE-2015-2082 (Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 ...)
 	NOT-FOR-US: UNIT4 Prosoft HRMS
-CVE-2015-2081
-	RESERVED
+CVE-2015-2081 (Datto ALTO and SIRIS devices allow Remote Code Execution via ...)
+	TODO: check
 CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...)
 	NOT-FOR-US: Vanilla Forums
 CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/525c8455f437e77c5af1d3c22c56c256b620bdc8

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/525c8455f437e77c5af1d3c22c56c256b620bdc8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180220/dd1008ed/attachment.html>

More information about the Secure-testing-commits mailing list