[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Feb 20 21:10:32 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42bd7c1b by security tracker role at 2018-02-20T21:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-7263
+	RESERVED
+CVE-2018-7262
+	RESERVED
 CVE-2018-7261
 	RESERVED
 CVE-2018-7260
@@ -142,12 +146,13 @@ CVE-2018-7208 (In the coff_pointerize_aux function in coffgen.c in the Binary Fi
 	[wheezy] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22741
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815
-CVE-2018-7207 (National Payments Corporation of India (NPCI) Bharat Interface for ...)
+CVE-2018-7207
+	REJECTED
 	NOT-FOR-US: BHIM
 CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthenticator ...)
 	TODO: check
-CVE-2018-7205
-	RESERVED
+CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ...)
+	TODO: check
 CVE-2018-7204
 	RESERVED
 CVE-2018-7203
@@ -522,8 +527,8 @@ CVE-2018-7048
 	RESERVED
 CVE-2018-7047
 	RESERVED
-CVE-2018-7046
-	RESERVED
+CVE-2018-7046 (** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 ...)
+	TODO: check
 CVE-2018-7045
 	RESERVED
 CVE-2018-7044
@@ -759,10 +764,10 @@ CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL pointer
 	[wheezy] - freetype <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
 	NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
-CVE-2018-6941
-	RESERVED
-CVE-2018-6940
-	RESERVED
+CVE-2018-6941 (A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 ...)
+	TODO: check
+CVE-2018-6940 (A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 ...)
+	TODO: check
 CVE-2018-6939
 	RESERVED
 CVE-2018-6938
@@ -2240,8 +2245,7 @@ CVE-2018-6461 (March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 
 	NOT-FOR-US: March Hare
 CVE-2018-6460 (Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and ...)
 	NOT-FOR-US: Hotspot Shield
-CVE-2018-6459
-	RESERVED
+CVE-2018-6459 (The rsa_pss_params_parse function in ...)
 	- strongswan 5.6.2-1
 	[stretch] - strongswan <not-affected> (Vulnerable code introduced later)
 	[jessie] - strongswan <not-affected> (Vulnerable code introduced later)
@@ -2554,8 +2558,7 @@ CVE-2018-6358 (The printDefineFont2 function (util/listfdb.c) in libming through
 	NOTE: https://github.com/libming/libming/issues/104
 CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the ...)
 	NOT-FOR-US: acurax-social-media-widget plugin for WordPress
-CVE-2018-6356
-	RESERVED
+CVE-2018-6356 (An issue was discovered in the Extended Choice Parameter (aka ...)
 	- jenkins <removed>
 CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 ...)
 	NOT-FOR-US: iBall 300M devices
@@ -4795,8 +4798,8 @@ CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is vulne
 	NOT-FOR-US: FoxSash ImgHosting
 CVE-2018-5478
 	RESERVED
-CVE-2018-5477
-	RESERVED
+CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS Web ...)
+	TODO: check
 CVE-2018-5476
 	RESERVED
 CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 Line ...)
@@ -21425,8 +21428,8 @@ CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in ...
 	[wheezy] - radare2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
 	NOTE: https://github.com/radare/radare2/issues/8742
-CVE-2017-16356
-	RESERVED
+CVE-2017-16356 (Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) ...)
+	TODO: check
 CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...)
 	- passenger <unfixed> (bug #884463)
 	- ruby-passenger <removed>
@@ -37760,8 +37763,8 @@ CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving me
 	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
 CVE-2017-10964
 	RESERVED
-CVE-2017-10963
-	RESERVED
+CVE-2017-10963 (In Knox SDS IAM (Identity Access Management) and EMM (Enterprise ...)
+	TODO: check
 CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...)
 	NOT-FOR-US: REDCap
 CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File ...)
@@ -52607,10 +52610,10 @@ CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 all
 	[wheezy] - radare2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18 (1.3.0-git)
 	NOTE: https://github.com/radare/radare2/issues/6829
-CVE-2017-6193
-	RESERVED
-CVE-2017-6192
-	RESERVED
+CVE-2017-6193 (Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2017-6192 (Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers ...)
+	TODO: check
 CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...)
 	NOT-FOR-US: APNGDis
 CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link ...)
@@ -80120,8 +80123,8 @@ CVE-2016-6274
 	RESERVED
 CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex License ...)
 	NOT-FOR-US: Flexera
-CVE-2016-6272
-	RESERVED
+CVE-2016-6272 (SQL injection vulnerability in EPIC MyChart allows remote attackers to ...)
+	TODO: check
 CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
 	{DSA-3631-1 DLA-628-1}
 	- php7.0 7.0.9-1
@@ -106765,8 +106768,8 @@ CVE-2015-6546 (The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Control
 	NOT-FOR-US: F5 BIG-IP
 CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...)
 	NOT-FOR-US: Cerb
-CVE-2015-6544
-	RESERVED
+CVE-2015-6544 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2015-6543
 	RESERVED
 CVE-2015-6542



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42bd7c1bfe760f10ec4862770a9a29d1d9522d5a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42bd7c1bfe760f10ec4862770a9a29d1d9522d5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180220/c1cf02b2/attachment.html>

More information about the Secure-testing-commits mailing list