[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 21 09:10:38 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd3808da by security tracker role at 2018-02-21T09:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,39 @@
-CVE-2018-7263
+CVE-2018-7279
 	RESERVED
+CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP ...)
+	TODO: check
+CVE-2018-7277 (An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent ...)
+	TODO: check
+CVE-2018-7276 (An issue was discovered on Lutron Quantum BACnet Integration 2.0 ...)
+	TODO: check
+CVE-2018-7275
+	RESERVED
+CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-site ...)
+	TODO: check
+CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the ...)
+	TODO: check
+CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part ...)
+	TODO: check
+CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In install/install.php in the ...)
+	TODO: check
+CVE-2018-7270
+	RESERVED
+CVE-2018-7269
+	RESERVED
+CVE-2018-7268
+	RESERVED
+CVE-2018-7267
+	RESERVED
+CVE-2018-7266
+	RESERVED
+CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that ...)
+	TODO: check
+CVE-2018-7264
+	RESERVED
+CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b ...)
+	TODO: check
+CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad through ...)
+	TODO: check
 CVE-2018-7262
 	RESERVED
 CVE-2018-7261
@@ -995,6 +1029,7 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attac
 CVE-2018-6870
 	RESERVED
 CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...)
+	{DLA-1287-1}
 	- zziplib <unfixed>
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
@@ -2099,8 +2134,8 @@ CVE-2018-6489
 	RESERVED
 CVE-2018-6488
 	RESERVED
-CVE-2018-6487
-	RESERVED
+CVE-2018-6487 (Remote Disclosure of Information in Micro Focus Universal CMDB ...)
+	TODO: check
 CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit ...)
 	NOT-FOR-US: Micro Focus Fortify Audit Workbench
 CVE-2017-18119
@@ -15640,10 +15675,10 @@ CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 m
 	[jessie] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/344
-CVE-2017-17455
-	RESERVED
-CVE-2017-17454
-	RESERVED
+CVE-2017-17455 (Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before ...)
+	TODO: check
+CVE-2017-17454 (Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before ...)
+	TODO: check
 CVE-2017-17453
 	RESERVED
 CVE-2017-17452
@@ -25604,8 +25639,8 @@ CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows rem
 	- graphicsmagick 1.3.26-13
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
-CVE-2017-14993
-	RESERVED
+CVE-2017-14993 (OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x ...)
+	TODO: check
 CVE-2017-14992 (Lack of content verification in Docker-CE (Also known as Moby) ...)
 	- docker.io <undetermined>
 CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...)
@@ -33431,8 +33466,8 @@ CVE-2017-12417
 	RESERVED
 CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2017-12415
-	RESERVED
+CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x ...)
+	TODO: check
 CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption ...)
 	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd3808da52ae8acfbbddd57185260d493b18002d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd3808da52ae8acfbbddd57185260d493b18002d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180221/1acafe5f/attachment.html>

More information about the Secure-testing-commits mailing list