[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 23 21:10:28 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
642a20f1 by security tracker role at 2018-02-23T21:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,33 @@
+CVE-2018-7443
+	RESERVED
+CVE-2018-7434
+	RESERVED
+CVE-2018-7433
+	RESERVED
+CVE-2018-7432
+	RESERVED
+CVE-2018-7431
+	RESERVED
+CVE-2018-7430
+	RESERVED
+CVE-2018-7429
+	RESERVED
+CVE-2018-7428
+	RESERVED
+CVE-2018-7427
+	RESERVED
+CVE-2018-7426
+	RESERVED
+CVE-2018-7425
+	RESERVED
+CVE-2018-7424
+	RESERVED
+CVE-2018-7423
+	RESERVED
+CVE-2017-18195
+	RESERVED
+CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...)
+	TODO: check
 CVE-2018-7422
 	RESERVED
 CVE-2018-7421
@@ -13,18 +43,23 @@ CVE-2018-7417
 CVE-2018-7416
 	RESERVED
 CVE-2018-7439 [heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892
 CVE-2018-7438 [heap-buffer-overflow in freexl.c:383 parse_unicode_string]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889
 CVE-2018-7437 [heap-buffer-overflow in freexl.c:1866 parse_SST]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885
 CVE-2018-7436 [heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883
 CVE-2018-7435 [heap-buffer-overflow in freexl::destroy_cell]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879
 CVE-2018-7415
@@ -179,8 +214,8 @@ CVE-2018-7341
 	RESERVED
 CVE-2018-7340
 	RESERVED
-CVE-2018-7339
-	RESERVED
+CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles ...)
+	TODO: check
 CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...)
 	NOT-FOR-US: HamayeshNegar CMS
 CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...)
@@ -1491,12 +1526,12 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation an
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/22
-CVE-2018-6868
-	RESERVED
-CVE-2018-6867
-	RESERVED
-CVE-2018-6866
-	RESERVED
+CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / ...)
+	TODO: check
+CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone ...)
+	TODO: check
+CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and ...)
+	TODO: check
 CVE-2018-6865
 	RESERVED
 CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion ...)
@@ -1509,8 +1544,8 @@ CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Sear
 	NOT-FOR-US: PHP Scripts Mall Lawyer Search Script
 CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts ...)
 	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
-CVE-2018-6859
-	RESERVED
+CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert Management ...)
+	TODO: check
 CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone ...)
 	NOT-FOR-US: PHP Scripts Mall Facebook Clone Script
 CVE-2018-6857
@@ -1743,8 +1778,7 @@ CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig funct
 	[wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
 	NOTE: https://github.com/dbry/WavPack/issues/27
 	NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
-CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init]
-	RESERVED
+CVE-2018-6764 (util/virlog.c in libvirt does not properly determine the hostname on ...)
 	- libvirt 4.0.0-2 (bug #889839)
 	[stretch] - libvirt <no-dsa> (Minor issue)
 	[jessie] - libvirt <no-dsa> (Minor issue)
@@ -9030,14 +9064,17 @@ CVE-2018-3838
 CVE-2018-3837
 	RESERVED
 CVE-2018-7442 [path traversal or file overwrite]
+	RESERVED
 	- leptonlib <unfixed>
 	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html
 CVE-2018-7441 [insecure use of /tmp]
+	RESERVED
 	- leptonlib <unfixed>
 	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html
 CVE-2017-18196
 	- leptonlib 1.74.4-2 (bug #885704)
 CVE-2018-7440 [command injection via $(command)]
+	RESERVED
 	- leptonlib <unfixed>
 	NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
 	NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
@@ -18781,12 +18818,12 @@ CVE-2018-0522
 	RESERVED
 CVE-2018-0521
 	RESERVED
-CVE-2018-0520
-	RESERVED
-CVE-2018-0519
-	RESERVED
-CVE-2018-0518
-	RESERVED
+CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware ...)
+	TODO: check
+CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...)
+	TODO: check
+CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...)
+	TODO: check
 CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...)
 	NOT-FOR-US: Anshin net security for Windows
 CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address ...)
@@ -20029,7 +20066,7 @@ CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field durin
 	- php-horde <undetermined>
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
 	TODO: check
-CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...)
+CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...)
 	- php-horde <undetermined>
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
 	TODO: check
@@ -48946,7 +48983,7 @@ CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...)
 	[jessie] - linux 3.16.39-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824
-CVE-2017-7494 (Samba since version 3.5.0 is vulnerable to remote code execution ...)
+CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is ...)
 	{DSA-3860-1 DLA-951-1}
 	- samba 2:4.5.8+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html
@@ -143359,10 +143396,10 @@ CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Boo
 	NOT-FOR-US: WordPress plugin Booking System
 CVE-2014-3208
 	RESERVED
-CVE-2014-3206
-	RESERVED
-CVE-2014-3205
-	RESERVED
+CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary ...)
+	TODO: check
+CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a ...)
+	TODO: check
 CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle ...)
 	NOT-FOR-US: Unity
 CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly ...)
@@ -166248,7 +166285,7 @@ CVE-2013-1937 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOTE: http://seclists.org/fulldisclosure/2013/Apr/100
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a
 CVE-2013-1936
-	RESERVED
+	REJECTED
 CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package ...)
 	- linux <not-affected> (RHEL-specific backport regression)
 	- linux-2.6 <not-affected> (RHEL-specific backport regression)
@@ -260998,7 +261035,7 @@ CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm 
 	[etch] - libapache2-mod-perl2 <no-dsa> (Minor issue)
 	[etch] - apache 1.3.34-4.1+etch1
 CVE-2007-1348
-	RESERVED
+	REJECTED
 CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
 	NOT-FOR-US: Microsoft Windows Explorer
 CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/642a20f183e76f797f329371173b1662169482ac

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/642a20f183e76f797f329371173b1662169482ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180223/64bae2e6/attachment.html>

More information about the Secure-testing-commits mailing list