[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sat Feb 24 21:10:21 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43b41988 by security tracker role at 2018-02-24T21:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -305,15 +305,23 @@ CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandle
 	- linux 4.13.4-1
 	NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
 CVE-2017-6932 [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page]
+	RESERVED
+	{DSA-4123-1}
 	- drupal7 7.57-1 (bug #891154)
 	NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6929 [SA-CORE-2018-001: jQuery vulnerability with untrusted domains]
+	RESERVED
+	{DSA-4123-1}
 	- drupal7 7.57-1 (bug #891153)
 	NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6928 [SA-CORE-2018-001: Private file access bypass]
+	RESERVED
+	{DSA-4123-1}
 	- drupal7 7.57-1 (bug #891152)
 	NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6927 [SA-CORE-2018-001: JavaScript cross-site scripting prevention is incomplete]
+	RESERVED
+	{DSA-4123-1}
 	- drupal8 <itp> (bug #756305)
 	- drupal7 7.57-1 (bug #891150)
 	NOTE: https://www.drupal.org/sa-core-2018-001
@@ -1618,8 +1626,8 @@ CVE-2018-6885
 	RESERVED
 CVE-2018-6884
 	RESERVED
-CVE-2018-6883
-	RESERVED
+CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the ...)
+	TODO: check
 CVE-2018-6882
 	RESERVED
 CVE-2018-1000062 (WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File ...)
@@ -31298,6 +31306,7 @@ CVE-2017-13196 (In several places in ihevcd_decode.c, a dead loop could occur du
 CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-13194 (A vulnerability in the Android media framework (libvpx) related to odd ...)
+	{DLA-1290-1}
 	- libvpx 1.7.0-2
 	NOTE: Android patch: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9
 CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to bytes for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43b41988d4824ec1c475653a87ffb539a6afdbbc

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43b41988d4824ec1c475653a87ffb539a6afdbbc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180224/f97e4ac3/attachment-0001.html>
