[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 26 09:10:24 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ff249099 by security tracker role at 2018-02-26T09:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. The ...)
+ TODO: check
+CVE-2018-7483
+ RESERVED
+CVE-2018-7482
+ RESERVED
+CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 mishandles ...)
+ TODO: check
CVE-2018-XXXX [AST-2018-003: Crash with an invalid SDP fmtp attribute]
- pjproject 2.7.2~dfsg-1
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
@@ -12,8 +20,8 @@ CVE-2018-7481
CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux ...)
- linux 4.11.6-1
NOTE: Fixed by: https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
-CVE-2018-7479
- RESERVED
+CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via a ...)
+ TODO: check
CVE-2018-7478
RESERVED
CVE-2018-7477
@@ -24142,8 +24150,7 @@ CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Ap
NOTE: Affects: 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34
CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ...)
NOT-FOR-US: Apache NiFi
-CVE-2017-15696
- RESERVED
+CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in secure ...)
NOT-FOR-US: Apache Geode
CVE-2017-15695
RESERVED
@@ -42777,10 +42784,10 @@ CVE-2017-9428 (A directory traversal vulnerability exists in ...)
NOT-FOR-US: BigTree CMS
CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...)
NOT-FOR-US: BigTree CMS
-CVE-2017-9426
- RESERVED
-CVE-2017-9425
- RESERVED
+CVE-2017-9426 (ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection ...)
+ TODO: check
+CVE-2017-9425 (The Facetag extension 0.0.3 for Piwigo allows XSS via the name ...)
+ TODO: check
CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers ...)
NOT-FOR-US: IdeaBlade Breeze Breeze.Server.NET
CVE-2017-9423
@@ -50079,7 +50086,7 @@ CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the
- linux 4.9.6-1
[jessie] - linux 3.16.43-1
NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
-CVE-2017-7272 (PHP through 7.1.3 enables potential SSRF in applications that accept an ...)
+CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept ...)
{DLA-875-1}
- php7.1 7.1.4-1
- php7.0 7.0.18-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff249099624f653bcd7a8e4c2d673451c6391db3
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff249099624f653bcd7a8e4c2d673451c6391db3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180226/a8925cd2/attachment.html>
More information about the Secure-testing-commits
mailing list