[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Wed Feb 28 09:10:36 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fa18d45 by security tracker role at 2018-02-28T09:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-7558
+	RESERVED
+CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
+	TODO: check
+CVE-2018-7556 (LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before ...)
+	TODO: check
+CVE-2018-7555
+	RESERVED
+CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that leads to a ...)
+	TODO: check
+CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster function of ...)
+	TODO: check
+CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp ...)
+	TODO: check
+CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that leads to ...)
+	TODO: check
+CVE-2018-7550
+	RESERVED
+CVE-2018-7549 (In params.c in zsh through 5.4.2, there is a crash during a copy of an ...)
+	TODO: check
+CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer dereference ...)
+	TODO: check
+CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the ...)
+	TODO: check
+CVE-2018-7546
+	RESERVED
+CVE-2018-7545
+	RESERVED
+CVE-2018-1057
+	RESERVED
+CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...)
+	TODO: check
+CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is used, ...)
+	TODO: check
+CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized buffers ...)
+	TODO: check
+CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow when ...)
+	TODO: check
+CVE-2014-10071 (In exec.c in zsh before 5.0.7, there is a buffer overflow for very long ...)
+	TODO: check
+CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of integer ...)
+	TODO: check
 CVE-2018-7544
 	RESERVED
 CVE-2018-7543
@@ -162,8 +204,8 @@ CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. T
 	NOT-FOR-US: PureVPN on Windows
 CVE-2018-7483
 	RESERVED
-CVE-2018-7482
-	RESERVED
+CVE-2018-7482 (The K2 component 2.8.0 for Joomla! has Incorrect Access Control with ...)
+	TODO: check
 CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 mishandles ...)
 	- linux <not-affected> (Vulnerable code not present)
 CVE-2018-1000099 [AST-2018-003: Crash with an invalid SDP fmtp attribute]
@@ -188,8 +230,8 @@ CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via 
 	NOT-FOR-US: YzmCMS
 CVE-2018-7478
 	RESERVED
-CVE-2018-7477
-	RESERVED
+CVE-2018-7477 (SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 ...)
+	TODO: check
 CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site ...)
 	NOT-FOR-US: FineCms
 CVE-2018-7475
@@ -213,8 +255,8 @@ CVE-2018-7469
 	RESERVED
 CVE-2018-7468
 	RESERVED
-CVE-2018-7467
-	RESERVED
+CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f ...)
+	TODO: check
 CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote ...)
 	NOT-FOR-US: TestLink
 CVE-2018-7465
@@ -2476,14 +2518,14 @@ CVE-2018-6643
 	RESERVED
 CVE-2018-6642
 	RESERVED
-CVE-2018-6641
-	RESERVED
-CVE-2018-6640
-	RESERVED
-CVE-2018-6639
-	RESERVED
-CVE-2018-6638
-	RESERVED
+CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered in ...)
+	TODO: check
+CVE-2018-6640 (A Heap Overflow (Remote Code Execution) issue was discovered in Design ...)
+	TODO: check
+CVE-2018-6639 (An out-of-bounds write (Remote Code Execution) issue was discovered in ...)
+	TODO: check
+CVE-2018-6638 (A stack-based buffer overflow (Remote Code Execution) issue was ...)
+	TODO: check
 CVE-2018-6637
 	RESERVED
 CVE-2018-6636
@@ -2817,7 +2859,7 @@ CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases 
 	[stretch] - golang-1.7 <ignored> (Minor issue)
 	- golang <removed>
 	[jessie] - golang <ignored> (Minor issue)
-        [wheezy] - golang <ignored> (Minor issue)
+	[wheezy] - golang <ignored> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/23672
 	NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
 	NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
@@ -17335,6 +17377,7 @@ CVE-2018-1060
 CVE-2018-1059
 	RESERVED
 CVE-2018-1058 [Security implications of using the default search_path and public schema]
+	RESERVED
 	- postgresql-10 10.3-1
 	- postgresql-9.6 <removed>
 	- postgresql-9.4 <removed>
@@ -26004,8 +26047,7 @@ CVE-2017-15138
 	RESERVED
 CVE-2017-15137
 	RESERVED
-CVE-2017-15136
-	RESERVED
+CVE-2017-15136 (When registering and activating a new system with Red Hat Satellite 6 ...)
 	NOT-FOR-US: Red Hat Satellite 6
 CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including ...)
 	- 389-ds-base 1.3.7.9-1 (bug #888451)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fa18d451cf4e9c0e4aa04e6abd6b5e5408c5e14

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fa18d451cf4e9c0e4aa04e6abd6b5e5408c5e14
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/5a1bdf39/attachment-0001.html>
