[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 28 21:10:22 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c52b872 by security tracker role at 2018-02-28T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-7567
+	RESERVED
+CVE-2018-7566
+	RESERVED
+CVE-2018-7565
+	RESERVED
+CVE-2018-7564
+	RESERVED
+CVE-2018-7563
+	RESERVED
+CVE-2018-7562
+	RESERVED
+CVE-2018-7561
+	RESERVED
+CVE-2018-7560
+	RESERVED
+CVE-2018-7559
+	RESERVED
 CVE-2018-7558
 	RESERVED
 CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
@@ -266,8 +284,8 @@ CVE-2018-7470 (An issue was discovered in ImageMagick 7.0.7-22 Q16. The ...)
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8130e12eb30685ef958f4e62fe624da393920be7
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7305dacfcdf5e51c4f8d0ba9f77fa97792f8acf7
 	NOTE: webp support not enabled, see #806425
-CVE-2018-7469
-	RESERVED
+CVE-2018-7469 (PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the ...)
+	TODO: check
 CVE-2018-7468
 	RESERVED
 CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f ...)
@@ -595,22 +613,22 @@ CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandle
 	NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
 CVE-2017-6932 [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page]
 	RESERVED
-	{DSA-4123-1}
+	{DSA-4123-1 DLA-1295-1}
 	- drupal7 7.57-1 (bug #891154)
 	NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6929 [SA-CORE-2018-001: jQuery vulnerability with untrusted domains]
 	RESERVED
-	{DSA-4123-1}
+	{DSA-4123-1 DLA-1295-1}
 	- drupal7 7.57-1 (bug #891153)
 	NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6928 [SA-CORE-2018-001: Private file access bypass]
 	RESERVED
-	{DSA-4123-1}
+	{DSA-4123-1 DLA-1295-1}
 	- drupal7 7.57-1 (bug #891152)
 	NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6927 [SA-CORE-2018-001: JavaScript cross-site scripting prevention is incomplete]
 	RESERVED
-	{DSA-4123-1}
+	{DSA-4123-1 DLA-1295-1}
 	- drupal8 <itp> (bug #756305)
 	- drupal7 7.57-1 (bug #891150)
 	NOTE: https://www.drupal.org/sa-core-2018-001
@@ -981,8 +999,8 @@ CVE-2018-7266
 	RESERVED
 CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that ...)
 	NOT-FOR-US: Shimmie
-CVE-2018-7264
-	RESERVED
+CVE-2018-7264 (The Pictview image processing library embedded in the ActivePDF ...)
+	TODO: check
 CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b ...)
 	- libid3tag 0.15.1b-5 (bug #304913)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
@@ -16625,8 +16643,7 @@ CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache
 	NOTE: https://svn.apache.org/r1824359 (8.0.x)
 	NOTE: https://svn.apache.org/r1823322 (7.0.x)
 	NOTE: https://svn.apache.org/r1824360 (7.0.x)
-CVE-2018-1304 [Security constraints mapped to context root are ignored]
-	RESERVED
+CVE-2018-1304 (The URL pattern of "" (the empty string) which exactly maps to the ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.28-1
 	- tomcat8.0 <unfixed> (unimportant)
@@ -16682,8 +16699,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (R
 	- jakarta-jmeter <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
-CVE-2018-1286
-	RESERVED
+CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2018-1285
 	RESERVED
@@ -19411,14 +19427,14 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when
 	- polarssl <removed>
 	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
-        NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
-        NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
+	NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
+	NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
 CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...)
 	- mbedtls 2.7.0-2 (bug #890288)
 	- polarssl <removed>
 	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
-        NOTE: https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
+	NOTE: https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...)
 	{DSA-4085-1 DLA-1242-1}
 	- xmltooling 1.6.3-1
@@ -33583,7 +33599,7 @@ CVE-2017-12743
 	RESERVED
 CVE-2017-12742
 	RESERVED
-CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart, SIMATIC ...)
+CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart (All ...)
 	NOT-FOR-US: Siemens
 CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...)
 	NOT-FOR-US: Siemens
@@ -35068,8 +35084,7 @@ CVE-2017-12192 (The keyctl_read_key function in security/keys/keyctl.c in the Ke
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/37863c43b2c6464f252862bf2e9768264e961678 (4.14-rc3)
 	NOTE: Introduced by: https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1)
-CVE-2017-12191
-	RESERVED
+CVE-2017-12191 (A flaw was found in the CloudForms account configuration when using ...)
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the ...)
 	{DLA-1200-1}
@@ -43034,8 +43049,8 @@ CVE-2017-9461 (smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial o
 	[wheezy] - samba <no-dsa> (Minor, non reproducible issue)
 	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=10c3e3923022485c720f322ca4f0aca5d7501310
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12572
-CVE-2017-9447
-	RESERVED
+CVE-2017-9447 (In the web interface of Parallels Remote Application Server (RAS) 15.5 ...)
+	TODO: check
 CVE-2017-9446
 	RESERVED
 CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new in ...)
@@ -64496,9 +64511,9 @@ CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NM
 	NOT-FOR-US: Siemens
 CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...)
 	NOT-FOR-US: Siemens
-CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std, SIMATIC ...)
+CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All ...)
 	NOT-FOR-US: Siemens
-CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std, SIMATIC ...)
+CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All ...)
 	NOT-FOR-US: Siemens
 CVE-2017-2679
 	RESERVED
@@ -101541,24 +101556,24 @@ CVE-2016-0301 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domin
 	NOT-FOR-US: IBM
 CVE-2016-0300 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
 	NOT-FOR-US: IBM TRIRIGA Application Platform
-CVE-2016-0299
-	RESERVED
+CVE-2016-0299 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
+	TODO: check
 CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium Database ...)
 	NOT-FOR-US: IBM
 CVE-2016-0297 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could ...)
 	NOT-FOR-US: IBM
 CVE-2016-0296 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores ...)
 	NOT-FOR-US: IBM
-CVE-2016-0295
-	RESERVED
+CVE-2016-0295 (Cross-site request forgery (CSRF) vulnerability in the IBM BigFix ...)
+	TODO: check
 CVE-2016-0294
 	RESERVED
 CVE-2016-0293 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform ...)
 	NOT-FOR-US: IBM
 CVE-2016-0292 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) ...)
 	NOT-FOR-US: IBM
-CVE-2016-0291
-	RESERVED
+CVE-2016-0291 (IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow ...)
+	TODO: check
 CVE-2016-0290
 	RESERVED
 CVE-2016-0289 (shiprec.xml in the SHIPREC application in IBM Maximo Asset Management ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c52b8723de450684fee13c6c4a420b7ecd77a09

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c52b8723de450684fee13c6c4a420b7ecd77a09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/9a229305/attachment-0001.html>

More information about the Secure-testing-commits mailing list