[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jan 1 21:10:22 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a62d3e93 by security tracker role at 2018-01-01T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-3814 (Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP ...)
+	TODO: check
+CVE-2018-3813 (getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 ...)
+	TODO: check
+CVE-2018-3812
+	RESERVED
 CVE-2018-3811 (SQL Injection vulnerability in the Oturia Smart Google Code Inserter ...)
 	NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
 CVE-2018-3810 (Authentication Bypass vulnerability in the Oturia Smart Google Code ...)
@@ -666,21 +672,21 @@ CVE-2017-17922
 	RESERVED
 CVE-2017-17921
 	RESERVED
-CVE-2017-17920 (SQL injection vulnerability in the 'reorder' method in Ruby on Rails ...)
+CVE-2017-17920 (** DISPUTED ** SQL injection vulnerability in the 'reorder' method in ...)
 	- rails <unfixed> (unimportant)
 	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
 	NOTE: All of those methods accept arbitrary SQL by design.
-CVE-2017-17919 (SQL injection vulnerability in the 'order' method in Ruby on Rails ...)
+CVE-2017-17919 (** DISPUTED ** SQL injection vulnerability in the 'order' method in ...)
 	- rails <unfixed> (unimportant)
 	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
 	NOTE: All of those methods accept arbitrary SQL by design.
 CVE-2017-17918
 	RESERVED
-CVE-2017-17917 (SQL injection vulnerability in the 'where' method in Ruby on Rails ...)
+CVE-2017-17917 (** DISPUTED ** SQL injection vulnerability in the 'where' method in ...)
 	- rails <unfixed> (unimportant)
 	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
 	NOTE: All of those methods accept arbitrary SQL by design.
-CVE-2017-17916 (SQL injection vulnerability in the 'find_by' method in Ruby on Rails ...)
+CVE-2017-17916 (** DISPUTED ** SQL injection vulnerability in the 'find_by' method in ...)
 	- rails <unfixed> (unimportant)
 	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
 	NOTE: All of those methods accept arbitrary SQL by design.
@@ -689,6 +695,7 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
 CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
+	{DLA-1227-1}
 	- imagemagick <unfixed>
 	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <ignored> (Minor issue)
@@ -807,7 +814,7 @@ CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/663b3b432c202cd2aeda7ea7e82b74cce51ab1cf
 	NOTE: webp support not enabled, see #806425
 CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based ...)
-	{DSA-4074-1}
+	{DSA-4074-1 DLA-1227-1}
 	- imagemagick <unfixed> (bug #885125)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
@@ -5882,6 +5889,7 @@ CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb37
 CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...)
 	NOT-FOR-US: Panda Global Protection
 CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in ...)
+	{DLA-1227-1}
 	- imagemagick <unfixed> (low; bug #885942)
 	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <ignored> (Minor issue)
@@ -6425,7 +6433,7 @@ CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the funct
 	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
-	{DSA-4074-1}
+	{DSA-4074-1 DLA-1227-1}
 	- imagemagick <unfixed> (bug #885340)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a62d3e939aeca151ca18c6c002e5a98c6ca81727

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a62d3e939aeca151ca18c6c002e5a98c6ca81727
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180101/63cc07d2/attachment-0001.html>

More information about the Secure-testing-commits mailing list