[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 8 09:10:17 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
07c7c98f by security tracker role at 2018-01-08T09:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,89 @@
+CVE-2018-5298 (In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) ...)
+ TODO: check
+CVE-2018-5297
+ RESERVED
+CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...)
+ TODO: check
+CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
+ TODO: check
+CVE-2018-5294 (In libming 0.4.8, there is an integer overflow (caused by an ...)
+ TODO: check
+CVE-2018-5293 (The GD Rating System plugin 2.3 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5292 (The GD Rating System plugin 2.3 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5291 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal ...)
+ TODO: check
+CVE-2018-5290 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal ...)
+ TODO: check
+CVE-2018-5289 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal ...)
+ TODO: check
+CVE-2018-5288 (The GD Rating System plugin 2.3 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5287 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal ...)
+ TODO: check
+CVE-2018-5286 (The GD Rating System plugin 2.3 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5285 (The ImageInject plugin 1.15 for WordPress has CSRF via ...)
+ TODO: check
+CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid ...)
+ TODO: check
+CVE-2018-5283
+ RESERVED
+CVE-2018-5282
+ RESERVED
+CVE-2018-5281
+ RESERVED
+CVE-2018-5280
+ RESERVED
+CVE-2018-5279 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5278 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5277 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5276 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5275 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5274 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5273 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5272 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5271 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5270 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...)
+ TODO: check
+CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in ...)
+ TODO: check
+CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in ...)
+ TODO: check
+CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to ...)
+ TODO: check
+CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to ...)
+ TODO: check
+CVE-2018-5265
+ RESERVED
+CVE-2018-5264
+ RESERVED
+CVE-2018-5263
+ RESERVED
+CVE-2018-5262
+ RESERVED
+CVE-2018-5261
+ RESERVED
+CVE-2018-5260
+ RESERVED
+CVE-2018-5259
+ RESERVED
+CVE-2018-5258
+ RESERVED
+CVE-2018-5257
+ RESERVED
+CVE-2018-5256
+ RESERVED
CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared ...)
NOT-FOR-US: Hitron CVE-30360 devices
CVE-2018-5255
@@ -409,8 +495,8 @@ CVE-2018-5073 (Online Ticket Booking has CSRF via admin/movieedit.php. ...)
NOT-FOR-US: Online Ticket Booking
CVE-2018-5072 (Online Ticket Booking has XSS via the admin/sitesettings.php keyword ...)
NOT-FOR-US: Online Ticket Booking
-CVE-2018-5071
- RESERVED
+CVE-2018-5071 (Persistent XSS exists in the web server on Cobham Sea Tel 116 build ...)
+ TODO: check
CVE-2018-5070
RESERVED
CVE-2018-5069
@@ -815,7 +901,7 @@ CVE-2018-4870
RESERVED
CVE-2018-4869
RESERVED
-CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 ...)
+CVE-2018-4868 (** DISPUTED ** The Exiv2::Jp2Image::readMetadata function in ...)
- exiv2 <unfixed> (unimportant)
NOTE: https://github.com/Exiv2/exiv2/issues/202
CVE-2017-1000500 (Keycloak SSO versions prior to 2.x are vulnerable to Host Header ...)
@@ -3121,8 +3207,8 @@ CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 2.4.0
TODO: check
CVE-2018-3816
RESERVED
-CVE-2018-3815
- RESERVED
+CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) ...)
+ TODO: check
CVE-2017-18015 (The ILLID Share This Image plugin before 1.04 for WordPress has XSS via ...)
NOT-FOR-US: ILLID Share This Image plugin for WordPress
CVE-2017-18014
@@ -3822,6 +3908,7 @@ CVE-2017-17916 (** DISPUTED ** SQL injection vulnerability in the 'find_by' meth
NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
+ {DLA-1231-1}
- graphicsmagick 1.3.27-3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
@@ -3840,6 +3927,7 @@ CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-bas
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/536/
CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
+ {DLA-1231-1}
- graphicsmagick 1.3.27-3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/533/
@@ -4291,15 +4379,15 @@ CVE-2018-3561
CVE-2018-3560
RESERVED
CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...)
- {DSA-4073-1}
+ {DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3)
CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...)
- {DSA-4073-1}
+ {DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4)
CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...)
- {DSA-4073-1}
+ {DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...)
@@ -4349,6 +4437,7 @@ CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPA
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/529/
CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ...)
+ {DLA-1231-1}
- graphicsmagick 1.3.27-2 (bug #884905)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/530/
@@ -4487,7 +4576,7 @@ CVE-2017-17743
CVE-2017-17742
RESERVED
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...)
- {DSA-4073-1}
+ {DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: https://www.spinics.net/lists/kvm/msg160796.html
CVE-2017-17740 (contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both ...)
@@ -9306,7 +9395,7 @@ CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest O
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
- {DSA-4073-1}
+ {DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: https://www.spinics.net/lists/linux-usb/msg163644.html
NOTE: Fixed by: https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7
@@ -9576,18 +9665,22 @@ CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/59c49559e302e06bfba46cb6feb4e39adbe675b6
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/fb89192c4ca1600741af79dd22166a7d91e76924
CVE-2017-17503 (ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a ...)
+ {DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/522/
CVE-2017-17502 (ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a ...)
+ {DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/521/
CVE-2017-17501 (WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a ...)
+ {DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/526/
CVE-2017-17500 (ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a ...)
+ {DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
@@ -9599,6 +9692,7 @@ CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a ...)
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1
CVE-2017-17498 (WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote ...)
+ {DLA-1231-1}
- graphicsmagick 1.3.27-1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/525/
@@ -16996,8 +17090,8 @@ CVE-2017-15915
RESERVED
CVE-2017-15914
RESERVED
-CVE-2017-15913
- RESERVED
+CVE-2017-15913 (The Installer in Whale allows DLL hijacking. ...)
+ TODO: check
CVE-2017-15912
RESERVED
CVE-2017-15911 (The Admin Console in Ignite Realtime Openfire Server before 4.1.7 ...)
@@ -29807,7 +29901,7 @@ CVE-2017-11553 (There is an illegal address access in the extend_alias_table fun
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
NOTE: Not reproducible in wheezy/jessie/stretch.
NOTE: Reproducible with 0.26-1 (experimental).
-CVE-2017-11552 (The mad_decoder_run function in decoder.c in libmad 0.15.1b allows ...)
+CVE-2017-11552 (mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use ...)
- libmad <unfixed> (unimportant; bug #870406)
NOTE: Futher analysis has shown that the underlying issue is in src:mpg321
NOTE: Cf. https://bugs.debian.org/870406#25 for more Details.
@@ -47147,8 +47241,8 @@ CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The applicati
NOT-FOR-US: Sauter NovaWeb
CVE-2016-10223 (An issue was discovered in BigTree CMS before 4.2.15. The vulnerability ...)
NOT-FOR-US: BigTree CMS
-CVE-2017-5971
- RESERVED
+CVE-2017-5971 (SQL injection vulnerability in NewsBee CMS allow remote attackers to ...)
+ TODO: check
CVE-2017-5970 (The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the ...)
{DSA-3791-1 DLA-922-1}
- linux 4.9.10-1
@@ -47772,7 +47866,7 @@ CVE-2017-5756
CVE-2017-5755
RESERVED
CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...)
- {DSA-4078-1}
+ {DSA-4078-1 DLA-1232-1}
- linux 4.14.12-1
NOTE: https://meltdownattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07c7c98f506fe82b1ff373a33a31613e50eee201
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07c7c98f506fe82b1ff373a33a31613e50eee201
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180108/70aea07b/attachment-0001.html>
More information about the Secure-testing-commits
mailing list