[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 9 09:10:17 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0380f96f by security tracker role at 2018-01-09T09:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,33 @@
+CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5310 (In the "Media from FTP" plugin before 9.85 for WordPress, Directory ...)
+ TODO: check
+CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
+ TODO: check
+CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...)
+ TODO: check
+CVE-2018-5307
+ RESERVED
+CVE-2018-5306
+ RESERVED
+CVE-2018-5305
+ RESERVED
+CVE-2018-5304
+ RESERVED
+CVE-2018-5303
+ RESERVED
+CVE-2018-5302
+ RESERVED
+CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...)
+ TODO: check
+CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote ...)
+ TODO: check
+CVE-2017-18024
+ RESERVED
+CVE-2017-18023
+ RESERVED
CVE-2018-XXXX [Password protect the JSONRPC interface]
- electrum 3.0.5-1 (bug #886683)
NOTE: https://github.com/spesmilo/electrum/issues/3374
@@ -80,8 +110,8 @@ CVE-2018-5265
RESERVED
CVE-2018-5264
RESERVED
-CVE-2018-5263
- RESERVED
+CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before ...)
+ TODO: check
CVE-2018-5262
RESERVED
CVE-2018-5261
@@ -14918,6 +14948,7 @@ CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an ...)
+ {DSA-4081-1 DSA-4080-1}
- php7.1 7.1.11-1
- php7.0 7.0.25-1
- php5 <removed>
@@ -25550,18 +25581,20 @@ CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
CVE-2017-12934 (ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ...)
+ {DSA-4080-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
NOTE: Fixed in 7.1.7, 7.0.21
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74101
CVE-2017-12933 (The finish_nested_data function in ext/standard/var_unserializer.re in ...)
- {DLA-1076-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1076-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
- php5 <removed>
NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74111
CVE-2017-12932 (ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ...)
+ {DSA-4080-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
NOTE: Fixed in 7.1.8, 7.0.22
@@ -29620,7 +29653,7 @@ CVE-2017-11630 (dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7
CVE-2017-11629 (dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in ...)
NOT-FOR-US: FineCMS
CVE-2017-11628 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a ...)
- {DLA-1066-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1066-1}
- php7.1 7.1.8-1 (low)
- php7.0 7.0.22-1 (low)
- php5 <removed> (low)
@@ -31083,7 +31116,7 @@ CVE-2017-11148 (Server-side request forgery (SSRF) vulnerability in link preview
CVE-2017-11146
REJECTED
CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an ...)
- {DLA-1034-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1034-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
- php5 <removed>
@@ -31822,7 +31855,7 @@ CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling o
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the ...)
- {DLA-1034-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1034-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
- php5 <removed>
@@ -31833,7 +31866,7 @@ CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7,
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of ...)
- {DLA-1034-1}
+ {DSA-4081-1 DLA-1034-1}
- php7.1 <not-affected> (Only affected 5.6)
- php7.0 <not-affected> (Only affected 5.6)
- php5 <removed>
@@ -31842,6 +31875,7 @@ CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserializatio
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote ...)
+ {DSA-4081-1}
- php7.1 7.1.3+-1
- php7.0 7.0.17-1
- php5 <removed>
@@ -173903,8 +173937,7 @@ CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) ...)
CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain ...)
- dokuwiki 0.0.20130510a-1 (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2
-CVE-2012-3353
- RESERVED
+CVE-2012-3353 (The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling ...)
NOT-FOR-US: Apache Sling
CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...)
- asterisk <not-affected> (Only affects Asterisk 10)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0380f96f8a2096042259a196b76f0b5b661647e3
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0380f96f8a2096042259a196b76f0b5b661647e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180109/69e0d9fd/attachment.html>
More information about the Secure-testing-commits
mailing list