[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jan 9 21:10:22 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1cfd0fd by security tracker role at 2018-01-09T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-5313
+	RESERVED
+CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...)
+	TODO: check
 CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the ...)
 	NOT-FOR-US: tabs-responsive plugin for WordPress
 CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the ...)
@@ -215,8 +219,8 @@ CVE-2018-5223
 	RESERVED
 CVE-2018-5222
 	RESERVED
-CVE-2018-5221
-	RESERVED
+CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX ...)
+	TODO: check
 CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
 	NOT-FOR-US: K7 Antivirus
 CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
@@ -235,8 +239,8 @@ CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has
 	NOT-FOR-US: Simple Download Monitor plugin for WordPress
 CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
 	NOT-FOR-US: Simple Download Monitor plugin for WordPress
-CVE-2018-5211
-	RESERVED
+CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack ...)
+	TODO: check
 CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2018-5209
@@ -970,6 +974,7 @@ CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed cou
 CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack ...)
 	NOT-FOR-US: Mautic
 CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command injection because ...)
+	{DLA-1237-1 DLA-1236-1}
 	- plexus-utils 1:1.5.15-5
 	- plexus-utils2 3.0.22-1
 	NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
@@ -4426,15 +4431,15 @@ CVE-2018-3561
 CVE-2018-3560
 	RESERVED
 CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...)
-	{DSA-4073-1 DLA-1232-1}
+	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
 	- linux 4.14.7-1
 	NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3)
 CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...)
-	{DSA-4073-1 DLA-1232-1}
+	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
 	- linux 4.14.7-1
 	NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4)
 CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...)
-	{DSA-4073-1 DLA-1232-1}
+	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
 	- linux 4.14.7-1
 	NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
 CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...)
@@ -4624,7 +4629,7 @@ CVE-2017-17743
 CVE-2017-17742
 	RESERVED
 CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...)
-	{DSA-4073-1 DLA-1232-1}
+	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
 	- linux 4.14.7-1
 	NOTE: https://www.spinics.net/lists/kvm/msg160796.html
 CVE-2017-17740 (contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both ...)
@@ -7111,14 +7116,14 @@ CVE-2018-2365
 	RESERVED
 CVE-2018-2364
 	RESERVED
-CVE-2018-2363
-	RESERVED
-CVE-2018-2362
-	RESERVED
-CVE-2018-2361
-	RESERVED
-CVE-2018-2360
-	RESERVED
+CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, ...)
+	TODO: check
+CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send ...)
+	TODO: check
+CVE-2018-2361 (In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the ...)
+	TODO: check
+CVE-2018-2360 (SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an ...)
+	TODO: check
 CVE-2017-17701 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
 	NOT-FOR-US: K7 Antivirus
 CVE-2017-17700 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
@@ -9443,7 +9448,7 @@ CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest O
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-248.html
 CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
-	{DSA-4073-1 DLA-1232-1}
+	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
 	- linux 4.14.7-1
 	NOTE: https://www.spinics.net/lists/linux-usb/msg163644.html
 	NOTE: Fixed by: https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7
@@ -9997,17 +10002,17 @@ CVE-2017-17452
 CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in the ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not ...)
-	{DSA-4073-1}
+	{DSA-4082-1 DSA-4073-1}
 	- linux 4.14.7-1
 	[wheezy] - linux <ignored> (User namespaces not supported)
 	NOTE: https://lkml.org/lkml/2017/12/5/982
 CVE-2017-17449 (The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in ...)
-	{DSA-4073-1}
+	{DSA-4082-1 DSA-4073-1}
 	- linux 4.14.7-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lkml.org/lkml/2017/12/5/950
 CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 ...)
-	{DSA-4073-1}
+	{DSA-4082-1 DSA-4073-1}
 	- linux 4.14.7-1
 	[wheezy] - linux <ignored> (User namespaces not supported)
 	NOTE: https://patchwork.kernel.org/patch/10089373/
@@ -10285,7 +10290,7 @@ CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
 	NOTE: The upload of 2.26-0experimental2 to experimental fixed the issue (cf. #883729).
 CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a ...)
-	{DSA-4073-1}
+	{DSA-4082-1 DSA-4073-1}
 	- linux 4.14.7-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.3)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
@@ -13659,7 +13664,7 @@ CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent use 
 CVE-2017-16940
 	RESERVED
 CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the ...)
-	{DLA-1200-1}
+	{DSA-4082-1 DLA-1200-1}
 	- linux 4.13.13-1
 	[stretch] - linux 4.9.65-1
 	NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
@@ -13838,7 +13843,7 @@ CVE-2017-16886
 CVE-2017-16885
 	RESERVED
 CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...)
-	{DSA-4073-1 DLA-1200-1}
+	{DSA-4082-1 DSA-4073-1 DLA-1200-1}
 	- linux 4.14.7-1
 	NOTE: https://www.spinics.net/lists/kvm/msg159809.html
 CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
@@ -15231,7 +15236,7 @@ CVE-2017-16539 (The DefaultLinuxSpec function in oci/defaults.go in Docker Moby 
 	NOTE: https://github.com/moby/moby/pull/35399
 	NOTE: https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
 CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through ...)
-	{DSA-4073-1}
+	{DSA-4082-1 DSA-4073-1}
 	- linux 4.14.7-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...)
@@ -17243,7 +17248,7 @@ CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attac
 CVE-2017-15869
 	RESERVED
 CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...)
-	{DLA-1200-1}
+	{DSA-4082-1 DLA-1200-1}
 	- linux 4.0.2-1
 	NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3)
 CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -19247,8 +19252,7 @@ CVE-2017-15131
 	RESERVED
 CVE-2017-15130
 	RESERVED
-CVE-2017-15129 [net: double-free and memory corruption in get_net_ns_by_id()]
-	RESERVED
+CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...)
 	- linux 4.14.12-1
 	NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0
 CVE-2017-15128 [Out of bound access in hugetlb_mcopy_atomic_pte function in mm/hugetlb.c]
@@ -38210,7 +38214,7 @@ CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handl
 	NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
 	NOTE: https://github.com/dinhviethoa/libetpan/issues/274
 CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel ...)
-	{DSA-4073-1 DLA-1200-1}
+	{DSA-4082-1 DSA-4073-1 DLA-1200-1}
 	- linux 4.14.7-1
 	NOTE: http://lists.openwall.net/netdev/2017/12/04/224
 	NOTE: Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76
@@ -47920,7 +47924,7 @@ CVE-2017-5756
 CVE-2017-5755
 	RESERVED
 CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...)
-	{DSA-4078-1 DLA-1232-1}
+	{DSA-4082-1 DSA-4078-1 DLA-1232-1}
 	- linux 4.14.12-1
 	NOTE: https://meltdownattack.com/
 	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -59787,18 +59791,18 @@ CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable 
 	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to ...)
 	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
-CVE-2017-1671
-	RESERVED
-CVE-2017-1670
-	RESERVED
+CVE-2017-1671 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a ...)
+	TODO: check
+CVE-2017-1670 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to ...)
+	TODO: check
 CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive ...)
 	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
-CVE-2017-1668
-	RESERVED
+CVE-2017-1668 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a ...)
+	TODO: check
 CVE-2017-1667
 	RESERVED
-CVE-2017-1666
-	RESERVED
+CVE-2017-1666 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a ...)
+	TODO: check
 CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
 	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
 CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
@@ -59905,8 +59909,8 @@ CVE-2017-1614
 	RESERVED
 CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote attacker to ...)
 	NOT-FOR-US: IBM Connections
-CVE-2017-1612
-	RESERVED
+CVE-2017-1612 (IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module ...)
+	TODO: check
 CVE-2017-1611
 	RESERVED
 CVE-2017-1610
@@ -60143,8 +60147,8 @@ CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow
 	NOT-FOR-US: IBM
 CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM Business Process Manager
-CVE-2017-1493
-	RESERVED
+CVE-2017-1493 (IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated ...)
+	TODO: check
 CVE-2017-1492
 	RESERVED
 CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between multiple ...)
@@ -116383,8 +116387,8 @@ CVE-2015-1291 (The ContainerNode::parserRemoveChild function in ...)
 	- chromium-browser 45.0.2454.85-1 (low)
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1290
-	RESERVED
+CVE-2015-1290 (The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and ...)
+	TODO: check
 CVE-2015-1289 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3315-1}
 	- chromium-browser 44.0.2403.89-1
@@ -116782,8 +116786,8 @@ CVE-2015-1209 (Use-after-free vulnerability in the ...)
 	- chromium-browser 40.0.2214.111-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1208
-	RESERVED
+CVE-2015-1208 (Integer underflow in the mov_read_default function in ...)
+	TODO: check
 CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google ...)
 	- ffmpeg 7:2.6.1-1
 	- libav <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c1cfd0fd0a2e67986ec4ee0d9c1d289abbec6860

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c1cfd0fd0a2e67986ec4ee0d9c1d289abbec6860
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180109/f99e2e3f/attachment.html>


More information about the Secure-testing-commits mailing list