[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 9 21:10:22 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c1cfd0fd by security tracker role at 2018-01-09T21:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-5313
+ RESERVED
+CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...)
+ TODO: check
CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the ...)
NOT-FOR-US: tabs-responsive plugin for WordPress
CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the ...)
@@ -215,8 +219,8 @@ CVE-2018-5223
RESERVED
CVE-2018-5222
RESERVED
-CVE-2018-5221
- RESERVED
+CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX ...)
+ TODO: check
CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
NOT-FOR-US: K7 Antivirus
CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
@@ -235,8 +239,8 @@ CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has
NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
NOT-FOR-US: Simple Download Monitor plugin for WordPress
-CVE-2018-5211
- RESERVED
+CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack ...)
+ TODO: check
CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...)
NOT-FOR-US: Samsung mobile devices
CVE-2018-5209
@@ -970,6 +974,7 @@ CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed cou
CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack ...)
NOT-FOR-US: Mautic
CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command injection because ...)
+ {DLA-1237-1 DLA-1236-1}
- plexus-utils 1:1.5.15-5
- plexus-utils2 3.0.22-1
NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
@@ -4426,15 +4431,15 @@ CVE-2018-3561
CVE-2018-3560
RESERVED
CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3)
CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4)
CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...)
@@ -4624,7 +4629,7 @@ CVE-2017-17743
CVE-2017-17742
RESERVED
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: https://www.spinics.net/lists/kvm/msg160796.html
CVE-2017-17740 (contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both ...)
@@ -7111,14 +7116,14 @@ CVE-2018-2365
RESERVED
CVE-2018-2364
RESERVED
-CVE-2018-2363
- RESERVED
-CVE-2018-2362
- RESERVED
-CVE-2018-2361
- RESERVED
-CVE-2018-2360
- RESERVED
+CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, ...)
+ TODO: check
+CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send ...)
+ TODO: check
+CVE-2018-2361 (In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the ...)
+ TODO: check
+CVE-2018-2360 (SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an ...)
+ TODO: check
CVE-2017-17701 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
NOT-FOR-US: K7 Antivirus
CVE-2017-17700 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
@@ -9443,7 +9448,7 @@ CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest O
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: https://www.spinics.net/lists/linux-usb/msg163644.html
NOTE: Fixed by: https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7
@@ -9997,17 +10002,17 @@ CVE-2017-17452
CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in the ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not ...)
- {DSA-4073-1}
+ {DSA-4082-1 DSA-4073-1}
- linux 4.14.7-1
[wheezy] - linux <ignored> (User namespaces not supported)
NOTE: https://lkml.org/lkml/2017/12/5/982
CVE-2017-17449 (The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in ...)
- {DSA-4073-1}
+ {DSA-4082-1 DSA-4073-1}
- linux 4.14.7-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2017/12/5/950
CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 ...)
- {DSA-4073-1}
+ {DSA-4082-1 DSA-4073-1}
- linux 4.14.7-1
[wheezy] - linux <ignored> (User namespaces not supported)
NOTE: https://patchwork.kernel.org/patch/10089373/
@@ -10285,7 +10290,7 @@ CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
NOTE: The upload of 2.26-0experimental2 to experimental fixed the issue (cf. #883729).
CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a ...)
- {DSA-4073-1}
+ {DSA-4082-1 DSA-4073-1}
- linux 4.14.7-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.3)
NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
@@ -13659,7 +13664,7 @@ CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent use
CVE-2017-16940
RESERVED
CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the ...)
- {DLA-1200-1}
+ {DSA-4082-1 DLA-1200-1}
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
@@ -13838,7 +13843,7 @@ CVE-2017-16886
CVE-2017-16885
RESERVED
CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...)
- {DSA-4073-1 DLA-1200-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1200-1}
- linux 4.14.7-1
NOTE: https://www.spinics.net/lists/kvm/msg159809.html
CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
@@ -15231,7 +15236,7 @@ CVE-2017-16539 (The DefaultLinuxSpec function in oci/defaults.go in Docker Moby
NOTE: https://github.com/moby/moby/pull/35399
NOTE: https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through ...)
- {DSA-4073-1}
+ {DSA-4082-1 DSA-4073-1}
- linux 4.14.7-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...)
@@ -17243,7 +17248,7 @@ CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attac
CVE-2017-15869
RESERVED
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...)
- {DLA-1200-1}
+ {DSA-4082-1 DLA-1200-1}
- linux 4.0.2-1
NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3)
CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -19247,8 +19252,7 @@ CVE-2017-15131
RESERVED
CVE-2017-15130
RESERVED
-CVE-2017-15129 [net: double-free and memory corruption in get_net_ns_by_id()]
- RESERVED
+CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...)
- linux 4.14.12-1
NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0
CVE-2017-15128 [Out of bound access in hugetlb_mcopy_atomic_pte function in mm/hugetlb.c]
@@ -38210,7 +38214,7 @@ CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handl
NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
NOTE: https://github.com/dinhviethoa/libetpan/issues/274
CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel ...)
- {DSA-4073-1 DLA-1200-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1200-1}
- linux 4.14.7-1
NOTE: http://lists.openwall.net/netdev/2017/12/04/224
NOTE: Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76
@@ -47920,7 +47924,7 @@ CVE-2017-5756
CVE-2017-5755
RESERVED
CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...)
- {DSA-4078-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4078-1 DLA-1232-1}
- linux 4.14.12-1
NOTE: https://meltdownattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -59787,18 +59791,18 @@ CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable
NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to ...)
NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
-CVE-2017-1671
- RESERVED
-CVE-2017-1670
- RESERVED
+CVE-2017-1671 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a ...)
+ TODO: check
+CVE-2017-1670 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to ...)
+ TODO: check
CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive ...)
NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
-CVE-2017-1668
- RESERVED
+CVE-2017-1668 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a ...)
+ TODO: check
CVE-2017-1667
RESERVED
-CVE-2017-1666
- RESERVED
+CVE-2017-1666 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a ...)
+ TODO: check
CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
@@ -59905,8 +59909,8 @@ CVE-2017-1614
RESERVED
CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote attacker to ...)
NOT-FOR-US: IBM Connections
-CVE-2017-1612
- RESERVED
+CVE-2017-1612 (IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module ...)
+ TODO: check
CVE-2017-1611
RESERVED
CVE-2017-1610
@@ -60143,8 +60147,8 @@ CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow
NOT-FOR-US: IBM
CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site ...)
NOT-FOR-US: IBM Business Process Manager
-CVE-2017-1493
- RESERVED
+CVE-2017-1493 (IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated ...)
+ TODO: check
CVE-2017-1492
RESERVED
CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between multiple ...)
@@ -116383,8 +116387,8 @@ CVE-2015-1291 (The ContainerNode::parserRemoveChild function in ...)
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1290
- RESERVED
+CVE-2015-1290 (The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and ...)
+ TODO: check
CVE-2015-1289 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3315-1}
- chromium-browser 44.0.2403.89-1
@@ -116782,8 +116786,8 @@ CVE-2015-1209 (Use-after-free vulnerability in the ...)
- chromium-browser 40.0.2214.111-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1208
- RESERVED
+CVE-2015-1208 (Integer underflow in the mov_read_default function in ...)
+ TODO: check
CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google ...)
- ffmpeg 7:2.6.1-1
- libav <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c1cfd0fd0a2e67986ec4ee0d9c1d289abbec6860
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c1cfd0fd0a2e67986ec4ee0d9c1d289abbec6860
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180109/f99e2e3f/attachment.html>
More information about the Secure-testing-commits
mailing list