[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 12 21:10:28 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3bd0b4c3 by security tracker role at 2018-01-12T21:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,44 +1,404 @@
-CVE-2018-XXXX [rpc session-id mechanism design flaw results in RCE]
- - transmission <unfixed> (bug #886990)
- NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
- NOTE: https://github.com/transmission/transmission/pull/468
- NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
-CVE-2018-5374
+CVE-2018-5549
RESERVED
-CVE-2018-5373
+CVE-2018-5548
RESERVED
-CVE-2018-5372
+CVE-2018-5547
RESERVED
-CVE-2018-5371
+CVE-2018-5546
RESERVED
-CVE-2018-5370
+CVE-2018-5545
RESERVED
-CVE-2018-5369
+CVE-2018-5544
RESERVED
-CVE-2018-5368
+CVE-2018-5543
RESERVED
-CVE-2018-5367
+CVE-2018-5542
RESERVED
-CVE-2018-5366
+CVE-2018-5541
RESERVED
-CVE-2018-5365
+CVE-2018-5540
RESERVED
-CVE-2018-5364
+CVE-2018-5539
RESERVED
-CVE-2018-5363
+CVE-2018-5538
RESERVED
-CVE-2018-5362
+CVE-2018-5537
RESERVED
-CVE-2018-5361
+CVE-2018-5536
RESERVED
-CVE-2018-5360
+CVE-2018-5535
RESERVED
-CVE-2018-5359
+CVE-2018-5534
+ RESERVED
+CVE-2018-5533
+ RESERVED
+CVE-2018-5532
+ RESERVED
+CVE-2018-5531
+ RESERVED
+CVE-2018-5530
+ RESERVED
+CVE-2018-5529
+ RESERVED
+CVE-2018-5528
+ RESERVED
+CVE-2018-5527
+ RESERVED
+CVE-2018-5526
+ RESERVED
+CVE-2018-5525
+ RESERVED
+CVE-2018-5524
+ RESERVED
+CVE-2018-5523
+ RESERVED
+CVE-2018-5522
+ RESERVED
+CVE-2018-5521
+ RESERVED
+CVE-2018-5520
+ RESERVED
+CVE-2018-5519
+ RESERVED
+CVE-2018-5518
+ RESERVED
+CVE-2018-5517
+ RESERVED
+CVE-2018-5516
+ RESERVED
+CVE-2018-5515
+ RESERVED
+CVE-2018-5514
+ RESERVED
+CVE-2018-5513
+ RESERVED
+CVE-2018-5512
+ RESERVED
+CVE-2018-5511
+ RESERVED
+CVE-2018-5510
+ RESERVED
+CVE-2018-5509
+ RESERVED
+CVE-2018-5508
+ RESERVED
+CVE-2018-5507
+ RESERVED
+CVE-2018-5506
+ RESERVED
+CVE-2018-5505
+ RESERVED
+CVE-2018-5504
+ RESERVED
+CVE-2018-5503
+ RESERVED
+CVE-2018-5502
+ RESERVED
+CVE-2018-5501
+ RESERVED
+CVE-2018-5500
+ RESERVED
+CVE-2018-5499
+ RESERVED
+CVE-2018-5498
+ RESERVED
+CVE-2018-5497
+ RESERVED
+CVE-2018-5496
+ RESERVED
+CVE-2018-5495
+ RESERVED
+CVE-2018-5494
+ RESERVED
+CVE-2018-5493
+ RESERVED
+CVE-2018-5492
+ RESERVED
+CVE-2018-5491
+ RESERVED
+CVE-2018-5490
+ RESERVED
+CVE-2018-5489
+ RESERVED
+CVE-2018-5488
+ RESERVED
+CVE-2018-5487
+ RESERVED
+CVE-2018-5486
+ RESERVED
+CVE-2018-5485
+ RESERVED
+CVE-2018-5484
+ RESERVED
+CVE-2018-5483
+ RESERVED
+CVE-2018-5482
+ RESERVED
+CVE-2018-5481
+ RESERVED
+CVE-2018-5480
+ RESERVED
+CVE-2018-5479
+ RESERVED
+CVE-2018-5478
+ RESERVED
+CVE-2018-5477
+ RESERVED
+CVE-2018-5476
+ RESERVED
+CVE-2018-5475
+ RESERVED
+CVE-2018-5474
+ RESERVED
+CVE-2018-5473
+ RESERVED
+CVE-2018-5472
+ RESERVED
+CVE-2018-5471
+ RESERVED
+CVE-2018-5470
+ RESERVED
+CVE-2018-5469
+ RESERVED
+CVE-2018-5468
+ RESERVED
+CVE-2018-5467
+ RESERVED
+CVE-2018-5466
+ RESERVED
+CVE-2018-5465
+ RESERVED
+CVE-2018-5464
+ RESERVED
+CVE-2018-5463
+ RESERVED
+CVE-2018-5462
+ RESERVED
+CVE-2018-5461
+ RESERVED
+CVE-2018-5460
+ RESERVED
+CVE-2018-5459
+ RESERVED
+CVE-2018-5458
+ RESERVED
+CVE-2018-5457
+ RESERVED
+CVE-2018-5456
+ RESERVED
+CVE-2018-5455
+ RESERVED
+CVE-2018-5454
+ RESERVED
+CVE-2018-5453
+ RESERVED
+CVE-2018-5452
+ RESERVED
+CVE-2018-5451
+ RESERVED
+CVE-2018-5450
+ RESERVED
+CVE-2018-5449
+ RESERVED
+CVE-2018-5448
+ RESERVED
+CVE-2018-5447
+ RESERVED
+CVE-2018-5446
+ RESERVED
+CVE-2018-5445
+ RESERVED
+CVE-2018-5444
+ RESERVED
+CVE-2018-5443
+ RESERVED
+CVE-2018-5442
+ RESERVED
+CVE-2018-5441
+ RESERVED
+CVE-2018-5440
+ RESERVED
+CVE-2018-5439
+ RESERVED
+CVE-2018-5438
+ RESERVED
+CVE-2018-5437
+ RESERVED
+CVE-2018-5436
+ RESERVED
+CVE-2018-5435
+ RESERVED
+CVE-2018-5434
+ RESERVED
+CVE-2018-5433
+ RESERVED
+CVE-2018-5432
+ RESERVED
+CVE-2018-5431
+ RESERVED
+CVE-2018-5430
+ RESERVED
+CVE-2018-5429
+ RESERVED
+CVE-2018-5428
+ RESERVED
+CVE-2018-5427
+ RESERVED
+CVE-2018-5426
+ RESERVED
+CVE-2018-5425
+ RESERVED
+CVE-2018-5424
+ RESERVED
+CVE-2018-5423
+ RESERVED
+CVE-2018-5422
+ RESERVED
+CVE-2018-5421
+ RESERVED
+CVE-2018-5420
+ RESERVED
+CVE-2018-5419
+ RESERVED
+CVE-2018-5418
+ RESERVED
+CVE-2018-5417
+ RESERVED
+CVE-2018-5416
+ RESERVED
+CVE-2018-5415
+ RESERVED
+CVE-2018-5414
RESERVED
-CVE-2018-5358
+CVE-2018-5413
RESERVED
-CVE-2018-5357
+CVE-2018-5412
RESERVED
+CVE-2018-5411
+ RESERVED
+CVE-2018-5410
+ RESERVED
+CVE-2018-5409
+ RESERVED
+CVE-2018-5408
+ RESERVED
+CVE-2018-5407
+ RESERVED
+CVE-2018-5406
+ RESERVED
+CVE-2018-5405
+ RESERVED
+CVE-2018-5404
+ RESERVED
+CVE-2018-5403
+ RESERVED
+CVE-2018-5402
+ RESERVED
+CVE-2018-5401
+ RESERVED
+CVE-2018-5400
+ RESERVED
+CVE-2018-5399
+ RESERVED
+CVE-2018-5398
+ RESERVED
+CVE-2018-5397
+ RESERVED
+CVE-2018-5396
+ RESERVED
+CVE-2018-5395
+ RESERVED
+CVE-2018-5394
+ RESERVED
+CVE-2018-5393
+ RESERVED
+CVE-2018-5392
+ RESERVED
+CVE-2018-5391
+ RESERVED
+CVE-2018-5390
+ RESERVED
+CVE-2018-5389
+ RESERVED
+CVE-2018-5388
+ RESERVED
+CVE-2018-5387
+ RESERVED
+CVE-2018-5386
+ RESERVED
+CVE-2018-5385
+ RESERVED
+CVE-2018-5384
+ RESERVED
+CVE-2018-5383
+ RESERVED
+CVE-2018-5382
+ RESERVED
+CVE-2018-5381
+ RESERVED
+CVE-2018-5380
+ RESERVED
+CVE-2018-5379
+ RESERVED
+CVE-2018-5378
+ RESERVED
+CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access ...)
+ TODO: check
+CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php ...)
+ TODO: check
+CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php ...)
+ TODO: check
+CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...)
+ TODO: check
+CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found ...)
+ TODO: check
+CVE-2017-18027 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
+ TODO: check
+CVE-2016-10706 (The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted ...)
+ TODO: check
+CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes ...)
+ TODO: check
+CVE-2018-XXXX [rpc session-id mechanism design flaw results in RCE]
+ - transmission <unfixed> (bug #886990)
+ NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
+ NOTE: https://github.com/transmission/transmission/pull/468
+ NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
+CVE-2018-5374 (The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL ...)
+ TODO: check
+CVE-2018-5373 (The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection ...)
+ TODO: check
+CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has SQL ...)
+ TODO: check
+CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ...)
+ TODO: check
+CVE-2018-5370
+ RESERVED
+CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an ...)
+ TODO: check
+CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an ...)
+ TODO: check
+CVE-2018-5367 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5366 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5365 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5364 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5363 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
+ TODO: check
+CVE-2018-5360
+ RESERVED
+CVE-2018-5359
+ RESERVED
+CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
+ TODO: check
+CVE-2018-5357 (ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...)
+ TODO: check
CVE-2018-5356
RESERVED
CVE-2018-5355
@@ -73,8 +433,7 @@ CVE-2018-1000001 [Libc Realpath Buffer Underflow]
CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...)
- gcab <unfixed>
TODO: Asked Red Hat if providing more information possible, https://bugzilla.redhat.com/show_bug.cgi?id=1527296#c6
-CVE-2018-5344 [loop: fix concurrent lo_open/lo_release]
- RESERVED
+CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
CVE-2018-5343
@@ -149,8 +508,8 @@ CVE-2018-5317
RESERVED
CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for ...)
NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for WordPress
-CVE-2018-5315
- RESERVED
+CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL ...)
+ TODO: check
CVE-2018-5314
RESERVED
CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...)
@@ -290,8 +649,8 @@ CVE-2018-5264
RESERVED
CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before ...)
NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
-CVE-2018-5262
- RESERVED
+CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier ...)
+ TODO: check
CVE-2018-5261
RESERVED
CVE-2018-5260
@@ -3409,7 +3768,7 @@ CVE-2017-1000422 (Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several int
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785973
NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=0012e066ba37439d402ce46afbc1311530a4ec61
CVE-2017-1000421 (Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in ...)
- {DLA-1233-1}
+ {DSA-4084-1 DLA-1233-1}
- gifsicle 1.90-1
NOTE: https://github.com/kohler/gifsicle/issues/114
NOTE: https://github.com/kohler/gifsicle/commit/81fd7823f6d9c85ab598bc850e40382068361185
@@ -3439,8 +3798,8 @@ CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling&q
NOT-FOR-US: CommuniGate Pro
CVE-2017-18015 (The ILLID Share This Image plugin before 1.04 for WordPress has XSS via ...)
NOT-FOR-US: ILLID Share This Image plugin for WordPress
-CVE-2017-18014
- RESERVED
+CVE-2017-18014 (An NC-25986 issue was discovered in the Logging subsystem of Sophos XG ...)
+ TODO: check
CVE-2018-3814 (Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP ...)
NOT-FOR-US: Craft CMS
CVE-2018-3813 (getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 ...)
@@ -3786,8 +4145,8 @@ CVE-2018-3711
RESERVED
CVE-2018-3710
RESERVED
-CVE-2017-17970
- RESERVED
+CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...)
+ TODO: check
CVE-2017-17969
RESERVED
CVE-2018-3709
@@ -14014,12 +14373,12 @@ CVE-2017-16889
RESERVED
CVE-2017-16888
RESERVED
-CVE-2017-16887
- RESERVED
-CVE-2017-16886
- RESERVED
-CVE-2017-16885
- RESERVED
+CVE-2017-16887 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...)
+ TODO: check
+CVE-2017-16886 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...)
+ TODO: check
+CVE-2017-16885 (Improper Permissions Handling in the Portal on FiberHome LM53Q1 ...)
+ TODO: check
CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...)
{DSA-4082-1 DSA-4073-1 DLA-1200-1}
- linux 4.14.7-1
@@ -14522,12 +14881,12 @@ CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting
NOT-FOR-US: dayrui FineCms
CVE-2017-16865
RESERVED
-CVE-2017-16864
- RESERVED
+CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 ...)
+ TODO: check
CVE-2017-16863
RESERVED
-CVE-2017-16862
- RESERVED
+CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before version ...)
+ TODO: check
CVE-2017-16861
RESERVED
CVE-2017-16860
@@ -14872,20 +15231,20 @@ CVE-2017-16745
RESERVED
CVE-2017-16744
RESERVED
-CVE-2017-16743
- RESERVED
+CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX CONTACT FL ...)
+ TODO: check
CVE-2017-16742
RESERVED
-CVE-2017-16741
- RESERVED
+CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT FL ...)
+ TODO: check
CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation ...)
NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
-CVE-2017-16739
- RESERVED
+CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...)
+ TODO: check
CVE-2017-16738
RESERVED
-CVE-2017-16737
- RESERVED
+CVE-2017-16737 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...)
+ TODO: check
CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovered ...)
TODO: check
CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...)
@@ -21240,8 +21599,8 @@ CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP authent
NOT-FOR-US: Joomla!
CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the ...)
NOT-FOR-US: Joomla!
-CVE-2017-14594
- RESERVED
+CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ...)
+ TODO: check
CVE-2017-14593
RESERVED
CVE-2017-14592
@@ -22938,8 +23297,8 @@ CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2
NOTE: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b
CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada ...)
NOT-FOR-US: Trihedral VTScada
-CVE-2017-14030
- RESERVED
+CVE-2017-14030 (An issue was discovered in Moxa MXview v2.8 and prior. The unquoted ...)
+ TODO: check
CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...)
NOT-FOR-US: Trihedral VTScada
CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version ...)
@@ -58999,8 +59358,8 @@ CVE-2017-2160
RESERVED
CVE-2017-2159
RESERVED
-CVE-2017-2158
- RESERVED
+CVE-2017-2158 (Improper verification when expanding ZIP64 archives in Lhaplus ...)
+ TODO: check
CVE-2017-2157 (Untrusted search path vulnerability in installers for The Public ...)
NOT-FOR-US: The Public Certification Service
CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows ...)
@@ -61774,8 +62133,8 @@ CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework
TODO: check
CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework ...)
TODO: check
-CVE-2017-0869
- RESERVED
+CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which could ...)
+ TODO: check
CVE-2017-0868
RESERVED
CVE-2017-0867
@@ -94579,16 +94938,16 @@ CVE-2016-0338 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 th
NOT-FOR-US: IBM
CVE-2016-0337
RESERVED
-CVE-2016-0336
- RESERVED
-CVE-2016-0335
- RESERVED
+CVE-2016-0336 (Cross-site scripting (XSS) vulnerability in IBM Security Identity ...)
+ TODO: check
+CVE-2016-0335 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
+ TODO: check
CVE-2016-0334
RESERVED
CVE-2016-0333
RESERVED
-CVE-2016-0332
- RESERVED
+CVE-2016-0332 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
+ TODO: check
CVE-2016-0331 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
NOT-FOR-US: IBM
CVE-2016-0330 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
@@ -94597,14 +94956,14 @@ CVE-2016-0329
RESERVED
CVE-2016-0328 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
NOT-FOR-US: IBM
-CVE-2016-0327
- RESERVED
+CVE-2016-0327 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
+ TODO: check
CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative ...)
NOT-FOR-US: IBM
CVE-2016-0325 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...)
NOT-FOR-US: IBM
-CVE-2016-0324
- RESERVED
+CVE-2016-0324 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
+ TODO: check
CVE-2016-0323 (The Auto-Scaling agent in Liberty for Java in IBM Bluemix before ...)
NOT-FOR-US: IBM
CVE-2016-0322 (Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 ...)
@@ -108392,8 +108751,8 @@ CVE-2015-3890 (Use-after-free vulnerability in Open Litespeed before 1.3.10. ...
NOT-FOR-US: Open Litespeed
CVE-2015-3889
RESERVED
-CVE-2015-3888
- RESERVED
+CVE-2015-3888 (Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof ...)
+ TODO: check
CVE-2015-3887 (Untrusted search path vulnerability in ProxyChains-NG before 4.9 ...)
NOT-FOR-US: proxychains-ng
NOTE: proxychains does not contain the vulnerable code
@@ -111117,8 +111476,8 @@ CVE-2015-2983 (Cross-site request forgery (CSRF) vulnerability in admin.php in P
NOT-FOR-US: Kobo Photo Gallery CMS
CVE-2015-2982 (Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js ...)
NOT-FOR-US: Kobo Photo Gallery CMS
-CVE-2015-2981
- RESERVED
+CVE-2015-2981 (The Yodobashi App for Android 1.2.1.0 and earlier does not verify ...)
+ TODO: check
CVE-2015-2980 (The Yodobashi application 1.2.1.0 and earlier for Android allows ...)
NOT-FOR-US: Yodobashi application for Android
CVE-2015-2979 (Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary ...)
@@ -113331,8 +113690,7 @@ CVE-2009-5146 [memory leak in hostname TLS extension]
NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k)
NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/16/4
-CVE-2015-2298 [information leak]
- RESERVED
+CVE-2015-2298 (node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might ...)
- etherpad-lite <itp> (bug #576998)
NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d
CVE-2015-2296 (The resolve_redirects function in sessions.py in requests 2.1.0 ...)
@@ -124519,8 +124877,7 @@ CVE-2014-8168 (Red Hat Satellite 6 allows local users to access mongod and delet
CVE-2014-8167
RESERVED
NOT-FOR-US: Red Hat vdms and vdsclient
-CVE-2014-8166 [code execution via unescape ANSI escape sequences]
- RESERVED
+CVE-2014-8166 (The browsing feature in the server in CUPS does not filter ANSI escape ...)
- cups <unfixed> (unimportant)
NOTE: Patch: https://bugzilla.redhat.com/attachment.cgi?id=916761
NOTE: Terminal emulators need to perform proper escaping
@@ -125195,8 +125552,8 @@ CVE-2014-7954 (Directory traversal vulnerability in the doSendObjectInfo method
NOT-FOR-US: MtpServer class in Android
CVE-2014-7953 (Race condition in the bindBackupAgent method in the ...)
NOT-FOR-US: Android
-CVE-2014-7952
- RESERVED
+CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attackers ...)
+ TODO: check
CVE-2014-7951
RESERVED
CVE-2014-7950
@@ -128830,12 +129187,12 @@ CVE-2014-6438 (The URI.decode_www_form_component method in Ruby before 1.9.2-p33
NOTE: https://github.com/ruby/ruby/commit/5082e91876502a2f3dde862406a0efe9f85afcdb
NOTE: https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943
NOTE: CVE assignment is specific to ruby 1.9.x series?
-CVE-2014-6437
- RESERVED
-CVE-2014-6436
- RESERVED
-CVE-2014-6435
- RESERVED
+CVE-2014-6437 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow ...)
+ TODO: check
+CVE-2014-6436 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly ...)
+ TODO: check
+CVE-2014-6435 (cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and ...)
+ TODO: check
CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...)
NOT-FOR-US: GoPro
CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...)
@@ -136315,8 +136672,7 @@ CVE-2014-3473 (Cross-site scripting (XSS) vulnerability in the Orchestration/Sta
[wheezy] - horizon <no-dsa> (Minor issue)
CVE-2014-3472 (The isCallerInRole function in SimpleSecurityManager in JBoss ...)
NOT-FOR-US: JBoss Enterprise Application Platform
-CVE-2014-3471 [hw: pci: use after free triggered via guest]
- RESERVED
+CVE-2014-3471 (Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick ...)
- qemu 2.1+dfsg-1
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bd0b4c3f25177e6d82cf13c0b53b877567434ea
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bd0b4c3f25177e6d82cf13c0b53b877567434ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180112/685e9758/attachment-0001.html>
More information about the Secure-testing-commits
mailing list