[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Jan 14 09:10:17 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53206d0d by security tracker role at 2018-01-14T09:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,38 @@
+CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer ...)
+	TODO: check
+CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to ...)
+	TODO: check
+CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection ...)
+	TODO: check
+CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the ...)
+	TODO: check
+CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas Gudino ...)
+	TODO: check
+CVE-2018-5693 (The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users ...)
+	TODO: check
+CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, ...)
+	TODO: check
+CVE-2018-5691 (SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` ...)
+	TODO: check
+CVE-2018-5690 (Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear ...)
+	TODO: check
+CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear ...)
+	TODO: check
+CVE-2018-5688
+	RESERVED
+CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings under ...)
+	TODO: check
+CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...)
+	TODO: check
+CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ...)
+	TODO: check
+CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...)
+	TODO: check
 CVE-2018-5683
 	RESERVED
 CVE-2017-18030
 	RESERVED
-CVE-2018-5682 (PrestaShop 1.7.2.4 allow user enumeration via the Reset Password ...)
+CVE-2018-5682 (PrestaShop 1.7.2.4 allows user enumeration via the Reset Password ...)
 	NOT-FOR-US: PrestaShop
 CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit ...)
 	NOT-FOR-US: PrestaShop
@@ -683,8 +713,8 @@ CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
 	NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
 	NOT-FOR-US: WPGlobus plugin for WordPress
-CVE-2018-5360
-	RESERVED
+CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...)
+	TODO: check
 CVE-2018-5359
 	RESERVED
 CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
@@ -20102,22 +20132,19 @@ CVE-2017-15130
 CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...)
 	- linux 4.14.12-1
 	NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0
-CVE-2017-15128 [Out of bound access in hugetlb_mcopy_atomic_pte function in mm/hugetlb.c]
-	RESERVED
+CVE-2017-15128 (A flaw was found in the hugetlb_mcopy_atomic_pte function in ...)
 	- linux 4.13.13-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: http://post-office.corp.redhat.com/archives/rhkernel-list/2017-October/msg09574.html
-CVE-2017-15127 [Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c]
-	RESERVED
+CVE-2017-15127 (A flaw was found in the hugetlb_mcopy_atomic_pte function in ...)
 	- linux 3.13.4-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/5af10dfd0afc559bb4b0f7e3e8227a1578333995
-CVE-2017-15126 [Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c]
-	RESERVED
+CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel ...)
 	- linux 4.13.10-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53206d0d5aac5a9396db67e338e44124088feb87

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53206d0d5aac5a9396db67e338e44124088feb87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180114/2c48c172/attachment-0001.html>

More information about the Secure-testing-commits mailing list