[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jan 17 09:10:26 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dee5a6ba by security tracker role at 2018-01-17T09:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,25 @@
+CVE-2018-5731
+	RESERVED
+CVE-2018-5730
+	RESERVED
+CVE-2018-5729
+	RESERVED
+CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to ...)
+	TODO: check
+CVE-2018-5727 (In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the ...)
+	TODO: check
+CVE-2018-5726 (MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain ...)
+	TODO: check
+CVE-2018-5725 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated ...)
+	TODO: check
+CVE-2018-5724 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated ...)
+	TODO: check
+CVE-2018-5723 (MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of ...)
+	TODO: check
+CVE-2018-5722
+	RESERVED
+CVE-2018-5721 (Stack-based buffer overflow in the ej_update_variables function in ...)
+	TODO: check
 CVE-2018-5720
 	RESERVED
 CVE-2018-5719
@@ -15,12 +37,14 @@ CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) 
 CVE-2018-5713 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...)
 	NOT-FOR-US: Malwarefox Anti-Malware
 CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, ...)
+	{DSA-4081-1 DSA-4080-1}
 	- php7.1 7.1.13-1
 	- php7.0 7.0.27-1
 	- php5 <removed>
 	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782
 CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP ...)
+	{DSA-4081-1 DSA-4080-1}
 	- php7.1 7.1.13-1 (unimportant)
 	- php7.0 7.0.27-1 (unimportant)
 	- php5 <removed> (unimportant)
@@ -999,8 +1023,8 @@ CVE-2018-XXXX [Password protect the JSONRPC interface]
 	NOTE: http://www.openwall.com/lists/oss-security/2018/01/10/4
 CVE-2018-5300
 	RESERVED
-CVE-2018-5299
-	RESERVED
+CVE-2018-5299 (A stack-based Buffer Overflow Vulnerability exists in the web server in ...)
+	TODO: check
 CVE-2018-5298 (In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) ...)
 	NOT-FOR-US: Procter & Gamble "Oral-B App" for Android
 CVE-2018-5297
@@ -4829,8 +4853,8 @@ CVE-2017-17949 (Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. 
 	NOT-FOR-US: Cells Blog
 CVE-2017-17948 (Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic ...)
 	NOT-FOR-US: Cells Blog
-CVE-2017-17947
-	RESERVED
+CVE-2017-17947 (A cross site scripting issue has been found in custompage.cgi in Pulse ...)
+	TODO: check
 CVE-2017-1000411
 	RESERVED
 	NOT-FOR-US: OpenDayLight
@@ -57342,6 +57366,7 @@ CVE-2017-3146
 	RESERVED
 CVE-2017-3145 [Improper fetch cleanup sequencing in the resolver can cause named to crash]
 	RESERVED
+	{DSA-4089-1}
 	- bind9 1:9.11.2.P1-1
 	NOTE: https://kb.isc.org/article/AA-01542
 	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d
@@ -62552,7 +62577,7 @@ CVE-2017-0917 [Cross-site scripting (XSS) vulnerability in CI job output]
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks]
 	RESERVED
-	 - gitlab <unfixed>
+	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import]
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dee5a6ba357be6dfd94ef4ba1f16b55157c632f3

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dee5a6ba357be6dfd94ef4ba1f16b55157c632f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180117/28331c4b/attachment.html>

More information about the Secure-testing-commits mailing list