[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Wed Jan 17 21:10:29 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b940d59e by security tracker role at 2018-01-17T21:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,43 @@
+CVE-2018-5750
+	RESERVED
+CVE-2018-5749
+	RESERVED
+CVE-2018-5748
+	RESERVED
+CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
+	TODO: check
+CVE-2018-5746
+	RESERVED
+CVE-2018-5745
+	RESERVED
+CVE-2018-5744
+	RESERVED
+CVE-2018-5743
+	RESERVED
+CVE-2018-5742
+	RESERVED
+CVE-2018-5741
+	RESERVED
+CVE-2018-5740
+	RESERVED
+CVE-2018-5739
+	RESERVED
+CVE-2018-5738
+	RESERVED
+CVE-2018-5737
+	RESERVED
+CVE-2018-5736
+	RESERVED
+CVE-2018-5735
+	RESERVED
+CVE-2018-5734
+	RESERVED
+CVE-2018-5733
+	RESERVED
+CVE-2018-5732
+	RESERVED
+CVE-2018-1000005
+	RESERVED
 CVE-2018-5731
 	RESERVED
 CVE-2018-5730
@@ -1117,8 +1157,8 @@ CVE-2018-5260
 	RESERVED
 CVE-2018-5259 (Discuz! DiscuzX X3.4 allows remote authenticated users to bypass ...)
 	NOT-FOR-US: Discuz! DiscuzX
-CVE-2018-5258
-	RESERVED
+CVE-2018-5258 (The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL ...)
+	TODO: check
 CVE-2018-5257
 	RESERVED
 CVE-2018-5256
@@ -1270,8 +1310,8 @@ CVE-2018-5197
 	RESERVED
 CVE-2018-5196
 	RESERVED
-CVE-2018-5195
-	RESERVED
+CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow ...)
+	TODO: check
 CVE-2018-5194
 	RESERVED
 CVE-2018-5193
@@ -13118,22 +13158,22 @@ CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and Wind
 CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote authenticated ...)
 	- webmin <removed>
 CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser ...)
-	{DLA-1216-1}
+	{DSA-4090-1 DLA-1216-1}
 	- wordpress 4.9.1+dfsg-1 (bug #883314)
 	NOTE: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
 	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
 CVE-2017-17093 (wp-includes/general-template.php in WordPress before 4.9.1 does not ...)
-	{DLA-1216-1}
+	{DSA-4090-1 DLA-1216-1}
 	- wordpress 4.9.1+dfsg-1 (bug #883314)
 	NOTE: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
 	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
 CVE-2017-17094 (wp-includes/feed.php in WordPress before 4.9.1 does not properly ...)
-	{DLA-1216-1}
+	{DSA-4090-1 DLA-1216-1}
 	- wordpress 4.9.1+dfsg-1 (bug #883314)
 	NOTE: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
 	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
 CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not require ...)
-	{DLA-1216-1}
+	{DSA-4090-1 DLA-1216-1}
 	- wordpress 4.9.1+dfsg-1 (bug #883314)
 	NOTE: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
 	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
@@ -15546,8 +15586,8 @@ CVE-2018-0001 (A remote, unauthenticated attacker may be able to execute code by
 	NOT-FOR-US: Juniper
 CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) ...)
 	NOT-FOR-US: dayrui FineCms
-CVE-2017-16865
-	RESERVED
+CVE-2017-16865 (The Trello importer in Atlassian Jira before version 7.6.1 allows ...)
+	TODO: check
 CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2017-16863
@@ -16607,7 +16647,7 @@ CVE-2017-1000132 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1
 CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...)
 	- mahara <removed>
 CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ...)
-	{DLA-1160-1}
+	{DSA-4090-1 DLA-1160-1}
 	- wordpress 4.8.3+dfsg-1 (bug #880528)
 	NOTE: https://wpvulndb.com/vulnerabilities/8941
 	NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b940d59e18b53c0bbb5bfc3d7ec5b244abb5d507

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b940d59e18b53c0bbb5bfc3d7ec5b244abb5d507
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180117/9e2315c5/attachment.html>
