[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 18 21:10:28 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ec09ebd4 by security tracker role at 2018-01-18T21:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -68,8 +68,8 @@ CVE-2017-18035
RESERVED
CVE-2017-18034
RESERVED
-CVE-2017-18033
- RESERVED
+CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 ...)
+ TODO: check
CVE-2018-5750
RESERVED
CVE-2018-5749
@@ -5336,9 +5336,9 @@ CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local a
NOTE: Not marking the issue as unimportant, since vulnerable source is present, but
NOTE: not in all suites iscsiuio is built.
CVE-2017-17839
- RESERVED
+ REJECTED
CVE-2017-17838
- RESERVED
+ REJECTED
CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...)
NOT-FOR-US: Apache DeltaSpike-JSF module
CVE-2017-17836
@@ -7669,6 +7669,7 @@ CVE-2018-2670 (Vulnerability in the Oracle Financial Services Profitability ...)
CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7679,6 +7680,7 @@ CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management component of ...)
NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7749,6 +7751,7 @@ CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7806,6 +7809,7 @@ CVE-2018-2624 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component
CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7972,6 +7976,7 @@ CVE-2018-2564 (Vulnerability in the Oracle WebCenter Content component of Oracle
CVE-2018-2563
RESERVED
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 5.7.20-1
- mysql-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -15614,8 +15619,8 @@ CVE-2017-16865 (The Trello importer in Atlassian Jira before version 7.6.1 allow
NOT-FOR-US: Atlassian Jira
CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 ...)
NOT-FOR-US: Atlassian Jira
-CVE-2017-16863
- RESERVED
+CVE-2017-16863 (The PieChart gadget in Atlassian Jira before version 7.5.3 allows ...)
+ TODO: check
CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before version ...)
NOT-FOR-US: Atlassian Jira
CVE-2017-16861
@@ -18514,8 +18519,8 @@ CVE-2017-15871 (** DISPUTED ** The deserialize function in serialize-to-js throu
NOT-FOR-US: Disputed serialize-to-js issue
CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers ...)
NOT-FOR-US: Palo Alto Networks GlobalProtect Agent
-CVE-2017-15869
- RESERVED
+CVE-2017-15869 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...)
+ TODO: check
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...)
{DSA-4082-1 DLA-1200-1}
- linux 4.0.2-1
@@ -19286,13 +19291,13 @@ CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...
CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application Firewall) ...)
NOT-FOR-US: Kemp Load Balancer
CVE-2017-15523
- RESERVED
+ REJECTED
CVE-2017-15522
- RESERVED
+ REJECTED
CVE-2017-15521
- RESERVED
+ REJECTED
CVE-2017-15520
- RESERVED
+ REJECTED
CVE-2017-15519
RESERVED
CVE-2017-15518
@@ -27959,7 +27964,7 @@ CVE-2017-12743
RESERVED
CVE-2017-12742
RESERVED
-CVE-2017-12741 (A vulnerability has been identified in the following Siemens industrial ...)
+CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart, SIMATIC ...)
NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...)
NOT-FOR-US: Siemens
@@ -27983,8 +27988,8 @@ CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Syst
NOT-FOR-US: SiteSentinel
CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2017-12729
- RESERVED
+CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer ...)
+ TODO: check
CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...)
NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-12727
@@ -45948,7 +45953,7 @@ CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 bef
NOT-FOR-US: Siemens
CVE-2017-6866 (A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before ...)
NOT-FOR-US: Siemens
-CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and ...)
+CVE-2017-6865 (A vulnerability has been identified in Primary Setup Tool (PST), ...)
NOT-FOR-US: Siemens
CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...)
NOT-FOR-US: Siemens
@@ -51699,8 +51704,8 @@ CVE-2017-5172
RESERVED
CVE-2017-5171
RESERVED
-CVE-2017-5170
- RESERVED
+CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in Moxa ...)
+ TODO: check
CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security Manager ...)
NOT-FOR-US: Hanwha Techwin
CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security Manager ...)
@@ -57394,8 +57399,8 @@ CVE-2017-3160
RESERVED
CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java object ...)
NOT-FOR-US: Apache Camel
-CVE-2017-3158
- RESERVED
+CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions 0.9.5 ...)
+ TODO: check
CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders embedded ...)
{DSA-3792-1 DLA-910-1}
- libreoffice 1:5.2.3-1
@@ -58797,9 +58802,9 @@ CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NM
NOT-FOR-US: Siemens
CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...)
NOT-FOR-US: Siemens
-CVE-2017-2681 (Siemens SIMATIC S7-300 incl. F and T (All versions before V3.X.14), ...)
+CVE-2017-2681 (A vulnerability has been identified in Development/Evaluation Kit DK ...)
NOT-FOR-US: Siemens
-CVE-2017-2680 (Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...)
+CVE-2017-2680 (A vulnerability has been identified in Extension Unit 12" PROFINET, ...)
NOT-FOR-US: Siemens
CVE-2017-2679
RESERVED
@@ -72560,7 +72565,7 @@ CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3
-CVE-2016-7165 (Unquoted Windows search path vulnerability in Siemens SIMATIC WinCC ...)
+CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool (PST), ...)
NOT-FOR-US: Microsoft
CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File Roller ...)
- file-roller 3.20.3-1
@@ -73696,8 +73701,7 @@ CVE-2016-6816 (The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6,
NOTE: Fixed by: http://svn.apache.org/r1767683 (6.0.x)
CVE-2016-6815 (In Apache Ranger before 0.6.2, users with "keyadmin" role should not ...)
NOT-FOR-US: Apache Ranger
-CVE-2016-6814
- RESERVED
+CVE-2016-6814 (When an application with unsupported Codehaus versions of Groovy from ...)
{DLA-794-1}
- groovy 2.4.8-1 (bug #851408)
[jessie] - groovy 1.8.6-4+deb8u2
@@ -141472,8 +141476,8 @@ CVE-2014-2019 (The iCloud subsystem in Apple iOS before 7.1 allows physically ..
CVE-2014-2018 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x ...)
- icedove 24.2.0-1
[squeeze] - icedove <end-of-life>
-CVE-2014-2017
- RESERVED
+CVE-2014-2017 (CRLF injection vulnerability in OXID eShop Professional Edition before ...)
+ TODO: check
CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop ...)
NOT-FOR-US: OXID eShop
CVE-2014-2012
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec09ebd4db48642bb7413af44f6515d47e1f9384
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec09ebd4db48642bb7413af44f6515d47e1f9384
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180118/19a9a14f/attachment-0001.html>
More information about the Secure-testing-commits
mailing list