[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 19 09:10:23 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e58c19f4 by security tracker role at 2018-01-19T09:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...)
+ TODO: check
+CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an ...)
+ TODO: check
+CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...)
+ TODO: check
+CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...)
+ TODO: check
+CVE-2018-5782
+ RESERVED
+CVE-2018-5781
+ RESERVED
+CVE-2018-5780
+ RESERVED
+CVE-2018-5779
+ RESERVED
+CVE-2018-5778
+ RESERVED
+CVE-2018-5777
+ RESERVED
+CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ...)
+ TODO: check
+CVE-2018-5775
+ RESERVED
+CVE-2018-5774
+ RESERVED
+CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) through ...)
+ TODO: check
+CVE-2017-18043
+ RESERVED
+CVE-2016-10707 (jQuery before 3.0.0 is vulnerable to Denial of Service (DoS) due to ...)
+ TODO: check
+CVE-2015-9251 (jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks ...)
+ TODO: check
+CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) ...)
+ TODO: check
CVE-2018-XXXX [XSS vulnerability in MediaElement]
- wordpress <unfixed> (bug #887596)
NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
@@ -22,6 +58,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe
CVE-2018-5765
RESERVED
CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before ...)
+ {DLA-1247-1}
- rsync <unfixed> (bug #887588)
NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
CVE-2018-5763
@@ -164,7 +201,7 @@ CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27
NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782
CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP ...)
- {DSA-4081-1 DSA-4080-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1248-1}
- php7.1 7.1.13-1 (unimportant)
- php7.0 7.0.27-1 (unimportant)
- php5 <removed> (unimportant)
@@ -921,7 +958,7 @@ CVE-2016-10706 (The Jetpack plugin before 4.0.3 for WordPress has XSS via a craf
CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes ...)
NOT-FOR-US: WordPress plugin jetpack
CVE-2018-5702 (Transmission through 2.92 relies on X-Transmission-Session-Id (which is ...)
- {DSA-4087-1}
+ {DSA-4087-1 DLA-1246-1}
- transmission 2.92-3 (bug #886990)
NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
NOTE: https://github.com/transmission/transmission/pull/468
@@ -4524,7 +4561,7 @@ CVE-2017-1000436
CVE-2017-1000435
REJECTED
CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path traversal flaw ...)
- {DLA-1238-1}
+ {DSA-4092-1 DLA-1238-1}
- awstats <unfixed> (bug #885835)
NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
NOTE: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
@@ -5274,8 +5311,8 @@ CVE-2017-17862 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores
NOTE: https://www.spinics.net/lists/stable/msg206984.html
CVE-2017-17861
RESERVED
-CVE-2017-17860
- RESERVED
+CVE-2017-17860 (In Samsung Gear products, Bluetooth link key is updated to the ...)
+ TODO: check
CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass ...)
NOT-FOR-US: Samsung Internet Browser
CVE-2017-17858
@@ -29380,8 +29417,7 @@ CVE-2017-12199 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress
NOT-FOR-US: Wordpress plugin
CVE-2017-12198
RESERVED
-CVE-2017-12197
- RESERVED
+CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not properly ...)
{DSA-4025-1 DLA-1165-1}
- libpam4j 1.4-3 (bug #879001)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e58c19f4330bcf6d358b2a4232b2efea0c3272c0
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e58c19f4330bcf6d358b2a4232b2efea0c3272c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180119/5fec1658/attachment-0001.html>
More information about the Secure-testing-commits
mailing list