[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 19 21:10:35 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81276d56 by security tracker role at 2018-01-19T21:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-5799
+	RESERVED
+CVE-2018-5798
+	RESERVED
+CVE-2018-5797
+	RESERVED
+CVE-2018-5796
+	RESERVED
+CVE-2018-5795
+	RESERVED
+CVE-2018-5794
+	RESERVED
+CVE-2018-5793
+	RESERVED
+CVE-2018-5792
+	RESERVED
+CVE-2018-5791
+	RESERVED
+CVE-2018-5790
+	RESERVED
+CVE-2018-5789
+	RESERVED
+CVE-2018-5788
+	RESERVED
+CVE-2018-5787
+	RESERVED
+CVE-2017-18044 (A Command Injection issue was discovered in ...)
+	TODO: check
 CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...)
 	- lrzip <unfixed>
 	NOTE: https://github.com/ckolivas/lrzip/issues/91
@@ -38,7 +66,7 @@ CVE-2017-18043 [integer overflow in ROUND_UP macro could result in DoS]
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854
 	NOTE: Broken since: https://git.qemu.org/?p=qemu.git;a=object;h=292c8e50 (v1.5.0)
 	NOTE: Fix included in 1:2.10.0+dfsg-2 via debian/patches/qemu-2.10.1.diff patch
-CVE-2016-10707 (jQuery before 3.0.0 is vulnerable to Denial of Service (DoS) due to ...)
+CVE-2016-10707 (jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to ...)
 	- jquery <not-affected> (Vulnerable code never in unstable; only experimental)
 	NOTE: https://github.com/jquery/jquery/issues/3133
 	NOTE: https://github.com/jquery/jquery/pull/3134
@@ -57,7 +85,7 @@ CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) .
 	NOTE: https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
 	NOTE: https://snyk.io/vuln/npm:jquery:20120206
 	NOTE: 1.9 release introduced backwards incompatible changes to fix this, so may be too invasive to fix
-CVE-2018-5776 [XSS vulnerability in MediaElement]
+CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ...)
 	- wordpress <unfixed> (bug #887596)
 	NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
@@ -2172,6 +2200,7 @@ CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site could set javascript in 
 CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc1 sends ...)
 	NOT-FOR-US: Plone
 CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...)
+	{DLA-1249-1}
 	- smarty <removed>
 	- smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bug #886460)
 	NOTE: https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
@@ -7738,7 +7767,7 @@ CVE-2018-2670 (Vulnerability in the Oracle Financial Services Profitability ...)
 CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
 	NOT-FOR-US: Oracle
 CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DSA-4091-1}
+	{DSA-4091-1 DLA-1250-1}
 	- mysql-5.7 <unfixed> (bug #887477)
 	- mysql-5.5 <removed>
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7749,7 +7778,7 @@ CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management component of ...)
 	NOT-FOR-US: Oracle
 CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DSA-4091-1}
+	{DSA-4091-1 DLA-1250-1}
 	- mysql-5.7 <unfixed> (bug #887477)
 	- mysql-5.5 <removed>
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7820,7 +7849,7 @@ CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DSA-4091-1}
+	{DSA-4091-1 DLA-1250-1}
 	- mysql-5.7 <unfixed> (bug #887477)
 	- mysql-5.5 <removed>
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7878,7 +7907,7 @@ CVE-2018-2624 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component
 CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
 	NOT-FOR-US: Oracle
 CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DSA-4091-1}
+	{DSA-4091-1 DLA-1250-1}
 	- mysql-5.7 <unfixed> (bug #887477)
 	- mysql-5.5 <removed>
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -8048,7 +8077,7 @@ CVE-2018-2564 (Vulnerability in the Oracle WebCenter Content component of Oracle
 CVE-2018-2563
 	RESERVED
 CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DSA-4091-1}
+	{DSA-4091-1 DLA-1250-1}
 	- mysql-5.7 5.7.20-1
 	- mysql-5.5 <removed>
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -10486,8 +10515,8 @@ CVE-2018-1364
 	RESERVED
 CVE-2018-1363
 	RESERVED
-CVE-2018-1362
-	RESERVED
+CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 ...)
+	TODO: check
 CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 ...)
@@ -18946,8 +18975,8 @@ CVE-2017-15715
 	RESERVED
 CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape ...)
 	NOT-FOR-US: BIRT plugin in Apache OFBiz
-CVE-2017-15713
-	RESERVED
+CVE-2017-15713 (Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before ...)
+	TODO: check
 CVE-2017-15712
 	RESERVED
 CVE-2017-15711
@@ -23919,14 +23948,14 @@ CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping ..
 	NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html
 CVE-2017-14101 (A security researcher found an XML External Entity (XXE) vulnerability ...)
 	NOT-FOR-US: Conserus Image Repository
-CVE-2017-14097
-	RESERVED
-CVE-2017-14096
-	RESERVED
-CVE-2017-14095
-	RESERVED
-CVE-2017-14094
-	RESERVED
+CVE-2017-14097 (An improper access control vulnerability in Trend Micro Smart ...)
+	TODO: check
+CVE-2017-14096 (A stored cross site scripting (XSS) vulnerability in Trend Micro Smart ...)
+	TODO: check
+CVE-2017-14095 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ...)
+	TODO: check
+CVE-2017-14094 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ...)
+	TODO: check
 CVE-2017-14093 (The Log Query and Quarantine Query pages in Trend Micro ScanMail for ...)
 	NOT-FOR-US: Trend Micro ScanMail for Exchange
 CVE-2017-14092 (The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange ...)
@@ -23949,8 +23978,8 @@ CVE-2017-14084 (A potential Man-in-the-Middle (MitM) attack vulnerability in Tre
 	NOT-FOR-US: Trend Micro
 CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote ...)
 	NOT-FOR-US: Trend Micro
-CVE-2017-14082
-	RESERVED
+CVE-2017-14082 (An uninitialized pointer information disclosure vulnerability in Trend ...)
+	TODO: check
 CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile Security ...)
 	NOT-FOR-US: Trend Micro Mobile Security
 CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile Security ...)
@@ -29819,10 +29848,10 @@ CVE-2017-12100
 	RESERVED
 CVE-2017-12099
 	RESERVED
-CVE-2017-12098
-	RESERVED
-CVE-2017-12097
-	RESERVED
+CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists in the ...)
+	TODO: check
+CVE-2017-12097 (An exploitable cross site scripting (XSS) vulnerability exists in the ...)
+	TODO: check
 CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of Circle ...)
 	NOT-FOR-US: Circle of Disney
 CVE-2017-12095
@@ -31814,8 +31843,8 @@ CVE-2017-11399 (Integer overflow in the ape_decode_frame function in ...)
 	- ffmpeg 7:3.3.3-1
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0
 	NOTE: Fixed in 3.2.7
-CVE-2017-11398
-	RESERVED
+CVE-2017-11398 (A session hijacking via log disclosure vulnerability in Trend Micro ...)
+	TODO: check
 CVE-2017-11397 (A service DLL preloading vulnerability in Trend Micro Encryption for ...)
 	NOT-FOR-US: Trend Micro
 CVE-2017-11396 (Vulnerability issues with the web service inspection of input ...)
@@ -44485,12 +44514,12 @@ CVE-2017-7329
 	RESERVED
 CVE-2017-7328
 	RESERVED
-CVE-2017-7327
-	RESERVED
-CVE-2017-7326
-	RESERVED
-CVE-2017-7325
-	RESERVED
+CVE-2017-7327 (Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking ...)
+	TODO: check
+CVE-2017-7326 (Race condition issue in Yandex Browser for Android before 17.4.0.16 ...)
+	TODO: check
+CVE-2017-7325 (Yandex Browser before 16.9.0 allows remote attackers to spoof the ...)
+	TODO: check
 CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2017-7323 (The (1) update and (2) package-installation features in MODX ...)
@@ -48220,8 +48249,8 @@ CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type 
 	NOT-FOR-US: F5 BIG-IP
 CVE-2017-6143
 	RESERVED
-CVE-2017-6142
-	RESERVED
+CVE-2017-6142 (X509 certificate verification was not correctly implemented in the ...)
+	TODO: check
 CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, ...)
@@ -61159,8 +61188,8 @@ CVE-2017-1695
 	RESERVED
 CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain ...)
 	NOT-FOR-US: IBM Integration Bus
-CVE-2017-1693
-	RESERVED
+CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that has ...)
+	TODO: check
 CVE-2017-1692
 	RESERVED
 CVE-2017-1691
@@ -101170,8 +101199,8 @@ CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Netw
 	NOT-FOR-US: Nokia
 CVE-2015-6928 (classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x ...)
 	NOT-FOR-US: CubeCart
-CVE-2015-6926
-	RESERVED
+CVE-2015-6926 (The OpenID Single Sign-On authentication functionality in OXID eShop ...)
+	TODO: check
 CVE-2015-6925 (wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to ...)
 	- wolfssl 3.9.10+dfsg-1 (bug #801120)
 CVE-2015-6924
@@ -133725,8 +133754,8 @@ CVE-2014-4921
 	RESERVED
 CVE-2014-4920
 	RESERVED
-CVE-2014-4919
-	RESERVED
+CVE-2014-4919 (OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, ...)
+	TODO: check
 CVE-2014-4918
 	RESERVED
 	NOT-FOR-US: TR-069 Auto Configuration Servers



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81276d56930521a50bcf6a9043dcb1984ffd3678

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81276d56930521a50bcf6a9043dcb1984ffd3678
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180119/ee04e62d/attachment-0001.html>

More information about the Secure-testing-commits mailing list