[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 22 09:10:19 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dbf5dbaa by security tracker role at 2018-01-22T09:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,95 @@
+CVE-2018-5996
+	RESERVED
+CVE-2018-5995
+	RESERVED
+CVE-2018-5994
+	RESERVED
+CVE-2018-5993
+	RESERVED
+CVE-2018-5992
+	RESERVED
+CVE-2018-5991
+	RESERVED
+CVE-2018-5990
+	RESERVED
+CVE-2018-5989
+	RESERVED
+CVE-2018-5988
+	RESERVED
+CVE-2018-5987
+	RESERVED
+CVE-2018-5986
+	RESERVED
+CVE-2018-5985
+	RESERVED
+CVE-2018-5984
+	RESERVED
+CVE-2018-5983
+	RESERVED
+CVE-2018-5982
+	RESERVED
+CVE-2018-5981
+	RESERVED
+CVE-2018-5980
+	RESERVED
+CVE-2018-5979
+	RESERVED
+CVE-2018-5978
+	RESERVED
+CVE-2018-5977
+	RESERVED
+CVE-2018-5976
+	RESERVED
+CVE-2018-5975
+	RESERVED
+CVE-2018-5974
+	RESERVED
+CVE-2018-5973
+	RESERVED
+CVE-2018-5972
+	RESERVED
+CVE-2018-5971
+	RESERVED
+CVE-2018-5970
+	RESERVED
+CVE-2018-5969
+	RESERVED
+CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...)
+	TODO: check
+CVE-2018-5967
+	RESERVED
+CVE-2018-5966
+	RESERVED
+CVE-2018-5965
+	RESERVED
+CVE-2018-5964
+	RESERVED
+CVE-2018-5963
+	RESERVED
+CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...)
+	TODO: check
+CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...)
+	TODO: check
+CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of ...)
+	TODO: check
+CVE-2018-5959
+	RESERVED
+CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
+	TODO: check
+CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
+	TODO: check
+CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
+	TODO: check
+CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled ...)
+	TODO: check
+CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...)
+	TODO: check
+CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 ...)
+	TODO: check
+CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...)
+	TODO: check
+CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of ...)
+	TODO: check
 CVE-2018-5954
 	RESERVED
 CVE-2018-5953
@@ -12377,14 +12469,14 @@ CVE-2018-1047
 	RESERVED
 CVE-2018-1046
 	RESERVED
-CVE-2018-1045
-	RESERVED
-CVE-2018-1044
-	RESERVED
-CVE-2018-1043
-	RESERVED
-CVE-2018-1042
-	RESERVED
+CVE-2018-1045 (In Moodle 3.x, there is XSS via a calendar event name. ...)
+	TODO: check
+CVE-2018-1044 (In Moodle 3.x, quiz web services allow students to see quiz results ...)
+	TODO: check
+CVE-2018-1043 (In Moodle 3.x, the setting for blocked hosts list can be bypassed with ...)
+	TODO: check
+CVE-2018-1042 (Moodle 3.x has Server Side Request Forgery in the filepicker. ...)
+	TODO: check
 CVE-2018-1041
 	RESERVED
 CVE-2017-17380
@@ -28701,6 +28793,7 @@ CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugi
 CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query ...)
 	NOT-FOR-US: Apache Drill
 CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache ...)
+	{DLA-1254-1}
 	- lucene-solr 3.6.2+dfsg-11
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529
 	NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html
@@ -57870,7 +57963,7 @@ CVE-2017-3146
 	RESERVED
 CVE-2017-3145 [Improper fetch cleanup sequencing in the resolver can cause named to crash]
 	RESERVED
-	{DSA-4089-1}
+	{DSA-4089-1 DLA-1255-1}
 	- bind9 1:9.11.2.P1-1
 	NOTE: https://kb.isc.org/article/AA-01542
 	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbf5dbaa10925ec08b93756e1423bbf0300e6eb7

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbf5dbaa10925ec08b93756e1423bbf0300e6eb7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180122/b2da31c0/attachment.html>
