[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 22 21:10:31 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3fc0e73 by security tracker role at 2018-01-22T21:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...)
+	TODO: check
+CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has ...)
+	TODO: check
+CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has ...)
+	TODO: check
+CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The ...)
+	TODO: check
+CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the ...)
+	TODO: check
+CVE-2018-5998
+	RESERVED
+CVE-2018-5997
+	RESERVED
+CVE-2018-1000007
+	RESERVED
 CVE-2018-5996
 	RESERVED
 CVE-2018-5995
@@ -528,8 +544,8 @@ CVE-2018-5763
 	RESERVED
 CVE-2018-5762
 	RESERVED
-CVE-2018-5761
-	RESERVED
+CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was found ...)
+	TODO: check
 CVE-2018-5760
 	RESERVED
 CVE-2018-5759
@@ -692,15 +708,13 @@ CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user 
 	NOT-FOR-US: Octopus Deploy
 CVE-2018-5705
 	RESERVED
-CVE-2018-1000003
-	RESERVED
+CVE-2018-1000003 (Improper input validation bugs in DNSSEC validators components in ...)
 	- pdns-recursor <unfixed>
 	[stretch] - pdns-recursor <not-affected> (Only affects 4.1)
 	[jessie] - pdns-recursor <not-affected> (Only affects 4.1)
 	[wheezy] - pdns-recursor <not-affected> (Only affects 4.1)
 	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
-CVE-2018-1000002
-	RESERVED
+CVE-2018-1000002 (Improper input validation bugs in DNSSEC validators components in Knot ...)
 	- knot-recursor 1.5.2-1
 CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use ...)
 	{DLA-1253-1}
@@ -1700,7 +1714,7 @@ CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the flickr_
 	NOT-FOR-US: ImageInject plugin for WordPress
 CVE-2018-5283 (The Photos in Wifi application 1.0.1 for iOS has directory traversal ...)
 	NOT-FOR-US: Photos in Wifi application for iOS
-CVE-2018-5282 (Kentico 9.0 through 11.0 has a stack-based buffer overflow via the ...)
+CVE-2018-5282 (** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer ...)
 	NOT-FOR-US: Kentico
 CVE-2018-5281 (SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices ...)
 	NOT-FOR-US: SonicWall SonicOS
@@ -5789,8 +5803,8 @@ CVE-2017-17860 (In Samsung Gear products, Bluetooth link key is updated to the .
 	NOT-FOR-US: Samsung
 CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass ...)
 	NOT-FOR-US: Samsung Internet Browser
-CVE-2017-17858
-	RESERVED
+CVE-2017-17858 (Heap-based buffer overflow in the ensure_solid_xref function in ...)
+	TODO: check
 CVE-2017-17851
 	RESERVED
 CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3fc0e73e0d65360b3f212019d033cd2b910709b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3fc0e73e0d65360b3f212019d033cd2b910709b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180122/781f8a0d/attachment-0001.html>
