[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jan 25 21:10:29 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4bcd2e22 by security tracker role at 2018-01-25T21:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,13 @@
+CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, users with ...)
+	TODO: check
+CVE-2017-1000468
+	REJECTED
+	TODO: check
+CVE-2017-1000464
+	REJECTED
+	TODO: check
+CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division ...)
+	TODO: check
 CVE-2018-6312
 	RESERVED
 CVE-2018-6311
@@ -817,8 +827,8 @@ CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In t
 	NOT-FOR-US: AsusWRT
 CVE-2018-5998
 	RESERVED
-CVE-2018-5997
-	RESERVED
+CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub ...)
+	TODO: check
 CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...)
 	- curl 7.58.0-1
 	NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
@@ -873,8 +883,8 @@ CVE-2018-5975
 	RESERVED
 CVE-2018-5974
 	RESERVED
-CVE-2018-5973
-	RESERVED
+CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 via ...)
+	TODO: check
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...)
 	NOT-FOR-US: Classified Ads CMS Quickad
 CVE-2018-5971
@@ -891,12 +901,12 @@ CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description par
 	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-5966
 	RESERVED
-CVE-2018-5965
-	RESERVED
-CVE-2018-5964
-	RESERVED
-CVE-2018-5963
-	RESERVED
+CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
+	TODO: check
+CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
+	TODO: check
+CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the ...)
+	TODO: check
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...)
 	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...)
@@ -923,8 +933,8 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a de
 	- openssh 1:7.4p1-1
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
 	NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
-CVE-2018-5954
-	RESERVED
+CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a denial ...)
+	TODO: check
 CVE-2018-5953
 	RESERVED
 CVE-2018-5952
@@ -1412,8 +1422,7 @@ CVE-2018-5750
 	RESERVED
 CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...)
 	NOT-FOR-US: Minecraft Servers List Lite
-CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method]
-	RESERVED
+CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of ...)
 	- libvirt 4.0.0-1 (bug #887700)
 	[stretch] - libvirt <no-dsa> (Minor issue)
 	[jessie] - libvirt <no-dsa> (Minor issue)
@@ -3671,12 +3680,12 @@ CVE-2018-4839
 	RESERVED
 CVE-2018-4838
 	RESERVED
-CVE-2018-4837
-	RESERVED
-CVE-2018-4836
-	RESERVED
-CVE-2018-4835
-	RESERVED
+CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic < ...)
+	TODO: check
+CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic < ...)
+	TODO: check
+CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic < ...)
+	TODO: check
 CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers ...)
 	NOT-FOR-US: Desigo
 CVE-2018-4833
@@ -5773,7 +5782,7 @@ CVE-2017-1000458 (Bro before Bro v2.5.2 is vulnerable to an out of bounds write 
 CVE-2017-1000457 (Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal ...)
 	NOT-FOR-US: mojoPortal
 CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate boundaries in ...)
-	{DLA-1228-1}
+	{DSA-4097-1 DLA-1228-1}
 	- poppler 0.61.1-2
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103116
 	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=7ee9dadef37b20bca707a6b1e858e17d191e368b
@@ -13426,8 +13435,8 @@ CVE-2018-1053
 	RESERVED
 CVE-2018-1052
 	RESERVED
-CVE-2018-1051
-	RESERVED
+CVE-2018-1051 (It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ...)
+	TODO: check
 CVE-2018-1050
 	RESERVED
 CVE-2018-1049 [automount: access to automounted volumes can lock up]
@@ -21338,8 +21347,7 @@ CVE-2017-15367
 	RESERVED
 CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...)
 	NOT-FOR-US: Thornberry NDoc
-CVE-2017-15365 [Replication in sql/event_data_objects.cc occurs before ACL checks]
-	RESERVED
+CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...)
 	- mariadb-10.2 <unfixed> (bug #884065)
 	- mariadb-10.1 <unfixed> (bug #885345)
 	- mariadb-10.0 <undetermined>
@@ -22015,8 +22023,7 @@ CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in slapd/u
 	- 389-ds-base <unfixed> (bug #888452)
 CVE-2017-15133
 	RESERVED
-CVE-2017-15132 [dovecot: auth client leaks memory if SASL authentication is aborted]
-	RESERVED
+CVE-2017-15132 (A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of ...)
 	- dovecot <unfixed> (bug #888432)
 	NOTE: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch
 CVE-2017-15131 (It was found that system umask policy is not being honored when ...)
@@ -54146,7 +54153,7 @@ CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially all
 CVE-2017-4963 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2017-4962
-	RESERVED
+	REJECTED
 CVE-2017-4961 (An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2017-4960 (An issue was discovered in Cloud Foundry release v247 through v252, UAA ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bcd2e221f60a7ffd8fa43abc8fc052b345bdc6a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bcd2e221f60a7ffd8fa43abc8fc052b345bdc6a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180125/74be6723/attachment.html>

More information about the Secure-testing-commits mailing list