[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 26 09:10:26 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
712d9cbc by security tracker role at 2018-01-26T09:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,29 @@
+CVE-2018-6324
+	RESERVED
+CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descriptor ...)
+	TODO: check
+CVE-2018-6322
+	RESERVED
+CVE-2018-6321
+	RESERVED
+CVE-2018-6320
+	RESERVED
+CVE-2018-6319
+	RESERVED
+CVE-2018-6318
+	RESERVED
+CVE-2018-6317
+	RESERVED
+CVE-2018-6316
+	RESERVED
+CVE-2018-6315 (The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming ...)
+	TODO: check
+CVE-2018-6314
+	RESERVED
+CVE-2018-6313 (Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote ...)
+	TODO: check
+CVE-2016-10710 (Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not ...)
+	TODO: check
 CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, users with ...)
 	NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2017-1000468
@@ -296,7 +322,7 @@ CVE-2018-6181
 CVE-2018-6180
 	RESERVED
 CVE-2018-1000017
-	RESERVED
+	REJECTED
 CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...)
 	NOT-FOR-US: FreeSSHd
 CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...)
@@ -2118,8 +2144,8 @@ CVE-2018-5449
 	RESERVED
 CVE-2018-5448
 	RESERVED
-CVE-2018-5447
-	RESERVED
+CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 ...)
+	TODO: check
 CVE-2018-5446
 	RESERVED
 CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ...)
@@ -12323,8 +12349,8 @@ CVE-2018-1344
 	RESERVED
 CVE-2018-1343
 	RESERVED
-CVE-2018-1342
-	RESERVED
+CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload ...)
+	TODO: check
 CVE-2018-1341
 	RESERVED
 CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and ...)
@@ -16657,62 +16683,43 @@ CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problemat
 	NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
 	NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
 	NOTE: https://github.com/bindecy/HugeDirtyCowPOC
-CVE-2017-1000404
-	RESERVED
+CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2017-1000403
-	RESERVED
+CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users with ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2017-1000402
-	RESERVED
+CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2017-1000401
-	RESERVED
+CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000400
-	RESERVED
+CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000399
-	RESERVED
+CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000398
-	RESERVED
+CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000397
-	RESERVED
+CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2017-1000396
-	RESERVED
+CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000395
-	RESERVED
+CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000394
-	RESERVED
+CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000393
-	RESERVED
+CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000392
-	RESERVED
+CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000391
-	RESERVED
+CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores ...)
 	NOT-FOR-US: Jenkins
-CVE-2017-1000390
-	RESERVED
+CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2017-1000389
-	RESERVED
+CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2017-1000388
-	RESERVED
+CVE-2017-1000388 (Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2017-1000387
-	RESERVED
+CVE-2017-1000387 (Jenkins Build-Publisher plugin version 1.21 and earlier stores ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2017-1000386
-	RESERVED
+CVE-2017-1000386 (Jenkins Active Choices plugin version 1.5.3 and earlier allowed users ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 ...)
 	NOT-FOR-US: MistServer
@@ -20421,8 +20428,7 @@ CVE-2017-15705
 	RESERVED
 CVE-2017-15704
 	REJECTED
-CVE-2017-15703
-	RESERVED
+CVE-2017-15703 (Any authenticated user (valid client certificate but without ACL ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...)
 	- qpid-java <itp> (bug #840131)
@@ -23884,10 +23890,10 @@ CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead t
 	NOT-FOR-US: Joomla!
 CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ...)
 	NOT-FOR-US: Atlassian Jira
-CVE-2017-14593
-	RESERVED
-CVE-2017-14592
-	RESERVED
+CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...)
+	TODO: check
+CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs ...)
+	TODO: check
 CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...)
 	NOT-FOR-US: Atlassian
 CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial ...)
@@ -56791,8 +56797,8 @@ CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator (
 	NOT-FOR-US: Lenovo XClarity Administrator
 CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file ...)
 	NOT-FOR-US: Lenovo LXCA
-CVE-2017-3762
-	RESERVED
+CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro, version ...)
+	TODO: check
 CVE-2017-3761 (The Lenovo Service Framework Android application executes some system ...)
 	NOT-FOR-US: Lenovo
 CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/712d9cbc0f45254e692f3d54357ce5535b357073

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/712d9cbc0f45254e692f3d54357ce5535b357073
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180126/8cd827a8/attachment.html>

More information about the Secure-testing-commits mailing list