[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 26 21:10:22 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
082ae21d by security tracker role at 2018-01-26T21:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,56 @@
-CVE-2017-18076 [security issue in returning post parameters from session in callback phase]
+CVE-2018-6350
+ RESERVED
+CVE-2018-6349
+ RESERVED
+CVE-2018-6348
+ RESERVED
+CVE-2018-6347
+ RESERVED
+CVE-2018-6346
+ RESERVED
+CVE-2018-6345
+ RESERVED
+CVE-2018-6344
+ RESERVED
+CVE-2018-6343
+ RESERVED
+CVE-2018-6342
+ RESERVED
+CVE-2018-6341
+ RESERVED
+CVE-2018-6340
+ RESERVED
+CVE-2018-6339
+ RESERVED
+CVE-2018-6338
+ RESERVED
+CVE-2018-6337
+ RESERVED
+CVE-2018-6336
+ RESERVED
+CVE-2018-6335
+ RESERVED
+CVE-2018-6334
+ RESERVED
+CVE-2018-6333
+ RESERVED
+CVE-2018-6332
+ RESERVED
+CVE-2018-6331
+ RESERVED
+CVE-2018-6330
+ RESERVED
+CVE-2018-6329
+ RESERVED
+CVE-2018-6328
+ RESERVED
+CVE-2018-6327
+ RESERVED
+CVE-2018-6326
+ RESERVED
+CVE-2018-6325
+ RESERVED
+CVE-2017-18076 (In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value ...)
[experimental] - ruby-omniauth 1.6.1-1
- ruby-omniauth <unfixed> (bug #888523)
NOTE: https://github.com/omniauth/omniauth/pull/867
@@ -761,8 +813,8 @@ CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder .
NOT-FOR-US: Tinder
CVE-2018-6016
RESERVED
-CVE-2018-6015
- RESERVED
+CVE-2018-6015 (An issue was discovered in the "Email Subscribers & Newsletters" ...)
+ TODO: check
CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...)
NOT-FOR-US: Subsonic
CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...)
@@ -863,6 +915,7 @@ CVE-2018-5998
CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub ...)
TODO: check
CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...)
+ {DSA-4098-1}
- curl 7.58.0-1
NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
@@ -964,6 +1017,7 @@ CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121
CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...)
NOT-FOR-US: pfSense
CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of ...)
+ {DLA-1257-1}
- openssh 1:7.4p1-1
NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
@@ -1458,8 +1512,7 @@ CVE-2017-18034
RESERVED
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 ...)
NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
-CVE-2018-5750 [ACPI: sbshc: remove raw pointer from printk message]
- RESERVED
+CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux ...)
- linux <unfixed>
NOTE: https://patchwork.kernel.org/patch/10174835/
CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...)
@@ -6045,8 +6098,8 @@ CVE-2017-17978
RESERVED
CVE-2017-17977
RESERVED
-CVE-2017-17976
- RESERVED
+CVE-2017-17976 (In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can ...)
+ TODO: check
CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code path not present)
@@ -15428,10 +15481,10 @@ CVE-2018-0509
RESERVED
CVE-2018-0508
RESERVED
-CVE-2018-0507
- RESERVED
-CVE-2018-0506
- RESERVED
+CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & ...)
+ TODO: check
+CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...)
+ TODO: check
CVE-2018-0505
RESERVED
CVE-2018-0504
@@ -24079,12 +24132,12 @@ CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum We
NOT-FOR-US: OpenText Documentum Webtop
CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum ...)
NOT-FOR-US: OpenText Documentum Administrator
-CVE-2017-14523
- RESERVED
-CVE-2017-14522
- RESERVED
-CVE-2017-14521
- RESERVED
+CVE-2017-14523 (WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. ...)
+ TODO: check
+CVE-2017-14522 (In WonderCMS 2.3.1, the application's input fields accept arbitrary ...)
+ TODO: check
+CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random ...)
+ TODO: check
CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in ...)
{DSA-4079-1}
- poppler 0.61.1-2 (low; bug #876081)
@@ -26585,7 +26638,7 @@ CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 dev
NOT-FOR-US: MOXA
CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...)
NOT-FOR-US: FineCMS
-CVE-2017-13696 (The vulnerability lies in the web server component of Dup Scout ...)
+CVE-2017-13696 (A buffer overflow vulnerability lies in the web server component of ...)
TODO: check
CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...)
- webkit2gtk 2.16.3-2 (unimportant)
@@ -30579,44 +30632,37 @@ CVE-2017-12382
RESERVED
CVE-2017-12381
RESERVED
-CVE-2017-12380 [ClamAV Null Dereference Vulnerability]
- RESERVED
+CVE-2017-12380 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
- clamav <unfixed> (bug #888484)
[stretch] - clamav <no-dsa> (clamav is updated via -updates)
[jessie] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
-CVE-2017-12379 [ClamAV Buffer Overflow in messageAddArgument Vulnerability]
- RESERVED
+CVE-2017-12379 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
- clamav <unfixed> (bug #888484)
[stretch] - clamav <no-dsa> (clamav is updated via -updates)
[jessie] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
-CVE-2017-12378 [ClamAV Buffer Over Read Vulnerability]
- RESERVED
+CVE-2017-12378 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
- clamav <unfixed> (bug #888484)
[stretch] - clamav <no-dsa> (clamav is updated via -updates)
[jessie] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
-CVE-2017-12377 [ClamAV Mew Packet Heap Overflow Vulnerability]
- RESERVED
+CVE-2017-12377 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
- clamav <unfixed> (bug #888484)
[stretch] - clamav <no-dsa> (clamav is updated via -updates)
[jessie] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
-CVE-2017-12376 [ClamAV Buffer Overflow in handle_pdfname Vulnerability]
- RESERVED
+CVE-2017-12376 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
- clamav <unfixed> (bug #888484)
[stretch] - clamav <no-dsa> (clamav is updated via -updates)
[jessie] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
-CVE-2017-12375 [ClamAV Buffer Overflow Vulnerability]
- RESERVED
+CVE-2017-12375 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
- clamav <unfixed> (bug #888484)
[stretch] - clamav <no-dsa> (clamav is updated via -updates)
[jessie] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
-CVE-2017-12374 [ClamAV UAF (use-after-free) Vulnerabilities]
- RESERVED
+CVE-2017-12374 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
- clamav <unfixed> (bug #888484)
[stretch] - clamav <no-dsa> (clamav is updated via -updates)
[jessie] - clamav <no-dsa> (clamav is updated via -updates)
@@ -56845,8 +56891,8 @@ CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier than
NOT-FOR-US: Lenovo LXCA
CVE-2017-3769
RESERVED
-CVE-2017-3768
- RESERVED
+CVE-2017-3768 (An unprivileged attacker with connectivity to the IMM2 could cause a ...)
+ TODO: check
CVE-2017-3767 (A local privilege escalation vulnerability was identified in the ...)
NOT-FOR-US: Lenovo
CVE-2017-3766
@@ -61778,8 +61824,8 @@ CVE-2017-2168 (Cross-site scripting vulnerability in WP Booking System Free vers
NOT-FOR-US: WP Booking System
CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive ...)
NOT-FOR-US: PrimeDrive
-CVE-2017-2166
- RESERVED
+CVE-2017-2166 (Open redirect vulnerability in GroupSession version 4.7.0 and earlier ...)
+ TODO: check
CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote authenticated ...)
NOT-FOR-US: GroupSession
CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 ...)
@@ -73307,7 +73353,7 @@ CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257
NOTE: Fixed in 7.0.12
CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...)
- {DLA-875-1}
+ {DSA-3783-1 DLA-875-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
@@ -77706,8 +77752,8 @@ CVE-2016-6232 (Directory traversal vulnerability in KArchive before 5.24, as use
NOTE: The fix for 4:4.14.22-1 was incomplete, cf.
NOTE: https://lists.debian.org/debian-lts/2016/07/msg00144.html
NOTE: Fix: https://git.reviewboard.kde.org/r/128185/
-CVE-2016-6217
- RESERVED
+CVE-2016-6217 (Cross-site scripting (XSS) vulnerability in Sophos PureMessage for ...)
+ TODO: check
CVE-2016-6216
RESERVED
CVE-2016-6215
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/082ae21db12068e585d654e947b31c789c476275
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/082ae21db12068e585d654e947b31c789c476275
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180126/bd0533f4/attachment.html>
More information about the Secure-testing-commits
mailing list