[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jan 27 21:10:20 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
295314d6 by security tracker role at 2018-01-27T21:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the ...)
+	TODO: check
+CVE-2018-6356
+	RESERVED
+CVE-2018-6355
+	RESERVED
+CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS ...)
+	TODO: check
+CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 ...)
+	TODO: check
+CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the ...)
+	TODO: check
 CVE-2018-6351
 	RESERVED
 CVE-2018-6350
@@ -52,7 +64,7 @@ CVE-2018-6326
 	RESERVED
 CVE-2018-6325
 	RESERVED
-CVE-2017-18077 [regular expression denial of service]
+CVE-2017-18077 (index.js in brace-expansion before 1.1.7 is vulnerable to Regular ...)
 	- node-brace-expansion 1.1.8-1 (unimportant; bug #862712)
 	[stretch] - node-brace-expansion 1.1.6-1+deb9u1
 	NOTE: https://nodesecurity.io/advisories/338
@@ -6025,6 +6037,7 @@ CVE-2018-3811 (SQL Injection vulnerability in the Oturia Smart Google Code Inser
 CVE-2018-3810 (Authentication Bypass vulnerability in the Oturia Smart Google Code ...)
 	NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
 CVE-2017-18013 (In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the ...)
+	{DSA-4100-1 DLA-1260-1 DLA-1259-1}
 	- tiff 4.0.9-3 (bug #885985)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2770
@@ -14898,6 +14911,7 @@ CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dis
 CVE-2017-17082
 	REJECTED
 CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...)
+	{DSA-4099-1}
 	- ffmpeg 7:3.4.1-1
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8
 CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
@@ -26518,14 +26532,14 @@ CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274
 CVE-2017-13727 (There is a reachable assertion abort in the function ...)
-	{DLA-1093-1}
+	{DSA-4100-1 DLA-1093-1}
 	- tiff 4.0.8-5 (bug #873879)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2728
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc
 CVE-2017-13726 (There is a reachable assertion abort in the function ...)
-	{DLA-1093-1}
+	{DSA-4100-1 DLA-1093-1}
 	- tiff 4.0.8-5 (bug #873880)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
@@ -28485,7 +28499,7 @@ CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin bef
 CVE-2017-12945
 	RESERVED
 CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 ...)
-	{DLA-1093-1}
+	{DSA-4100-1 DLA-1093-1}
 	- tiff 4.0.8-6 (bug #872607)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
@@ -33610,7 +33624,7 @@ CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStr
 	NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind).
 	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
 CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF ...)
-	{DLA-1094-1 DLA-1093-1}
+	{DSA-4100-1 DLA-1094-1 DLA-1093-1}
 	- tiff 4.0.8-4 (bug #868513)
 	[stretch] - tiff <no-dsa> (Minor issue)
 	[jessie] - tiff <no-dsa> (Minor issue)
@@ -35951,7 +35965,7 @@ CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
 CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
-	{DLA-1206-1}
+	{DSA-4100-1 DLA-1206-1}
 	- tiff 4.0.9-2 (bug #866109)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (does not build vulnerable tiff2pdf)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/295314d6a279b0a2e3afccd458eaa0a0d41b2468

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/295314d6a279b0a2e3afccd458eaa0a0d41b2468
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180127/eb744b8f/attachment-0001.html>

More information about the Secure-testing-commits mailing list