[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jan 30 21:10:24 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12f63dfd by security tracker role at 2018-01-30T21:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-6404
+	RESERVED
+CVE-2018-6403
+	RESERVED
 CVE-2018-6402
 	RESERVED
 CVE-2018-6401
@@ -6,14 +10,14 @@ CVE-2018-6400
 	RESERVED
 CVE-2018-6399
 	RESERVED
-CVE-2018-6398
-	RESERVED
-CVE-2018-6397
-	RESERVED
+CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...)
+	TODO: check
+CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 component for ...)
+	TODO: check
 CVE-2018-6396
 	RESERVED
-CVE-2018-6395
-	RESERVED
+CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! ...)
+	TODO: check
 CVE-2018-6394
 	RESERVED
 CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection via the ...)
@@ -46,16 +50,16 @@ CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by inval
 	- zziplib <unfixed>
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/12
-CVE-2018-6380
-	RESERVED
-CVE-2018-6379
-	RESERVED
+CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes leads ...)
+	TODO: check
+CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ...)
+	TODO: check
 CVE-2018-6378
 	RESERVED
-CVE-2018-6377
-	RESERVED
-CVE-2018-6376
-	RESERVED
+CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields leads ...)
+	TODO: check
+CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a ...)
+	TODO: check
 CVE-2018-1000029
 	RESERVED
 CVE-2018-1000026
@@ -140,8 +144,8 @@ CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the .
 	NOT-FOR-US: acurax-social-media-widget plugin for WordPress
 CVE-2018-6356
 	RESERVED
-CVE-2018-6355
-	RESERVED
+CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 ...)
+	TODO: check
 CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS ...)
 	NOT-FOR-US: Formspree
 CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 ...)
@@ -489,11 +493,9 @@ CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via 
 	NOT-FOR-US: vBulletin
 CVE-2018-6199
 	RESERVED
-CVE-2018-6195
-	RESERVED
+CVE-2018-6195 (admin/partials/wp-splashing-admin-main.php in the Splashing Images ...)
 	NOT-FOR-US: WordPress plugin wp-splashing-images
-CVE-2018-6194
-	RESERVED
+CVE-2018-6194 (A cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: WordPress plugin wp-splashing-images
 CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...)
 	NOT-FOR-US: Routers2
@@ -2411,8 +2413,8 @@ CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA
 	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5442
 	RESERVED
-CVE-2018-5441
-	RESERVED
+CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...)
+	TODO: check
 CVE-2018-5440
 	RESERVED
 CVE-2018-5439
@@ -3265,7 +3267,7 @@ CVE-2018-5118
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
 CVE-2018-5117
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
@@ -3322,7 +3324,7 @@ CVE-2018-5105
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
 CVE-2018-5104
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
@@ -3331,7 +3333,7 @@ CVE-2018-5104
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
 CVE-2018-5103
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
@@ -3340,7 +3342,7 @@ CVE-2018-5103
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
 CVE-2018-5102
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
@@ -3357,7 +3359,7 @@ CVE-2018-5100
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
 CVE-2018-5099
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
@@ -3366,7 +3368,7 @@ CVE-2018-5099
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
 CVE-2018-5098
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
@@ -3375,7 +3377,7 @@ CVE-2018-5098
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
 CVE-2018-5097
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
@@ -3384,14 +3386,14 @@ CVE-2018-5097
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
 CVE-2018-5096
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
 CVE-2018-5095
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- skia <itp> (bug #818180)
@@ -3413,7 +3415,7 @@ CVE-2018-5092
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
 CVE-2018-5091
 	RESERVED
-	{DSA-4096-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
@@ -3424,7 +3426,7 @@ CVE-2018-5090
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
 CVE-2018-5089
 	RESERVED
-	{DSA-4096-1 DLA-1262-1 DLA-1256-1}
+	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	- thunderbird 1:52.6.0-1
@@ -3938,7 +3940,7 @@ CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site could set javascript in 
 CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc1 sends ...)
 	NOT-FOR-US: Plone
 CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...)
-	{DSA-4094-1 DLA-1249-1}
+	{DSA-4094-2 DSA-4094-1 DLA-1249-1}
 	- smarty <removed>
 	- smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bug #886460)
 	NOTE: https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
@@ -6578,8 +6580,7 @@ CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import]
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...)
 	NOT-FOR-US: Muviko
-CVE-2017-17969 [ZIP Shrink: Heap Buffer Overflow]
-	RESERVED
+CVE-2017-17969 (Heap-based buffer overflow in the ...)
 	- p7zip 16.02+dfsg-5 (bug #888297)
 	NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
 	NOTE: fixed in upstream 18.00-beta, backport available for testing in bug#888297
@@ -18514,7 +18515,7 @@ CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1
 CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
 	- mahara <removed>
 CVE-2017-1000141
-	RESERVED
+	REJECTED
 CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
 	- mahara <removed>
 CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
@@ -22526,6 +22527,7 @@ CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dns
 CVE-2017-15106
 	RESERVED
 CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...)
+	{DLA-1264-1}
 	- unbound <unfixed> (bug #887733)
 	NOTE: https://unbound.net/downloads/CVE-2017-15105.txt
 	NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff
@@ -62992,8 +62994,8 @@ CVE-2017-1733
 	RESERVED
 CVE-2017-1732
 	RESERVED
-CVE-2017-1731
-	RESERVED
+CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...)
+	TODO: check
 CVE-2017-1730
 	RESERVED
 CVE-2017-1729
@@ -76646,10 +76648,10 @@ CVE-2016-6601 (Directory traversal vulnerability in the file download functional
 	NOT-FOR-US: ZOHO WebNMS
 CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in ...)
 	NOT-FOR-US: ZOHO WebNMS
-CVE-2016-6599
-	RESERVED
-CVE-2016-6598
-	RESERVED
+CVE-2016-6599 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...)
+	TODO: check
+CVE-2016-6598 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...)
+	TODO: check
 CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus ...)
 	NOT-FOR-US: Sophos EAS Proxy
 	NOTE: https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability
@@ -136104,8 +136106,8 @@ CVE-2014-4707 (Huawei Campus S7700 with software V200R001C00SPC300, ...)
 	NOT-FOR-US: Huawei
 CVE-2014-4706 (Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 ...)
 	NOT-FOR-US: Huawei
-CVE-2014-4705
-	RESERVED
+CVE-2014-4705 (Multiple heap-based buffer overflows in the eSap software platform in ...)
+	TODO: check
 CVE-2014-4704
 	RESERVED
 CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
@@ -192262,8 +192264,7 @@ CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix 
 CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow ...)
 	- tcptrack 1.4.2-1 (unimportant; bug #551092)
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917
-CVE-2011-2902 [xpdf: insecure tempfile usage]
-	RESERVED
+CVE-2011-2902 (zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and ...)
 	- xpdf 3.02-19 (low; bug #635849)
 	[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
 	[squeeze] - xpdf 3.02-12+squeeze1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12f63dfde81f7ab402b4df693adba46569f4cd89

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12f63dfde81f7ab402b4df693adba46569f4cd89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180130/40f2aff0/attachment.html>


More information about the Secure-testing-commits mailing list