[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jul 7 21:10:48 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6fd79b5 by security tracker role at 2018-07-07T20:10:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-13425
+	RESERVED
+CVE-2018-13424
+	RESERVED
+CVE-2018-13423 (admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows ...)
+	TODO: check
+CVE-2018-13422 (TCExam before 14.1.2 has XSS via an ff_ or xl_ field. ...)
+	TODO: check
+CVE-2018-13421 (Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a ...)
+	TODO: check
+CVE-2018-13420 (Google gperftools 2.7 has a memory leak in malloc_extension.cc, related ...)
+	TODO: check
+CVE-2018-13419 (An issue has been found in libsndfile 1.0.28. There is a memory leak in ...)
+	TODO: check
+CVE-2018-13418
+	RESERVED
 CVE-2018-13417
 	RESERVED
 CVE-2018-13416
@@ -4244,9 +4260,11 @@ CVE-2016-1000352 (In the Bouncy Castle JCE Provider version 1.55 and earlier the
 	[jessie] - bouncycastle <ignored> (Intrusive changes, can be mitigated by using a different mode than ECB)
 	NOTE: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
 CVE-2016-1000346 (In the Bouncy Castle JCE Provider version 1.55 and earlier the other ...)
+	{DLA-1418-1}
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
 CVE-2016-1000345 (In the Bouncy Castle JCE Provider version 1.55 and earlier the ...)
+	{DLA-1418-1}
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
 CVE-2016-1000344 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES ...)
@@ -4287,12 +4305,15 @@ CVE-2018-11708
 CVE-2018-1002101
 	RESERVED
 CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key ...)
+	{DLA-1418-1}
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
 CVE-2016-1000342 (In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does ...)
+	{DLA-1418-1}
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
 CVE-2016-1000341 (In the Bouncy Castle JCE Provider version 1.55 and earlier DSA ...)
+	{DLA-1418-1}
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce
 CVE-2016-1000340 (In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry ...)
@@ -4300,6 +4321,7 @@ CVE-2016-1000340 (In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a car
 	[jessie] - bouncycastle <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
 CVE-2016-1000339 (In the Bouncy Castle JCE Provider version 1.55 and earlier the primary ...)
+	{DLA-1418-1}
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
 	NOTE: https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
@@ -5270,12 +5292,12 @@ CVE-2018-11353
 	RESERVED
 CVE-2018-11352
 	RESERVED
-CVE-2018-11351
-	RESERVED
-CVE-2018-11350
-	RESERVED
-CVE-2018-11349
-	RESERVED
+CVE-2018-11351 (script.php in Jirafeau before 3.4.1 is affected by two stored ...)
+	TODO: check
+CVE-2018-11350 (An issue was discovered in Jirafeau before 3.4.1. The file "search by ...)
+	TODO: check
+CVE-2018-11349 (The administration panel of Jirafeau before 3.4.1 is vulnerable to ...)
+	TODO: check
 CVE-2018-11348
 	RESERVED
 CVE-2018-11347
@@ -20480,7 +20502,7 @@ CVE-2018-5875 (While parsing an mp4 file, an integer overflow leading to a buffe
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5874 (While parsing an mp4 file, a stack-based buffer overflow can occur in ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5873 (Due to a race condition when accessing files in all Android releases ...)
+CVE-2018-5873 (An issue was discovered in the __ns_get_path function in fs/nsfs.c in ...)
 	- linux 4.11.6-1
 	[stretch] - linux 4.9.82-1+deb9u1
 	NOTE: Fixed by: https://git.kernel.org/linus/073c516ff73557a8f7315066856c04b50383ac34
@@ -62254,6 +62276,7 @@ CVE-2016-1000361
 CVE-2016-1000360
 	REJECTED
 CVE-2016-1000338 (In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does ...)
+	{DLA-1418-1}
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
 CVE-2017-8829 (Deserialization vulnerability in lintian through 2.5.50.3 allows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6fd79b5724c349de924f86e0d50d6f856407ce4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6fd79b5724c349de924f86e0d50d6f856407ce4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180707/14b15d37/attachment.html>
