[Git][security-tracker-team/security-tracker][master] automatic update

Sun Jul 15 21:10:24 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6675d42 by security tracker role at 2018-07-15T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-14079
+	RESERVED
+CVE-2018-14078
+	RESERVED
+CVE-2018-14077
+	RESERVED
+CVE-2018-14076
+	RESERVED
+CVE-2018-14075
+	RESERVED
+CVE-2018-14074
+	RESERVED
+CVE-2018-14073 (libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. ...)
+	TODO: check
+CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, ...)
+	TODO: check
+CVE-2018-14071
+	RESERVED
+CVE-2018-14070
+	RESERVED
+CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
+	TODO: check
+CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
+	TODO: check
+CVE-2018-14067
+	RESERVED
+CVE-2018-14066 (The content://wappush content provider in ...)
+	TODO: check
+CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
+	TODO: check
+CVE-2018-14064 (The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices ...)
+	TODO: check
+CVE-2018-14063 (The increaseApproval function of a smart contract implementation for ...)
+	TODO: check
+CVE-2018-14062
+	RESERVED
 CVE-2018-14061
 	RESERVED
 CVE-2018-14060 (OS command injection in the AP mode settings feature in /cgi-bin/luci ...)
@@ -9,10 +45,12 @@ CVE-2018-14058
 CVE-2018-14057
 	RESERVED
 CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming ...)
+	{DLA-1427-1}
 	- znc <unfixed> (bug #903787)
 	NOTE: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
 	NOTE: https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
 CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web ...)
+	{DLA-1427-1}
 	- znc <unfixed> (bug #903788)
 	NOTE: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
 CVE-2018-14053
@@ -8065,6 +8103,7 @@ CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the avail
 CVE-2018-10851
 	RESERVED
 CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race ...)
+	{DLA-1428-1}
 	- 389-ds-base <unfixed> (bug #903501)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588056
 	NOTE: https://pagure.io/389-ds-base/c/8f04487f99a
@@ -35375,6 +35414,7 @@ CVE-2018-1091 (In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptr
 CVE-2018-1090 (In Pulp before version 2.16.2, secrets are passed into override_config ...)
 	NOT-FOR-US: Pulp (Red Hat)
 CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not ...)
+	{DLA-1428-1}
 	- 389-ds-base 1.3.8.2-1 (bug #898138)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/07/2
 CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot ...)
@@ -35568,6 +35608,7 @@ CVE-2018-1056 [heap buffer overflow while running advzip]
 CVE-2018-1055
 	REJECTED
 CVE-2018-1054 (An out-of-bounds memory read flaw was found in the way 389-ds-base ...)
+	{DLA-1428-1}
 	- 389-ds-base 1.3.7.10-1 (bug #892124)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1537314
 	NOTE: https://pagure.io/389-ds-base/issue/49545
@@ -37332,6 +37373,7 @@ CVE-2018-0619
 	RESERVED
 CVE-2018-0618
 	RESERVED
+	{DSA-4246-1}
 	- mailman 1:2.1.27-1
 	NOTE: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
 	NOTE: https://launchpad.net/mailman/+milestone/2.1.27
@@ -44441,6 +44483,7 @@ CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including 
 	- 389-ds-base 1.3.7.9-1 (bug #888451)
 	[jessie] - 389-ds-base <not-affected> (vulnerable code (patch for CVE-2016-5405) not applied)
 CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...)
+	{DLA-1428-1}
 	- 389-ds-base 1.3.7.9-1 (bug #888452)
 	NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9
 CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. A remote ...)
@@ -139768,6 +139811,7 @@ CVE-2015-1855 [OpenSSL extension hostname matching implementation violates RFC 6
 	NOTE: https://bugs.ruby-lang.org/issues/9644
 	NOTE: https://github.com/ruby/openssl/commit/e9a7bcb8bf2902f907c148a00bbcf21d3fa79596
 CVE-2015-1854 (389 Directory Server before 1.3.3.10 allows attackers to bypass ...)
+	{DLA-1428-1}
 	- 389-ds-base 1.3.3.10-1 (bug #783923)
 	NOTE: Patch applied to CentOS package: https://git.centos.org/raw/rpms!389-ds-base.git!/309aa9ee631432d72c845f70df2ce6475055423b/SOURCES!0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch
 CVE-2015-1853 [authentication doesn't protect symmetric associations against DoS attacks]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6675d42fc594b655795dd6631d676ddbcd137ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6675d42fc594b655795dd6631d676ddbcd137ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180715/538f4fda/attachment.html>
