[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jul 17 09:10:18 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39fa51e1 by security tracker role at 2018-07-17T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,25 @@
+CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 ...)
+	TODO: check
+CVE-2018-14336
+	RESERVED
+CVE-2018-14335
+	RESERVED
+CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file ...)
+	TODO: check
+CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode format within ...)
+	TODO: check
+CVE-2018-14332
+	RESERVED
+CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a CSRF ...)
+	TODO: check
+CVE-2018-14330
+	RESERVED
+CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow local ...)
+	TODO: check
+CVE-2018-14328
+	RESERVED
+CVE-2018-14327
+	RESERVED
 CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP ...)
 	TODO: check
 CVE-2018-14323
@@ -1083,8 +1105,8 @@ CVE-2018-13834
 	RESERVED
 CVE-2018-13833 (An issue was discovered in cmft through 2017-09-24. The ...)
 	NOT-FOR-US: cmft
-CVE-2018-13832
-	RESERVED
+CVE-2018-13832 (Multiple Persistent cross-site scripting (XSS) issues in the ...)
+	TODO: check
 CVE-2018-13831
 	RESERVED
 CVE-2018-13830
@@ -4022,8 +4044,8 @@ CVE-2018-12586
 	RESERVED
 CVE-2018-12585
 	RESERVED
-CVE-2018-12584
-	RESERVED
+CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in ...)
+	TODO: check
 CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article via an ...)
 	NOT-FOR-US: AKCMS
 CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin account via ...)
@@ -8581,8 +8603,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypti
 	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
 CVE-2018-10858
 	RESERVED
-CVE-2018-10857
-	RESERVED
+CVE-2018-10857 (git-annex is vulnerable to a private data exposure and exfiltration ...)
 	- git-annex 6.20180626-1
 	[stretch] - git-annex 6.20170101-1+deb9u2
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
@@ -8642,8 +8663,7 @@ CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster serve
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	NOTE: https://review.gluster.org/#/c/20328/
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
-CVE-2018-10840 [ext4: correctly handle a zero-length xattr with a non-zero e_value_offs]
-	RESERVED
+CVE-2018-10840 (Linux kernel is vulnerable to a heap-based buffer overflow in the ...)
 	- linux 4.17.3-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -16657,6 +16677,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to 
 	NOTE: https://nodesecurity.io/advisories/565
 	NOTE: nodejs not covered by security support
 CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier ...)
+	{DSA-4247-1}
 	- ruby-rack-protection <unfixed> (bug #892250)
 	[jessie] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat)
 	[wheezy] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat)
@@ -34618,8 +34639,8 @@ CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in 
 	NOT-FOR-US: Fortinet FortiClient
 CVE-2017-17542
 	RESERVED
-CVE-2017-17541
-	RESERVED
+CVE-2017-17541 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager ...)
+	TODO: check
 CVE-2017-17540 (The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows ...)
 	NOT-FOR-US: Fortinet FortiWLC
 CVE-2017-17539 (The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and ...)
@@ -36160,8 +36181,7 @@ CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability .
 	NOTE: https://issues.jboss.org/browse/WFLY-9620
 	NOTE: https://developer.jboss.org/thread/276826
 	NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
-CVE-2018-1046 [stack-based buffer overflow in dnsreplay]
-	RESERVED
+CVE-2018-1046 (pdns before version 4.1.2 is vulnerable to a buffer overflow in ...)
 	- pdns 4.1.2-1 (bug #898255)
 	[stretch] - pdns <no-dsa> (local DoS when parsing untrusted files)
 	[jessie] - pdns <not-affected> (Vulnerable code not present)
@@ -44990,8 +45010,7 @@ CVE-2017-15139
 CVE-2017-15138
 	RESERVED
 	NOT-FOR-US: atomic-openshift
-CVE-2017-15137
-	RESERVED
+CVE-2017-15137 (The OpenShift image import whitelist failed to enforce restrictions ...)
 	NOT-FOR-US: atomic-openshift
 CVE-2017-15136 (When registering and activating a new system with Red Hat Satellite 6 ...)
 	NOT-FOR-US: Red Hat Satellite 6



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39fa51e1d631b21c091d73b1eb57b0ae5d5e13dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39fa51e1d631b21c091d73b1eb57b0ae5d5e13dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180717/558c21bb/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list