[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jul 19 09:10:24 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75451ab8 by security tracker role at 2018-07-19T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings ...)
+	TODO: check
+CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the ...)
+	TODO: check
+CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an ...)
+	TODO: check
+CVE-2018-14400
+	RESERVED
+CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote ...)
+	TODO: check
+CVE-2018-14398
+	RESERVED
+CVE-2018-14397
+	RESERVED
+CVE-2018-14396
+	RESERVED
+CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...)
+	TODO: check
+CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...)
+	TODO: check
+CVE-2018-14393
+	RESERVED
+CVE-2018-14392 (The New Threads plugin before 1.2 for MyBB has XSS. ...)
+	TODO: check
+CVE-2018-14391
+	RESERVED
+CVE-2018-14390
+	RESERVED
 CVE-2018-1999001 [ jenkins SECURITY-897 ]
 	NOT-FOR-US: Jenkins
 CVE-2018-1999002 [ jenkins SECURITY-914 ]
@@ -60,14 +88,14 @@ CVE-2018-14372
 	RESERVED
 CVE-2018-14371 (The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra ...)
 	TODO: check
-CVE-2018-14370
-	RESERVED
-CVE-2018-14369
-	RESERVED
-CVE-2018-14368
-	RESERVED
-CVE-2018-14367
-	RESERVED
+CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 ...)
+	TODO: check
+CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...)
+	TODO: check
+CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...)
+	TODO: check
+CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol ...)
+	TODO: check
 CVE-2018-14366
 	RESERVED
 CVE-2018-14365
@@ -169,18 +197,18 @@ CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured wi
 	[stretch] - sddm <not-affected> (Re-use session feature introduced in 0.16.0)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1101450
 	NOTE: https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98
-CVE-2018-14344
-	RESERVED
-CVE-2018-14343
-	RESERVED
-CVE-2018-14342
-	RESERVED
-CVE-2018-14341
-	RESERVED
-CVE-2018-14340
-	RESERVED
-CVE-2018-14339
-	RESERVED
+CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...)
+	TODO: check
+CVE-2018-14343 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...)
+	TODO: check
+CVE-2018-14342 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...)
+	TODO: check
+CVE-2018-14341 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...)
+	TODO: check
+CVE-2018-14340 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, ...)
+	TODO: check
+CVE-2018-14339 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...)
+	TODO: check
 CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses the ...)
 	- exiv2 <unfixed> (unimportant)
 	NOTE: https://github.com/Exiv2/exiv2/issues/382
@@ -765,13 +793,13 @@ CVE-2018-14058
 CVE-2018-14057
 	RESERVED
 CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming ...)
-	{DLA-1427-1}
+	{DSA-4252-1 DLA-1427-1}
 	- znc 1.7.1-1 (bug #903787)
 	NOTE: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
 	NOTE: https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/4
 CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web ...)
-	{DLA-1427-1}
+	{DSA-4252-1 DLA-1427-1}
 	- znc 1.7.1-1 (bug #903788)
 	NOTE: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/5
@@ -3086,10 +3114,12 @@ CVE-2018-13008 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-ba
 CVE-2018-13007 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based ...)
 	NOT-FOR-US: gpmf-parser
 CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based ...)
+	{DLA-1432-1}
 	- gpac <unfixed> (bug #902782)
 	[stretch] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
 CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read ...)
+	{DLA-1432-1}
 	- gpac <unfixed> (bug #902782)
 	[stretch] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1088
@@ -7014,6 +7044,7 @@ CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer overflow in getData in previe
 CVE-2018-11530
 	RESERVED
 CVE-2018-11529 (VideoLAN VLC media player 2.2.x is prone to a use after free ...)
+	{DSA-4251-1}
 	- vlc 3.0.3-1-1
 	NOTE: https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
 	NOTE: https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42
@@ -8699,6 +8730,7 @@ CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been .
 	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
 	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
 CVE-2018-10886 (ant before version 1.9.12 unzip and untar targets allows the ...)
+	{DLA-1431-1}
 	- ant 1.10.4-1
 	NOTE: Fixed upstream in 1.9.12 and 1.10.4
 	NOTE: https://github.com/apache/ant/commit/e56e54565804991c62ec76dad385d2bdda8972a7
@@ -38742,40 +38774,40 @@ CVE-2018-0405
 	RESERVED
 CVE-2018-0404
 	RESERVED
-CVE-2018-0403
-	RESERVED
-CVE-2018-0402
-	RESERVED
-CVE-2018-0401
-	RESERVED
-CVE-2018-0400
-	RESERVED
-CVE-2018-0399
-	RESERVED
-CVE-2018-0398
-	RESERVED
+CVE-2018-0403 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
+	TODO: check
+CVE-2018-0402 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
+	TODO: check
+CVE-2018-0401 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
+	TODO: check
+CVE-2018-0400 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
+	TODO: check
+CVE-2018-0399 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
+	TODO: check
+CVE-2018-0398 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
+	TODO: check
 CVE-2018-0397
 	RESERVED
-CVE-2018-0396
-	RESERVED
+CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified ...)
+	TODO: check
 CVE-2018-0395
 	RESERVED
-CVE-2018-0394
-	RESERVED
-CVE-2018-0393
-	RESERVED
-CVE-2018-0392
-	RESERVED
+CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud Services ...)
+	TODO: check
+CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builder ...)
+	TODO: check
+CVE-2018-0392 (A vulnerability in the CLI of Cisco Policy Suite could allow an ...)
+	TODO: check
 CVE-2018-0391
 	RESERVED
-CVE-2018-0390
-	RESERVED
+CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow an ...)
+	TODO: check
 CVE-2018-0389
 	RESERVED
 CVE-2018-0388
 	RESERVED
-CVE-2018-0387
-	RESERVED
+CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) could ...)
+	TODO: check
 CVE-2018-0386
 	RESERVED
 CVE-2018-0385 (A vulnerability in the detection engine parsing of Security Socket ...)
@@ -38788,24 +38820,24 @@ CVE-2018-0382
 	RESERVED
 CVE-2018-0381
 	RESERVED
-CVE-2018-0380
-	RESERVED
-CVE-2018-0379
-	RESERVED
+CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network Recording ...)
+	TODO: check
+CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network Recording ...)
+	TODO: check
 CVE-2018-0378
 	RESERVED
-CVE-2018-0377
-	RESERVED
-CVE-2018-0376
-	RESERVED
-CVE-2018-0375
-	RESERVED
-CVE-2018-0374
-	RESERVED
+CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) interface ...)
+	TODO: check
+CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy Suite ...)
+	TODO: check
+CVE-2018-0375 (A vulnerability in the Cluster Manager of Cisco Policy Suite before ...)
+	TODO: check
+CVE-2018-0374 (A vulnerability in the Policy Builder database of Cisco Policy Suite ...)
+	TODO: check
 CVE-2018-0373 (A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for ...)
 	NOT-FOR-US: Cisco
-CVE-2018-0372
-	RESERVED
+CVE-2018-0372 (A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series ...)
+	TODO: check
 CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting Server ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower System ...)
@@ -38850,26 +38882,26 @@ CVE-2018-0353 (A vulnerability in traffic-monitoring functions in Cisco Web Secu
 	NOT-FOR-US: Cisco
 CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide ...)
 	NOT-FOR-US: Cisco
-CVE-2018-0351
-	RESERVED
-CVE-2018-0350
-	RESERVED
-CVE-2018-0349
-	RESERVED
-CVE-2018-0348
-	RESERVED
-CVE-2018-0347
-	RESERVED
-CVE-2018-0346
-	RESERVED
-CVE-2018-0345
-	RESERVED
-CVE-2018-0344
-	RESERVED
-CVE-2018-0343
-	RESERVED
-CVE-2018-0342
-	RESERVED
+CVE-2018-0351 (A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN ...)
+	TODO: check
+CVE-2018-0350 (A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN ...)
+	TODO: check
+CVE-2018-0349 (A vulnerability in the Cisco SD-WAN Solution could allow an ...)
+	TODO: check
+CVE-2018-0348 (A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an ...)
+	TODO: check
+CVE-2018-0347 (A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the ...)
+	TODO: check
+CVE-2018-0346 (A vulnerability in the Zero Touch Provisioning service of the Cisco ...)
+	TODO: check
+CVE-2018-0345 (A vulnerability in the configuration and management database of the ...)
+	TODO: check
+CVE-2018-0344 (A vulnerability in the vManage dashboard for the configuration and ...)
+	TODO: check
+CVE-2018-0343 (A vulnerability in the configuration and management service of the ...)
+	TODO: check
+CVE-2018-0342 (A vulnerability in the configuration and monitoring service of the ...)
+	TODO: check
 CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75451ab8badb77422fa221f2082eaa8d6fb5ba6f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75451ab8badb77422fa221f2082eaa8d6fb5ba6f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180719/d9d18ea0/attachment.html>

More information about the debian-security-tracker-commits mailing list