[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09044b25 by security tracker role at 2018-07-21T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-14491
+	RESERVED
+CVE-2018-14490
+	RESERVED
 CVE-2018-14489
 	RESERVED
 CVE-2018-14488
@@ -4316,7 +4320,7 @@ CVE-2018-1000530
 CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting ...)
 	NOT-FOR-US: Grails Fields plugin
 CVE-2018-1000528 (GONICUS GOsa version before commit ...)
-	{DSA-4239-1}
+	{DSA-4239-1 DLA-1436-1}
 	- gosa 2.7.4+reloaded3-5 (low; bug #902723)
 	NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
 	NOTE: https://github.com/gosa-project/gosa-core/issues/14
@@ -28630,10 +28634,10 @@ CVE-2018-3773
 	RESERVED
 CVE-2018-3772
 	RESERVED
-CVE-2018-3771
-	RESERVED
-CVE-2018-3770
-	RESERVED
+CVE-2018-3771 (An XSS in statics-server <= 0.0.9 can be used via injected iframe in ...)
+	TODO: check
+CVE-2018-3770 (A path traversal exists in markdown-pdf version <9.0.0 that allows a ...)
+	TODO: check
 CVE-2018-3769 (ruby-grape ruby gem suffers from a cross-site scripting (XSS) ...)
 	- ruby-grape <unfixed> (bug #903086)
 	[stretch] - ruby-grape <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09044b25aa2b7ac6aa6b72e249a0e1de11f5e34d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09044b25aa2b7ac6aa6b72e249a0e1de11f5e34d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180721/4dad0e8f/attachment.html>