[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Jul 22 21:10:30 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1223a19 by security tracker role at 2018-07-22T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,10 +1,28 @@
+CVE-2018-14509
+ RESERVED
+CVE-2018-14508
+ RESERVED
+CVE-2018-14507
+ RESERVED
+CVE-2018-14506
+ RESERVED
+CVE-2018-14504
+ RESERVED
+CVE-2018-14503
+ RESERVED
+CVE-2018-14502
+ RESERVED
+CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as ...)
+ TODO: check
+CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the ...)
+ TODO: check
CVE-2018-1999023 [arbitrary code execution/sandbox escape]
- wesnoth-1.14 <unfixed>
- wesnoth-1.12 <removed>
- wesnoth-1.10 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1
NOTE: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 (1.14.x)
-CVE-2018-14505 [allowing DNS rebinding attacks]
+CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to ...)
- mitmproxy <unfixed> (bug #904293)
NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234
NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243
@@ -1049,7 +1067,6 @@ CVE-2018-14073 (libsixel 1.8.1 has a memory leak in sixel_allocator_new in alloc
[jessie] - libsixel <postponed> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926
NOTE: https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
-
CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, ...)
- libsixel <unfixed> (low; bug #903858)
[stretch] - libsixel <no-dsa> (Minor issue)
@@ -24870,13 +24887,13 @@ CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver fil
CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
NOT-FOR-US: Malwarebytes Premium
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in ...)
- {DLA-1354-1}
+ {DLA-1438-1 DLA-1354-1}
- opencv <unfixed> (bug #886675)
[stretch] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10540
NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in ...)
- {DLA-1354-1}
+ {DLA-1438-1 DLA-1354-1}
- opencv <unfixed> (bug #886674)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10541
@@ -28380,7 +28397,7 @@ CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.
CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git ...)
NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...)
- {DLA-1235-1}
+ {DLA-1438-1 DLA-1235-1}
- opencv <unfixed> (bug #886282)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9723
@@ -29857,7 +29874,7 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData ...)
- {DLA-1235-1}
+ {DLA-1438-1 DLA-1235-1}
- opencv <unfixed> (bug #885843)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10351
@@ -52783,17 +52800,17 @@ CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman
- connman 1.35-1 (bug #872844)
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #875345)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #875344)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #875342)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9370
@@ -53603,22 +53620,22 @@ CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, an
CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect ...)
NOT-FOR-US: Liferay Portal
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
@@ -53629,7 +53646,7 @@ CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
[wheezy] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
@@ -53640,17 +53657,17 @@ CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
[wheezy] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
@@ -116974,7 +116991,7 @@ CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service
NOTE: https://arxiv.org/pdf/1701.04739.pdf
NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute ...)
- {DLA-1117-1}
+ {DLA-1438-1 DLA-1117-1}
- opencv <unfixed> (bug #872043)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://arxiv.org/pdf/1701.04739.pdf
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1223a1943121dbc563345453ec59cad2f5620dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1223a1943121dbc563345453ec59cad2f5620dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180722/3e911c28/attachment.html>
More information about the debian-security-tracker-commits
mailing list