[Git][security-tracker-team/security-tracker][master] automatic update

Wed Jul 25 09:10:52 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fd08300 by security tracker role at 2018-07-25T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-14596 (wancms 1.0 through 5.0 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2018-14595
+	RESERVED
+CVE-2018-14594
+	RESERVED
 CVE-2018-14593
 	RESERVED
 CVE-2018-14592
@@ -440,6 +446,7 @@ CVE-2017-18343 (** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.
 	NOTE: https://github.com/symfony/symfony/issues/27987
 	NOTE: https://github.com/symfony/symfony/pull/23684
 CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx component in ...)
+	{DLA-1443-1}
 	- evolution-data-server 3.22.0-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334842
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
@@ -1954,6 +1961,7 @@ CVE-2018-13799
 CVE-2018-13798
 	RESERVED
 CVE-2018-13796 (Unspecified vulnerability in Mailman before 2.1.28 has unknown impact ...)
+	{DLA-1442-1}
 	- mailman <unfixed> (bug #903674)
 	[stretch] - mailman <no-dsa> (Minor issue)
 	NOTE: Fixed in 2.1.28
@@ -4554,6 +4562,7 @@ CVE-2018-1000552 (Trovebox version <= 4.0.0-rc6 contains a SQL Injection vuln
 CVE-2018-1000551 (Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling ...)
 	NOT-FOR-US: Trovebox
 CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32 contains a ...)
+	{DLA-1441-1}
 	- sympa 6.2.32~dfsg-1
 	NOTE: https://sympa-community.github.io/security/2018-001.html
 CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration ...)
@@ -9236,8 +9245,7 @@ CVE-2018-10908
 	RESERVED
 CVE-2018-10907
 	RESERVED
-CVE-2018-10906 [Restriction bypass of the "allow_other" option when SELinux is active]
-	RESERVED
+CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is ...)
 	- fuse3 <itp> (bug #904216)
 	- fuse 2.9.8-1 (bug #904439)
 	NOTE: https://github.com/libfuse/libfuse/pull/268
@@ -9425,6 +9433,7 @@ CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any 
 	NOTE: http://tracker.ceph.com/issues/24838
 	NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
 CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in ...)
+	{DLA-1440-1}
 	- libarchive-zip-perl <unfixed> (bug #902882)
 	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
 	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327
@@ -38796,7 +38805,7 @@ CVE-2018-0619
 	RESERVED
 CVE-2018-0618
 	RESERVED
-	{DSA-4246-1}
+	{DSA-4246-1 DLA-1442-1}
 	- mailman 1:2.1.27-1
 	NOTE: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
 	NOTE: https://launchpad.net/mailman/+milestone/2.1.27



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fd083005f1e3b62da0d93934df76ba753cd02b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fd083005f1e3b62da0d93934df76ba753cd02b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180725/0799add8/attachment.html>
