[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jul 30 09:10:24 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2f92f8e by security tracker role at 2018-07-30T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -433,10 +433,12 @@ CVE-2018-1999014 (FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e7
 CVE-2018-1999013 (FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains ...)
+	{DSA-4249-1}
 	- ffmpeg 7:4.0.2-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f
 CVE-2018-1999012 (FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ...)
+	{DSA-4249-1}
 	- ffmpeg 7:4.0.2-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e
@@ -446,6 +448,7 @@ CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a58286
 CVE-2018-1999010 (FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...)
+	{DSA-4249-1}
 	- ffmpeg 7:4.0.2-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e
@@ -878,10 +881,12 @@ CVE-2018-14397
 CVE-2018-14396
 	RESERVED
 CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...)
+	{DSA-4258-1}
 	- ffmpeg 7:4.0.2-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
 CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...)
+	{DSA-4249-1}
 	- ffmpeg 7:4.0.2-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3a2d21bc5f97aa0161db3ae731fc2732be6108b8
@@ -4333,7 +4338,7 @@ CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An I
 	NOTE: https://github.com/lcytxw/bug_repro/tree/master/bug_200189
 	NOTE: https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
 CVE-2018-12895 (WordPress through 4.9.6 allows Author users to execute arbitrary code ...)
-	{DSA-4250-1}
+	{DSA-4250-1 DLA-1452-1}
 	- wordpress 4.9.7+dfsg1-1 (bug #902876)
 	NOTE: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
 	NOTE: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
@@ -16849,6 +16854,7 @@ CVE-2018-8035
 	RESERVED
 CVE-2018-8034 [host name verification missing in WebSocket client]
 	RESERVED
+	{DLA-1453-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.32-1
 	- tomcat8.0 <unfixed> (unimportant)
@@ -103398,7 +103404,7 @@ CVE-2016-5837 (WordPress before 4.5.3 allows remote attackers to bypass intended
 	NOTE: Upstream bug: https://core.trac.wordpress.org/ticket/36379
 	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37781
 CVE-2016-5836 (The oEmbed protocol implementation in WordPress before 4.5.3 allows ...)
-	{DLA-633-1}
+	{DLA-1452-1 DLA-633-1}
 	- wordpress 4.5.3+dfsg-1
 	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
 	NOTE: Upstream ticket: https://core.trac.wordpress.org/ticket/36767



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d2f92f8e75ea9d51b217a83ca06d404d84931192

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d2f92f8e75ea9d51b217a83ca06d404d84931192
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180730/451a011d/attachment.html>
