[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 30 21:10:23 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
57b58faa by security tracker role at 2018-07-30T20:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-14766
+ RESERVED
+CVE-2018-14765
+ RESERVED
+CVE-2018-14764
+ RESERVED
+CVE-2018-14763
+ RESERVED
+CVE-2018-14762
+ RESERVED
+CVE-2018-14761
+ RESERVED
+CVE-2018-14760
+ RESERVED
+CVE-2018-14759
+ RESERVED
+CVE-2018-14758
+ RESERVED
+CVE-2018-14757
+ RESERVED
+CVE-2018-14756
+ RESERVED
+CVE-2018-14755
+ RESERVED
+CVE-2018-14754
+ RESERVED
+CVE-2018-14753
+ RESERVED
+CVE-2018-14752
+ RESERVED
+CVE-2018-14751
+ RESERVED
+CVE-2018-14750
+ RESERVED
+CVE-2018-14749
+ RESERVED
+CVE-2018-14748
+ RESERVED
+CVE-2018-14747
+ RESERVED
+CVE-2018-14746
+ RESERVED
CVE-2018-XXXX [Multiple persistent XSS vulnerabilities in message display]
- squirrelmail <removed> (bug #905023)
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
@@ -3475,8 +3517,8 @@ CVE-2018-13282
RESERVED
CVE-2018-13281
RESERVED
-CVE-2018-13280
- RESERVED
+CVE-2018-13280 (Use of insufficiently random values vulnerability in ...)
+ TODO: check
CVE-2018-13279
RESERVED
CVE-2018-13278
@@ -9657,8 +9699,7 @@ CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2018-10904
RESERVED
-CVE-2018-10903 [GCM tag forgery via truncated tag in finalize_with_tag API]
- RESERVED
+CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1.9.0 and ...)
- python-cryptography 2.3-1 (bug #904072)
[stretch] - python-cryptography <not-affected> (Vulnerable code introduced later)
[jessie] - python-cryptography <not-affected> (Vulnerable code introduced later)
@@ -9676,8 +9717,7 @@ CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before ver
NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
CVE-2018-10899
RESERVED
-CVE-2018-10898
- RESERVED
+CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates before ...)
- tripleo-heat-templates <removed>
CVE-2018-10897 [reposync: improper path validation may lead to directory traversal]
RESERVED
@@ -9742,8 +9782,7 @@ CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-po
NOT-FOR-US: atomic-openshift
CVE-2018-10884
RESERVED
-CVE-2018-10883
- RESERVED
+CVE-2018-10883 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...)
{DLA-1423-1}
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
@@ -9878,8 +9917,7 @@ CVE-2018-10849
REJECTED
CVE-2018-10848
REJECTED
-CVE-2018-10847 [insufficient stream header validation]
- RESERVED
+CVE-2018-10847 (prosody before versions 0.10.2, 0.9.14 is vulnerable to an ...)
{DSA-4216-1}
- prosody 0.10.2-1 (bug #900524)
NOTE: https://issues.prosody.im/1147
@@ -14313,12 +14351,12 @@ CVE-2018-9068 (The IMM2 First Failure Data Capture function collects management
NOT-FOR-US: IBM
CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had ...)
NOT-FOR-US: Lenovo
-CVE-2018-9066
- RESERVED
-CVE-2018-9065
- RESERVED
-CVE-2018-9064
- RESERVED
+CVE-2018-9066 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an ...)
+ TODO: check
+CVE-2018-9065 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an ...)
+ TODO: check
+CVE-2018-9064 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an ...)
+ TODO: check
CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo ...)
NOT-FOR-US: Lenovo
CVE-2018-9062
@@ -29461,10 +29499,10 @@ CVE-2018-3775
RESERVED
CVE-2018-3774
RESERVED
-CVE-2018-3773
- RESERVED
-CVE-2018-3772
- RESERVED
+CVE-2018-3773 (There is a stored Cross-Site Scripting vulnerability in Open Graph ...)
+ TODO: check
+CVE-2018-3772 (Concatenating unsanitized user input in the `whereis` npm module < ...)
+ TODO: check
CVE-2018-3771 (An XSS in statics-server <= 0.0.9 can be used via injected iframe in ...)
NOT-FOR-US: statics-server nodejs module
CVE-2018-3770 (A path traversal exists in markdown-pdf version <9.0.0 that allows a ...)
@@ -69858,8 +69896,7 @@ CVE-2017-7519 (In Ceph, a format string flaw was found in the way libradosstripe
[stretch] - ceph <no-dsa> (Minor issue)
[jessie] - ceph <not-affected> (Vulnerable code not present)
NOTE: http://tracker.ceph.com/issues/20240
-CVE-2017-7518 [debug exception via syscall emulation]
- RESERVED
+CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the way ...)
{DSA-3981-1}
- linux 4.11.11-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -69877,8 +69914,7 @@ CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled .
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=771c82623e8e1e0c92b8ca6f7c2b8a81ccbb60d3
NOTE: Crash in CLI tool, no security implications
-CVE-2017-7514
- RESERVED
+CVE-2017-7514 (A cross-site scripting (XSS) flaw was found in how the failed action ...)
NOT-FOR-US: Red Hat Satellite
CVE-2017-7513
RESERVED
@@ -70011,8 +70047,7 @@ CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passin
[jessie] - rxvt <no-dsa> (Minor issue)
[wheezy] - rxvt <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
-CVE-2017-7482
- RESERVED
+CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decoded ...)
{DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
@@ -90604,8 +90639,7 @@ CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an .
CVE-2016-9598 [out-of-bounds read]
RESERVED
- libxml2 <not-affected> (Red Hat specific security regressions)
-CVE-2016-9597 [stack overflow before detecting invalid XML file]
- RESERVED
+CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 ...)
- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9596 [stack exhaustion while parsing xml files in recovery mode]
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/57b58faa5c0db333e24e75b87fa629c6dfda344e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/57b58faa5c0db333e24e75b87fa629c6dfda344e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180730/57a84c21/attachment.html>
More information about the debian-security-tracker-commits
mailing list