[Git][security-tracker-team/security-tracker][master] automatic update

Wed Jun 6 21:10:33 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6388f97a by security tracker role at 2018-06-06T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-1000203 (Soar Labs Soar Coin version up to and including git commit ...)
+	TODO: check
 CVE-2018-11814
 	RESERVED
 CVE-2018-11813 (libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ...)
@@ -9151,7 +9153,7 @@ CVE-2018-8095
 CVE-2018-1000128
 	REJECTED
 CVE-2018-1000127 (memcached version prior to 1.4.37 contains an Integer Overflow ...)
-	{DLA-1329-1}
+	{DSA-4218-1 DLA-1329-1}
 	- memcached 1.5.0-1 (bug #894404)
 	NOTE: https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
 	NOTE: https://github.com/memcached/memcached/issues/271
@@ -10395,6 +10397,7 @@ CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earli
 	NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
 	NOTE: https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb
 CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Network ...)
+	{DSA-4218-1}
 	- memcached 1.5.6-1
 	[wheezy] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost)
 	NOTE: Upstream 1.5.6 disables by default the UDP protocol
@@ -27707,8 +27710,8 @@ CVE-2018-1458
 	RESERVED
 CVE-2018-1457
 	RESERVED
-CVE-2018-1456
-	RESERVED
+CVE-2018-1456 (IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable ...)
+	TODO: check
 CVE-2018-1455
 	RESERVED
 CVE-2018-1454 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a ...)
@@ -52500,7 +52503,7 @@ CVE-2017-9953 (There is an invalid free in Image::printIFDStructure that leads t
 CVE-2017-9952
 	RESERVED
 CVE-2017-9951 (The try_read_command function in memcached.c in memcached before 1.4.39 ...)
-	{DLA-1033-1}
+	{DSA-4218-1 DLA-1033-1}
 	- memcached 1.5.0-1 (bug #868701)
 	NOTE: https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/
 	NOTE: https://github.com/memcached/memcached/commit/328629445c71e6c17074f6e9e0e3ef585b58f167
@@ -79869,20 +79872,20 @@ CVE-2017-1482 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to
 	NOT-FOR-US: IBM
 CVE-2017-1481 (IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view ...)
 	NOT-FOR-US: IBM
-CVE-2017-1480
-	RESERVED
+CVE-2017-1480 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 ...)
+	TODO: check
 CVE-2017-1479
 	RESERVED
 CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to be ...)
 	NOT-FOR-US: IBM Security Access Manager Appliance
 CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML ...)
 	NOT-FOR-US: IBM
-CVE-2017-1476
-	RESERVED
+CVE-2017-1476 (IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, ...)
+	TODO: check
 CVE-2017-1475
 	RESERVED
-CVE-2017-1474
-	RESERVED
+CVE-2017-1474 (IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, ...)
+	TODO: check
 CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 ...)
 	NOT-FOR-US: IBM
 CVE-2017-1472



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6388f97a3d17c5eded4dd942d57d91f0f4951180

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6388f97a3d17c5eded4dd942d57d91f0f4951180
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180606/1a5378cf/attachment.html>
