[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6fd8a75 by security tracker role at 2018-06-18T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-12520
+	RESERVED
 CVE-2018-12519
 	RESERVED
 CVE-2018-12518
@@ -513,6 +515,7 @@ CVE-2018-12328
 CVE-2018-12327
 	RESERVED
 CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ...)
+	{DSA-4230-1}
 	- redis 5:4.0.10-1
 	NOTE: https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0
 	NOTE: https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
@@ -1007,8 +1010,8 @@ CVE-2018-12106
 	RESERVED
 CVE-2018-12105
 	RESERVED
-CVE-2018-12104
-	RESERVED
+CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 ...)
+	TODO: check
 CVE-2018-12103
 	RESERVED
 CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
@@ -1083,12 +1086,12 @@ CVE-2018-12075
 	RESERVED
 CVE-2018-12074
 	RESERVED
-CVE-2018-12073
-	RESERVED
-CVE-2018-12072
-	RESERVED
-CVE-2018-12071
-	RESERVED
+CVE-2018-12073 (An issue was discovered on Eminent EM4544 9.10 devices. The device does ...)
+	TODO: check
+CVE-2018-12072 (An issue was discovered in Cloud Media Popcorn A-200 ...)
+	TODO: check
+CVE-2018-12071 (A Session Fixation issue exists in CodeIgniter before 3.1.9 because ...)
+	TODO: check
 CVE-2018-12070
 	RESERVED
 CVE-2018-12069
@@ -1184,24 +1187,20 @@ CVE-2018-12031 (Local file inclusion in Eaton Intelligent Power Manager v1.6 all
 	NOT-FOR-US: Eaton Intelligent Power Manager
 CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
 	NOT-FOR-US: Chevereto Free
-CVE-2018-12029 [CHMOD race vulnerability]
-	RESERVED
+CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x through ...)
 	- passenger <unfixed>
 	- ruby-passenger <removed>
 	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
 	NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86
-CVE-2018-12028
-	RESERVED
+CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion ...)
 	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
 	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
 	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
-CVE-2018-12027
-	RESERVED
+CVE-2018-12027 (An Insecure Permissions vulnerability in SpawningKit in Phusion ...)
 	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
 	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
 	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
-CVE-2018-12026
-	RESERVED
+CVE-2018-12026 (During the spawning of a malicious Passenger-managed application, ...)
 	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
 	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
 	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
@@ -96016,7 +96015,7 @@ CVE-2016-6192 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with
 CVE-2016-1000026
 	RESERVED
 CVE-2016-1000025
-	RESERVED
+	REJECTED
 	- node-ws <unfixed> (unimportant)
 	NOTE: https://nodesecurity.io/advisories/120
 	NOTE: https://github.com/nodejs/node/issues/7388
@@ -96049,7 +96048,7 @@ CVE-2016-1000015
 CVE-2016-1000014
 	REJECTED
 CVE-2016-1000013
-	RESERVED
+	REJECTED
 	- node-marked 0.3.6+dfsg-1 (unimportant)
 	NOTE: https://nodesecurity.io/advisories/101
 	NOTE: nodejs not covered by security support
@@ -96108,7 +96107,7 @@ CVE-2016-6223 (The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
 	NOTE: Upstream patch: https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496
 CVE-2016-1000023
-	RESERVED
+	REJECTED
 	- node-minimatch <unfixed> (unimportant)
 	NOTE: https://nodesecurity.io/advisories/118
 	NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6fd8a7568a9eb601602f998f62d947e83fc4063

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6fd8a7568a9eb601602f998f62d947e83fc4063
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180618/85ac122b/attachment.html>