[Git][security-tracker-team/security-tracker][master] 2 commits: ruby-ffi n/a
Moritz Muehlenhoff
jmm at debian.org
Sat Jun 23 08:11:47 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be91df10 by Moritz Muehlenhoff at 2018-06-23T09:04:47+02:00
ruby-ffi n/a
- - - - -
0227191f by Moritz Muehlenhoff at 2018-06-23T09:06:19+02:00
new mongoose issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2421,7 +2421,7 @@ CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) fr
[jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
CVE-2018-1000201 (ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can ...)
- TODO: check
+ - ruby-ffi <not-affected> (Windows-specific)
CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. ...)
NOT-FOR-US: Pluck CMS
CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or ...)
@@ -2693,7 +2693,7 @@ CVE-2018-11649 (Hue 3.12 has XSS via the /pig/save/ name and script parameters.
CVE-2018-11648
RESERVED
CVE-2018-11647 (index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. ...)
- TODO: check
+ NOT-FOR-US: oauth2orize-fprm
CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...)
- webkit2gtk 2.20.3-1 (unimportant)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=186164
@@ -2978,7 +2978,7 @@ CVE-2018-11539
CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, ...)
NOT-FOR-US: SearchBlox
CVE-2018-11537 (Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as ...)
- TODO: check
+ NOT-FOR-US: angular-jwt
CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
NOT-FOR-US: md4c
CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and Access ...)
@@ -4508,7 +4508,11 @@ CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 d
NOTE: Upstream bug discussed possible other approach to fix the issue.
NOTE: Fixed by: https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
CVE-2018-10945 (The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows ...)
- TODO: check
+ - smplayer 18.5.0~ds1-1
+ [stretch] - smplayer <not-affected> (Vulnerable code not present)
+ [jessie] - smplayer <not-affected> (Vulnerable code not present)
+ [wheezy] - smplayer <not-affected> (Vulnerable code not present)
+ NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-10944 (The request_dividend function of a smart contract implementation for ...)
NOT-FOR-US: Rasputin Online Coin
CVE-2018-10943
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/77f9c87e194919aeb9d6c027a5c25455a4b61a63...0227191f8f807aeb2059d40496208990b349291a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/77f9c87e194919aeb9d6c027a5c25455a4b61a63...0227191f8f807aeb2059d40496208990b349291a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180623/9fefa8c2/attachment.html>
More information about the debian-security-tracker-commits
mailing list