[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Mar 1 09:10:28 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0264902c by security tracker role at 2018-03-01T09:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-7579
+	RESERVED
+CVE-2018-7578
+	RESERVED
+CVE-2018-7577
+	RESERVED
+CVE-2018-7576
+	RESERVED
+CVE-2018-7575
+	RESERVED
+CVE-2018-7574
+	RESERVED
+CVE-2018-7573
+	RESERVED
+CVE-2018-7572
+	RESERVED
+CVE-2018-7571
+	RESERVED
+CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in elf.c in ...)
+	TODO: check
+CVE-2018-7569 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
+	TODO: check
+CVE-2018-7568 (The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) ...)
+	TODO: check
+CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kernel ...)
+	TODO: check
+CVE-2017-18207 (The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through ...)
+	TODO: check
 CVE-2018-1000103
 	- jenkins <removed>
 CVE-2018-1000102
@@ -1827,8 +1855,8 @@ CVE-2018-6949
 	RESERVED
 CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a ...)
 	NOT-FOR-US: CCN-lite 2
-CVE-2018-6947
-	RESERVED
+CVE-2018-6947 (An uninitialised stack variable in the nxfuse component that is part ...)
+	TODO: check
 CVE-2018-6946
 	RESERVED
 CVE-2018-6945
@@ -2563,8 +2591,8 @@ CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an
 	NOT-FOR-US: PHP Scripts Mall Doctor Search Script
 CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...)
 	NOT-FOR-US: Grammarly extension for Chrome
-CVE-2018-6653
-	RESERVED
+CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used on ...)
+	TODO: check
 CVE-2018-6652
 	RESERVED
 CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as ...)
@@ -3645,7 +3673,7 @@ CVE-2018-6358 (The printDefineFont2 function (util/listfdb.c) in libming through
 	NOTE: https://github.com/libming/libming/issues/104
 CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the ...)
 	NOT-FOR-US: acurax-social-media-widget plugin for WordPress
-CVE-2018-6356 (An issue was discovered in the Extended Choice Parameter (aka ...)
+CVE-2018-6356 (Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly ...)
 	- jenkins <removed>
 CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 ...)
 	NOT-FOR-US: iBall 300M devices
@@ -19453,7 +19481,7 @@ CVE-2018-0491
 CVE-2018-0490
 	RESERVED
 CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service ...)
-	{DSA-4126-1}
+	{DSA-4126-1 DLA-1296-1}
 	- xmltooling 1.6.4-1
 	NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt
 	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128
@@ -112072,8 +112100,8 @@ CVE-2015-5082 (Endian Firewall before 3.0 allows remote attackers to execute ...
 	NOT-FOR-US: Endian Firewall
 CVE-2015-5080 (The Management Interface in Citrix NetScaler Application Delivery ...)
 	NOT-FOR-US: Citrix
-CVE-2015-5079
-	RESERVED
+CVE-2015-5079 (Directory traversal vulnerability in widgets/logs.php in BlackCat CMS ...)
+	TODO: check
 CVE-2015-5078 (SQL injection vulnerability in the insert function in ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2015-5077
@@ -114659,8 +114687,8 @@ CVE-2015-4119 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...
 	NOT-FOR-US: ISPConfig
 CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig ...)
 	NOT-FOR-US: ISPConfig
-CVE-2015-4117
-	RESERVED
+CVE-2015-4117 (Vesta Control Panel before 0.9.8-14 allows remote authenticated users ...)
+	TODO: check
 CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert function in ...)
 	- php5 5.6.11+dfsg-1 (unimportant)
 	[jessie] - php5 5.6.12+dfsg-0+deb8u1
@@ -115328,8 +115356,8 @@ CVE-2015-3900 (RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x befor
 	NOTE: http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
 CVE-2015-3899
 	RESERVED
-CVE-2015-3898
-	RESERVED
+CVE-2015-3898 (Multiple open redirect vulnerabilities in Bonita BPM Portal before ...)
+	TODO: check
 CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 ...)
 	NOT-FOR-US: Bonita BPM Portal
 CVE-2015-3896



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0264902c25b424715343e795e07922c525589b47

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0264902c25b424715343e795e07922c525589b47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180301/bcd08369/attachment.html>

More information about the Secure-testing-commits mailing list