[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 2 09:10:22 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc23b103 by security tracker role at 2018-03-02T09:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,107 @@
+CVE-2018-7636
+ RESERVED
+CVE-2018-7635
+ RESERVED
+CVE-2018-7634 (An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack ...)
+ TODO: check
+CVE-2018-7633
+ RESERVED
+CVE-2018-7632
+ RESERVED
+CVE-2018-7631
+ RESERVED
+CVE-2018-7630
+ RESERVED
+CVE-2018-7629
+ RESERVED
+CVE-2018-7628
+ RESERVED
+CVE-2018-7627
+ RESERVED
+CVE-2018-7626
+ RESERVED
+CVE-2018-7625
+ RESERVED
+CVE-2018-7624
+ RESERVED
+CVE-2018-7623
+ RESERVED
+CVE-2018-7622
+ RESERVED
+CVE-2018-7621
+ RESERVED
+CVE-2018-7620
+ RESERVED
+CVE-2018-7619
+ RESERVED
+CVE-2018-7618
+ RESERVED
+CVE-2018-7617
+ RESERVED
+CVE-2018-7616
+ RESERVED
+CVE-2018-7615
+ RESERVED
+CVE-2018-7614
+ RESERVED
+CVE-2018-7613
+ RESERVED
+CVE-2018-7612
+ RESERVED
+CVE-2018-7611
+ RESERVED
+CVE-2018-7610
+ RESERVED
+CVE-2018-7609
+ RESERVED
+CVE-2018-7608
+ RESERVED
+CVE-2018-7607
+ RESERVED
+CVE-2018-7606
+ RESERVED
+CVE-2018-7605
+ RESERVED
+CVE-2018-7604
+ RESERVED
+CVE-2018-7603
+ RESERVED
+CVE-2018-7602
+ RESERVED
+CVE-2018-7601
+ RESERVED
+CVE-2018-7600
+ RESERVED
+CVE-2018-7599
+ RESERVED
+CVE-2018-7598
+ RESERVED
+CVE-2018-7597
+ RESERVED
+CVE-2018-7596
+ RESERVED
+CVE-2018-7595
+ RESERVED
+CVE-2018-7594
+ RESERVED
+CVE-2018-7593
+ RESERVED
+CVE-2018-7592
+ RESERVED
+CVE-2018-7591
+ RESERVED
+CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in ...)
+ TODO: check
+CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in ...)
+ TODO: check
+CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read in ...)
+ TODO: check
+CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a ...)
+ TODO: check
+CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery ...)
+ TODO: check
+CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based ...)
+ TODO: check
CVE-2018-7585
RESERVED
CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ...)
@@ -72,7 +176,7 @@ CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kerne
- linux 4.14.7-1
[stretch] - linux 4.9.80-1
NOTE: Fixed by: https://git.kernel.org/linus/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
-CVE-2017-18207 (The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through ...)
+CVE-2017-18207 (** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py ...)
TODO: check
CVE-2018-1000103
- jenkins <removed>
@@ -722,23 +826,19 @@ CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "sig
CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...)
- linux 4.13.4-1
NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
-CVE-2017-6932 [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page]
- RESERVED
+CVE-2017-6932 (Drupal core 7.x versions before 7.57 has an external link injection ...)
{DSA-4123-1 DLA-1295-1}
- drupal7 7.57-1 (bug #891154)
NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6929 [SA-CORE-2018-001: jQuery vulnerability with untrusted domains]
- RESERVED
+CVE-2017-6929 (A jQuery cross site scripting vulnerability is present when making ...)
{DSA-4123-1 DLA-1295-1}
- drupal7 7.57-1 (bug #891153)
NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6928 [SA-CORE-2018-001: Private file access bypass]
- RESERVED
+CVE-2017-6928 (Drupal core 7.x versions before 7.57 when using Drupal's private file ...)
{DSA-4123-1 DLA-1295-1}
- drupal7 7.57-1 (bug #891152)
NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6927 [SA-CORE-2018-001: JavaScript cross-site scripting prevention is incomplete]
- RESERVED
+CVE-2017-6927 (Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 ...)
{DSA-4123-1 DLA-1295-1}
- drupal8 <itp> (bug #756305)
- drupal7 7.57-1 (bug #891150)
@@ -3074,12 +3174,12 @@ CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc
CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in ...)
NOT-FOR-US: Monstra CMS
CVE-2017-18122 (A signature-validation bypass issue was discovered in SimpleSAMLphp ...)
- {DLA-1273-1}
+ {DSA-4127-1 DLA-1273-1}
- simplesamlphp 1.15.0-1 (bug #889286)
NOTE: https://simplesamlphp.org/security/201710-01
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca (v1.14.17)
CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable ...)
- {DLA-1273-1}
+ {DSA-4127-1 DLA-1273-1}
- simplesamlphp 1.15.0-1 (bug #889286)
NOTE: https://simplesamlphp.org/security/201709-01
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/34e1bdb7660c0c9b627f8e5f0ca224a6afe641a8 (v1.14.16)
@@ -3190,7 +3290,7 @@ CVE-2017-18120 (A double-free bug in the read_gif function in gifread.c in gifsi
NOTE: https://github.com/kohler/gifsicle/issues/117
NOTE: https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909
CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...)
- {DLA-1273-1}
+ {DSA-4127-1 DLA-1273-1}
- simplesamlphp 1.15.2-1
NOTE: https://simplesamlphp.org/security/201801-03
CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open ...)
@@ -3200,6 +3300,7 @@ CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an
[wheezy] - simplesamlphp <not-affected> (Vulnerable code introduced in 1.12)
NOTE: https://simplesamlphp.org/security/201801-02
CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 ...)
+ {DSA-4127-1}
- simplesamlphp 1.15.2-1
[wheezy] - simplesamlphp <ignored> (Minor issue)
NOTE: https://simplesamlphp.org/security/201801-01
@@ -3271,8 +3372,8 @@ CVE-2018-6492
RESERVED
CVE-2018-6491
RESERVED
-CVE-2018-6490
- RESERVED
+CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
+ TODO: check
CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project and ...)
NOT-FOR-US: Micro Focus Project and Portfolio Management Center
CVE-2018-6488 (Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, ...)
@@ -17223,10 +17324,10 @@ CVE-2018-1172
RESERVED
CVE-2018-1171
RESERVED
-CVE-2018-1170
- RESERVED
-CVE-2018-1169
- RESERVED
+CVE-2018-1170 (This vulnerability allows adjacent attackers to inject arbitrary ...)
+ TODO: check
+CVE-2018-1169 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
CVE-2018-1168 (This vulnerability allows local attackers to escalate privileges on ...)
NOT-FOR-US: ABB MicroSCADA
CVE-2018-1167
@@ -17539,12 +17640,10 @@ CVE-2018-1068
RESERVED
CVE-2018-1067
RESERVED
-CVE-2018-1066 [cifs: empty TargetInfo leads to crash on recovery]
- RESERVED
+CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer ...)
- linux 4.11.6-1
NOTE: Fixed by: https://git.kernel.org/linus/cabfb3680f78981d26c078a26e5c748531257ebb
-CVE-2018-1065 [netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash]
- RESERVED
+CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishandles ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
CVE-2018-1064
@@ -26242,8 +26341,7 @@ CVE-2017-15136 (When registering and activating a new system with Red Hat Satell
NOT-FOR-US: Red Hat Satellite 6
CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including ...)
- 389-ds-base 1.3.7.9-1 (bug #888451)
-CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c]
- RESERVED
+CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...)
- 389-ds-base 1.3.7.9-1 (bug #888452)
CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. A remote ...)
- golang-github-miekg-dns 0.0~git20170501.0.f282f80-3 (bug #888777)
@@ -33393,14 +33491,14 @@ CVE-2017-12856 (Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows r
CVE-2017-12854
RESERVED
CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof ...)
- {DLA-1205-1}
+ {DSA-4127-1 DLA-1205-1}
- simplesamlphp 1.14.11-1
NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
NOTE: https://simplesamlphp.org/security/201612-03
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...)
- {DLA-1205-1}
+ {DSA-4127-1 DLA-1205-1}
- simplesamlphp 1.14.10-1
NOTE: https://simplesamlphp.org/security/201612-04
NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa
@@ -33422,7 +33520,7 @@ CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-
[wheezy] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS usage, hard to backport)
NOTE: https://simplesamlphp.org/security/201704-01
CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows ...)
- {DLA-1205-1}
+ {DSA-4127-1 DLA-1205-1}
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201704-02
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a
@@ -33432,7 +33530,7 @@ CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in .
NOTE: https://simplesamlphp.org/security/201705-01
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 ...)
- {DLA-1205-1}
+ {DSA-4127-1 DLA-1205-1}
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201708-01
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
@@ -51661,16 +51759,13 @@ CVE-2017-6934
RESERVED
CVE-2017-6933
RESERVED
-CVE-2017-6931 [Settings Tray access bypass]
- RESERVED
+CVE-2017-6931 (In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6930 [Language fallback can be incorrect on multilingual sites with node access restrictions]
- RESERVED
+CVE-2017-6930 (In Drupal versions 8.4.x versions before 8.4.5 when using node access ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6926 [Comment reply form allows access to restricted content]
- RESERVED
+CVE-2017-6926 (In Drupal versions 8.4.x versions before 8.4.5 users with permission ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6925 [Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc23b103cd9a32264b29ea4c16d831116044df8e
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc23b103cd9a32264b29ea4c16d831116044df8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180302/d57c169b/attachment-0001.html>
More information about the Secure-testing-commits
mailing list