[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sun Mar 4 09:10:21 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8927736 by security tracker role at 2018-03-04T09:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-7658
+	RESERVED
+CVE-2018-7657
+	RESERVED
+CVE-2018-7656
+	RESERVED
+CVE-2018-7655
+	RESERVED
+CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter "file" in the request ...)
+	TODO: check
+CVE-2018-7653
+	RESERVED
+CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 ...)
+	TODO: check
+CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...)
+	TODO: check
 CVE-2018-XXXX [Regular Expression Denial of Service]
 	- node-moment 2.19.3+ds-1 (unimportant)
 	NOTE: fixed in 2.19.3 upstream
@@ -6,7 +22,7 @@ CVE-2018-XXXX [Regular Expression Denial of Service]
 	NOTE: https://github.com/moment/moment/issues/4163
 	NOTE: https://nodesecurity.io/advisories/532
 	NOTE: nodejs not covered by security support
-CVE-2018-7651 [Regular Expression Denial of Service vulnerability in the strict mode functionality]
+CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to a ...)
 	- node-ssri <unfixed> (unimportant; bug #891980)
 	NOTE: fixed in 5.2.2
 	NOTE: https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
@@ -189,8 +205,8 @@ CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14,
 	NOTE: Fixed in 7.0.28, 7.2.3
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75981
 	NOTE: https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
-CVE-2018-7583
-	RESERVED
+CVE-2018-7583 (Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) ...)
+	TODO: check
 CVE-2018-7582
 	RESERVED
 CVE-2018-7581
@@ -639,8 +655,8 @@ CVE-2018-7451
 	RESERVED
 CVE-2018-7450
 	RESERVED
-CVE-2018-7449
-	RESERVED
+CVE-2018-7449 (SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a ...)
+	TODO: check
 CVE-2018-7448 (Remote code execution vulnerability in ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e892773628081d1867e6f508b46e20894ee22401

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e892773628081d1867e6f508b46e20894ee22401
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180304/fa03a61f/attachment.html>
