[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sun Mar 4 21:10:26 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e6cc756 by security tracker role at 2018-03-04T21:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,8 +11,8 @@ CVE-2018-7655
 	RESERVED
 CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter "file" in the request ...)
 	NOT-FOR-US: 3CX 15.5.6354.2 devices
-CVE-2018-7653
-	RESERVED
+CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. ...)
+	TODO: check
 CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 ...)
 	TODO: check
 CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...)
@@ -305,8 +305,8 @@ CVE-2018-1000105
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000104
 	NOT-FOR-US: Jenkins plugin
-CVE-2018-7567
-	RESERVED
+CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 ...)
+	TODO: check
 CVE-2018-7566 [ALSA: seq: Fix racy pool initializations]
 	RESERVED
 	- linux <unfixed>
@@ -321,8 +321,8 @@ CVE-2018-7562
 	RESERVED
 CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
 	NOT-FOR-US: Tenda AC9 devices
-CVE-2018-7560
-	RESERVED
+CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
+	TODO: check
 CVE-2018-7559
 	RESERVED
 CVE-2018-7558
@@ -394,14 +394,17 @@ CVE-2018-7539
 CVE-2018-7538
 	RESERVED
 CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH ...)
+	{DSA-4131-1}
 	- xen <unfixed>
 	[jessie] - xen <not-affected> (Vulnerable code introduced later)
 	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-256.html
 CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS users ...)
+	{DSA-4131-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-255.html
 CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
+	{DSA-4131-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-252.html
 CVE-2018-7644 [SSPSA 201802-01: Check for supported signature algorithms when casting a key]
@@ -32118,7 +32121,7 @@ CVE-2017-13196 (In several places in ihevcd_decode.c, a dead loop could occur du
 CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-13194 (A vulnerability in the Android media framework (libvpx) related to odd ...)
-	{DLA-1290-1}
+	{DSA-4132-1 DLA-1290-1}
 	- libvpx 1.7.0-2
 	NOTE: Android patch: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9
 CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to bytes for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e6cc756b95a4fd8e7d316a5b3a28cdb60b7563f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e6cc756b95a4fd8e7d316a5b3a28cdb60b7563f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180304/f58b463c/attachment.html>
