[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-7652: NOT-FOR-US: Zonemaster Web GUI

Luciano Bello luciano at debian.org
Mon Mar 5 03:45:18 UTC 2018 

Luciano Bello pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e743078 by Luciano Bello at 2018-03-04T22:00:11-05:00
CVE-2018-7652: NOT-FOR-US: Zonemaster Web GUI

- - - - -
ea3ccaff by Luciano Bello at 2018-03-04T22:45:04-05:00
CVE-2018-7567

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,7 +15,8 @@ CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter "file" in the
 CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. ...)
 	NOT-FOR-US: YzmCMS
 CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 ...)
-	TODO: check
+	NOT-FOR-US: Zonemaster Web GUI
+	NOTE: The source (1.0.7) is in Salsa, but never uploaded: https://salsa.debian.org/perl-team/modules/packages/zonemaster-gui
 CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2017-18214 [Regular Expression Denial of Service]
@@ -307,7 +308,10 @@ CVE-2018-1000105
 CVE-2018-1000104
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 ...)
-	TODO: check
+	- otrs2 6.0.2-1
+	[stretch] - otrs2 <no-dsa> (non-free not supported)
+	NOTE: PoC https://0day.today/exploit/29938
+	NOTE: According with the reporter, affects "5.0.0 through 5.0.24 and 6.0.0 through 6.0.1".
 CVE-2018-7566 [ALSA: seq: Fix racy pool initializations]
 	RESERVED
 	- linux <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b7f549729d2c08c63c729930246f3338338582f7...ea3ccaffa640a6995000841234a0b584d425c5b5

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b7f549729d2c08c63c729930246f3338338582f7...ea3ccaffa640a6995000841234a0b584d425c5b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180305/dd5c30b5/attachment.html>

More information about the Secure-testing-commits mailing list