[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Mon Mar 5 09:10:22 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b019f71d by security tracker role at 2018-03-05T09:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-7672
+	RESERVED
+CVE-2018-7671
+	RESERVED
+CVE-2018-7670
+	RESERVED
+CVE-2018-7669
+	RESERVED
+CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read arbitrary ...)
+	TODO: check
+CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
+	TODO: check
+CVE-2018-7666 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL ...)
+	TODO: check
+CVE-2018-7665 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. A ...)
+	TODO: check
+CVE-2018-7664 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS ...)
+	TODO: check
+CVE-2018-7663 (An issue was discovered in resources/views/layouts/app.blade.php in ...)
+	TODO: check
+CVE-2018-7662 (Couch through 2.0 allows remote attackers to discover the full path via ...)
+	TODO: check
+CVE-2018-7661 (Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote ...)
+	TODO: check
+CVE-2018-7660
+	RESERVED
+CVE-2018-7659
+	RESERVED
 CVE-2018-XXXX [SSPSA 201803-01]
 	- simplesamlphp 1.15.4-1
 	NOTE: https://simplesamlphp.org/security/201803-01
@@ -19,7 +47,7 @@ CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 
 	NOTE: The source (1.0.7) is in Salsa, but never uploaded: https://salsa.debian.org/perl-team/modules/packages/zonemaster-gui
 CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...)
 	NOT-FOR-US: Exponent CMS
-CVE-2017-18214 [Regular Expression Denial of Service]
+CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regular ...)
 	- node-moment 2.19.3+ds-1 (unimportant)
 	NOTE: fixed in 2.19.3 upstream
 	NOTE: https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb
@@ -690,6 +718,7 @@ CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 
 	- libcdio 1.0.0-1
 	NOTE: https://savannah.gnu.org/bugs/?52265
 CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the ...)
+	{DLA-1299-1}
 	- libjgraphx-java <unfixed> (low; bug #891796)
 	[jessie] - libjgraphx-java <no-dsa> (Minor issue)
 	[stretch] - libjgraphx-java <no-dsa> (Minor issue)
@@ -2366,7 +2395,7 @@ CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Sc
 	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
 CVE-2018-6877
 	RESERVED
-CVE-2018-6876 (THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ...)
+CVE-2018-6876 (The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ...)
 	NOT-FOR-US: libfpx
 CVE-2018-6875
 	RESERVED
@@ -2876,7 +2905,7 @@ CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an
 	NOT-FOR-US: PHP Scripts Mall Doctor Search Script
 CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...)
 	NOT-FOR-US: Grammarly extension for Chrome
-CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used on ...)
+CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in ...)
 	TODO: check
 CVE-2018-6652
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b019f71d114905d9742a660518db58a2ce4995f3

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b019f71d114905d9742a660518db58a2ce4995f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180305/2bdab266/attachment.html>
