[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Mar 7 21:10:24 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72668f32 by security tracker role at 2018-03-07T21:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,9 +1,35 @@
+CVE-2018-7751
+	RESERVED
+CVE-2018-7750
+	RESERVED
+CVE-2018-7749
+	RESERVED
+CVE-2018-7748
+	RESERVED
+CVE-2018-7747
+	RESERVED
+CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. ...)
+	TODO: check
+CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. ...)
+	TODO: check
+CVE-2018-7744
+	RESERVED
+CVE-2018-7743
+	RESERVED
+CVE-2018-7742
+	RESERVED
+CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created ...)
+	TODO: check
+CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier contains a ...)
+	TODO: check
+CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...)
+	TODO: check
 CVE-2018-XXXX [URI values with character entities not properly sanitized]
 	- python-bleach 2.1.3-1 (bug #892252)
 	[stretch] - python-bleach <not-affected> (Vulnerable code introduced later)
 	[jessie] - python-bleach <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/mozilla/bleach/pull/356
-CVE-2018-1000117 [Buffer overflow vulnerability in os.symlink on Windows]
+CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until 3.6.4 on ...)
 	- python3.7 <not-affected> (Windows-specific)
 	- python3.6 <not-affected> (Windows-specific)
 	- python3.5 <not-affected> (Windows-specific)
@@ -274,7 +300,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to 
 	NOTE: https://github.com/zkat/ssri/issues/10
 	NOTE: https://nodesecurity.io/advisories/565
 	NOTE: nodejs not covered by security support
-CVE-2018-1000119 [Timing attack in authenticity_token.rb]
+CVE-2018-1000119 (Sinatra rack-protection version 2.0.0.rc3 and earlier contains a ...)
 	- ruby-rack-protection <unfixed> (bug #892250)
 	NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
 	NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
@@ -559,7 +585,7 @@ CVE-2018-1000105
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000104
 	NOT-FOR-US: Jenkins plugin
-CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 ...)
+CVE-2018-7567 (** DISPUTED ** In the Admin Package Manager in Open Ticket Request ...)
 	- otrs2 <unfixed> (unimportant)
 	NOTE: PoC https://0day.today/exploit/29938
 	NOTE: Admin Package Manager works as designed and warns if a package is beeing
@@ -569,10 +595,10 @@ CVE-2018-7566 [ALSA: seq: Fix racy pool initializations]
 	RESERVED
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/d15d662e89fc667b90cd294b0eb45694e33144da
-CVE-2018-7565
-	RESERVED
-CVE-2018-7564
-	RESERVED
+CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
+	TODO: check
+CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
+	TODO: check
 CVE-2018-7563
 	RESERVED
 CVE-2018-7562
@@ -856,8 +882,8 @@ CVE-2018-7475
 	RESERVED
 CVE-2018-7474
 	RESERVED
-CVE-2018-7473
-	RESERVED
+CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot web ...)
+	TODO: check
 CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: INVT Studio
 CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage API read ...)
@@ -1771,8 +1797,8 @@ CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthentica
 	TODO: check
 CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ...)
 	NOT-FOR-US: Kentico
-CVE-2018-7204
-	RESERVED
+CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...)
+	TODO: check
 CVE-2018-7203
 	RESERVED
 CVE-2018-7202
@@ -6537,8 +6563,8 @@ CVE-2018-5454
 	RESERVED
 CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was ...)
 	NOT-FOR-US: Moxa
-CVE-2018-5452
-	RESERVED
+CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...)
+	TODO: check
 CVE-2018-5451
 	RESERVED
 CVE-2018-5450
@@ -18095,8 +18121,7 @@ CVE-2018-1056 [heap buffer overflow while running advzip]
 	NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
 CVE-2018-1055
 	REJECTED
-CVE-2018-1054 [remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c]
-	RESERVED
+CVE-2018-1054 (An out-of-bounds memory read flaw was found in the way 389-ds-base ...)
 	- 389-ds-base <unfixed> (bug #892124)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1537314
 	NOTE: https://pagure.io/389-ds-base/issue/49545
@@ -26099,8 +26124,8 @@ CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.
 	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 2.0.0)
 	NOTE: https://github.com/radare/radare2/issues/8673
 	NOTE: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
-CVE-2017-15367
-	RESERVED
+CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection ...)
+	TODO: check
 CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...)
 	NOT-FOR-US: Thornberry NDoc
 CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...)
@@ -50897,7 +50922,7 @@ CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2 through 
 	NOT-FOR-US: Personify360 e-Business
 CVE-2017-7311
 	RESERVED
-CVE-2017-7310 (A buffer overflow vulnerability in Import Command in Sync Breeze ...)
+CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze before ...)
 	NOT-FOR-US: Sync Breeze Enterprise
 CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT ...)
 	- mantis <removed>
@@ -82018,7 +82043,7 @@ CVE-2016-6274
 	RESERVED
 CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex License ...)
 	NOT-FOR-US: Flexera
-CVE-2016-6272 (SQL injection vulnerability in EPIC MyChart allows remote attackers to ...)
+CVE-2016-6272 (XPath injection vulnerability in Epic MyChart allows remote attackers ...)
 	NOT-FOR-US: EPIC MyChart
 CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
 	{DSA-3631-1 DLA-628-1}
@@ -130474,8 +130499,8 @@ CVE-2014-8782
 	RESERVED
 CVE-2014-8781
 	RESERVED
-CVE-2014-8780
-	RESERVED
+CVE-2014-8780 (Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote ...)
+	TODO: check
 CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different ...)
 	NOT-FOR-US: Pexip Infinity
 CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote ...)
@@ -139816,8 +139841,7 @@ CVE-2014-5045 (The mountpoint_last function in fs/namei.c in the Linux kernel be
 	[wheezy] - linux <not-affected> (Introduced in 3.12)
 	- linux-2.6 <not-affected> (Introduced in 3.12)
 	NOTE: https://lkml.org/lkml/2014/7/21/98
-CVE-2014-5044 [gfortran integer overflows]
-	RESERVED
+CVE-2014-5044 (Multiple integer overflows in libgfortran might allow remote attackers ...)
 	- gcc-4.9 4.9.1-4 (bug #756325)
 	- gcc-4.8 4.8.3-7 (bug #756325)
 	- gcc-4.7 <removed> (bug #756325)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72668f326530b4e4c0fa8faf6fc0a3af270af3dc

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72668f326530b4e4c0fa8faf6fc0a3af270af3dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180307/14f85f5f/attachment.html>

More information about the Secure-testing-commits mailing list