[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Mon Mar 12 09:10:22 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b13839f by security tracker role at 2018-03-12T09:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
+	TODO: check
+CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...)
+	TODO: check
+CVE-2018-8068
+	RESERVED
+CVE-2018-8067
+	RESERVED
+CVE-2018-8066
+	RESERVED
+CVE-2018-8065 (An issue was discovered in the web server in Flexense SyncBreeze ...)
+	TODO: check
+CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation for the ...)
+	TODO: check
+CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...)
+	TODO: check
+CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, ...)
+	TODO: check
+CVE-2017-18224 (In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a ...)
+	TODO: check
 CVE-2018-8064
 	RESERVED
 CVE-2018-8063
@@ -10,8 +30,8 @@ CVE-2018-8060
 	RESERVED
 CVE-2018-8059 (The Djelibeybi configuration examples for use of NGINX in SUSE Portus ...)
 	TODO: check
-CVE-2018-8058
-	RESERVED
+CVE-2018-8058 (CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via ...)
+	TODO: check
 CVE-2018-8057 (A SQL Injection vulnerability exists in Western Bridge Cobub Razor ...)
 	TODO: check
 CVE-2018-8056 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an ...)
@@ -360,8 +380,8 @@ CVE-2018-7895
 	RESERVED
 CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in ...)
 	NOT-FOR-US: Eramba
-CVE-2018-7893
-	RESERVED
+CVE-2018-7893 (CMS Made Simple (CMSMS) 2.2.6 has stored XSS in ...)
+	TODO: check
 CVE-2018-7892
 	RESERVED
 CVE-2018-7891
@@ -84338,7 +84358,7 @@ CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the galle
 	- owncloud <removed>
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010
 CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compression format]
-	RESERVED
+	REJECTED
 	{DSA-3762-1 DLA-610-1 DLA-606-1}
 	- tiff 4.0.6-2 (bug #830700)
 	- tiff3 <removed>
@@ -86200,7 +86220,7 @@ CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows .
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
 CVE-2016-5320 [rgb2ycbcr: command excution]
-	RESERVED
+	REJECTED
 	{DSA-3762-1 DLA-610-1 DLA-606-1}
 	- tiff 4.0.6-2 (bug #830700)
 	- tiff3 <removed>
@@ -86228,8 +86248,7 @@ CVE-2016-5315 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earli
 	NOTE: Possible duplicate with PixarLogDecode() issue
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
 	NOTE: Upstream marked this duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2554
-CVE-2016-5314 [PixarLogDecode() out-of-bound writes]
-	RESERVED
+CVE-2016-5314 (Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in ...)
 	{DSA-3762-1 DLA-610-1 DLA-606-1}
 	- tiff 4.0.6-2 (bug #830700)
 	- tiff3 <removed>
@@ -133206,15 +133225,13 @@ CVE-2014-8131 (The qemu implementation of virConnectGetAllDomainStats in libvirt
 	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f4831ee (v1.2.9-rc1)
 	NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html
 	NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00600.html
-CVE-2014-8130 [divide by zero]
-	RESERVED
+CVE-2014-8130 (The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not ...)
 	- tiff <unfixed> (unimportant; bug #776185)
 	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
 	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2483
 	NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant
-CVE-2014-8129 [out-of-bound read and write]
-	RESERVED
+CVE-2014-8129 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service ...)
 	{DSA-3273-1 DLA-610-1 DLA-221-1}
 	- tiff 4.0.3-12.1 (bug #776185)
 	- tiff3 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b13839f76af095075b5970383e8c9ce7fb2a11a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b13839f76af095075b5970383e8c9ce7fb2a11a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180312/40650dd2/attachment.html>
