[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Mar 12 21:10:33 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fddd323a by security tracker role at 2018-03-12T21:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-8084
+	RESERVED
+CVE-2018-8083
+	RESERVED
+CVE-2018-8082
+	RESERVED
+CVE-2018-8081
+	RESERVED
+CVE-2018-8080
+	RESERVED
+CVE-2018-8079
+	RESERVED
+CVE-2018-8078
+	RESERVED
+CVE-2018-8077
+	RESERVED
+CVE-2018-8076
+	RESERVED
+CVE-2018-8075
+	RESERVED
+CVE-2018-8074
+	RESERVED
+CVE-2018-8073
+	RESERVED
+CVE-2018-8072
+	RESERVED
+CVE-2018-8071
+	RESERVED
 CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
 	NOT-FOR-US: QCMS
 CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...)
@@ -704,8 +732,8 @@ CVE-2018-7751
 	RESERVED
 CVE-2018-7750
 	RESERVED
-CVE-2018-7749
-	RESERVED
+CVE-2018-7749 (The SSH server implementation of AsyncSSH before 1.12.1 does not ...)
+	TODO: check
 CVE-2018-7748
 	RESERVED
 CVE-2018-7747
@@ -4231,7 +4259,7 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generat
 	NOTE: See further discussion as per https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
 CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
 	NOT-FOR-US: MalwareFox AntiMalware
-CVE-2018-6592 (Unisys Stealth Windows endpoints before 3.3.016.1 allow local users to ...)
+CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local ...)
 	NOT-FOR-US: Unisys Stealth Windows endpoints
 CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers to obtain ...)
 	NOT-FOR-US: Converse.js
@@ -18160,8 +18188,8 @@ CVE-2018-1325
 	RESERVED
 CVE-2018-1324
 	RESERVED
-CVE-2018-1323
-	RESERVED
+CVE-2018-1323 (The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector ...)
+	TODO: check
 CVE-2018-1322
 	RESERVED
 CVE-2018-1321
@@ -18483,8 +18511,8 @@ CVE-2018-1208
 	RESERVED
 CVE-2018-1207
 	RESERVED
-CVE-2018-1206
-	RESERVED
+CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...)
+	TODO: check
 CVE-2018-1205
 	RESERVED
 CVE-2018-1204
@@ -26022,8 +26050,8 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP me
 	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
 CVE-2017-15720
 	RESERVED
-CVE-2017-15719
-	RESERVED
+CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and ...)
+	TODO: check
 CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the ...)
 	- hadoop <itp> (bug #793644)
 CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
@@ -55160,22 +55188,22 @@ CVE-2017-6290
 	RESERVED
 CVE-2017-6289
 	RESERVED
-CVE-2017-6288
-	RESERVED
-CVE-2017-6287
-	RESERVED
-CVE-2017-6286
-	RESERVED
-CVE-2017-6285
-	RESERVED
+CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
+	TODO: check
+CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
+	TODO: check
+CVE-2017-6286 (NVIDIA libnvomx contains a possible out of bounds write due to a ...)
+	TODO: check
+CVE-2017-6285 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
+	TODO: check
 CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic ...)
 	NOT-FOR-US: NVIDIA
 CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function ...)
 	NOT-FOR-US: NVIDIA
 CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...)
 	NOT-FOR-US: NVIDIA
-CVE-2017-6281
-	RESERVED
+CVE-2017-6281 (NVIDIA libnvomx contains a possible out of bounds write due to a ...)
+	TODO: check
 CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerability due ...)
 	NOT-FOR-US: Nvidia component for Android
 CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
@@ -66235,8 +66263,7 @@ CVE-2017-2668 [Remote crash via crafted LDAP messages]
 	- 389-ds-base 1.3.5.17-1 (bug #860125)
 	NOTE: CentOS fix: https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1436575
-CVE-2017-2667
-	RESERVED
+CVE-2017-2667 (Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not ...)
 	- foreman <itp> (bug #663101)
 CVE-2017-2666
 	RESERVED
@@ -66256,8 +66283,7 @@ CVE-2017-2663
 CVE-2017-2662
 	RESERVED
 	- foreman <itp> (bug #663101)
-CVE-2017-2661 [Improper node name field validation when creating clusters leads to XSS]
-	RESERVED
+CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site ...)
 	- pcs 0.9.155+dfsg-2 (bug #858379)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1428948
 	NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f
@@ -66380,8 +66406,7 @@ CVE-2017-2629 [SSL_VERIFYSTATUS ignored]
 	NOTE: https://github.com/curl/curl/commit/ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0
 	NOTE: Patch: https://curl.haxx.se/CVE-2017-2629.patch
 	NOTE: https://curl.haxx.se/docs/adv_20170222.html
-CVE-2017-2628
-	RESERVED
+CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version ...)
 	- curl <not-affected> (Red Hat specific backport issue)
 CVE-2017-2627 [openstack-tripleo-common: sudoers file is too permissive]
 	RESERVED
@@ -66430,8 +66455,7 @@ CVE-2017-2620 [display: cirrus: out-of-bounds access issue while in cirrus_bitbl
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-209.html
 	NOTE: Qemu upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
-CVE-2017-2619
-	RESERVED
+CVE-2017-2619 (Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a ...)
 	{DSA-3816-1 DLA-894-1}
 	- samba 2:4.5.6+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2017-2619.html
@@ -66571,8 +66595,7 @@ CVE-2017-2586
 	- netpbm-free <not-affected> (vulnerable code not present)
 	NOTE: Debian uses an old fork of netpbm
 	NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328
-CVE-2017-2585
-	RESERVED
+CVE-2017-2585 (Red Hat Keycloak before version 2.5.1 has an implementation of HMAC ...)
 	NOT-FOR-US: Keycloak
 CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local ...)
 	{DSA-3791-1}
@@ -71953,8 +71976,7 @@ CVE-2016-9601 [Heap-buffer overflow due to Integer overflow in jbig2_image_new f
 	- jbig2dec 0.13-4 (bug #850497)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
 	NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
-CVE-2016-9600 [Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder]
-	RESERVED
+CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer ...)
 	- jasper <removed> (unimportant)
 	NOTE: https://github.com/mdadams/jasper/issues/109
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846
@@ -71993,8 +72015,7 @@ CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in
 CVE-2016-9590
 	RESERVED
 	- puppet-module-swift 9.4.4-1 (bug #851293)
-CVE-2016-9589
-	RESERVED
+CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable ...)
 	NOT-FOR-US: Red Hat specific use of undertow in Wildfly
 CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP ...)
 	{DSA-3804-1 DLA-849-1}
@@ -75414,8 +75435,7 @@ CVE-2016-8630 (The x86_decode_insn function in arch/x86/kvm/emulate.c in the Lin
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4)
 	NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
-CVE-2016-8629
-	RESERVED
+CVE-2016-8629 (Red Hat Keycloak before version 2.4.0 did not correctly check ...)
 	NOT-FOR-US: Keycloak
 CVE-2016-8628
 	RESERVED
@@ -113293,7 +113313,7 @@ CVE-2015-5206 (Unspecified vulnerability in the HTTP/2 experimental feature in A
 	- trafficserver 6.0.0-1
 	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
 CVE-2015-5205
-	RESERVED
+	REJECTED
 CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File Transfer ...)
 	NOT-FOR-US: Apache Cordova Android File Transfer Plugin
 CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fddd323aedc0c251861dc121b389fe7413900e4f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fddd323aedc0c251861dc121b389fe7413900e4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180312/811a5e20/attachment-0001.html>


More information about the Secure-testing-commits mailing list