[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 17 21:10:27 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1dd3a439 by security tracker role at 2018-03-17T21:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,4 @@
-CVE-2018-8741 [path traversal vulnerability]
+CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an ...)
- squirrelmail <removed> (bug #893202)
NOTE: http://www.openwall.com/lists/oss-security/2018/03/17/2
CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a ...)
@@ -20,8 +20,8 @@ CVE-2016-10715 (The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian
NOT-FOR-US: Atlassian Jira plugin
CVE-2018-8738
RESERVED
-CVE-2018-8737
- RESERVED
+CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored XSS within ...)
+ TODO: check
CVE-2018-8736
RESERVED
CVE-2018-8735
@@ -3064,6 +3064,7 @@ CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c ...)
CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking ...)
NOT-FOR-US: PrestaShop
CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the ...)
+ {DSA-4142-1}
- uwsgi <unfixed> (bug #891639)
NOTE: Fixed in 2.0.17 upstream
NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
@@ -9782,7 +9783,7 @@ CVE-2018-5148
RESERVED
CVE-2018-5147 [out-of-bound write]
RESERVED
- {DSA-4141-1}
+ {DSA-4143-1 DSA-4141-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
@@ -9790,7 +9791,7 @@ CVE-2018-5147 [out-of-bound write]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
CVE-2018-5146 [out-of-bound write]
RESERVED
- {DSA-4140-1}
+ {DSA-4143-1 DSA-4140-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
- libvorbis 1.3.5-4.2 (bug #893130)
@@ -16226,12 +16227,14 @@ CVE-2018-2680 (Vulnerability in the Java VM component of Oracle Database Server.
CVE-2018-2679 (Vulnerability in the Oracle Financial Services Profitability ...)
NOT-FOR-US: Oracle Financial Services Applications
CVE-2018-2678 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2677 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16274,6 +16277,7 @@ CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2664 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
CVE-2018-2663 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16331,6 +16335,7 @@ CVE-2018-2643 (Vulnerability in the Oracle Argus Safety component of Oracle Heal
CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
NOT-FOR-US: Oracle
CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16348,6 +16353,7 @@ CVE-2018-2638 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2637 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16358,12 +16364,14 @@ CVE-2018-2636 (Vulnerability in the Oracle Hospitality Simphony component of Ora
CVE-2018-2635 (Vulnerability in the Oracle Application Object Library component of ...)
NOT-FOR-US: Oracle
CVE-2018-2634 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2633 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16376,6 +16384,7 @@ CVE-2018-2631 (Vulnerability in the Oracle Transportation Management component o
CVE-2018-2630 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
NOT-FOR-US: Oracle
CVE-2018-2629 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16406,6 +16415,7 @@ CVE-2018-2620 (Vulnerability in the Primavera Unifier component of Oracle ...)
CVE-2018-2619 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2618 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16442,12 +16452,14 @@ CVE-2018-2605 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
CVE-2018-2604 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
NOT-FOR-US: Oracle
CVE-2018-2603 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16460,6 +16472,7 @@ CVE-2018-2600 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2599 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16490,6 +16503,7 @@ CVE-2018-2590 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2589 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2588 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -16514,6 +16528,7 @@ CVE-2018-2583 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2582 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
CVE-2018-2581 (Vulnerability in the Java SE component of Oracle Java SE ...)
@@ -16522,6 +16537,7 @@ CVE-2018-2581 (Vulnerability in the Java SE component of Oracle Java SE ...)
CVE-2018-2580 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2579 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4144-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dd3a439febe7a9afc6afef0e94bfee7cf9f1695
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dd3a439febe7a9afc6afef0e94bfee7cf9f1695
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180317/126ca0c9/attachment.html>
More information about the Secure-testing-commits
mailing list