[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Mar 18 21:10:22 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66e0213b by security tracker role at 2018-03-18T21:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-8776
+	RESERVED
+CVE-2018-8775
+	RESERVED
+CVE-2018-8774
+	RESERVED
 CVE-2018-8773
 	RESERVED
 CVE-2018-8772
@@ -1949,17 +1955,17 @@ CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load
 	NOTE: https://bugs.launchpad.net/calibre/+bug/1753870
 	NOTE: https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
 CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 ...)
-	{DSA-4136-1}
+	{DSA-4136-1 DLA-1309-1}
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/adv_2018-b047.html
 	NOTE: https://curl.haxx.se/CVE-2018-1000122.patch
 CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and including curl ...)
-	{DSA-4136-1}
+	{DSA-4136-1 DLA-1309-1}
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html
 	NOTE: https://curl.haxx.se/CVE-2018-1000121.patch
 CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 ...)
-	{DSA-4136-1}
+	{DSA-4136-1 DLA-1309-1}
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html
 	NOTE: https://curl.haxx.se/CVE-2018-1000120.patch
@@ -13375,6 +13381,7 @@ CVE-2018-3711
 	NOTE: https://nodesecurity.io/advisories/564
 CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import]
 	RESERVED
+	{DSA-4145-1}
 	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...)
@@ -71744,10 +71751,12 @@ CVE-2017-0927 [Guest Users Can Give Deploy Keys in Other Projects Write Access]
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0926 [Login with Disabled OAuth Provider via POST]
 	RESERVED
+	{DSA-4145-1}
 	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0925 [Sensitive Fields Exposed to Admins / Masters in the Services API]
 	RESERVED
+	{DSA-4145-1}
 	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0924 [XSS in Label Dropdown]
@@ -71773,19 +71782,23 @@ CVE-2017-0919
 	RESERVED
 CVE-2017-0918 [GitLab CI Runner Can Read and Poison Cache of All Other Projects]
 	RESERVED
+	{DSA-4145-1}
 	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0917 [Cross-site scripting (XSS) vulnerability in CI job output]
 	RESERVED
+	{DSA-4145-1}
 	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks]
 	RESERVED
+	{DSA-4145-1}
 	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
 CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import]
 	RESERVED
+	{DSA-4145-1}
 	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0914 [Critical SQL Injection in MilestoneFinder]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66e0213b0006f4a61672d9c0f967b0b74b73c7b2

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66e0213b0006f4a61672d9c0f967b0b74b73c7b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180318/ac899b54/attachment.html>

More information about the Secure-testing-commits mailing list