[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 21 21:10:26 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6cf9747 by security tracker role at 2018-03-21T21:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,25 @@
+CVE-2018-8892
+ RESERVED
+CVE-2018-8891
+ RESERVED
+CVE-2018-8890
+ RESERVED
+CVE-2018-8889
+ RESERVED
+CVE-2018-8888
+ RESERVED
+CVE-2018-8887
+ RESERVED
+CVE-2018-8886
+ RESERVED
+CVE-2018-8885
+ RESERVED
+CVE-2018-1000136
+ RESERVED
+CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...)
+ TODO: check
+CVE-2016-10717
+ RESERVED
CVE-2018-8884
RESERVED
CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...)
@@ -367,6 +389,7 @@ CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows
CVE-2018-8727
RESERVED
CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...)
+ {DLA-1310-1}
- exempi 2.4.4-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102483
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331
@@ -376,6 +399,7 @@ CVE-2017-18237 (An issue was discovered in Exempi before 2.4.3. The ...)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101914
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048
CVE-2017-18236 (An issue was discovered in Exempi before 2.4.4. The ...)
+ {DLA-1310-1}
- exempi 2.4.4-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102484
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806
@@ -385,10 +409,12 @@ CVE-2017-18235 (An issue was discovered in Exempi before 2.4.3. The VPXChunk cla
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101913
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4
CVE-2017-18234 (An issue was discovered in Exempi before 2.4.3. It allows remote ...)
+ {DLA-1310-1}
- exempi 2.4.3-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100397
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c
CVE-2017-18233 (An issue was discovered in Exempi before 2.4.4. Integer overflow in the ...)
+ {DLA-1310-1}
- exempi 2.4.4-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102151
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260
@@ -1782,10 +1808,10 @@ CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion vulnerabili
NOT-FOR-US: ZenMate
CVE-2018-8075
RESERVED
-CVE-2018-8074
- RESERVED
-CVE-2018-8073
- RESERVED
+CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintended ...)
+ TODO: check
+CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...)
+ TODO: check
CVE-2018-8072
RESERVED
CVE-2018-8071
@@ -2588,6 +2614,7 @@ CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105247
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a ...)
+ {DLA-1310-1}
- exempi 2.4.5-1 (low; bug #892782)
[stretch] - exempi <no-dsa> (Minor issue)
[jessie] - exempi <no-dsa> (Minor issue)
@@ -2601,6 +2628,7 @@ CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105206
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c
CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...)
+ {DLA-1310-1}
- exempi 2.4.5-1 (low; bug #892782)
[stretch] - exempi <no-dsa> (Minor issue)
[jessie] - exempi <no-dsa> (Minor issue)
@@ -3318,32 +3346,32 @@ CVE-2018-7527
RESERVED
CVE-2018-7526
RESERVED
-CVE-2018-7525
- RESERVED
+CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...)
+ TODO: check
CVE-2018-7524
RESERVED
-CVE-2018-7523
- RESERVED
+CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
+ TODO: check
CVE-2018-7522
RESERVED
-CVE-2018-7521
- RESERVED
+CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free ...)
+ TODO: check
CVE-2018-7520
RESERVED
-CVE-2018-7519
- RESERVED
+CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
+ TODO: check
CVE-2018-7518
RESERVED
-CVE-2018-7517
- RESERVED
+CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
+ TODO: check
CVE-2018-7516
RESERVED
-CVE-2018-7515
- RESERVED
+CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...)
+ TODO: check
CVE-2018-7514
RESERVED
-CVE-2018-7513
- RESERVED
+CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
+ TODO: check
CVE-2018-7512
RESERVED
CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases ...)
@@ -4219,8 +4247,8 @@ CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In install/install.php
NOT-FOR-US: MetInfo
CVE-2018-7270
RESERVED
-CVE-2018-7269
- RESERVED
+CVE-2018-7269 (The findByCondition function in framework/db/ActiveRecord.php in Yii ...)
+ TODO: check
CVE-2018-7268
RESERVED
CVE-2018-7267
@@ -5004,7 +5032,7 @@ CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x be
CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...)
NOT-FOR-US: opentmpfiles
CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...)
- {DSA-4138-1}
+ {DSA-4147-1 DSA-4138-1}
- mbedtls 2.7.0-2
- polarssl <removed>
[wheezy] - polarssl <not-affected> (vulnerable code not present)
@@ -13642,8 +13670,7 @@ CVE-2018-3711
NOTE: https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76
NOTE: https://hackerone.com/reports/303632
NOTE: https://nodesecurity.io/advisories/564
-CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import]
- RESERVED
+CVE-2018-3710 (Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable ...)
{DSA-4145-1}
- gitlab <unfixed> (bug #888508)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
@@ -19756,14 +19783,14 @@ CVE-2018-1349
RESERVED
CVE-2018-1348
RESERVED
-CVE-2018-1347
- RESERVED
-CVE-2018-1346
- RESERVED
-CVE-2018-1345
- RESERVED
-CVE-2018-1344
- RESERVED
+CVE-2018-1347 (The administrative web interface in NetIQ iManager, versions prior to ...)
+ TODO: check
+CVE-2018-1346 (Addresses denial of service attack to eDirectory versions prior to ...)
+ TODO: check
+CVE-2018-1345 (NetIQ iManager, versions prior to 3.1, under some circumstances could ...)
+ TODO: check
+CVE-2018-1344 (Addresses potential communication downgrade attack in NetIQ iManager ...)
+ TODO: check
CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...)
NOT-FOR-US: NetIQ
CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload ...)
@@ -20388,10 +20415,10 @@ CVE-2018-1232
RESERVED
CVE-2018-1231
RESERVED
-CVE-2018-1230
- RESERVED
-CVE-2018-1229
- RESERVED
+CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site ...)
+ TODO: check
+CVE-2018-1229 (Pivotal Spring Batch Admin, all versions, contains a stored XSS ...)
+ TODO: check
CVE-2018-1228
RESERVED
CVE-2018-1227 (Pivotal Concourse after 2018-03-05 might allow remote attackers to ...)
@@ -22990,7 +23017,7 @@ CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Servi
NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...)
- {DSA-4138-1}
+ {DSA-4147-1 DSA-4138-1}
- mbedtls 2.7.0-2 (bug #890287)
- polarssl <removed>
[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected)
@@ -22998,7 +23025,7 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when
NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...)
- {DSA-4138-1}
+ {DSA-4147-1 DSA-4138-1}
- mbedtls 2.7.0-2 (bug #890288)
- polarssl <removed>
[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected)
@@ -72017,33 +72044,27 @@ CVE-2017-0929
RESERVED
CVE-2017-0928
RESERVED
-CVE-2017-0927 [Guest Users Can Give Deploy Keys in Other Projects Write Access]
- RESERVED
+CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...)
- gitlab <unfixed> (bug #888508)
[stretch] - gitlab <not-affected> (Doesn't affect 8.x)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0926 [Login with Disabled OAuth Provider via POST]
- RESERVED
+CVE-2017-0926 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...)
{DSA-4145-1}
- gitlab <unfixed> (bug #888508)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0925 [Sensitive Fields Exposed to Admins / Masters in the Services API]
- RESERVED
+CVE-2017-0925 (Gitlab Enterprise Edition version 10.1.0 is vulnerable to an ...)
{DSA-4145-1}
- gitlab <unfixed> (bug #888508)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0924 [XSS in Label Dropdown]
- RESERVED
+CVE-2017-0924 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...)
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Only affects 9.0 and later)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0923 [Jupyter Notebook XSS]
- RESERVED
+CVE-2017-0923 (Gitlab Community Edition version 9.1 is vulnerable to lack of input ...)
- gitlab <unfixed> (bug #888508)
[stretch] - gitlab <not-affected> (Doesn't affect 8.x)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0922 [Milestone Authorization Issue on Boards]
- RESERVED
+CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...)
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Only affects 9.1 and later)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
@@ -72053,29 +72074,24 @@ CVE-2017-0920
RESERVED
CVE-2017-0919
RESERVED
-CVE-2017-0918 [GitLab CI Runner Can Read and Poison Cache of All Other Projects]
- RESERVED
+CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path ...)
{DSA-4145-1}
- gitlab <unfixed> (bug #888508)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0917 [Cross-site scripting (XSS) vulnerability in CI job output]
- RESERVED
+CVE-2017-0917 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...)
{DSA-4145-1}
- gitlab <unfixed> (bug #888508)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks]
- RESERVED
+CVE-2017-0916 (Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...)
{DSA-4145-1}
- gitlab <unfixed> (bug #888508)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
-CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import]
- RESERVED
+CVE-2017-0915 (Gitlab Community Edition version 10.2.4 is vulnerable to a lack of ...)
{DSA-4145-1}
- gitlab <unfixed> (bug #888508)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0914 [Critical SQL Injection in MilestoneFinder]
- RESERVED
+CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2, and ...)
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6cf974723a7fc992dae6d3cbe38b252748ada45
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6cf974723a7fc992dae6d3cbe38b252748ada45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180321/2f8c5066/attachment.html>
More information about the Secure-testing-commits
mailing list