[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Mar 23 09:10:34 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3fe1a52 by security tracker role at 2018-03-23T09:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-8946
+	RESERVED
+CVE-2018-8945 (The bfd_section_from_shdr function in elf.c in the Binary File ...)
+	TODO: check
+CVE-2018-8944 (PHPOK 4.8.338 has an arbitrary file upload vulnerability. ...)
+	TODO: check
+CVE-2018-8943 (There is a SQL injection in the PHPSHE 1.6 userbank parameter. ...)
+	TODO: check
+CVE-2018-8942 (Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. ...)
+	TODO: check
+CVE-2017-18244 (The stereo_processing function in libavcodec/aacps.c in Libav 12.2 ...)
+	TODO: check
+CVE-2017-18243 (The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav ...)
+	TODO: check
+CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c in Libav ...)
+	TODO: check
 CVE-2018-8941
 	RESERVED
 CVE-2018-8940
@@ -76,8 +92,8 @@ CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the func
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
 CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
 	NOT-FOR-US: Windows Optimization Master
-CVE-2018-8903
-	RESERVED
+CVE-2018-8903 (Open-AudIT Professional 2.1 allows XSS via the Name or Description ...)
+	TODO: check
 CVE-2018-8902
 	RESERVED
 CVE-2018-8901
@@ -237,6 +253,7 @@ CVE-2018-8830
 CVE-2018-8829
 	RESERVED
 CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x ...)
+	{DSA-4148-1}
 	- kamailio 5.1.2-1
 	NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
 	NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
@@ -8796,7 +8813,7 @@ CVE-2018-5734 [A malformed request can trigger an assertion failure in badcache.
 	NOTE: https://kb.isc.org/article/AA-01562/74/CVE-2018-5734
 CVE-2018-5733 [A malicious client can overflow a reference counter in ISC dhcpd]
 	RESERVED
-	{DSA-4133-1}
+	{DSA-4133-1 DLA-1313-1}
 	- isc-dhcp 4.3.5-3.1 (bug #891785)
 	NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733
 	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140
@@ -8804,7 +8821,7 @@ CVE-2018-5733 [A malicious client can overflow a reference counter in ISC dhcpd]
 	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
 CVE-2018-5732 [A specially constructed response from a malicious server can cause a buffer overflow in dhclient]
 	RESERVED
-	{DSA-4133-1}
+	{DSA-4133-1 DLA-1313-1}
 	- isc-dhcp 4.3.5-3.1 (bug #891786)
 	NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
 	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139
@@ -10283,7 +10300,7 @@ CVE-2018-5148
 	RESERVED
 CVE-2018-5147 [out-of-bound write]
 	RESERVED
-	{DSA-4143-1 DSA-4141-1}
+	{DSA-4143-1 DSA-4141-1 DLA-1312-1}
 	- firefox 59.0.1-1
 	- firefox-esr 52.7.2esr-1
 	- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
@@ -11083,7 +11100,7 @@ CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed cou
 CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack ...)
 	NOT-FOR-US: Mautic
 CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command injection because ...)
-	{DSA-4146-1 DLA-1237-1 DLA-1236-1}
+	{DSA-4149-1 DSA-4146-1 DLA-1237-1 DLA-1236-1}
 	- plexus-utils 1:1.5.15-5
 	- plexus-utils2 3.0.22-1
 	NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3fe1a52a981c2bbc06ad7f62f7ec4b58eb0e342

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3fe1a52a981c2bbc06ad7f62f7ec4b58eb0e342
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180323/6e5e18d8/attachment.html>

More information about the Secure-testing-commits mailing list