[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-876{3, 4}/ldap-account-manager

Salvatore Bonaccorso carnil at debian.org
Sun Mar 25 09:29:29 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf484254 by Salvatore Bonaccorso at 2018-03-25T11:29:02+02:00
Add CVE-2018-876{3,4}/ldap-account-manager

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -581,10 +581,18 @@ CVE-2018-8766 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbi
 	NOT-FOR-US: joyplus-cms
 CVE-2018-8765 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) ...)
 	NOT-FOR-US: 2345 Security Guard
-CVE-2018-8764
-	RESERVED
-CVE-2018-8763
-	RESERVED
+CVE-2018-8764 [CSRF token in URL]
+	RESERVED
+	- ldap-account-manager <unfixed>
+	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
+	NOTE: https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688
+CVE-2018-8763 [XSS vulnerabilities]
+	RESERVED
+	- ldap-account-manager <unfixed>
+	NOTE: https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
+	NOTE: https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
+	NOTE: https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a
+	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
 CVE-2018-8762
 	RESERVED
 CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf484254fc554baac3321fc6ca8fe7fad68111d6

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf484254fc554baac3321fc6ca8fe7fad68111d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180325/0b9f0190/attachment.html>

More information about the Secure-testing-commits mailing list