[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Tue Mar 27 08:10:23 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd1b40e8 by security tracker role at 2018-03-27T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,84 @@
-CVE-2017-18249 [f2fs: fix race condition in between free nid allocator/initializer]
+CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable assertion in the ...)
+	TODO: check
+CVE-2018-9054 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9053 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9052 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9051 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9050 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9049 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9048 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9047 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9046 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9045 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
+	TODO: check
+CVE-2018-9044 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+	TODO: check
+CVE-2018-9043 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+	TODO: check
+CVE-2018-9042 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+	TODO: check
+CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+	TODO: check
+CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+	TODO: check
+CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, ...)
+	TODO: check
+CVE-2018-9038
+	RESERVED
+CVE-2018-9037
+	RESERVED
+CVE-2018-9036
+	RESERVED
+CVE-2018-9035
+	RESERVED
+CVE-2018-9034
+	RESERVED
+CVE-2018-9033
+	RESERVED
+CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...)
+	TODO: check
+CVE-2018-9031
+	RESERVED
+CVE-2018-9030
+	RESERVED
+CVE-2018-9029
+	RESERVED
+CVE-2018-9028
+	RESERVED
+CVE-2018-9027
+	RESERVED
+CVE-2018-9026
+	RESERVED
+CVE-2018-9025
+	RESERVED
+CVE-2018-9024
+	RESERVED
+CVE-2018-9023
+	RESERVED
+CVE-2018-9022
+	RESERVED
+CVE-2018-9021
+	RESERVED
+CVE-2017-18254 (An issue was discovered in ImageMagick 7.0.7. A memory leak ...)
+	TODO: check
+CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer ...)
+	TODO: check
+CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList ...)
+	TODO: check
+CVE-2017-18251 (An issue was discovered in ImageMagick 7.0.7. A memory leak ...)
+	TODO: check
+CVE-2017-18250 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer ...)
+	TODO: check
+CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel before ...)
 	- linux 4.12.6-1
 	NOTE: Fixed by: https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
 CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when ...)
@@ -170,6 +250,7 @@ CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Acc
 	- i-librarian <itp> (bug #649291)
 	NOTE: https://github.com/mkucej/i-librarian/issues/124
 CVE-2018-1000140 (rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow ...)
+	{DSA-4151-1}
 	- librelp 1.2.15-1
 	[wheezy] - librelp <not-affected> (vulnerable code not present)
 	NOTE: https://www.rsyslog.com/cve-2018-1000140/
@@ -544,8 +625,8 @@ CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows 
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025
 CVE-2018-8803
 	RESERVED
-CVE-2018-8802
-	RESERVED
+CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal ...)
+	TODO: check
 CVE-2018-8801
 	RESERVED
 	- gitlab 10.5.6+dfsg-1 (bug #893905)
@@ -3228,8 +3309,8 @@ CVE-2018-7711 (HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.1
 	NOTE: failure mode hard to trigger for an attacker, signing of redirect binding in many cases not that important
 	NOTE: https://simplesamlphp.org/security/201803-01
 	NOTE: https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
-CVE-2018-7658
-	RESERVED
+CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 ...)
+	TODO: check
 CVE-2018-7657
 	RESERVED
 CVE-2018-7656
@@ -3811,7 +3892,7 @@ CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking ...)
 CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the ...)
 	{DSA-4142-1}
 	- uwsgi 2.0.15-10.4 (bug #891639)
-        [wheezy] - uwsgi <not-affected> (plugin package introduced in jessie)
+	[wheezy] - uwsgi <not-affected> (plugin package introduced in jessie)
 	NOTE: Fixed in 2.0.17 upstream
 	NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
 	NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
@@ -10548,7 +10629,7 @@ CVE-2018-5148 [Use-after-free in compositor]
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/
 CVE-2018-5147 [out-of-bound write]
 	RESERVED
-	{DSA-4143-1 DSA-4141-1 DLA-1312-1}
+	{DSA-4143-1 DSA-4141-1 DLA-1319-1 DLA-1312-1}
 	- firefox 59.0.1-1
 	- firefox-esr 52.7.2esr-1
 	- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
@@ -10556,7 +10637,7 @@ CVE-2018-5147 [out-of-bound write]
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
 CVE-2018-5146 [out-of-bound write]
 	RESERVED
-	{DSA-4143-1 DSA-4140-1}
+	{DSA-4143-1 DSA-4140-1 DLA-1319-1}
 	- firefox 59.0.1-1
 	- firefox-esr 52.7.2esr-1
 	- thunderbird 1:52.7.0-1
@@ -37480,8 +37561,8 @@ CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of
 	NOT-FOR-US: Kaspersky Internet Security for Android
 CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...)
 	NOT-FOR-US: Kaspersky Internet Security for Android
-CVE-2017-12815
-	RESERVED
+CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet ...)
+	TODO: check
 CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in ...)
 	- perl <not-affected> (Windows specific issue)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public)
@@ -38687,8 +38768,8 @@ CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-depend
 	NOT-FOR-US: CCN-lite
 CVE-2017-12411
 	RESERVED
-CVE-2017-12410
-	RESERVED
+CVE-2017-12410 (It is possible to exploit a Time of Check & Time of Use (TOCTOU) ...)
+	TODO: check
 CVE-2017-12409
 	RESERVED
 CVE-2017-12408



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd1b40e88519a11b848038f836ad4007f2056f11

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd1b40e88519a11b848038f836ad4007f2056f11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180327/c6a88a38/attachment.html>
