[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Mar 28 20:10:26 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88c3d339 by security tracker role at 2018-03-28T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,13 @@
+CVE-2018-9114
+	RESERVED
+CVE-2018-9113
+	RESERVED
+CVE-2018-9112
+	RESERVED
+CVE-2018-9111
+	RESERVED
+CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via ...)
+	TODO: check
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via the ...)
 	NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an ...)
@@ -107,6 +117,7 @@ CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in
 	[wheezy] - lrzip <ignored> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/93
 CVE-2018-7600 [SA-CORE-2018-002]
+	RESERVED
 	- drupal7 <unfixed> (bug #894259)
 	NOTE: https://www.drupal.org/sa-core-2018-002
 	NOTE: https://groups.drupal.org/security/faq-2018-002
@@ -225,6 +236,7 @@ CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS
 CVE-2018-9019
 	RESERVED
 CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...)
+	{DLA-1322-1}
 	- graphicsmagick <unfixed>
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
@@ -2334,14 +2346,17 @@ CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML
 CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit ...)
 	NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
 CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
+	{DLA-1322-1}
 	- graphicsmagick 1.3.27-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/475/
 CVE-2017-18230 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
+	{DLA-1322-1}
 	- graphicsmagick 1.3.27-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/473/
 CVE-2017-18229 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
+	{DLA-1322-1}
 	- graphicsmagick 1.3.27-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/461/
@@ -3159,7 +3174,7 @@ CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the cr
 CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier contains a ...)
 	- electron <itp> (bug #842420)
 CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...)
-	{DLA-1317-1}
+	{DSA-4154-1 DLA-1317-1}
 	- net-snmp 5.7.3+dfsg-1.1 (bug #894110)
 	NOTE: https://sourceforge.net/p/net-snmp/bugs/2821/
 	NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
@@ -3327,12 +3342,14 @@ CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to sp
 CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in ...)
+	{DLA-1322-1}
 	- graphicsmagick 1.3.26-8
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
 	NOTE: Issue is related to CVE-2017-11403 but not the same issue.
 	TODO: check, needs clarification, the issue is CloseBlob use-after-free
 CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
+	{DLA-1322-1}
 	- graphicsmagick 1.3.27-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
@@ -3384,12 +3401,12 @@ CVE-2018-7678 (A cross site scripting vulnerability exist in the Administration 
 	NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity ...)
 	NOT-FOR-US: NetIQ Access Manager
-CVE-2018-7676
-	RESERVED
+CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp with log ...)
+	TODO: check
 CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the ...)
 	NOT-FOR-US: NetIQ Sentinel
-CVE-2018-7674
-	RESERVED
+CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to 4.7, is ...)
+	TODO: check
 CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions prior to ...)
 	NOT-FOR-US: NetIQ Identity Manager
 CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel ...)
@@ -3994,8 +4011,8 @@ CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discover
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7499
 	RESERVED
-CVE-2018-7498
-	RESERVED
+CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of proper ...)
+	TODO: check
 CVE-2018-7497
 	RESERVED
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision ...)
@@ -9946,8 +9963,8 @@ CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was 
 	NOT-FOR-US: Moxa
 CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...)
 	NOT-FOR-US: Emerson Process Management ControlWave Micro Process Automation Controller
-CVE-2018-5451
-	RESERVED
+CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an actor ...)
+	TODO: check
 CVE-2018-5450
 	RESERVED
 CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell ...)
@@ -21329,8 +21346,8 @@ CVE-2018-1144
 	RESERVED
 CVE-2018-1143
 	RESERVED
-CVE-2018-1142
-	RESERVED
+CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to ...)
+	TODO: check
 CVE-2018-1141 (When installing Nessus to a directory outside of the default location, ...)
 	NOT-FOR-US: Nessus
 CVE-2017-17425 (This vulnerability allows remote attackers to execute arbitrary code ...)
@@ -21568,8 +21585,7 @@ CVE-2018-1085
 	NOT-FOR-US: openshift-ansible
 CVE-2018-1084
 	RESERVED
-CVE-2018-1083 [check bounds on PATH_MAX-sized buffer used for file completion candidates]
-	RESERVED
+CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...)
 	- zsh <unfixed> (low; bug #894043)
 	[stretch] - zsh <no-dsa> (Minor issue)
 	[jessie] - zsh <no-dsa> (Minor issue)
@@ -21626,8 +21642,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishan
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
-CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent]
-	RESERVED
+CVE-2018-1064 (libvirt version before 4.2.0-rc1 is vulnerable to a resource ...)
 	{DSA-4137-1 DLA-1315-1}
 	- libvirt 4.1.0-1
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
@@ -41429,10 +41444,10 @@ CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary
 	NOT-FOR-US: ManageEngine ServiceDesk
 CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...)
 	NOT-FOR-US: ManageEngine ServiceDesk
-CVE-2017-11510
-	RESERVED
-CVE-2017-11509
-	RESERVED
+CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that ...)
+	TODO: check
+CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in ...)
+	TODO: check
 CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...)
 	NOT-FOR-US: SecurityCenter
 CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
@@ -122318,7 +122333,7 @@ CVE-2015-3310 (Buffer overflow in the rc_mksid function in plugins/radius/util.c
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
 	NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450
 CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and ...)
-	{DLA-1317-1}
+	{DSA-4154-1 DLA-1317-1}
 	- net-snmp 5.7.3+dfsg-1.1 (bug #788964)
 	[squeeze] - net-snmp <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88c3d339465f0740404cd5e489228c37326b249d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88c3d339465f0740404cd5e489228c37326b249d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180328/8af4d3a0/attachment.html>


More information about the Secure-testing-commits mailing list