[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 29 20:10:31 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af8d7294 by security tracker role at 2018-03-29T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-9125
+ RESERVED
+CVE-2018-9124
+ RESERVED
CVE-2018-9123 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User ...)
TODO: check
CVE-2018-9122 (In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the ...)
@@ -196,8 +200,8 @@ CVE-2018-9033
RESERVED
CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...)
NOT-FOR-US: D-Link
-CVE-2018-9031
- RESERVED
+CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x devices ...)
+ TODO: check
CVE-2018-9030
RESERVED
CVE-2018-9029
@@ -3716,6 +3720,7 @@ CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-base
CVE-2018-7585
RESERVED
CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ...)
+ {DLA-1326-1}
- php7.2 7.2.3-1
- php7.1 7.1.15-1
- php7.0 7.0.28-1
@@ -6762,12 +6767,12 @@ CVE-2018-6590
RESERVED
CVE-2018-6589
RESERVED
-CVE-2018-6588
- RESERVED
-CVE-2018-6587
- RESERVED
-CVE-2018-6586
- RESERVED
+CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a ...)
+ TODO: check
+CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ...)
+ TODO: check
+CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored ...)
+ TODO: check
CVE-2018-1000040
RESERVED
CVE-2018-1000039
@@ -10657,10 +10662,10 @@ CVE-2018-5226
RESERVED
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...)
NOT-FOR-US: Atlassian Bitbucket Server
-CVE-2018-5224
- RESERVED
-CVE-2018-5223
- RESERVED
+CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial repository ...)
+ TODO: check
+CVE-2018-5223 (Fisheye and Crucible did not correctly check if a configured Mercurial ...)
+ TODO: check
CVE-2018-5222
RESERVED
CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX ...)
@@ -10845,7 +10850,7 @@ CVE-2018-5147 [out-of-bound write]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
CVE-2018-5146 [out-of-bound write]
RESERVED
- {DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1319-1}
+ {DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1327-1 DLA-1319-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
- thunderbird 1:52.7.0-1
@@ -10855,14 +10860,14 @@ CVE-2018-5146 [out-of-bound write]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5145
RESERVED
- {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+ {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5144
RESERVED
- {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+ {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
@@ -10929,7 +10934,7 @@ CVE-2018-5130
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5129
RESERVED
- {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+ {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
@@ -10942,7 +10947,7 @@ CVE-2018-5128
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5127
RESERVED
- {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+ {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
@@ -10955,7 +10960,7 @@ CVE-2018-5126
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5125
RESERVED
- {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+ {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
@@ -11760,8 +11765,8 @@ CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced
NOT-FOR-US: SIMATIC
CVE-2018-4842
RESERVED
-CVE-2018-4841
- RESERVED
+CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions < ...)
+ TODO: check
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
NOT-FOR-US: Siemens
CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
@@ -58858,8 +58863,8 @@ CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Pre
NOTE: Not covered by security support
CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. ...)
NOT-FOR-US: OnePlus One
-CVE-2017-5947
- RESERVED
+CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices ...)
+ TODO: check
CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...)
{DSA-3801-1 DLA-846-1}
- ruby-zip 1.2.0-1.1 (bug #856269)
@@ -65332,31 +65337,31 @@ CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/2
CVE-2017-3789
- RESERVED
+ REJECTED
CVE-2017-3788
- RESERVED
+ REJECTED
CVE-2017-3787
- RESERVED
+ REJECTED
CVE-2017-3786
- RESERVED
+ REJECTED
CVE-2017-3785
- RESERVED
+ REJECTED
CVE-2017-3784
- RESERVED
+ REJECTED
CVE-2017-3783
- RESERVED
+ REJECTED
CVE-2017-3782
- RESERVED
+ REJECTED
CVE-2017-3781
- RESERVED
+ REJECTED
CVE-2017-3780
- RESERVED
+ REJECTED
CVE-2017-3779
- RESERVED
+ REJECTED
CVE-2017-3778
- RESERVED
+ REJECTED
CVE-2017-3777
- RESERVED
+ REJECTED
CVE-2017-3776
RESERVED
CVE-2017-3775
@@ -116742,10 +116747,10 @@ CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business Process
NOT-FOR-US: IBM
CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...)
NOT-FOR-US: IBM
-CVE-2015-4953
- RESERVED
-CVE-2015-4952
- RESERVED
+CVE-2015-4953 (IBM BigFix Remote Control before Interim Fix pack ...)
+ TODO: check
+CVE-2015-4952 (The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 ...)
+ TODO: check
CVE-2015-4951 (Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect ...)
NOT-FOR-US: IBM Spectrum Protect
CVE-2015-4950 (The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: ...)
@@ -125506,8 +125511,8 @@ CVE-2015-2022
RESERVED
CVE-2015-2021
RESERVED
-CVE-2015-2020
- RESERVED
+CVE-2015-2020 (The MyScript SDK before 1.3 for Android might allow attackers to ...)
+ TODO: check
CVE-2015-2019 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...)
NOT-FOR-US: IBM
CVE-2015-2018 (IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message ...)
@@ -125528,8 +125533,8 @@ CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Pa
NOT-FOR-US: IBM
CVE-2015-2010
REJECTED
-CVE-2015-2009
- RESERVED
+CVE-2015-2009 (Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi ...)
+ TODO: check
CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x ...)
@@ -125538,16 +125543,16 @@ CVE-2015-2006
RESERVED
CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
NOT-FOR-US: IBM Security QRadar SIEM
-CVE-2015-2004
- RESERVED
-CVE-2015-2003
- RESERVED
-CVE-2015-2002
- RESERVED
-CVE-2015-2001
- RESERVED
-CVE-2015-2000
- RESERVED
+CVE-2015-2004 (The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might ...)
+ TODO: check
+CVE-2015-2003 (The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might ...)
+ TODO: check
+CVE-2015-2002 (The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow ...)
+ TODO: check
+CVE-2015-2001 (The MetaIO SDK before 6.0.2.1 for Android might allow attackers to ...)
+ TODO: check
+CVE-2015-2000 (The Jumio SDK before 1.5.0 for Android might allow attackers to ...)
+ TODO: check
CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 ...)
NOT-FOR-US: IBM QRadar
CVE-2015-1998
@@ -139634,8 +139639,8 @@ CVE-2014-6606
RESERVED
CVE-2014-6605
RESERVED
-CVE-2014-6604
- RESERVED
+CVE-2014-6604 (Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in ...)
+ TODO: check
CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in ...)
[squeeze] - suricata <not-affected> (Vulnerable code not yet present)
[wheezy] - suricata <not-affected> (Vulnerable code not yet present)
@@ -143147,8 +143152,8 @@ CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained acces
[wheezy] - libvirt <not-affected> (Not exploitable in that version)
[squeeze] - libvirt <not-affected> (Not exploitable in that version)
NOTE: http://security.libvirt.org/2014/0003.html
-CVE-2014-5170
- RESERVED
+CVE-2014-5170 (The Storage API module 7.x before 7.x-1.6 for Drupal might allow ...)
+ TODO: check
CVE-2014-5169 (Cross-site scripting (XSS) vulnerability in the Date module before ...)
NOT-FOR-US: Drupal module Date
CVE-2014-5168
@@ -143541,8 +143546,7 @@ CVE-2014-5029 (The web interface in CUPS 1.7.4 allows local users in the lp grou
- cups 1.7.4-2
[squeeze] - cups 1.4.4-7+squeeze6
NOTE: https://cups.org/str.php?L4455
-CVE-2014-5028
- RESERVED
+CVE-2014-5028 (The Original File and Patched File resources in Review Board 1.7.x ...)
- reviewboard <itp> (bug #653113)
CVE-2014-5027 (Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before ...)
- reviewboard <itp> (bug #653113)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af8d72946d09d4edb159f924c92b88734c056781
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af8d72946d09d4edb159f924c92b88734c056781
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180329/cae20adb/attachment-0001.html>
More information about the Secure-testing-commits
mailing list