[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Fri Mar 30 08:10:35 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
441f7458 by security tracker role at 2018-03-30T08:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-9143
+	RESERVED
+CVE-2018-9142
+	RESERVED
+CVE-2018-9141
+	RESERVED
+CVE-2018-9140
+	RESERVED
+CVE-2018-9139
+	RESERVED
+CVE-2018-9138
+	RESERVED
+CVE-2018-9137
+	RESERVED
+CVE-2018-9136
+	RESERVED
+CVE-2018-9135
+	RESERVED
+CVE-2018-9134
+	RESERVED
+CVE-2018-9133
+	RESERVED
+CVE-2018-9132
+	RESERVED
+CVE-2018-9131
+	RESERVED
+CVE-2018-9130
+	RESERVED
+CVE-2018-9129
+	RESERVED
+CVE-2018-9128
+	RESERVED
+CVE-2018-9127
+	RESERVED
+CVE-2018-9126
+	RESERVED
 CVE-2018-9125
 	RESERVED
 CVE-2018-9124
@@ -2355,6 +2391,7 @@ CVE-2018-8095
 CVE-2018-1000128
 	REJECTED
 CVE-2018-1000127 (memcached version prior to 1.4.37 contains an Integer Overflow ...)
+	{DLA-1329-1}
 	- memcached 1.5.0-1 (bug #894404)
 	NOTE: https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
 	NOTE: https://github.com/memcached/memcached/issues/271
@@ -21202,8 +21239,8 @@ CVE-2018-1193
 	RESERVED
 CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; ...)
 	NOT-FOR-US: Cloud Foundry
-CVE-2018-1191
-	RESERVED
+CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an ...)
+	TODO: check
 CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all ...)
 	NOT-FOR-US: Pivotal
 CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
@@ -23097,6 +23134,7 @@ CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), 
 CVE-2018-0740
 	RESERVED
 CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as can be ...)
+	{DSA-4158-1 DSA-4157-1}
 	- openssl 1.1.0h-1
 	- openssl1.0 1.0.2o-1
 	NOTE: https://www.openssl.org/news/secadv/20180327.txt
@@ -25137,8 +25175,8 @@ CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util
 	NOTE: https://trac.pjsip.org/repos/changeset/5680
 CVE-2017-16874
 	RESERVED
-CVE-2017-16873
-	RESERVED
+CVE-2017-16873 (It is possible to exploit an unsanitized PATH in the suid binary that ...)
+	TODO: check
 CVE-2017-1000233
 	REJECTED
 CVE-2017-1000222
@@ -25564,8 +25602,8 @@ CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote .
 	{DSA-4049-1}
 	- ffmpeg 7:3.4.1-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
-CVE-2017-16839
-	RESERVED
+CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...)
+	TODO: check
 CVE-2017-16838
 	RESERVED
 CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not ...)
@@ -26510,8 +26548,8 @@ CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabil
 	NOT-FOR-US: WebsiteBaker
 CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in ...)
 	NOT-FOR-US: Ipswitch WS_FTP Professional
-CVE-2017-16512
-	RESERVED
+CVE-2017-16512 (The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 ...)
+	TODO: check
 CVE-2017-16511
 	RESERVED
 CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to ...)
@@ -38341,6 +38379,7 @@ CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apac
 CVE-2017-12628 (The JMX server embedded in Apache James, also used by the command line ...)
 	NOT-FOR-US: Apache James
 CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing of ...)
+	{DLA-1328-1}
 	- xerces-c 3.2.1+debian-1 (bug #894050)
 	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
 	NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
@@ -84345,8 +84384,8 @@ CVE-2016-6660
 	REJECTED
 CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, ...)
 	NOT-FOR-US: Pivotal
-CVE-2016-6658
-	RESERVED
+CVE-2016-6658 (Applications in cf-release before 245 can be configured and pushed ...)
+	TODO: check
 CVE-2016-6657 (An open redirect vulnerability has been detected with some Pivotal ...)
 	NOT-FOR-US: Pivotal
 CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation ...)
@@ -104023,8 +104062,8 @@ CVE-2016-0900 (Cross-site scripting (XSS) vulnerability in EMC RSA Authenticatio
 	NOT-FOR-US: RSA Authentication Manager
 CVE-2016-0899 (EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated ...)
 	NOT-FOR-US: RSA Archer GRC Platform
-CVE-2016-0898
-	RESERVED
+CVE-2016-0898 (MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS ...)
+	TODO: check
 CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before ...)
 	NOT-FOR-US: Pivotal Cloud Foundry
 CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/441f745838966feb3b468b72c8406269fed6bd58

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/441f745838966feb3b468b72c8406269fed6bd58
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180330/f4a2cd6e/attachment.html>
