[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 30 20:10:24 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c241e85 by security tracker role at 2018-03-30T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,31 +1,47 @@
-CVE-2018-9143
- RESERVED
-CVE-2018-9142
- RESERVED
-CVE-2018-9141
- RESERVED
-CVE-2018-9140
- RESERVED
-CVE-2018-9139
+CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
+ TODO: check
+CVE-2018-9150
RESERVED
-CVE-2018-9138
+CVE-2018-9149
RESERVED
+CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the session ...)
+ TODO: check
+CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage ...)
+ TODO: check
+CVE-2018-9146 (In Exiv2 0.26, there is an out-of-bounds read in ...)
+ TODO: check
+CVE-2018-9145 (In Exiv2 0.26, there is a reachable assertion abort in the function ...)
+ TODO: check
+CVE-2018-9144 (In Exiv2 0.26, there is an out-of-bounds read in ...)
+ TODO: check
+CVE-2018-9143 (On Samsung mobile devices with M(6.0) and N(7.x) software, a heap ...)
+ TODO: check
+CVE-2018-9142 (On Samsung mobile devices with N(7.x) software, attackers can install ...)
+ TODO: check
+CVE-2018-9141 (On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, ...)
+ TODO: check
+CVE-2018-9140 (On Samsung mobile devices with M(6.0) software, the Email application ...)
+ TODO: check
+CVE-2018-9139 (On Samsung mobile devices with N(7.x) software, a buffer overflow in ...)
+ TODO: check
+CVE-2018-9138 (An issue was discovered in cplus-dem.c in GNU libiberty, as distributed ...)
+ TODO: check
CVE-2018-9137
RESERVED
-CVE-2018-9136
- RESERVED
-CVE-2018-9135
- RESERVED
-CVE-2018-9134
- RESERVED
-CVE-2018-9133
- RESERVED
-CVE-2018-9132
- RESERVED
+CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
+ TODO: check
+CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...)
+ TODO: check
+CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename ...)
+ TODO: check
+CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
+ TODO: check
+CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...)
+ TODO: check
CVE-2018-9131
RESERVED
-CVE-2018-9130
- RESERVED
+CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
+ TODO: check
CVE-2018-9129
RESERVED
CVE-2018-9128
@@ -2324,6 +2340,7 @@ CVE-2018-8111
CVE-2018-8110
RESERVED
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect Access Control ...)
+ {DLA-1331-1}
- mercurial 4.5.2-1 (bug #892964)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1 (4.5.2)
@@ -5071,6 +5088,7 @@ CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in
- vncterm <unfixed>
NOTE: https://github.com/LibVNC/vncterm/issues/6
CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. ...)
+ {DLA-1332-1}
- libvncserver <unfixed> (bug #894045)
NOTE: https://github.com/LibVNC/libvncserver/issues/218
NOTE: https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
@@ -9154,8 +9172,8 @@ CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and
NOTE: Linux is not affected
NOTE: https://electronjs.org/blog/protocol-handler-fix
NOTE: https://nodesecurity.io/advisories/563
-CVE-2018-5799
- RESERVED
+CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
+ TODO: check
CVE-2018-5798
RESERVED
CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
@@ -14322,12 +14340,10 @@ CVE-2018-3743
RESERVED
CVE-2018-3742
RESERVED
-CVE-2018-3741 [XSS vulnerability]
- RESERVED
+CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer gem ...)
- ruby-rails-html-sanitizer 1.0.4-1 (bug #893994)
NOTE: https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
-CVE-2018-3740 [Sanitize HTML injection vulnerability]
- RESERVED
+CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby to ...)
- ruby-sanitize <unfixed> (bug #893610)
NOTE: https://github.com/rgrove/sanitize/issues/176
NOTE: https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e
@@ -14356,8 +14372,7 @@ CVE-2018-3730
RESERVED
CVE-2018-3729
RESERVED
-CVE-2018-3728 [Prototype pollution in utilities function]
- RESERVED
+CVE-2018-3728 (hoek node module before 5.0.3 suffers from a Modification of ...)
- node-hoek <unfixed> (unimportant)
NOTE: fixed in 4.2.1
NOTE: https://github.com/hapijs/hoek/issues/230
@@ -20093,8 +20108,8 @@ CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Service
NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
NOT-FOR-US: IBM Financial Transaction Manager
-CVE-2018-1390
- RESERVED
+CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for ...)
+ TODO: check
CVE-2018-1389
RESERVED
CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...)
@@ -20105,8 +20120,8 @@ CVE-2018-1386 (IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.
NOT-FOR-US: IBM
CVE-2018-1385
RESERVED
-CVE-2018-1384
- RESERVED
+CVE-2018-1384 (IBM Business Process Manager 8.6 is vulnerable to cross-site ...)
+ TODO: check
CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and ...)
NOT-FOR-US: AIX
CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This ...)
@@ -23149,7 +23164,7 @@ CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd),
CVE-2018-0740
RESERVED
CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as can be ...)
- {DSA-4158-1 DSA-4157-1}
+ {DSA-4158-1 DSA-4157-1 DLA-1330-1}
- openssl 1.1.0h-1
- openssl1.0 1.0.2o-1
NOTE: https://www.openssl.org/news/secadv/20180327.txt
@@ -31423,19 +31438,15 @@ CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-14915
- RESERVED
+CVE-2017-14915 (In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-14913
- RESERVED
+CVE-2017-14913 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-14912
- RESERVED
+CVE-2017-14912 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-14911
- RESERVED
+CVE-2017-14911 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14910 (In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 ...)
NOT-FOR-US: Qualcomm component for Android
@@ -31445,8 +31456,7 @@ CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm closed-source components on Android
-CVE-2017-14906
- RESERVED
+CVE-2017-14906 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
@@ -37967,7 +37977,7 @@ CVE-2017-1000117 (A malicious third-party can give a crafted "ssh://...&quo
- git 1:2.14.1-1
NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
CVE-2017-1000116 (Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...)
- {DSA-3963-1 DLA-1072-1}
+ {DSA-3963-1 DLA-1331-1 DLA-1072-1}
- mercurial 4.3.1-1 (bug #871710)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
NOTE: 11 patches need to be applied, the following are for 4.2:
@@ -43156,8 +43166,7 @@ CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11011
RESERVED
-CVE-2017-11010
- RESERVED
+CVE-2017-11010 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11009
RESERVED
@@ -46907,8 +46916,7 @@ CVE-2017-9683 (In Android for MSM, Firefox OS for MSM, QRD Android, with all And
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-9681
- RESERVED
+CVE-2017-9681 (In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Google drivers for Android
CVE-2017-9680 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Google drivers for Android
@@ -71165,12 +71173,12 @@ CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site requ
NOT-FOR-US: IBM Business Process Manager
CVE-2017-1768
RESERVED
-CVE-2017-1767
- RESERVED
-CVE-2017-1766
- RESERVED
-CVE-2017-1765
- RESERVED
+CVE-2017-1767 (IBM Business Process Manager 8.6 is vulnerable to cross-site ...)
+ TODO: check
+CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8.6 an ...)
+ TODO: check
+CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated user ...)
+ TODO: check
CVE-2017-1764
RESERVED
CVE-2017-1763
@@ -71187,8 +71195,8 @@ CVE-2017-1758 (IBM Financial Transaction Manager for ACH Services for Multi-Plat
NOT-FOR-US: IBM Financial Transaction Manager for ACH Services for Multi-Platform
CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote ...)
NOT-FOR-US: IBM Security Guardium
-CVE-2017-1756
- RESERVED
+CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...)
+ TODO: check
CVE-2017-1755
RESERVED
CVE-2017-1754
@@ -71205,8 +71213,8 @@ CVE-2017-1749
RESERVED
CVE-2017-1748
RESERVED
-CVE-2017-1747
- RESERVED
+CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM ...)
+ TODO: check
CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is ...)
NOT-FOR-US: IBM Jazz for Service Management
CVE-2017-1745
@@ -71289,8 +71297,8 @@ CVE-2017-1707
RESERVED
CVE-2017-1706
RESERVED
-CVE-2017-1705
- RESERVED
+CVE-2017-1705 (IBM Security Privileged Identity Manager 2.1.0 contains left-over, ...)
+ TODO: check
CVE-2017-1704
RESERVED
CVE-2017-1703
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c241e850a4869b42964ba58d94f544730dd8411
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c241e850a4869b42964ba58d94f544730dd8411
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180330/a91dfef1/attachment.html>
More information about the Secure-testing-commits
mailing list