[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat May 5 09:10:29 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ac58c53 by security tracker role at 2018-05-05T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...)
+	TODO: check
+CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...)
+	TODO: check
+CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...)
+	TODO: check
+CVE-2018-10751
+	RESERVED
 CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
 	NOT-FOR-US: D-Link
 CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
@@ -1162,8 +1170,8 @@ CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles sta
 	NOT-FOR-US: Paessler PRTG Network Monitor
 CVE-2018-10252
 	RESERVED
-CVE-2018-10251
-	RESERVED
+CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and ...)
+	TODO: check
 CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a ...)
 	NOT-FOR-US: iCMS
 CVE-2018-10249 (baijiacms V3 has CSRF via ...)
@@ -1212,8 +1220,8 @@ CVE-2018-10231
 	RESERVED
 CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. ...)
 	NOT-FOR-US: Zend Server
-CVE-2018-10229
-	RESERVED
+CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to ...)
+	TODO: check
 CVE-2018-10228
 	RESERVED
 CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...)
@@ -3760,8 +3768,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) 
 	NOT-FOR-US: AXIS
 CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT Professional ...)
 	NOT-FOR-US: Open-AudIT Professional
-CVE-2018-9154
-	RESERVED
+CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in ...)
+	TODO: check
 CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...)
 	NOT-FOR-US: Z-BlogPHP
 CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...)
@@ -35581,8 +35589,8 @@ CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in 
 	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
 CVE-2017-15044 (The default installation of DocuWare Fulltext Search server through ...)
 	NOT-FOR-US: DocuWare Fulltext Search server
-CVE-2017-15043
-	RESERVED
+CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and ...)
+	TODO: check
 CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x ...)
 	- golang-1.9 1.9.1-1
 	- golang-1.8 1.8.4-1
@@ -55572,17 +55580,20 @@ CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that
 CVE-2017-8375
 	RESERVED
 CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b ...)
+	{DSA-4192-1}
 	- libmad 0.15.1b-9
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
 	NOTE: The patch from #508133 fixed things related to this, but did not fix this.
 	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch
 CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...)
+	{DSA-4192-1}
 	- libmad 0.15.1b-9 (bug #287519)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
 	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
 	NOTE: "Duplicate with"/basically same as CVE-2017-8372
 	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
 CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...)
+	{DSA-4192-1}
 	- libmad 0.15.1b-9 (bug #287519)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
 	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
@@ -174952,8 +174963,7 @@ CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush funct
 	{DSA-2766-1 DSA-2745-1}
 	- linux-2.6 <removed>
 	- linux 3.10.1-1
-CVE-2013-2233 [not caching SSH host keys]
-	RESERVED
+CVE-2013-2233 (Ansible before 1.2.1 makes it easier for remote attackers to conduct ...)
 	- ansible 1.3.4+dfsg-1 (bug #714822)
 	NOTE: https://github.com/ansible/ansible/issues/857
 CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux ...)
@@ -183867,8 +183877,7 @@ CVE-2012-5630 [TOCTOU race conditions by copying and removing directory trees]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=884685#c31
 CVE-2012-5629 (The default configuration of the (1) LdapLoginModule and (2) ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2012-5628
-	RESERVED
+CVE-2012-5628 (gofer before 0.68 uses world-writable permissions for ...)
 	NOT-FOR-US: gofer component of PULP project
 CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...)
 	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
@@ -211583,8 +211592,7 @@ CVE-2011-0706 (The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in
 CVE-2011-0705 [path traversal in SimpleHTTPServer]
 	RESERVED
 	NOTE: Will be rejected
-CVE-2011-0704
-	RESERVED
+CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote ...)
 	NOT-FOR-US: 389 Directory Server
 CVE-2011-0703
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ac58c53d41412c5926a6c7ba8b1c427c74572bf

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ac58c53d41412c5926a6c7ba8b1c427c74572bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180505/236baccf/attachment.html>

More information about the debian-security-tracker-commits mailing list