[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 9 09:10:25 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4923a543 by security tracker role at 2018-05-09T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,53 @@
+CVE-2018-10838
+	RESERVED
+CVE-2018-10837
+	RESERVED
+CVE-2018-10836
+	RESERVED
+CVE-2018-10835
+	RESERVED
+CVE-2018-10834
+	RESERVED
+CVE-2018-10833
+	RESERVED
+CVE-2018-10832
+	RESERVED
+CVE-2018-10831 (Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier ...)
+	TODO: check
+CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10829
+	RESERVED
+CVE-2018-10828
+	RESERVED
+CVE-2018-10827 (LiteCart 2.1.2 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CVE-2018-10826
+	RESERVED
+CVE-2018-10825
+	RESERVED
+CVE-2018-10824
+	RESERVED
+CVE-2018-10823
+	RESERVED
+CVE-2018-10822
+	RESERVED
+CVE-2018-10821
+	RESERVED
+CVE-2018-10820
+	RESERVED
+CVE-2018-10819
+	RESERVED
+CVE-2018-10818
+	RESERVED
+CVE-2018-10817 (Severalnines ClusterControl before 1.6.0-4699 allows XSS. ...)
+	TODO: check
+CVE-2018-10816
+	RESERVED
+CVE-2018-10815
+	RESERVED
+CVE-2018-10814
+	RESERVED
 CVE-2018-10813
 	RESERVED
 CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses cleartext ...)
@@ -268,8 +318,8 @@ CVE-2018-10707
 	RESERVED
 CVE-2018-10706
 	RESERVED
-CVE-2018-10705
-	RESERVED
+CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an ...)
+	TODO: check
 CVE-2018-10704
 	RESERVED
 CVE-2018-10703
@@ -1542,8 +1592,8 @@ CVE-2018-10186 (In radare2 2.5.0, there is a heap-based buffer over-read in the 
 	NOTE: Before applying the fix for CVE-2018-8808 the issue is covered/differently visible
 CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF ...)
 	NOT-FOR-US: TuziCMS
-CVE-2018-10184
-	RESERVED
+CVE-2018-10184 (An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ...)
+	TODO: check
 CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2018-10182
@@ -4607,6 +4657,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.
 CVE-2018-8898
 	RESERVED
 CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
+	{DSA-4196-1}
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
 	- xen <unfixed>
@@ -26313,7 +26364,7 @@ CVE-2018-1121
 CVE-2018-1120
 	RESERVED
 CVE-2018-1119 [Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service]
-	RESERVED
+	REJECTED
 	- haproxy 1.8.8-1
 	[stretch] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
 	[jessie] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
@@ -26451,6 +26502,7 @@ CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot ...
 	NOTE: Needs: https://review.gluster.org/#/c/19899/1..2
 CVE-2018-1087 [error in exception handling leads to wrong debug stack value]
 	RESERVED
+	{DSA-4196-1}
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/5
@@ -38542,7 +38594,7 @@ CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
-        NOTE: Upstream fix: https://gitlab.xiph.org/xiph/vorbis/uploads/b1e77c7aab2afccf645e32678d8ba52d/patch1
+	NOTE: Upstream fix: https://gitlab.xiph.org/xiph/vorbis/uploads/b1e77c7aab2afccf645e32678d8ba52d/patch1
 CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote ...)
 	{DSA-4052-1 DLA-1107-1}
 	- bzr 2.7.0+bzr6622-7 (bug #874429)
@@ -74274,8 +74326,7 @@ CVE-2017-2607
 	RESERVED
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2606
-	RESERVED
+CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an information ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2605
@@ -131866,8 +131917,8 @@ CVE-2015-1505
 	RESERVED
 CVE-2015-1504
 	RESERVED
-CVE-2015-1503
-	RESERVED
+CVE-2015-1503 (Multiple directory traversal vulnerabilities in IceWarp Mail Server ...)
+	TODO: check
 CVE-2015-1502
 	RESERVED
 CVE-2015-1501 (The factory.loadExtensionFactory function in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4923a543b46de2cbbb9b2e331da085990af3cb6f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4923a543b46de2cbbb9b2e331da085990af3cb6f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180509/fc4221fa/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list