[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 10 21:10:26 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0901104 by security tracker role at 2018-05-10T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-10980
+	RESERVED
+CVE-2018-10979
+	RESERVED
+CVE-2018-10978
+	RESERVED
+CVE-2018-10977 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10976 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10975 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10974 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10973 (An integer overflow in the transferMulti function of a smart contract ...)
+	TODO: check
+CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
+	TODO: check
+CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
+	TODO: check
+CVE-2018-10970
+	RESERVED
+CVE-2018-10969
+	RESERVED
+CVE-2018-10968
+	RESERVED
+CVE-2018-10967
+	RESERVED
+CVE-2018-10966
+	RESERVED
+CVE-2018-10965
+	RESERVED
 CVE-2018-10964
 	RESERVED
 CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF ...)
@@ -38,13 +70,13 @@ CVE-2018-10947
 	RESERVED
 CVE-2018-10946
 	RESERVED
-CVE-2017-18267 [FoFiType1C::cvtGlyph: Fix infinite recursion on malformed documents]
+CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler ...)
 	- poppler <unfixed> (bug #898357)
 	[wheezy] - poppler <ignored> (Minor issue)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
 	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=60b4fe65bc9dc9b82bbadf0be2e3781be796a13d
-CVE-2017-18266 [Argument injection in xdg-open open_envvar]
+CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not ...)
 	- xdg-utils <unfixed> (bug #898317)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
 	NOTE: Fixed by: https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
@@ -336,8 +368,8 @@ CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFF
 	- imagemagick <unfixed> (unimportant; bug #898217)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
-CVE-2018-10803
-	RESERVED
+CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials ...)
+	TODO: check
 CVE-2018-1000301
 	RESERVED
 CVE-2018-1000300
@@ -587,8 +619,8 @@ CVE-2018-10708
 	RESERVED
 CVE-2018-10707
 	RESERVED
-CVE-2018-10706
-	RESERVED
+CVE-2018-10706 (An integer overflow in the transferMulti function of a smart contract ...)
+	TODO: check
 CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an ...)
 	TODO: check
 CVE-2018-10704
@@ -713,8 +745,8 @@ CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a denial of service fla
 	NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
 CVE-2018-10656
 	RESERVED
-CVE-2018-10655
-	RESERVED
+CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 ...)
+	TODO: check
 CVE-2018-10654
 	RESERVED
 CVE-2018-10653
@@ -2677,8 +2709,8 @@ CVE-2018-9851 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php 
 	NOT-FOR-US: Gxlcms QY
 CVE-2018-9850 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php ...)
 	NOT-FOR-US: Gxlcms QY
-CVE-2018-9849
-	RESERVED
+CVE-2018-9849 (Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before ...)
+	TODO: check
 CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in ...)
 	NOT-FOR-US: Gxlcms QY
 CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in ...)
@@ -4904,18 +4936,18 @@ CVE-2018-8917
 	RESERVED
 CVE-2018-8916
 	RESERVED
-CVE-2018-8915
-	RESERVED
-CVE-2018-8914
-	RESERVED
+CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center in ...)
+	TODO: check
+CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media Server ...)
+	TODO: check
 CVE-2018-8913
 	RESERVED
 CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in ...)
 	NOT-FOR-US: Synology Note Station
 CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview in ...)
 	NOT-FOR-US: Synology Note Station
-CVE-2018-8910
-	RESERVED
+CVE-2018-8910 (Cross-site scripting (XSS) vulnerability in Attachment Preview in ...)
+	TODO: check
 CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...)
 	NOT-FOR-US: Wire application for Android
 CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The ...)
@@ -7208,10 +7240,10 @@ CVE-2018-7943
 	RESERVED
 CVE-2018-7942
 	RESERVED
-CVE-2018-7941
-	RESERVED
-CVE-2018-7940
-	RESERVED
+CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A ...)
+	TODO: check
+CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...)
+	TODO: check
 CVE-2018-7939
 	RESERVED
 CVE-2018-7938
@@ -7224,8 +7256,8 @@ CVE-2018-7935
 	RESERVED
 CVE-2018-7934
 	RESERVED
-CVE-2018-7933
-	RESERVED
+CVE-2018-7933 (Huawei home gateway products HiRouter-CD20 and WS5200 with the ...)
+	TODO: check
 CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism ...)
@@ -12442,8 +12474,8 @@ CVE-2018-6256
 	RESERVED
 CVE-2018-6255
 	RESERVED
-CVE-2018-6254
-	RESERVED
+CVE-2018-6254 (In Android before the 2018-05-05 security patch level, NVIDIA Media ...)
+	TODO: check
 CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the DirectX and ...)
 	- nvidia-graphics-drivers 390.48-1 (bug #894338)
 	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -12476,8 +12508,8 @@ CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in the
 	NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
 	NOT-FOR-US: NVIDIA Windows driver
-CVE-2018-6246
-	RESERVED
+CVE-2018-6246 (In Android before the 2018-05-05 security patch level, NVIDIA Widevine ...)
+	TODO: check
 CVE-2018-6245
 	RESERVED
 CVE-2018-6244
@@ -15592,6 +15624,7 @@ CVE-2018-5184
 	RESERVED
 CVE-2018-5183
 	RESERVED
+	{DSA-4199-1}
 	- firefox-esr 52.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
 CVE-2018-5182
@@ -15613,6 +15646,7 @@ CVE-2018-5179
 	RESERVED
 CVE-2018-5178
 	RESERVED
+	{DSA-4199-1}
 	- firefox-esr 52.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
 CVE-2018-5177
@@ -15657,6 +15691,7 @@ CVE-2018-5169
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
 CVE-2018-5168
 	RESERVED
+	{DSA-4199-1}
 	[experimental] - firefox 60.0-1
 	- firefox <unfixed>
 	- firefox-esr 52.8.0esr-1
@@ -15698,6 +15733,7 @@ CVE-2018-5160
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
 CVE-2018-5159
 	RESERVED
+	{DSA-4199-1}
 	[experimental] - firefox 60.0-1
 	- firefox <unfixed>
 	- firefox-esr 52.8.0esr-1
@@ -15705,6 +15741,7 @@ CVE-2018-5159
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159
 CVE-2018-5158
 	RESERVED
+	{DSA-4199-1}
 	[experimental] - firefox 60.0-1
 	- firefox <unfixed>
 	- firefox-esr 52.8.0esr-1
@@ -15712,6 +15749,7 @@ CVE-2018-5158
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
 CVE-2018-5157
 	RESERVED
+	{DSA-4199-1}
 	[experimental] - firefox 60.0-1
 	- firefox <unfixed>
 	- firefox-esr 52.8.0esr-1
@@ -15721,6 +15759,7 @@ CVE-2018-5156
 	RESERVED
 CVE-2018-5155
 	RESERVED
+	{DSA-4199-1}
 	[experimental] - firefox 60.0-1
 	- firefox <unfixed>
 	- firefox-esr 52.8.0esr-1
@@ -15728,6 +15767,7 @@ CVE-2018-5155
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155
 CVE-2018-5154
 	RESERVED
+	{DSA-4199-1}
 	[experimental] - firefox 60.0-1
 	- firefox <unfixed>
 	- firefox-esr 52.8.0esr-1
@@ -15750,6 +15790,7 @@ CVE-2018-5151
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
 CVE-2018-5150
 	RESERVED
+	{DSA-4199-1}
 	[experimental] - firefox 60.0-1
 	- firefox <unfixed>
 	- firefox-esr 52.8.0esr-1
@@ -26732,8 +26773,7 @@ CVE-2018-1132
 	RESERVED
 CVE-2018-1131
 	RESERVED
-CVE-2018-1130 [dccp: check sk for closed state in dccp_sendmsg()]
-	RESERVED
+CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null pointer ...)
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
 CVE-2018-1129
@@ -26767,7 +26807,7 @@ CVE-2018-1117
 	RESERVED
 CVE-2018-1116
 	RESERVED
-CVE-2018-1115 [public execution privileges on pg_rotate_logfile() in adminpack extension]
+CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack ...)
 	- postgresql-10 10.4-1
 	- postgresql-9.6 <removed>
 	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
@@ -63343,16 +63383,16 @@ CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymast
 	NOT-FOR-US: NVIDIA
 CVE-2017-6294
 	RESERVED
-CVE-2017-6293
-	RESERVED
+CVE-2017-6293 (In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 ...)
+	TODO: check
 CVE-2017-6292
 	RESERVED
 CVE-2017-6291
 	RESERVED
 CVE-2017-6290
 	RESERVED
-CVE-2017-6289
-	RESERVED
+CVE-2017-6289 (In Android before the 2018-05-05 security patch level, NVIDIA Trusted ...)
+	TODO: check
 CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
 	NOT-FOR-US: Nvidia component for Android
 CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
@@ -74744,8 +74784,7 @@ CVE-2017-2602
 	RESERVED
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2601
-	RESERVED
+CVE-2017-2601 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2600



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e09011047001be61193f75035d55c934bf720a9a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e09011047001be61193f75035d55c934bf720a9a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180510/5ae76986/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list