[Git][security-tracker-team/security-tracker][master] automatic update

Fri May 11 21:10:28 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f30dcf37 by security tracker role at 2018-05-11T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-10985
+	RESERVED
+CVE-2018-10984
+	RESERVED
+CVE-2018-10983
+	RESERVED
+CVE-2009-5152 (Absolute Computrace Agent, as distributed on certain Dell Inspiron ...)
+	TODO: check
+CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 executes code ...)
+	TODO: check
+CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a digital ...)
+	TODO: check
 CVE-2018-XXXX [Incomplete fix for CVE-2017-17523]
 	- lilypond 2.18.2-13 (bug #898373)
 	[jessie] - lilypond <not-affected> (Incomplete fix not applied)
@@ -329,7 +341,7 @@ CVE-2018-10829
 	RESERVED
 CVE-2018-10828 (An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ...)
 	NOT-FOR-US: Alps Pointing-device Driver
-CVE-2018-10827 (LiteCart 2.1.2 allows remote attackers to cause a denial of service ...)
+CVE-2018-10827 (LiteCart before 2.1.2 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: LiteCart
 CVE-2018-10826
 	RESERVED
@@ -913,8 +925,8 @@ CVE-2018-10582
 	RESERVED
 CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able ...)
 	NOT-FOR-US: Octopus Deploy
-CVE-2018-10580
-	RESERVED
+CVE-2018-10580 (The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because ...)
+	TODO: check
 CVE-2018-10579
 	RESERVED
 CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
@@ -9575,8 +9587,8 @@ CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of 
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/dbry/WavPack/issues/28
 	NOTE: https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
-CVE-2018-7248
-	RESERVED
+CVE-2018-7248 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 ...)
+	TODO: check
 CVE-2018-7247 (An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in ...)
 	- leptonlib 1.76.0-1 (unimportant)
 	NOTE: https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
@@ -50775,7 +50787,7 @@ CVE-2017-10386 (Vulnerability in the Java Advanced Management Console component 
 CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
 	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
 CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DSA-4002-1 DLA-1141-1}
+	{DSA-4002-1 DSA-3944-1 DLA-1141-1}
 	- mariadb-10.2 <removed> (bug #884065)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.20-1 (bug #878398)
@@ -50790,7 +50802,7 @@ CVE-2017-10381 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
 CVE-2017-10380 (Vulnerability in the Java Advanced Management Console component of ...)
 	NOT-FOR-US: Java Advanced Management Console
 CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
-	{DSA-4002-1 DLA-1141-1}
+	{DSA-4002-1 DSA-3944-1 DLA-1141-1}
 	- mariadb-10.2 <removed> (bug #884065)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.20-1 (bug #878398)
@@ -51068,6 +51080,7 @@ CVE-2017-10288
 CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3944-1}
 	- mariadb-10.2 <removed> (bug #884065)
 	- mariadb-10.0 <removed>
 	- mysql-5.7 5.7.20-1 (bug #878398)
@@ -64072,8 +64085,8 @@ CVE-2017-6017 (A Resource Exhaustion issue was discovered in Schneider Electric 
 	NOT-FOR-US: Schneider Electric
 CVE-2017-6016 (An Improper Access Control issue was discovered in LCDS - Leao ...)
 	NOT-FOR-US: LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA)
-CVE-2017-6015
-	RESERVED
+CVE-2017-6015 (Without quotation marks, any whitespace in the file path for Rockwell ...)
+	TODO: check
 CVE-2017-6014 (In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 ...)
 	{DSA-3811-1 DLA-826-1}
 	- wireshark 2.2.5+g440fd4d-2 (bug #855408)
@@ -83703,8 +83716,7 @@ CVE-2016-8628
 	[jessie] - ansible <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: Fixed upstream in v2.2.0.0-1
 	NOTE: Needs an attacker to compromise a controlled server.
-CVE-2016-8627
-	RESERVED
+CVE-2016-8627 (admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an ...)
 	NOT-FOR-US: Red Hat JBoss EAP
 CVE-2016-8626 [RGW Denial of Service by sending POST object with null conditions]
 	RESERVED
@@ -184719,7 +184731,7 @@ CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud b
 	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable ...)
 	NOT-FOR-US: Red Hat CloudForms
-CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudFroms 1.1, when ...)
+CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when ...)
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does ...)
 	NOT-FOR-US: Red Hat CloudForms



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f30dcf37e1ece3228aeaaf727fcc5fee45a2cdc8

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f30dcf37e1ece3228aeaaf727fcc5fee45a2cdc8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180511/d84ce938/attachment.html>
