[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon May 21 21:10:29 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
07ed291a by security tracker role at 2018-05-21T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,27 @@
+CVE-2018-11329
+ RESERVED
+CVE-2018-11328
+ RESERVED
+CVE-2018-11327
+ RESERVED
+CVE-2018-11326
+ RESERVED
+CVE-2018-11325
+ RESERVED
+CVE-2018-11324
+ RESERVED
+CVE-2018-11323
+ RESERVED
+CVE-2018-11322
+ RESERVED
+CVE-2018-11321
+ RESERVED
+CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are ...)
+ TODO: check
+CVE-2018-1000181
+ RESERVED
+CVE-2018-1000180
+ RESERVED
CVE-2018-11318
RESERVED
CVE-2018-11317
@@ -539,8 +563,8 @@ CVE-2018-11098 (An issue was discovered in Frog CMS 0.9.5. There is a file uploa
NOT-FOR-US: Frog CMS
CVE-2018-11097 (An issue was discovered in cloudwu/cstring through 2016-11-09. There is ...)
NOT-FOR-US: cloudwu
-CVE-2018-11096
- RESERVED
+CVE-2018-11096 (Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability ...)
+ TODO: check
CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4.8 ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/141
@@ -548,8 +572,8 @@ CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. ...
NOT-FOR-US: Intelbras NCLOUD
CVE-2018-11093
RESERVED
-CVE-2018-11092
- RESERVED
+CVE-2018-11092 (An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF ...)
+ TODO: check
CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file ...)
NOT-FOR-US: MyBiz MyProcureNet
CVE-2018-11090 (An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This ...)
@@ -5713,6 +5737,7 @@ CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allo
[jessie] - libav <no-dsa> (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1094
CVE-2018-8971 (The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, ...)
+ {DSA-4206-1}
- gitlab 10.5.6+dfsg-1 (bug #893905)
NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8946
@@ -7560,8 +7585,8 @@ CVE-2018-8144
RESERVED
CVE-2018-8143
RESERVED
-CVE-2018-8142
- RESERVED
+CVE-2018-8142 (A security feature bypass exists when Windows incorrectly validates ...)
+ TODO: check
CVE-2018-8141 (An information disclosure vulnerability exists when the Windows kernel ...)
NOT-FOR-US: Microsoft
CVE-2018-8140
@@ -10375,8 +10400,8 @@ CVE-2018-7270
RESERVED
CVE-2018-7269 (The findByCondition function in framework/db/ActiveRecord.php in Yii ...)
- yii <itp> (bug #597899)
-CVE-2018-7268
- RESERVED
+CVE-2018-7268 (MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic ...)
+ TODO: check
CVE-2018-7267
RESERVED
CVE-2018-7266
@@ -28027,8 +28052,7 @@ CVE-2018-1068 (A flaw was found in the Linux 4.x kernel's implementation of 32-b
NOTE: https://git.kernel.org/linus/b71812168571fa55e44cdd0254471331b9c4c4c6
NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
NOTE: non-standard setups
-CVE-2018-1067
- RESERVED
+CVE-2018-1067 (In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the ...)
TODO: check, unclear if issue is in src:untertow or in its use in WildFly (issue is incomplete fix for CVE-2016-4993, which might need an update depending on the result)
CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer ...)
{DSA-4188-1 DSA-4187-1}
@@ -79356,6 +79380,7 @@ CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...)
CVE-2017-0921
RESERVED
CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
+ {DSA-4206-1}
- gitlab 10.5.5+dfsg-1
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0919
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07ed291acd4bd27abf5960b6dfa0fd316ced672e
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07ed291acd4bd27abf5960b6dfa0fd316ced672e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180521/80c0757e/attachment.html>
More information about the debian-security-tracker-commits
mailing list