[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon May 21 21:10:29 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07ed291a by security tracker role at 2018-05-21T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,27 @@
+CVE-2018-11329
+	RESERVED
+CVE-2018-11328
+	RESERVED
+CVE-2018-11327
+	RESERVED
+CVE-2018-11326
+	RESERVED
+CVE-2018-11325
+	RESERVED
+CVE-2018-11324
+	RESERVED
+CVE-2018-11323
+	RESERVED
+CVE-2018-11322
+	RESERVED
+CVE-2018-11321
+	RESERVED
+CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are ...)
+	TODO: check
+CVE-2018-1000181
+	RESERVED
+CVE-2018-1000180
+	RESERVED
 CVE-2018-11318
 	RESERVED
 CVE-2018-11317
@@ -539,8 +563,8 @@ CVE-2018-11098 (An issue was discovered in Frog CMS 0.9.5. There is a file uploa
 	NOT-FOR-US: Frog CMS
 CVE-2018-11097 (An issue was discovered in cloudwu/cstring through 2016-11-09. There is ...)
 	NOT-FOR-US: cloudwu
-CVE-2018-11096
-	RESERVED
+CVE-2018-11096 (Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability ...)
+	TODO: check
 CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4.8 ...)
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/141
@@ -548,8 +572,8 @@ CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. ...
 	NOT-FOR-US: Intelbras NCLOUD
 CVE-2018-11093
 	RESERVED
-CVE-2018-11092
-	RESERVED
+CVE-2018-11092 (An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF ...)
+	TODO: check
 CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file ...)
 	NOT-FOR-US: MyBiz MyProcureNet
 CVE-2018-11090 (An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This ...)
@@ -5713,6 +5737,7 @@ CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allo
 	[jessie] - libav <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1094
 CVE-2018-8971 (The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, ...)
+	{DSA-4206-1}
 	- gitlab 10.5.6+dfsg-1 (bug #893905)
 	NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
 CVE-2018-8946
@@ -7560,8 +7585,8 @@ CVE-2018-8144
 	RESERVED
 CVE-2018-8143
 	RESERVED
-CVE-2018-8142
-	RESERVED
+CVE-2018-8142 (A security feature bypass exists when Windows incorrectly validates ...)
+	TODO: check
 CVE-2018-8141 (An information disclosure vulnerability exists when the Windows kernel ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-8140
@@ -10375,8 +10400,8 @@ CVE-2018-7270
 	RESERVED
 CVE-2018-7269 (The findByCondition function in framework/db/ActiveRecord.php in Yii ...)
 	- yii <itp> (bug #597899)
-CVE-2018-7268
-	RESERVED
+CVE-2018-7268 (MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic ...)
+	TODO: check
 CVE-2018-7267
 	RESERVED
 CVE-2018-7266
@@ -28027,8 +28052,7 @@ CVE-2018-1068 (A flaw was found in the Linux 4.x kernel's implementation of 32-b
 	NOTE: https://git.kernel.org/linus/b71812168571fa55e44cdd0254471331b9c4c4c6
 	NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
 	NOTE: non-standard setups
-CVE-2018-1067
-	RESERVED
+CVE-2018-1067 (In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the ...)
 	TODO: check, unclear if issue is in src:untertow or in its use in WildFly (issue is incomplete fix for CVE-2016-4993, which might need an update depending on the result)
 CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer ...)
 	{DSA-4188-1 DSA-4187-1}
@@ -79356,6 +79380,7 @@ CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...)
 CVE-2017-0921
 	RESERVED
 CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
+	{DSA-4206-1}
 	- gitlab 10.5.5+dfsg-1
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0919



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07ed291acd4bd27abf5960b6dfa0fd316ced672e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07ed291acd4bd27abf5960b6dfa0fd316ced672e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180521/80c0757e/attachment.html>


More information about the debian-security-tracker-commits mailing list