[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 30 09:10:29 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
002bcbc2 by security tracker role at 2018-05-30T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,42 @@
+CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" ...)
+	TODO: check
+CVE-2018-11558 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" ...)
+	TODO: check
+CVE-2018-11557 (YIBAN Easy class education platform 2.0 has XSS via the articlelist.php ...)
+	TODO: check
+CVE-2018-11556 (tificc in Little CMS 2.9 has an out-of-bounds write in the ...)
+	TODO: check
+CVE-2018-11555 (tificc in Little CMS 2.9 has an out-of-bounds write in the ...)
+	TODO: check
+CVE-2018-11554
+	RESERVED
+CVE-2018-11553
+	RESERVED
+CVE-2018-11552
+	RESERVED
+CVE-2018-11551
+	RESERVED
+CVE-2018-11550
+	REJECTED
+	TODO: check
+CVE-2018-11549 (An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS ...)
+	TODO: check
+CVE-2018-11548 (An issue was discovered in EOS.IO DAWN 4.2. ...)
+	TODO: check
+CVE-2018-11547 (md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based ...)
+	TODO: check
+CVE-2018-11546 (md4c 0.2.5 has a heap-based buffer over-read because ...)
+	TODO: check
+CVE-2018-11545 (md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because ...)
+	TODO: check
+CVE-2018-11544 (The Olive Tree Ftp Server application 1.32 for Android has Insecure ...)
+	TODO: check
+CVE-2018-11543
+	RESERVED
+CVE-2018-11542
+	RESERVED
+CVE-2018-11541
+	RESERVED
 CVE-2018-XXXX [gitlab: Removing public deploy keys regression]
 	- gitlab <unfixed>
 	[stretch] - gitlab <not-affected> (Introduced in 10.1.6)
@@ -366,8 +405,8 @@ CVE-2018-11394
 	RESERVED
 CVE-2018-11393
 	RESERVED
-CVE-2018-11392
-	RESERVED
+CVE-2018-11392 (An arbitrary file upload vulnerability in /classes/profile.class.php ...)
+	TODO: check
 CVE-2018-11391
 	RESERVED
 CVE-2018-11390
@@ -814,14 +853,13 @@ CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 
 	- eglibc <removed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22786
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
-CVE-2018-11235 [arbitary code execution via submodule names in .gitmodules]
-	RESERVED
+CVE-2018-11235 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, ...)
+	{DSA-4212-1}
 	- git 1:2.17.1-1
 	NOTE: https://lkml.org/lkml/2018/5/29/889
 CVE-2018-11234
 	RESERVED
-CVE-2018-11233 [possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory]
-	RESERVED
+CVE-2018-11233 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, ...)
 	- git 1:2.17.1-1 (unimportant)
 	[stretch] - git 1:2.11.0-3+deb9u3
 	[jessie] - git 1:2.1.4-2.1+deb8u6
@@ -1322,8 +1360,8 @@ CVE-2018-11029
 	RESERVED
 CVE-2018-11028
 	RESERVED
-CVE-2018-11027
-	RESERVED
+CVE-2018-11027 (A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows ...)
+	TODO: check
 CVE-2018-11026
 	RESERVED
 CVE-2018-11025
@@ -1973,7 +2011,7 @@ CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant
 CVE-2018-10756
 	RESERVED
 CVE-2018-10755
-	RESERVED
+	REJECTED
 CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...)
 	- ncurses 6.1+20180210-3 (low)
 	[stretch] - ncurses <no-dsa> (Minor issue)
@@ -1988,8 +2026,8 @@ CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in mu
 	NOTE: Crash in CLI tool, no security impact
 CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...)
 	NOT-FOR-US: Tagregator plugin for WordPress
-CVE-2018-10751
-	RESERVED
+CVE-2018-10751 (A malformed OMACP WAP push message can cause memory corruption on a ...)
+	TODO: check
 CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
 	NOT-FOR-US: D-Link
 CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
@@ -2681,8 +2719,8 @@ CVE-2018-10468 (The transferFrom function of a smart contract implementation for
 	NOT-FOR-US: Ethereum
 CVE-2018-10467
 	RESERVED
-CVE-2018-10466
-	RESERVED
+CVE-2018-10466 (Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind ...)
+	TODO: check
 CVE-2018-10465
 	RESERVED
 CVE-2018-10464
@@ -10022,7 +10060,7 @@ CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that le
 	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/pts/sam2p/issues/28
 CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ...)
-	{DLA-1351-1 DLA-1350-1}
+	{DSA-4213-1 DLA-1351-1 DLA-1350-1}
 	- qemu 1:2.12~rc3+dfsg-1 (bug #892041)
 	- qemu-kvm <removed>
 	NOTE: https://git.qemu.org/?p=qemu.git;a=patch;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8
@@ -11880,8 +11918,8 @@ CVE-2018-6966
 	RESERVED
 CVE-2018-6965
 	RESERVED
-CVE-2018-6964
-	RESERVED
+CVE-2018-6964 (VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains ...)
+	TODO: check
 CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before ...)
 	NOT-FOR-US: VMware
 CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass ...)
@@ -15670,6 +15708,7 @@ CVE-2018-5774
 CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) through ...)
 	NOT-FOR-US: python-markdown2 (not our markdown, different code base)
 CVE-2017-18043 (Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) ...)
+	{DSA-4213-1}
 	- qemu 1:2.10.0+dfsg-2
 	[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
 	[wheezy] - qemu <not-affected> (vulnerable code not present)
@@ -16039,6 +16078,7 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...
 	[jessie] - libav <ignored> (Minor issue)
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110
 CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...)
+	{DSA-4213-1}
 	- qemu 1:2.12~rc3+dfsg-1 (bug #887392)
 	[jessie] - qemu <postponed> (Minor issue, can be fixed along in future DSA)
 	[wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA)
@@ -20995,10 +21035,10 @@ CVE-2018-3747
 	RESERVED
 CVE-2018-3746
 	RESERVED
-CVE-2018-3745
-	RESERVED
-CVE-2018-3744
-	RESERVED
+CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when number is ...)
+	TODO: check
+CVE-2018-3744 (The html-pages node module contains a path traversal vulnerabilities ...)
+	TODO: check
 CVE-2018-3743
 	RESERVED
 CVE-2018-3742
@@ -21023,10 +21063,10 @@ CVE-2018-3736
 	RESERVED
 CVE-2018-3735
 	RESERVED
-CVE-2018-3734
-	RESERVED
-CVE-2018-3733
-	RESERVED
+CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability due to ...)
+	TODO: check
+CVE-2018-3733 (crud-file-server node module before 0.9.0 suffers from a Path ...)
+	TODO: check
 CVE-2018-3732
 	RESERVED
 CVE-2018-3731
@@ -28513,6 +28553,7 @@ CVE-2017-17382 (Citrix NetScaler Application Delivery Controller (ADC) and NetSc
 	NOTE: https://support.citrix.com/article/CTX230238
 	NOTE: https://robotattack.org/
 CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest users to ...)
+	{DSA-4213-1}
 	- qemu 1:2.11+dfsg-1 (bug #883625)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <postponed> (Can be fixed along in later update)
@@ -32766,6 +32807,7 @@ CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 allows SQL injection v
 CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...)
+	{DSA-4213-1}
 	- qemu 1:2.12~rc3+dfsg-1 (bug #882136)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <postponed> (Can be fixed along in a future update)
@@ -34607,8 +34649,8 @@ CVE-2017-16155
 	RESERVED
 CVE-2017-16154
 	RESERVED
-CVE-2017-16153
-	RESERVED
+CVE-2017-16153 (gaoxuyan is vulnerable to a directory traversal issue, giving an ...)
+	TODO: check
 CVE-2017-16152
 	RESERVED
 CVE-2017-16151
@@ -34789,10 +34831,10 @@ CVE-2017-16064
 	RESERVED
 CVE-2017-16063
 	RESERVED
-CVE-2017-16062
-	RESERVED
-CVE-2017-16061
-	RESERVED
+CVE-2017-16062 (node-tkinter was a malicious module published with the intent to ...)
+	TODO: check
+CVE-2017-16061 (tkinter was a malicious module published with the intent to hijack ...)
+	TODO: check
 CVE-2017-16060
 	RESERVED
 CVE-2017-16059
@@ -34819,8 +34861,8 @@ CVE-2017-16049
 	RESERVED
 CVE-2017-16048
 	RESERVED
-CVE-2017-16047
-	RESERVED
+CVE-2017-16047 (mysqljs was a malicious module published with the intent to hijack ...)
+	TODO: check
 CVE-2017-16046
 	RESERVED
 CVE-2017-16045
@@ -34893,8 +34935,8 @@ CVE-2017-16012
 	RESERVED
 CVE-2017-16011
 	RESERVED
-CVE-2017-16010
-	RESERVED
+CVE-2017-16010 (i18next is a language translation framework. When using the .init ...)
+	TODO: check
 CVE-2017-16009
 	RESERVED
 CVE-2017-16008
@@ -34907,8 +34949,8 @@ CVE-2017-16005
 	RESERVED
 CVE-2017-16004
 	RESERVED
-CVE-2017-16003
-	RESERVED
+CVE-2017-16003 (windows-build-tools is a module for installing C++ Build Tools for ...)
+	TODO: check
 CVE-2017-16002
 	RESERVED
 CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
@@ -34931,8 +34973,8 @@ CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils 2.29 allows remote attacker
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b
 CVE-2017-15995
 	RESERVED
-CVE-2016-10698
-	RESERVED
+CVE-2016-10698 (mystem-fix is a node.js wrapper for MyStem morphology text analyzer by ...)
+	TODO: check
 CVE-2016-10697
 	RESERVED
 CVE-2016-10696
@@ -34963,14 +35005,14 @@ CVE-2016-10684
 	RESERVED
 CVE-2016-10683
 	RESERVED
-CVE-2016-10682
-	RESERVED
-CVE-2016-10681
-	RESERVED
-CVE-2016-10680
-	RESERVED
-CVE-2016-10679
-	RESERVED
+CVE-2016-10682 (massif is a Phantomjs fork massif downloads resources over HTTP, which ...)
+	TODO: check
+CVE-2016-10681 (roslib-socketio - The standard ROS Javascript Library fork for add ...)
+	TODO: check
+CVE-2016-10680 (adamvr-geoip-lite is a light weight native JavaScript implementation ...)
+	TODO: check
+CVE-2016-10679 (selenium-standalone-painful installs a start-selenium command line to ...)
+	TODO: check
 CVE-2016-10678
 	RESERVED
 CVE-2016-10677
@@ -34979,8 +35021,8 @@ CVE-2016-10676
 	RESERVED
 CVE-2016-10675
 	RESERVED
-CVE-2016-10674
-	RESERVED
+CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system. limbus-buildgen ...)
+	TODO: check
 CVE-2016-10673
 	RESERVED
 CVE-2016-10672
@@ -34995,8 +35037,8 @@ CVE-2016-10668
 	RESERVED
 CVE-2016-10667
 	RESERVED
-CVE-2016-10666
-	RESERVED
+CVE-2016-10666 (tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser ...)
+	TODO: check
 CVE-2016-10665
 	RESERVED
 CVE-2016-10664
@@ -35009,10 +35051,10 @@ CVE-2016-10661
 	RESERVED
 CVE-2016-10660
 	RESERVED
-CVE-2016-10659
-	RESERVED
-CVE-2016-10658
-	RESERVED
+CVE-2016-10659 (poco - The POCO libraries, downloads source file resources used for ...)
+	TODO: check
+CVE-2016-10658 (native-opencv is the OpenCV library installed via npm native-opencv ...)
+	TODO: check
 CVE-2016-10657
 	RESERVED
 CVE-2016-10656
@@ -35027,8 +35069,8 @@ CVE-2016-10652
 	RESERVED
 CVE-2016-10651
 	RESERVED
-CVE-2016-10650
-	RESERVED
+CVE-2016-10650 (ntfserver is a Network Testing Framework Server. ntfserver downloads ...)
+	TODO: check
 CVE-2016-10649
 	RESERVED
 CVE-2016-10648
@@ -35057,8 +35099,8 @@ CVE-2016-10637
 	RESERVED
 CVE-2016-10636
 	RESERVED
-CVE-2016-10635
-	RESERVED
+CVE-2016-10635 (broccoli-closure is a Closure compiler plugin for Broccoli. ...)
+	TODO: check
 CVE-2016-10634
 	RESERVED
 CVE-2016-10633
@@ -35073,8 +35115,8 @@ CVE-2016-10629
 	RESERVED
 CVE-2016-10628
 	RESERVED
-CVE-2016-10627
-	RESERVED
+CVE-2016-10627 (scala-bin is a binary wrapper for Scala. scala-bin downloads binary ...)
+	TODO: check
 CVE-2016-10626
 	RESERVED
 CVE-2016-10625
@@ -35105,8 +35147,8 @@ CVE-2016-10613
 	RESERVED
 CVE-2016-10612
 	RESERVED
-CVE-2016-10611
-	RESERVED
+CVE-2016-10611 (strider-sauce is Sauce Labs / Selenium support for Strider. ...)
+	TODO: check
 CVE-2016-10610
 	RESERVED
 CVE-2016-10609
@@ -35125,8 +35167,8 @@ CVE-2016-10603
 	RESERVED
 CVE-2016-10602
 	RESERVED
-CVE-2016-10601
-	RESERVED
+CVE-2016-10601 (webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver ...)
+	TODO: check
 CVE-2016-10600
 	RESERVED
 CVE-2016-10599
@@ -35141,26 +35183,26 @@ CVE-2016-10595
 	RESERVED
 CVE-2016-10594
 	RESERVED
-CVE-2016-10593
-	RESERVED
+CVE-2016-10593 (ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads ...)
+	TODO: check
 CVE-2016-10592
 	RESERVED
-CVE-2016-10591
-	RESERVED
-CVE-2016-10590
-	RESERVED
-CVE-2016-10589
-	RESERVED
+CVE-2016-10591 (Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML ...)
+	TODO: check
+CVE-2016-10590 (cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node ...)
+	TODO: check
+CVE-2016-10589 (selenium-binaries downloads Selenium related binaries for your OS. ...)
+	TODO: check
 CVE-2016-10588
 	RESERVED
 CVE-2016-10587
 	RESERVED
-CVE-2016-10586
-	RESERVED
+CVE-2016-10586 (macaca-chromedriver is a Node.js wrapper for the selenium ...)
+	TODO: check
 CVE-2016-10585
 	RESERVED
-CVE-2016-10584
-	RESERVED
+CVE-2016-10584 (dalek-browser-chrome-canary provides Google Chrome bindings for ...)
+	TODO: check
 CVE-2016-10583
 	RESERVED
 CVE-2016-10582
@@ -35171,32 +35213,32 @@ CVE-2016-10580
 	RESERVED
 CVE-2016-10579
 	RESERVED
-CVE-2016-10578
-	RESERVED
-CVE-2016-10577
-	RESERVED
+CVE-2016-10578 (unicode loads unicode data downloaded from unicode.org into nodejs. ...)
+	TODO: check
+CVE-2016-10577 (ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 ...)
+	TODO: check
 CVE-2016-10576
 	RESERVED
 CVE-2016-10575
 	RESERVED
 CVE-2016-10574
 	RESERVED
-CVE-2016-10573
-	RESERVED
+CVE-2016-10573 (baryton-saxophone is a module to install and launch Selenium Server ...)
+	TODO: check
 CVE-2016-10572
 	RESERVED
 CVE-2016-10571
 	RESERVED
-CVE-2016-10570
-	RESERVED
+CVE-2016-10570 (pngcrush-installer is an installer for Pngcrush. pngcrush-installer ...)
+	TODO: check
 CVE-2016-10569
 	RESERVED
-CVE-2016-10568
-	RESERVED
-CVE-2016-10567
-	RESERVED
-CVE-2016-10566
-	RESERVED
+CVE-2016-10568 (geoip-lite-country is a stripped down version of geoip-lite, ...)
+	TODO: check
+CVE-2016-10567 (product-monitor is a HTML/JavaScript template for monitoring a product ...)
+	TODO: check
+CVE-2016-10566 (install-nw is a module which quickly and robustly installs and caches ...)
+	TODO: check
 CVE-2016-10565
 	RESERVED
 CVE-2016-10564
@@ -35209,14 +35251,14 @@ CVE-2016-10561
 	RESERVED
 CVE-2016-10560
 	RESERVED
-CVE-2016-10559
-	RESERVED
-CVE-2016-10558
-	RESERVED
+CVE-2016-10559 (selenium-download downloads the latest versions of the selenium ...)
+	TODO: check
+CVE-2016-10558 (aerospike is an Aerospike add-on module for Node.js. aerospike ...)
+	TODO: check
 CVE-2016-10557
 	RESERVED
-CVE-2016-10556
-	RESERVED
+CVE-2016-10556 (sequalize is an Object-relational mapping, or a middleman to convert ...)
+	TODO: check
 CVE-2016-10555
 	RESERVED
 CVE-2016-10554
@@ -35225,8 +35267,8 @@ CVE-2016-10553
 	RESERVED
 CVE-2016-10552
 	RESERVED
-CVE-2016-10551
-	RESERVED
+CVE-2016-10551 (waterline-sequel is a module that helps generate SQL statements for ...)
+	TODO: check
 CVE-2016-10550
 	RESERVED
 CVE-2016-10549
@@ -35277,8 +35319,8 @@ CVE-2016-10527
 	RESERVED
 CVE-2016-10526
 	RESERVED
-CVE-2016-10525
-	RESERVED
+CVE-2016-10525 (When attempting to allow authentication mode `try` in hapi, ...)
+	TODO: check
 CVE-2016-10524
 	RESERVED
 CVE-2016-10523
@@ -35293,16 +35335,16 @@ CVE-2016-10519
 	RESERVED
 CVE-2016-10518
 	RESERVED
-CVE-2015-9244
-	RESERVED
-CVE-2015-9243
-	RESERVED
-CVE-2015-9242
-	RESERVED
-CVE-2015-9241
-	RESERVED
-CVE-2015-9240
-	RESERVED
+CVE-2015-9244 (Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not ...)
+	TODO: check
+CVE-2015-9243 (When server level, connection level or route level CORS configurations ...)
+	TODO: check
+CVE-2015-9242 (Certain input strings when passed to new Date() or Date.parse() in ...)
+	TODO: check
+CVE-2015-9241 (Certain input passed into the If-Modified-Since or Last-Modified ...)
+	TODO: check
+CVE-2015-9240 (Due to a bug in the the default sign in functionality in the keystone ...)
+	TODO: check
 CVE-2015-9239
 	RESERVED
 CVE-2015-9238
@@ -35311,12 +35353,12 @@ CVE-2015-9237
 	RESERVED
 CVE-2015-9236
 	RESERVED
-CVE-2015-9235
-	RESERVED
-CVE-2014-10068
-	RESERVED
-CVE-2014-10067
-	RESERVED
+CVE-2015-9235 (In jsonwebtoken node module before 4.2.2 it is possible for an ...)
+	TODO: check
+CVE-2014-10068 (The inert directory handler in inert node module before 1.1.1 always ...)
+	TODO: check
+CVE-2014-10067 (paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by ...)
+	TODO: check
 CVE-2014-10066
 	RESERVED
 CVE-2014-10065
@@ -37251,6 +37293,7 @@ CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest 
 	[wheezy] - xen <no-dsa> (Patches too intrusive to backport)
 	NOTE: https://xenbits.xen.org/xsa/advisory-237.html
 CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...)
+	{DSA-4213-1}
 	- qemu 1:2.11+dfsg-1 (bug #880832)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <postponed> (Can be fixed along in a future update)
@@ -37328,6 +37371,7 @@ CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data
 CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans ...)
 	NOT-FOR-US: PSFTPd
 CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...)
+	{DSA-4213-1}
 	- qemu 1:2.11+dfsg-1 (bug #880836)
 	[jessie] - qemu <not-affected> (I/O channels driver websockets introduced later)
 	[wheezy] - qemu <not-affected> (I/O channels driver websockets introduced later)
@@ -37778,6 +37822,7 @@ CVE-2017-15125
 	RESERVED
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older ...)
+	{DSA-4213-1}
 	- qemu 1:2.12~rc3+dfsg-1 (bug #884806)
 	[jessie] - qemu <postponed> (Can be fixed along in later update)
 	[wheezy] - qemu <postponed> (Can be fixed along in later update)
@@ -37803,6 +37848,7 @@ CVE-2017-15120 [Crafted CNAME answer can cause a denial of service]
 	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html
 CVE-2017-15119 [DoS via large option request]
 	RESERVED
+	{DSA-4213-1}
 	- qemu 1:2.11+dfsg-1 (bug #883399)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -38142,7 +38188,7 @@ CVE-2017-15040
 CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a ...)
 	NOT-FOR-US: Zurmo
 CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...)
-	{DLA-1129-1 DLA-1128-1}
+	{DSA-4213-1 DLA-1129-1 DLA-1128-1}
 	- qemu 1:2.10.0+dfsg-2 (bug #877890)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -66796,7 +66842,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi
 CVE-2017-5716
 	REJECTED
 CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...)
-	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
+	{DSA-4213-1 DSA-4188-1 DSA-4187-1 DLA-1369-1}
 	- linux 4.15.11-1
 	NOTE: https://spectreattack.com/
 	NOTE: https://xenbits.xen.org/xsa/advisory-254.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/002bcbc2548c9e771bc376262d5e177cc5f9dabb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/002bcbc2548c9e771bc376262d5e177cc5f9dabb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180530/de46cbef/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list