[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 30 21:10:40 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62c6af63 by security tracker role at 2018-05-30T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-11560
+	RESERVED
 CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" ...)
 	NOT-FOR-US: DomainMod
 CVE-2018-11558 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" ...)
@@ -297,24 +299,23 @@ CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function
 	[jessie] - liblouis <no-dsa> (Minor issue)
 	NOTE: https://github.com/liblouis/liblouis/issues/575
 	NOTE: https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86
-CVE-2018-11439 [remote information disclosure via a crafted audio file in taglib 1.11.1]
-	RESERVED
+CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in ...)
 	- taglib <unfixed>
 	NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49
-CVE-2018-11438
-	RESERVED
-CVE-2018-11437
-	RESERVED
-CVE-2018-11436
-	RESERVED
-CVE-2018-11435
-	RESERVED
-CVE-2018-11434
-	RESERVED
-CVE-2018-11433
-	RESERVED
-CVE-2018-11432
-	RESERVED
+CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 ...)
+	TODO: check
+CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 ...)
+	TODO: check
+CVE-2018-11436 (The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote ...)
+	TODO: check
+CVE-2018-11435 (The mobi_decompress_huffman_internal function in compression.c in ...)
+	TODO: check
+CVE-2018-11434 (The buffer_fill64 function in compression.c in Libmobi 0.3 allows ...)
+	TODO: check
+CVE-2018-11433 (The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 ...)
+	TODO: check
+CVE-2018-11432 (The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows ...)
+	TODO: check
 CVE-2018-11431
 	RESERVED
 CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. ...)
@@ -27957,7 +27958,7 @@ CVE-2018-1313 (In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted networ
 	- derby 10.14.2.0-1
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/05/1
 CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest ...)
-	{DSA-4164-1}
+	{DSA-4164-1 DLA-1389-1}
 	- apache2 2.4.33-1
 	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
 CVE-2018-1311
@@ -28017,7 +28018,7 @@ CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apac
 	NOTE: HTTP/2 support introduced in 2.4.17
 	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/5
 CVE-2018-1301 (A specially crafted request could have crashed the Apache HTTP Server ...)
-	{DSA-4164-1}
+	{DSA-4164-1 DLA-1389-1}
 	- apache2 2.4.33-1
 	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/2
 CVE-2018-1300
@@ -35336,7 +35337,7 @@ CVE-2016-10558 (aerospike is an Aerospike add-on module for Node.js. aerospike .
 	TODO: check
 CVE-2016-10557
 	RESERVED
-CVE-2016-10556 (sequalize is an Object-relational mapping, or a middleman to convert ...)
+CVE-2016-10556 (sequelize is an Object-relational mapping, or a middleman to convert ...)
 	TODO: check
 CVE-2016-10555
 	RESERVED
@@ -36139,7 +36140,7 @@ CVE-2017-15712 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 
 CVE-2017-15711
 	REJECTED
 CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to ...)
-	{DSA-4164-1}
+	{DSA-4164-1 DLA-1389-1}
 	- apache2 2.4.33-1
 	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/8
 CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62c6af6365ae73095fc51f2501bc5daeaba96080

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62c6af6365ae73095fc51f2501bc5daeaba96080
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180530/977e9ae3/attachment.html>

More information about the debian-security-tracker-commits mailing list