[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2018-11577/liblouis

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
894e2a7b by Salvatore Bonaccorso at 2018-05-31T10:58:25+02:00
Add CVE-2018-11577/liblouis

- - - - -
60be1199 by Salvatore Bonaccorso at 2018-05-31T10:59:16+02:00
Process NFUs

- - - - -
270b9a3b by Salvatore Bonaccorso at 2018-05-31T10:59:28+02:00
Add two mahrara issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,7 +15,8 @@ CVE-2018-11579 (class-woo-banner-management.php in the MULTIDOTS WooCommerce Cat
 CVE-2018-11578 (GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a ...)
 	TODO: check
 CVE-2018-11577 (Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. ...)
-	TODO: check
+	- liblouis <unfixed>
+	NOTE: https://github.com/liblouis/liblouis/issues/582
 CVE-2018-11576 (ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in ...)
 	TODO: check
 CVE-2018-11575 (ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in ...)
@@ -25,21 +26,22 @@ CVE-2018-11574
 CVE-2018-11573
 	RESERVED
 CVE-2018-11572 (ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> ...)
-	TODO: check
+	NOT-FOR-US: ClipperCMS
 CVE-2018-11571 (ClipperCMS 1.3.3 allows Session Fixation. ...)
-	TODO: check
+	NOT-FOR-US: ClipperCMS
 CVE-2018-11570
 	RESERVED
 CVE-2018-11569
 	RESERVED
 CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for ...)
-	TODO: check
+	NOT-FOR-US: GamePlan theme for WordPress
 CVE-2018-11567 (Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could ...)
 	TODO: check
 CVE-2018-11566
 	RESERVED
 CVE-2018-11565 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
-	TODO: check
+	- mahara <removed>
+	NOTE: https://bugs.launchpad.net/mahara/+bug/1772774
 CVE-2018-11564
 	RESERVED
 CVE-2018-11563
@@ -33945,7 +33947,8 @@ CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1
 CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
 	- mahara <removed>
 CVE-2017-1000141 (An issue was discovered in Mahara before 18.10.0. It mishandled user ...)
-	TODO: check
+	- mahara <removed>
+	NOTE: https://bugs.launchpad.net/mahara/+bug/1422492
 CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
 	- mahara <removed>
 CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/77d53de26f3ecfb71f3cb69d2d2ef8d0e30cdb8d...270b9a3b20fc7fab09bccaddf2dea697ac1ae1da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/77d53de26f3ecfb71f3cb69d2d2ef8d0e30cdb8d...270b9a3b20fc7fab09bccaddf2dea697ac1ae1da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180531/fc11bb32/attachment.html>