[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d2a24d5 by security tracker role at 2018-10-21T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,24 @@
-CVE-2018-18541 [remote DOS by forging connection packets]
+CVE-2018-18549
+	RESERVED
+CVE-2018-18548
+	RESERVED
+CVE-2018-18547
+	RESERVED
+CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter because the ...)
+	TODO: check
+CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name ...)
+	TODO: check
+CVE-2018-18544 (There is a memory leak in the function WriteMSLImage of coders/msl.c in ...)
+	TODO: check
+CVE-2018-18543
+	RESERVED
+CVE-2018-18542
+	RESERVED
+CVE-2018-18540 (TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's ...)
+	TODO: check
+CVE-2018-18539
+	RESERVED
+CVE-2018-18541 (In Teeworlds before 0.6.5, connection packets could be forged. There ...)
 	- teeworlds <unfixed> (bug #911487)
 	NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=12544
 	NOTE: https://github.com/teeworlds/teeworlds/issues/1536
@@ -5385,6 +5405,7 @@ CVE-2018-16338 (An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerab
 CVE-2018-16337 (An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability ...)
 	NOT-FOR-US: Cscms
 CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote ...)
+	{DLA-1551-1}
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/issues/400
 	NOTE: https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d
@@ -18962,7 +18983,7 @@ CVE-2018-11001
 CVE-2018-11000
 	RESERVED
 CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The ...)
-	{DSA-4238-1 DLA-1402-1}
+	{DSA-4238-1 DLA-1551-1 DLA-1402-1}
 	- exiv2 0.25-4
 	NOTE: https://github.com/Exiv2/exiv2/issues/306
 	NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
@@ -19075,7 +19096,7 @@ CVE-2018-10960
 CVE-2018-10959
 	RESERVED
 CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT ...)
-	{DSA-4238-1 DLA-1402-1}
+	{DSA-4238-1 DLA-1551-1 DLA-1402-1}
 	- exiv2 0.25-4
 	NOTE: https://github.com/Exiv2/exiv2/issues/302
 	NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d2a24d57347183255a25ef41a6f7c763abb1273

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d2a24d57347183255a25ef41a6f7c763abb1273
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181021/69067a24/attachment.html>