[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Oct 23 09:10:22 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b993be9a by security tracker role at 2018-10-23T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,24 @@
-CVE-2018-18585 [Avoid returning CHM file entries that are "blank" because they have embedded null bytes]
+CVE-2018-18583 (An issue has been found in LuPng through 2017-03-10. It is a heap-based ...)
+	TODO: check
+CVE-2018-18582 (An issue has been found in LuPng through 2017-03-10. It is a heap-based ...)
+	TODO: check
+CVE-2018-18581 (An issue has been found in LuPng through 2017-03-10. It is a heap-based ...)
+	TODO: check
+CVE-2018-18580
+	RESERVED
+CVE-2018-18579 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder ...)
+	TODO: check
+CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. ...)
+	TODO: check
+CVE-2018-18577
+	RESERVED
+CVE-2018-18576
+	RESERVED
+CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts ...)
 	- libsmpack <unfixed> (bug #911637)
 	NOTE: https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
-CVE-2018-18586 [add anti "../" and leading slash protection to chmextract]
+CVE-2018-18586 (** DISPUTED ** chmextract.c in the chmextract sample program, as ...)
 	- libsmpack <unfixed> (unimportant; bug #911639)
 	NOTE: https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
@@ -10,7 +26,7 @@ CVE-2018-18586 [add anti "../" and leading slash protection to chmextract]
 	NOTE: This sample code is not installed into the binary packages and was as well
 	NOTE: never the idea to use it in "productised" binaries, but rather just simple
 	NOTE: examples of the library use.
-CVE-2018-18584 [CAB block input buffer is one byte too small for maximal Quantum block]
+CVE-2018-18584 (In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, ...)
 	- cabextract 1.4-5
 	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
 	- libsmpack <unfixed> (bug #911640)
@@ -2031,7 +2047,7 @@ CVE-2015-9268 (Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe
 CVE-2015-9267 (Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary ...)
 	- nsis 2.50-1
 	NOTE: https://sourceforge.net/p/nsis/bugs/1125/
-CVE-2018-17793 (Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and ...)
+CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python ...)
 	- python-virtualenv <unfixed> (unimportant)
 	NOTE: https://github.com/pypa/virtualenv/issues/1207
 	NOTE: No real security impact. 3rd party requested CVE rejection
@@ -13300,10 +13316,10 @@ CVE-2018-13117
 	RESERVED
 CVE-2018-13116 (/user/del.php in zzcms 8.3 allows SQL injection via the tablename ...)
 	NOT-FOR-US: zzcms
-CVE-2018-13115
-	RESERVED
-CVE-2018-13114
-	RESERVED
+CVE-2018-13115 (Lack of an authentication mechanism in KERUI Wifi Endoscope Camera ...)
+	TODO: check
+CVE-2018-13114 (Missing authentication and improper input validation in KERUI Wifi ...)
+	TODO: check
 CVE-2018-13113 (The transfer and transferFrom functions of a smart contract ...)
 	NOT-FOR-US: smart contract implementation for Easy Trading Token and Ethereum token
 CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b993be9ac1916d672d4316b2dd08b0fe8dc93eb2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b993be9ac1916d672d4316b2dd08b0fe8dc93eb2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181023/94414cfd/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list