[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Oct 30 20:10:32 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c749d71b by security tracker role at 2018-10-30T20:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1140,7 +1140,7 @@ CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code Execution via PHP code in a
 	NOT-FOR-US: Advanced HRM
 CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in ...)
 	NOT-FOR-US: Z-BlogPHP
-CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree. admin.php accepts ...)
+CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree before 4.2.24. ...)
 	NOT-FOR-US: Bigtree CMS
 CVE-2018-18379
 	RESERVED
@@ -1351,8 +1351,7 @@ CVE-2018-18283
 	RESERVED
 CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...)
 	NOT-FOR-US: Next.js
-CVE-2018-18281 [mremap: properly flush TLB before releasing the page]
-	RESERVED
+CVE-2018-18281 (Since Linux kernel version 3.2, the mremap() syscall performs TLB ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/eb66ae030829605d61fbef1909ce310e29f78821
 CVE-2018-18280
@@ -2700,10 +2699,10 @@ CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exis
 	NOT-FOR-US: blynk-server in Blynk
 CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM ...)
 	NOT-FOR-US: SugarCRM
-CVE-2018-17783
-	RESERVED
-CVE-2018-17782
-	RESERVED
+CVE-2018-17783 (A cross-site scripting (XSS) vulnerability in the Edit Filter page ...)
+	TODO: check
+CVE-2018-17782 (A cross-site scripting (XSS) vulnerability in the Manage Filters page ...)
+	TODO: check
 CVE-2018-17781 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...)
 	NOT-FOR-US: Foxit
 CVE-2018-17780 (Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on ...)
@@ -10599,8 +10598,8 @@ CVE-2018-14560
 	RESERVED
 CVE-2018-14559
 	RESERVED
-CVE-2018-14558
-	RESERVED
+CVE-2018-14558 (An issue was discovered on Tenda AC7 devices with firmware through ...)
+	TODO: check
 CVE-2018-14557
 	RESERVED
 CVE-2018-14556
@@ -20405,6 +20404,7 @@ CVE-2018-10847 (prosody before versions 0.10.2, 0.9.14 is vulnerable to an ...)
 	NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.10.1.patch (0.10.1)
 	NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.9.patch (0.9.x)
 CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads to ...)
+	{DLA-1560-1}
 	[experimental] - gnutls28 3.6.3-1
 	- gnutls28 <unfixed>
 	- gnutls26 <removed>
@@ -20414,6 +20414,7 @@ CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads t
 	NOTE: instead of correcting the issue.
 	NOTE: https://eprint.iacr.org/2018/747
 CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 was ...)
+	{DLA-1560-1}
 	- gnutls28 3.5.19-1
 	[stretch] - gnutls28 <no-dsa> (Will be fixed via pu)
 	- gnutls26 <removed>
@@ -20423,6 +20424,7 @@ CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 was
 	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
 	NOTE: https://eprint.iacr.org/2018/747
 CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 was ...)
+	{DLA-1560-1}
 	- gnutls28 3.5.19-1
 	[stretch] - gnutls28 <no-dsa> (Will be fixed via pu)
 	- gnutls26 <removed>
@@ -20796,14 +20798,14 @@ CVE-2018-10714
 	RESERVED
 CVE-2018-10713 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
 	NOT-FOR-US: D-Link
-CVE-2018-10712
-	RESERVED
-CVE-2018-10711
-	RESERVED
-CVE-2018-10710
-	RESERVED
-CVE-2018-10709
-	RESERVED
+CVE-2018-10712 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
+	TODO: check
+CVE-2018-10711 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
+	TODO: check
+CVE-2018-10710 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
+	TODO: check
+CVE-2018-10709 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
+	TODO: check
 CVE-2018-10708
 	RESERVED
 CVE-2018-10707
@@ -21265,8 +21267,8 @@ CVE-2018-10534 (The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXige
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
 CVE-2018-10533
 	RESERVED
-CVE-2018-10532
-	RESERVED
+CVE-2018-10532 (An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 ...)
+	TODO: check
 CVE-2018-10531
 	RESERVED
 CVE-2018-10530
@@ -49935,8 +49937,7 @@ CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulner
 	NOTE: https://www.openssl.org/news/secadv/20181029.txt
 	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
 	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1
-CVE-2018-0734 [Timing vulnerability in DSA signature generation]
-	RESERVED
+CVE-2018-0734 (The OpenSSL DSA signature algorithm has been shown to be vulnerable to ...)
 	- openssl <unfixed>
 	[stretch] - openssl <postponed> (Wait for next DSA and upstream release)
 	- openssl1.0 <unfixed>
@@ -76460,8 +76461,8 @@ CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve
 	NOTE: Upstream patch: https://golang.org/cl/41070
 	NOTE: Fix for 1.7: https://go-review.googlesource.com/c/43773
 	NOTE: Fix for 1.8: https://go-review.googlesource.com/c/43770
-CVE-2017-8931
-	RESERVED
+CVE-2017-8931 (Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow ...)
+	TODO: check
 CVE-2017-8930 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
 	NOT-FOR-US: Simple Invoices
 CVE-2017-8929 (The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 ...)
@@ -137272,8 +137273,8 @@ CVE-2015-7268 (Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT0
 	NOT-FOR-US: Samsung
 CVE-2015-7267 (Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 ...)
 	NOT-FOR-US: Samsung
-CVE-2015-7266
-	RESERVED
+CVE-2015-7266 (The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol ...)
+	TODO: check
 CVE-2015-7265 (Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request ...)
 	NOT-FOR-US: Facebook Proxygen
 CVE-2015-7264 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a ...)
@@ -143148,8 +143149,7 @@ CVE-2015-5160 (libvirt before 2.2 includes Ceph credentials on the qemu command
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1182074 (not yet opened)
 	NOTE: https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
 	NOTE: Needs changes in QEMU for passing passwords. Affects at least iSCSI and rbd/ceph.
-CVE-2015-5159
-	RESERVED
+CVE-2015-5159 (python-kdcproxy before 0.3.2 allows remote attackers to cause a denial ...)
 	NOT-FOR-US: kdcproxy
 CVE-2015-5158 (Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built ...)
 	- qemu 1:2.4+dfsg-1a (bug #793388)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c749d71b098519631a163bb1777890f464ddfc20

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c749d71b098519631a163bb1777890f464ddfc20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181030/0db5c7f1/attachment.html>

More information about the debian-security-tracker-commits mailing list