[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Sep 8 21:10:40 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cfd36119 by security tracker role at 2018-09-08T20:10:31Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2018-16735
+	RESERVED
+CVE-2018-16734
+	RESERVED
+CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in ...)
+	TODO: check
+CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via ...)
+	TODO: check
+CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding the php ...)
+	TODO: check
+CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. ...)
+	TODO: check
+CVE-2018-16729
+	RESERVED
+CVE-2018-16728
+	RESERVED
+CVE-2018-16727
+	RESERVED
+CVE-2018-16726
+	RESERVED
+CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...)
+	TODO: check
+CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
+	TODO: check
+CVE-2018-16723
+	RESERVED
+CVE-2018-16722
+	RESERVED
+CVE-2018-16721
+	RESERVED
+CVE-2018-16720
+	RESERVED
+CVE-2018-16719
+	RESERVED
+CVE-2018-16718
+	RESERVED
+CVE-2018-16717
+	RESERVED
+CVE-2018-16716
+	RESERVED
+CVE-2018-16715 (An issue was discovered in Absolute Software CTES Windows Agent through ...)
+	TODO: check
 CVE-2018-16714
 	RESERVED
 CVE-2018-16713
@@ -4996,7 +5038,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef
 	NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
 CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the ...)
-	{DSA-4286-1}
+	{DSA-4286-1 DLA-1498-1}
 	- curl <unfixed> (bug #908327)
 	NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
 	NOTE: https://github.com/curl/curl/issues/2756
@@ -10307,6 +10349,7 @@ CVE-2018-12497
 CVE-2018-12496
 	RESERVED
 CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT ...)
+	{DLA-1499-1}
 	- discount 2.2.4-1 (bug #901912)
 	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
 	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
@@ -13008,11 +13051,13 @@ CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux
 CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows attackers to ...)
 	NOT-FOR-US: Werewolf Online application for Android
 CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a ...)
+	{DLA-1499-1}
 	- discount 2.2.4-1 (bug #901912)
 	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
 	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
 	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
 CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT ...)
+	{DLA-1499-1}
 	- discount 2.2.4-1 (bug #901912)
 	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
 	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
@@ -13106,6 +13151,7 @@ CVE-2018-11469 (Incorrect caching of responses to requests including an Authoriz
 	[jessie] - haproxy <not-affected> (Issue introduced in 1.8.0)
 	NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06
 CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT ...)
+	{DLA-1499-1}
 	- discount 2.2.4-1 (bug #901912)
 	NOTE: https://github.com/Orc/discount/issues/189
 	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfd36119e2c4232ef92298169d3afa914fc1157a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfd36119e2c4232ef92298169d3afa914fc1157a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180908/c9410866/attachment.html>


More information about the debian-security-tracker-commits mailing list