[Git][security-tracker-team/security-tracker][master] automatic update

Tue Sep 11 09:10:21 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
280655d4 by security tracker role at 2018-09-11T08:10:12Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2018-16831
+	RESERVED
+CVE-2018-16830
+	RESERVED
+CVE-2018-16829
+	RESERVED
+CVE-2018-16828
+	RESERVED
+CVE-2018-16827
+	RESERVED
+CVE-2018-16826
+	RESERVED
+CVE-2018-16825
+	RESERVED
+CVE-2018-16824
+	RESERVED
+CVE-2018-16823
+	RESERVED
+CVE-2018-16822
+	RESERVED
+CVE-2018-16821
+	RESERVED
+CVE-2018-16820
+	RESERVED
+CVE-2018-16819
+	RESERVED
+CVE-2018-16818
+	RESERVED
+CVE-2018-16817
+	RESERVED
+CVE-2018-16816
+	RESERVED
+CVE-2018-16815
+	RESERVED
+CVE-2018-16814
+	RESERVED
+CVE-2018-16813
+	RESERVED
+CVE-2018-16812
+	RESERVED
+CVE-2018-16811
+	RESERVED
+CVE-2018-16810
+	RESERVED
+CVE-2018-16809
+	RESERVED
+CVE-2018-16808
+	RESERVED
+CVE-2018-16807 (In Bro through 2.5.5, there is a memory leak potentially leading to DoS ...)
+	TODO: check
+CVE-2018-16806 (A Pektron Passive Keyless Entry and Start (PKES) system, as used on the ...)
+	TODO: check
+CVE-2018-16805 (In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles ...)
+	TODO: check
 CVE-2018-16804
 	RESERVED
 CVE-2018-16803
@@ -10,7 +64,7 @@ CVE-2018-16799
 	RESERVED
 CVE-2018-16798
 	RESERVED
-CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.8.7556 ...)
+CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 ...)
 	NOT-FOR-US: PotPlayer
 CVE-2018-16796
 	RESERVED
@@ -835,6 +889,7 @@ CVE-2018-16432 (BlueCMS 1.6 allows SQL Injection via the user_name parameter to
 CVE-2018-16431 (admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an ...)
 	NOT-FOR-US: YFCMF
 CVE-2018-16430 (GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in ...)
+	{DSA-4290-1}
 	- libextractor <unfixed> (bug #907987)
 	NOTE: https://gnunet.org/bugs/view.php?id=5405
 	NOTE: https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7
@@ -6078,13 +6133,13 @@ CVE-2018-14348 (libcgroup up to and including 0.41 creates /var/log/cgred with m
 	NOTE: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
 	NOTE: cgred not enabled by default, shipped example config logs to syslog by default
 CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerability in ...)
-	{DLA-1478-1}
+	{DSA-4290-1 DLA-1478-1}
 	- libextractor <unfixed> (bug #904905)
 	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html
 	NOTE: https://gnunet.org/bugs/view.php?id=5399
 	NOTE: https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
 CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow in ...)
-	{DLA-1478-1}
+	{DSA-4290-1 DLA-1478-1}
 	- libextractor <unfixed> (bug #904903)
 	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html
 	NOTE: https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
@@ -12453,8 +12508,7 @@ CVE-2018-11777
 CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from ...)
 	- libstruts1.2-java <not-affected> (Specific to 2.x)
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
-CVE-2018-11775 [Missing TLS Hostname Verification]
-	RESERVED
+CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client before ...)
 	- activemq <unfixed>
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
 	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
@@ -34407,8 +34461,8 @@ CVE-2018-3877
 	RESERVED
 CVE-2018-3876
 	RESERVED
-CVE-2018-3875
-	RESERVED
+CVE-2018-3875 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+	TODO: check
 CVE-2018-3874
 	RESERVED
 CVE-2018-3873



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/280655d47f210d4d709f9470d8784d7c4208e8fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/280655d47f210d4d709f9470d8784d7c4208e8fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180911/68fecf71/attachment.html>
