[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Sep 26 09:10:22 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4cc67c17 by security tracker role at 2018-09-26T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2018-17537
+	RESERVED
+CVE-2018-17536
+	RESERVED
+CVE-2018-17535
+	RESERVED
+CVE-2018-17534
+	RESERVED
+CVE-2018-17533
+	RESERVED
+CVE-2018-17532
+	RESERVED
 CVE-2018-17531
 	RESERVED
 CVE-2018-17530
@@ -254,15 +266,15 @@ CVE-2018-17406
 	RESERVED
 CVE-2018-17405
 	RESERVED
-CVE-2018-17404 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
+CVE-2018-17404 (** DISPUTED ** The SBIbuddy (aka com.sbi.erupee) application 1.41 and ...)
 	NOT-FOR-US: SBIbuddy application
 CVE-2018-17403 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
 	NOT-FOR-US: PhonePe wallet application
-CVE-2018-17402 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+CVE-2018-17402 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application ...)
 	NOT-FOR-US: PhonePe wallet application
-CVE-2018-17401 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+CVE-2018-17401 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application ...)
 	NOT-FOR-US: PhonePe wallet application
-CVE-2018-17400 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+CVE-2018-17400 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application ...)
 	NOT-FOR-US: PhonePe wallet application
 CVE-2018-17399
 	RESERVED
@@ -807,7 +819,7 @@ CVE-2018-17155
 CVE-2018-17154
 	RESERVED
 CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a ...)
-	{DLA-1519-1}
+	{DLA-1520-1 DLA-1519-1}
 	- python3.7 <not-affected> (Fixed before initial upload)
 	- python3.6 <not-affected> (Fixed before initial upload)
 	- python3.5 <not-affected> (Fixed before initial upload)
@@ -6848,8 +6860,7 @@ CVE-2018-14635 (When using the Linux bridge ml2 driver, non-privileged tenants a
 	[jessie] - neutron <ignored> (Minor issue)
 	NOTE: https://bugs.launchpad.net/neutron/+bug/1757482
 	NOTE: https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
-CVE-2018-14634 [Integer overflow in Linux's create_elf_tables()]
-	RESERVED
+CVE-2018-14634 (An integer overflow flaw was found in the Linux kernel's ...)
 	- linux 4.12.6-1
 	[stretch] - linux 4.9.47-1
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/25/4
@@ -14225,8 +14236,7 @@ CVE-2018-11765
 	RESERVED
 CVE-2018-11764
 	RESERVED
-CVE-2018-11763 [mod_http2, DoS via continuous SETTINGS frames]
-	RESERVED
+CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large ...)
 	- apache2 <unfixed> (bug #909591)
 	[jessie] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: HTTP/2 support introduced in 2.4.17
@@ -44768,7 +44778,7 @@ CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link
 CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
-	{DLA-1519-1}
+	{DLA-1520-1 DLA-1519-1}
 	- python3.7 3.7.0~b3-1 (low)
 	- python3.6 3.6.5~rc1-1 (low)
 	- python3.5 3.5.6-1 (low)
@@ -44789,7 +44799,7 @@ CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.
 	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
 	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
 CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
-	{DLA-1519-1}
+	{DLA-1520-1 DLA-1519-1}
 	- python3.7 3.7.0~b3-1 (low)
 	- python3.6 3.6.5~rc1-1 (low)
 	- python3.5 3.5.6-1 (low)
@@ -48525,7 +48535,7 @@ CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Address
 CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...)
 	NOT-FOR-US: EllisLab ExpressionEngine
 CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
-	{DLA-1519-1 DLA-1190-1 DLA-1189-1}
+	{DLA-1520-1 DLA-1519-1 DLA-1190-1 DLA-1189-1}
 	- python3.5 3.5.5-1
 	- python3.4 <removed>
 	- python2.7 2.7.13-4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cc67c17c4659e6f1c05406fba53893f31ff7025

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4cc67c17c4659e6f1c05406fba53893f31ff7025
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180926/4cf0de60/attachment.html>

More information about the debian-security-tracker-commits mailing list