[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Sep 27 21:11:09 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9c4ee5e by security tracker role at 2018-09-27T20:10:50Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -332,9 +332,9 @@ CVE-2018-17406
 	RESERVED
 CVE-2018-17405
 	RESERVED
-CVE-2018-17404 (** DISPUTED ** The SBIbuddy (aka com.sbi.erupee) application 1.41 and ...)
+CVE-2018-17404 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for ...)
 	NOT-FOR-US: SBIbuddy application
-CVE-2018-17403 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+CVE-2018-17403 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application ...)
 	NOT-FOR-US: PhonePe wallet application
 CVE-2018-17402 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application ...)
 	NOT-FOR-US: PhonePe wallet application
@@ -603,6 +603,7 @@ CVE-2018-17407 (An issue was discovered in t1_check_unusual_charstring functions
 	NOTE: Fixed by: https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
 	NOTE: Introduced in: https://github.com/TeX-Live/texlive-source/commit/59cbb8f96b0543c2912d6370ce8021181661e1cf
 CVE-2018-17281 (There is a stack consumption vulnerability in the ...)
+	{DLA-1523-1}
 	- asterisk 1:13.23.1~dfsg-1 (bug #909554)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2018-009.html
 	NOTE: :https://issues.asterisk.org/jira/browse/ASTERISK-28013
@@ -7219,6 +7220,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST
 	NOTE: https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2501
 CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to ...)
+	{DLA-1524-1}
 	- libxml2 <unfixed>
 	[stretch] - libxml2 <postponed> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
@@ -7642,6 +7644,7 @@ CVE-2018-14406
 CVE-2018-14405
 	RESERVED
 CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the ...)
+	{DLA-1524-1}
 	- libxml2 <unfixed> (bug #901817)
 	[stretch] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
@@ -21022,6 +21025,7 @@ CVE-2018-9252 (JasPer 2.0.14 allows denial of service via a reachable assertion
 	NOTE: https://github.com/mdadams/jasper/issues/173
 	NOTE: Negligable impact
 CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is ...)
+	{DLA-1524-1}
 	- libxml2 <not-affected> (Fix for CVE-2017-18258 not applied, cf. bug #895195)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794914
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
@@ -21034,6 +21038,7 @@ CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzm
 	NOTE: Thus CVE-2018-9251 is only affecting libxml2 if e2a9122b8dde53d320750451e9907a7dcb2ca8bb
 	NOTE: is applied.
 CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote ...)
+	{DLA-1524-1}
 	- libxml2 <unfixed> (bug #895245)
 	[stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
 	[jessie] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
@@ -27073,24 +27078,24 @@ CVE-2018-7111
 	RESERVED
 CVE-2018-7110
 	RESERVED
-CVE-2018-7109
-	RESERVED
-CVE-2018-7108
-	RESERVED
-CVE-2018-7107
-	RESERVED
-CVE-2018-7106
-	RESERVED
-CVE-2018-7105
-	RESERVED
-CVE-2018-7104
-	RESERVED
-CVE-2018-7103
-	RESERVED
-CVE-2018-7102
-	RESERVED
-CVE-2018-7101
-	RESERVED
+CVE-2018-7109 (HPE has addressed a remote arbitrary file modification vulnerability ...)
+	TODO: check
+CVE-2018-7108 (HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to ...)
+	TODO: check
+CVE-2018-7107 (A potential security vulnerability has been identified in HPE Device ...)
+	TODO: check
+CVE-2018-7106 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for ...)
+	TODO: check
+CVE-2018-7105 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for ...)
+	TODO: check
+CVE-2018-7104 (A Remote Code Execution vulnerability was identified in HPE ...)
+	TODO: check
+CVE-2018-7103 (A Remote Code Execution vulnerability was identified in HPE ...)
+	TODO: check
+CVE-2018-7102 (A security vulnerability in HPE Intelligent Management Center (iMC) ...)
+	TODO: check
+CVE-2018-7101 (A potential remote denial of service security vulnerability has been ...)
+	TODO: check
 CVE-2018-7100 (A potential security vulnerability has been identified in HPE ...)
 	NOT-FOR-US: HPE OfficeConnect 1810 Switch Series
 CVE-2018-7099 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
@@ -42114,8 +42119,8 @@ CVE-2018-1822
 	RESERVED
 CVE-2018-1821
 	RESERVED
-CVE-2018-1820
-	RESERVED
+CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
+	TODO: check
 CVE-2018-1819
 	RESERVED
 CVE-2018-1818
@@ -42282,8 +42287,8 @@ CVE-2018-1738
 	RESERVED
 CVE-2018-1737
 	RESERVED
-CVE-2018-1736
-	RESERVED
+CVE-2018-1736 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote ...)
+	TODO: check
 CVE-2018-1735
 	RESERVED
 CVE-2018-1734
@@ -42322,8 +42327,8 @@ CVE-2018-1718 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is
 	NOT-FOR-US: IBM
 CVE-2018-1717
 	RESERVED
-CVE-2018-1716
-	RESERVED
+CVE-2018-1716 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
+	TODO: check
 CVE-2018-1715 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2018-1714
@@ -42434,8 +42439,8 @@ CVE-2018-1662
 	RESERVED
 CVE-2018-1661
 	RESERVED
-CVE-2018-1660
-	RESERVED
+CVE-2018-1660 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
+	TODO: check
 CVE-2018-1659 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
 	NOT-FOR-US: IBM
 CVE-2018-1658
@@ -43371,7 +43376,7 @@ CVE-2018-1357
 	RESERVED
 CVE-2018-1356
 	RESERVED
-CVE-2018-1355 (An open redirect vulnerability in Fortinet FortiManager 6.0.0 and ...)
+CVE-2018-1355 (An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 ...)
 	NOT-FOR-US: Fortinet
 CVE-2018-1354 (An improper access control vulnerability in Fortinet FortiManager ...)
 	NOT-FOR-US: Fortinet



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9c4ee5e11b8e6894a5ee1d92cbacaa18cd40631

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9c4ee5e11b8e6894a5ee1d92cbacaa18cd40631
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180927/23ffeb33/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list