[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Sep 29 09:10:38 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cda35129 by security tracker role at 2018-09-29T08:10:29Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2018-17779
+	RESERVED
+CVE-2018-17778
+	RESERVED
+CVE-2018-17777
+	RESERVED
+CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...)
+	TODO: check
+CVE-2018-17775
+	RESERVED
+CVE-2018-17774
+	RESERVED
+CVE-2018-17773
+	RESERVED
+CVE-2018-17772
+	RESERVED
+CVE-2018-17771
+	RESERVED
+CVE-2018-17770
+	RESERVED
+CVE-2018-17769
+	RESERVED
+CVE-2018-17768
+	RESERVED
+CVE-2018-17767
+	RESERVED
+CVE-2018-17766
+	RESERVED
+CVE-2018-17765
+	RESERVED
 CVE-2018-17764
 	RESERVED
 CVE-2018-17763
@@ -2927,7 +2957,7 @@ CVE-2018-16456
 	RESERVED
 CVE-2018-16455
 	RESERVED
-CVE-2018-16454 (PHP Scripts Mall Olx Clone 3.4.2 has XSS. ...)
+CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. ...)
 	NOT-FOR-US: PHP Scripts Mall Olx Clone
 CVE-2018-16453
 	RESERVED
@@ -4549,7 +4579,7 @@ CVE-2018-15838
 	RESERVED
 CVE-2018-15837
 	RESERVED
-CVE-2018-15836 (In Openswan before 2.6.50.1, IKEv2 signature verification is ...)
+CVE-2018-15836 (In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan ...)
 	- openswan <removed>
 	NOTE: https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51
 	NOTE: https://lists.openswan.org/pipermail/users/2018-August/023761.html
@@ -21835,24 +21865,24 @@ CVE-2018-9084
 	RESERVED
 CVE-2018-9083
 	RESERVED
-CVE-2018-9082
-	RESERVED
-CVE-2018-9081
-	RESERVED
-CVE-2018-9080
-	RESERVED
-CVE-2018-9079
-	RESERVED
-CVE-2018-9078
-	RESERVED
-CVE-2018-9077
-	RESERVED
-CVE-2018-9076
-	RESERVED
-CVE-2018-9075
-	RESERVED
-CVE-2018-9074
-	RESERVED
+CVE-2018-9082 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
+CVE-2018-9081 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
+CVE-2018-9080 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
+CVE-2018-9079 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
+CVE-2018-9078 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
+CVE-2018-9077 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
+CVE-2018-9076 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
+CVE-2018-9075 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
+CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
+	TODO: check
 CVE-2018-9073
 	RESERVED
 CVE-2018-9072
@@ -68442,7 +68472,7 @@ CVE-2017-9869 (The II_step_one function in layer2.c in mpglib, as used in ...)
 	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
 	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
 CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is ...)
-	{DLA-1146-1}
+	{DLA-1525-1 DLA-1146-1}
 	- mosquitto 1.4.14-1 (bug #865959)
 	[stretch] - mosquitto 1.4.10-3+deb9u1
 	NOTE: https://github.com/eclipse/mosquitto/issues/468
@@ -77155,10 +77185,12 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all ...)
 CVE-2017-7655
 	RESERVED
 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability ...)
+	{DLA-1525-1}
 	- mosquitto <unfixed>
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493
 	NOTE: https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de
 CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not reject ...)
+	{DLA-1525-1}
 	- mosquitto <unfixed>
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113
 	NOTE: https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cda351298ffa0341ca614f0d332c0b07470b5bd0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cda351298ffa0341ca614f0d332c0b07470b5bd0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180929/2c867f0b/attachment.html>

More information about the debian-security-tracker-commits mailing list