Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5ece9e1d by security tracker role at 2018-04-23T08:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,9 @@ -CVE-2018-10299 +CVE-2018-10301 RESERVED +CVE-2018-10300 + RESERVED +CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart contract ...) + TODO: check CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...) NOT-FOR-US: DiscuzX CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...) @@ -3606,6 +3610,7 @@ CVE-2018-8782 CVE-2018-8781 RESERVED CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...) + {DLA-1359-1 DLA-1358-1} - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -3616,6 +3621,7 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2. NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8 NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10) CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...) + {DLA-1359-1 DLA-1358-1} - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -3627,6 +3633,7 @@ CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2. NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10) NOTE: ruby1.8: test examples from hackerone doesn't work. ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though. CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...) + {DLA-1359-1 DLA-1358-1} - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -3637,6 +3644,7 @@ CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2. NOTE: Fixed by: https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80 NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10) CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...) + {DLA-1359-1 DLA-1358-1} - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -7662,7 +7670,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) - {DLA-1337-1 DLA-1336-1} + {DLA-1358-1 DLA-1337-1 DLA-1336-1} - ruby2.5 2.5.0-5 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -7672,7 +7680,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) - {DLA-1337-1 DLA-1336-1} + {DLA-1358-1 DLA-1337-1 DLA-1336-1} - ruby2.5 2.5.0-5 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -7682,7 +7690,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) - {DLA-1337-1 DLA-1336-1} + {DLA-1358-1 DLA-1337-1 DLA-1336-1} - ruby2.5 2.5.0-5 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -7692,7 +7700,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) - {DLA-1337-1 DLA-1336-1} + {DLA-1358-1 DLA-1337-1 DLA-1336-1} - ruby2.5 2.5.0-5 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -8741,6 +8749,7 @@ CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...) CVE-2018-6915 RESERVED CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the ...) + {DLA-1359-1 DLA-1358-1} - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -18510,6 +18519,7 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...) NOT-FOR-US: UCOPIA Wireless Appliance CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...) + {DLA-1359-1 DLA-1358-1} - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> - ruby2.1 <removed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ece9e1ded186c03e69f669f0a4fc53ea423a1a3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ece9e1ded186c03e69f669f0a4fc53ea423a1a3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits