Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ece9e1d by security tracker role at 2018-04-23T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,9 @@
-CVE-2018-10299
+CVE-2018-10301
RESERVED
+CVE-2018-10300
+ RESERVED
+CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart
contract ...)
+ TODO: check
CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...)
NOT-FOR-US: DiscuzX
CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...)
@@ -3606,6 +3610,7 @@ CVE-2018-8782
CVE-2018-8781
RESERVED
CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
+ {DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -3616,6 +3621,7 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7,
2.4.x before 2.4.4, 2.
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3
(2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
+ {DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -3627,6 +3633,7 @@ CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7,
2.4.x before 2.4.4, 2.
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9
(2.2.10)
NOTE: ruby1.8: test examples from hackerone doesn't work.
ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
+ {DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -3637,6 +3644,7 @@ CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7,
2.4.x before 2.4.4, 2.
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859
(2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
+ {DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -7662,7 +7670,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
- {DLA-1337-1 DLA-1336-1}
+ {DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -7672,7 +7680,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
- {DLA-1337-1 DLA-1336-1}
+ {DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -7682,7 +7690,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
- {DLA-1337-1 DLA-1336-1}
+ {DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -7692,7 +7700,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
- {DLA-1337-1 DLA-1336-1}
+ {DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -8741,6 +8749,7 @@ CVE-2018-6916 (In FreeBSD before 11.1-STABLE,
11.1-RELEASE-p7, 10.4-STABLE, ...)
CVE-2018-6915
RESERVED
CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in
the ...)
+ {DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -18510,6 +18519,7 @@ CVE-2017-17744 (A cross-site scripting (XSS)
vulnerability in the custom-map plu
CVE-2017-17743 (Improper input sanitization within the restricted
administration shell ...)
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
+ {DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ece9e1ded186c03e69f669f0a4fc53ea423a1a3
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ece9e1ded186c03e69f669f0a4fc53ea423a1a3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
