[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
df34f4fa by security tracker role at 2018-04-29T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-10530
+       RESERVED
+CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an 
out-of-bounds ...)
+       TODO: check
+CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a 
stack-based buffer ...)
+       TODO: check
 CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article; 
four fields ...)
        NOT-FOR-US: EasyCMS
 CVE-2018-10526
@@ -1601,7 +1607,7 @@ CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 
for iOS allows physical
 CVE-2018-9839
        RESERVED
 CVE-2018-1000164 (gunicorn version 19.4.5 contains a CWE-113: Improper 
Neutralization of ...)
-       {DLA-1357-1}
+       {DSA-4186-1 DLA-1357-1}
        - gunicorn 19.5.0-1 (bug #896548)
        NOTE: 
https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
        NOTE: https://github.com/benoitc/gunicorn/issues/1227
@@ -20763,12 +20769,14 @@ CVE-2018-2816 (Vulnerability in the MySQL Server 
component of Oracle MySQL ...)
        - mysql-5.5 <not-affected> (Only affects MySQL 5.7)
        NOTE: 
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
 CVE-2018-2815 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
@@ -20810,37 +20818,44 @@ CVE-2018-2802 (Vulnerability in the Oracle 
Hospitality Simphony component of Ora
 CVE-2018-2801 (Vulnerability in the Oracle Outside In Technology component of 
Oracle ...)
        NOT-FOR-US: Oracle
 CVE-2018-2800 (Vulnerability in the Java SE, JRockit component of Oracle Java 
SE ...)
+       {DSA-4185-1}
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2799 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
 CVE-2018-2798 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2797 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2796 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
 CVE-2018-2795 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2018-2794 (Vulnerability in the Java SE, JRockit component of Oracle Java 
SE ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>
@@ -20853,6 +20868,7 @@ CVE-2018-2792 (Vulnerability in the Hardware Management 
Pack component of Oracle
 CVE-2018-2791 (Vulnerability in the Oracle WebCenter Sites component of Oracle 
Fusion ...)
        NOT-FOR-US: Oracle
 CVE-2018-2790 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
+       {DSA-4185-1}
        - openjdk-10 <unfixed>
        - openjdk-8 8u171-b11-1
        - openjdk-7 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df34f4fa80c24b57e666cdd37d5ca7e0db6c4f07

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/df34f4fa80c24b57e666cdd37d5ca7e0db6c4f07
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits