[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 10 May 2018 13:10:43 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e0901104 by security tracker role at 2018-05-10T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-10980
+       RESERVED
+CVE-2018-10979
+       RESERVED
+CVE-2018-10978
+       RESERVED
+CVE-2018-10977 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
+       TODO: check
+CVE-2018-10976 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
+       TODO: check
+CVE-2018-10975 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
+       TODO: check
+CVE-2018-10974 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
+       TODO: check
+CVE-2018-10973 (An integer overflow in the transferMulti function of a smart 
contract ...)
+       TODO: check
+CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF) 
0.3. The ...)
+       TODO: check
+CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF) 
0.3. The ...)
+       TODO: check
+CVE-2018-10970
+       RESERVED
+CVE-2018-10969
+       RESERVED
+CVE-2018-10968
+       RESERVED
+CVE-2018-10967
+       RESERVED
+CVE-2018-10966
+       RESERVED
+CVE-2018-10965
+       RESERVED
 CVE-2018-10964
        RESERVED
 CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in 
LibTIFF ...)
@@ -38,13 +70,13 @@ CVE-2018-10947
        RESERVED
 CVE-2018-10946
        RESERVED
-CVE-2017-18267 [FoFiType1C::cvtGlyph: Fix infinite recursion on malformed 
documents]
+CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in 
Poppler ...)
        - poppler <unfixed> (bug #898357)
        [wheezy] - poppler <ignored> (Minor issue)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
        NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=60b4fe65bc9dc9b82bbadf0be2e3781be796a13d
-CVE-2017-18266 [Argument injection in xdg-open open_envvar]
+CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 
does not ...)
        - xdg-utils <unfixed> (bug #898317)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
        NOTE: Fixed by: 
https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
@@ -336,8 +368,8 @@ CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a 
memory leak in WriteTIFF
        - imagemagick <unfixed> (unimportant; bug #898217)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
-CVE-2018-10803
-       RESERVED
+CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add 
credentials ...)
+       TODO: check
 CVE-2018-1000301
        RESERVED
 CVE-2018-1000300
@@ -587,8 +619,8 @@ CVE-2018-10708
        RESERVED
 CVE-2018-10707
        RESERVED
-CVE-2018-10706
-       RESERVED
+CVE-2018-10706 (An integer overflow in the transferMulti function of a smart 
contract ...)
+       TODO: check
 CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), 
an ...)
        TODO: check
 CVE-2018-10704
@@ -713,8 +745,8 @@ CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a 
denial of service fla
        NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
 CVE-2018-10656
        RESERVED
-CVE-2018-10655
-       RESERVED
+CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor 
(freeware) 5.72 ...)
+       TODO: check
 CVE-2018-10654
        RESERVED
 CVE-2018-10653
@@ -2677,8 +2709,8 @@ CVE-2018-9851 (In Gxlcms QY v1.0.0713, 
Lib\Lib\Action\Admin\TplAction.class.php 
        NOT-FOR-US: Gxlcms QY
 CVE-2018-9850 (In Gxlcms QY v1.0.0713, 
Lib\Lib\Action\Admin\DataAction.class.php ...)
        NOT-FOR-US: Gxlcms QY
-CVE-2018-9849
-       RESERVED
+CVE-2018-9849 (Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x 
before ...)
+       TODO: check
 CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in ...)
        NOT-FOR-US: Gxlcms QY
 CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in ...)
@@ -4904,18 +4936,18 @@ CVE-2018-8917
        RESERVED
 CVE-2018-8916
        RESERVED
-CVE-2018-8915
-       RESERVED
-CVE-2018-8914
-       RESERVED
+CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center 
in ...)
+       TODO: check
+CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media 
Server ...)
+       TODO: check
 CVE-2018-8913
        RESERVED
 CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in 
SYNO.NoteStation.Note in ...)
        NOT-FOR-US: Synology Note Station
 CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview 
in ...)
        NOT-FOR-US: Synology Note Station
-CVE-2018-8910
-       RESERVED
+CVE-2018-8910 (Cross-site scripting (XSS) vulnerability in Attachment Preview 
in ...)
+       TODO: check
 CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows 
attackers to ...)
        NOT-FOR-US: Wire application for Android
 CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. 
The ...)
@@ -7208,10 +7240,10 @@ CVE-2018-7943
        RESERVED
 CVE-2018-7942
        RESERVED
-CVE-2018-7941
-       RESERVED
-CVE-2018-7940
-       RESERVED
+CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass 
vulnerability. A ...)
+       TODO: check
+CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier 
versions than ...)
+       TODO: check
 CVE-2018-7939
        RESERVED
 CVE-2018-7938
@@ -7224,8 +7256,8 @@ CVE-2018-7935
        RESERVED
 CVE-2018-7934
        RESERVED
-CVE-2018-7933
-       RESERVED
+CVE-2018-7933 (Huawei home gateway products HiRouter-CD20 and WS5200 with the 
...)
+       TODO: check
 CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary 
...)
        NOT-FOR-US: Huawei
 CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist 
mechanism ...)
@@ -12442,8 +12474,8 @@ CVE-2018-6256
        RESERVED
 CVE-2018-6255
        RESERVED
-CVE-2018-6254
-       RESERVED
+CVE-2018-6254 (In Android before the 2018-05-05 security patch level, NVIDIA 
Media ...)
+       TODO: check
 CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the 
DirectX and ...)
        - nvidia-graphics-drivers 390.48-1 (bug #894338)
        [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -12476,8 +12508,8 @@ CVE-2018-6248 (NVIDIA Windows GPU Display Driver 
contains a vulnerability in the
        NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in 
the ...)
        NOT-FOR-US: NVIDIA Windows driver
-CVE-2018-6246
-       RESERVED
+CVE-2018-6246 (In Android before the 2018-05-05 security patch level, NVIDIA 
Widevine ...)
+       TODO: check
 CVE-2018-6245
        RESERVED
 CVE-2018-6244
@@ -15592,6 +15624,7 @@ CVE-2018-5184
        RESERVED
 CVE-2018-5183
        RESERVED
+       {DSA-4199-1}
        - firefox-esr 52.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
 CVE-2018-5182
@@ -15613,6 +15646,7 @@ CVE-2018-5179
        RESERVED
 CVE-2018-5178
        RESERVED
+       {DSA-4199-1}
        - firefox-esr 52.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
 CVE-2018-5177
@@ -15657,6 +15691,7 @@ CVE-2018-5169
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
 CVE-2018-5168
        RESERVED
+       {DSA-4199-1}
        [experimental] - firefox 60.0-1
        - firefox <unfixed>
        - firefox-esr 52.8.0esr-1
@@ -15698,6 +15733,7 @@ CVE-2018-5160
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
 CVE-2018-5159
        RESERVED
+       {DSA-4199-1}
        [experimental] - firefox 60.0-1
        - firefox <unfixed>
        - firefox-esr 52.8.0esr-1
@@ -15705,6 +15741,7 @@ CVE-2018-5159
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159
 CVE-2018-5158
        RESERVED
+       {DSA-4199-1}
        [experimental] - firefox 60.0-1
        - firefox <unfixed>
        - firefox-esr 52.8.0esr-1
@@ -15712,6 +15749,7 @@ CVE-2018-5158
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
 CVE-2018-5157
        RESERVED
+       {DSA-4199-1}
        [experimental] - firefox 60.0-1
        - firefox <unfixed>
        - firefox-esr 52.8.0esr-1
@@ -15721,6 +15759,7 @@ CVE-2018-5156
        RESERVED
 CVE-2018-5155
        RESERVED
+       {DSA-4199-1}
        [experimental] - firefox 60.0-1
        - firefox <unfixed>
        - firefox-esr 52.8.0esr-1
@@ -15728,6 +15767,7 @@ CVE-2018-5155
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155
 CVE-2018-5154
        RESERVED
+       {DSA-4199-1}
        [experimental] - firefox 60.0-1
        - firefox <unfixed>
        - firefox-esr 52.8.0esr-1
@@ -15750,6 +15790,7 @@ CVE-2018-5151
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
 CVE-2018-5150
        RESERVED
+       {DSA-4199-1}
        [experimental] - firefox 60.0-1
        - firefox <unfixed>
        - firefox-esr 52.8.0esr-1
@@ -26732,8 +26773,7 @@ CVE-2018-1132
        RESERVED
 CVE-2018-1131
        RESERVED
-CVE-2018-1130 [dccp: check sk for closed state in dccp_sendmsg()]
-       RESERVED
+CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null 
pointer ...)
        - linux 4.15.17-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
 CVE-2018-1129
@@ -26767,7 +26807,7 @@ CVE-2018-1117
        RESERVED
 CVE-2018-1116
        RESERVED
-CVE-2018-1115 [public execution privileges on pg_rotate_logfile() in adminpack 
extension]
+CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 is vulnerable in the 
adminpack ...)
        - postgresql-10 10.4-1
        - postgresql-9.6 <removed>
        [stretch] - postgresql-9.6 <no-dsa> (Minor issue)
@@ -63343,16 +63383,16 @@ CVE-2017-6295 (NVIDIA TrustZone Software contains a 
vulnerability in the Keymast
        NOT-FOR-US: NVIDIA
 CVE-2017-6294
        RESERVED
-CVE-2017-6293
-       RESERVED
+CVE-2017-6293 (In Android before the 2018-05-05 security patch level, NVIDIA 
Tegra X1 ...)
+       TODO: check
 CVE-2017-6292
        RESERVED
 CVE-2017-6291
        RESERVED
 CVE-2017-6290
        RESERVED
-CVE-2017-6289
-       RESERVED
+CVE-2017-6289 (In Android before the 2018-05-05 security patch level, NVIDIA 
Trusted ...)
+       TODO: check
 CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a 
missing ...)
        NOT-FOR-US: Nvidia component for Android
 CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a 
missing ...)
@@ -74744,8 +74784,7 @@ CVE-2017-2602
        RESERVED
        - jenkins <removed>
        NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2601
-       RESERVED
+CVE-2017-2601 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a 
persisted ...)
        - jenkins <removed>
        NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2600



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e09011047001be61193f75035d55c934bf720a9a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e09011047001be61193f75035d55c934bf720a9a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to