Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f30dcf37 by security tracker role at 2018-05-11T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,15 @@ +CVE-2018-10985 + RESERVED +CVE-2018-10984 + RESERVED +CVE-2018-10983 + RESERVED +CVE-2009-5152 (Absolute Computrace Agent, as distributed on certain Dell Inspiron ...) + TODO: check +CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 executes code ...) + TODO: check +CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a digital ...) + TODO: check CVE-2018-XXXX [Incomplete fix for CVE-2017-17523] - lilypond 2.18.2-13 (bug #898373) [jessie] - lilypond <not-affected> (Incomplete fix not applied) @@ -329,7 +341,7 @@ CVE-2018-10829 RESERVED CVE-2018-10828 (An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ...) NOT-FOR-US: Alps Pointing-device Driver -CVE-2018-10827 (LiteCart 2.1.2 allows remote attackers to cause a denial of service ...) +CVE-2018-10827 (LiteCart before 2.1.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: LiteCart CVE-2018-10826 RESERVED @@ -913,8 +925,8 @@ CVE-2018-10582 RESERVED CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able ...) NOT-FOR-US: Octopus Deploy -CVE-2018-10580 - RESERVED +CVE-2018-10580 (The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because ...) + TODO: check CVE-2018-10579 RESERVED CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...) @@ -9575,8 +9587,8 @@ CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of [wheezy] - wavpack <not-affected> (Vulnerable code not present) NOTE: https://github.com/dbry/WavPack/issues/28 NOTE: https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec -CVE-2018-7248 - RESERVED +CVE-2018-7248 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 ...) + TODO: check CVE-2018-7247 (An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in ...) - leptonlib 1.76.0-1 (unimportant) NOTE: https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f @@ -50775,7 +50787,7 @@ CVE-2017-10386 (Vulnerability in the Java Advanced Management Console component CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) - glassfish <not-affected> (Vulnerable code not included, see bug #853998) CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DSA-4002-1 DLA-1141-1} + {DSA-4002-1 DSA-3944-1 DLA-1141-1} - mariadb-10.2 <removed> (bug #884065) - mariadb-10.0 <removed> - mysql-5.7 5.7.20-1 (bug #878398) @@ -50790,7 +50802,7 @@ CVE-2017-10381 (Vulnerability in the PeopleSoft Enterprise PeopleTools component CVE-2017-10380 (Vulnerability in the Java Advanced Management Console component of ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DSA-4002-1 DLA-1141-1} + {DSA-4002-1 DSA-3944-1 DLA-1141-1} - mariadb-10.2 <removed> (bug #884065) - mariadb-10.0 <removed> - mysql-5.7 5.7.20-1 (bug #878398) @@ -51068,6 +51080,7 @@ CVE-2017-10288 CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-3944-1} - mariadb-10.2 <removed> (bug #884065) - mariadb-10.0 <removed> - mysql-5.7 5.7.20-1 (bug #878398) @@ -64072,8 +64085,8 @@ CVE-2017-6017 (A Resource Exhaustion issue was discovered in Schneider Electric NOT-FOR-US: Schneider Electric CVE-2017-6016 (An Improper Access Control issue was discovered in LCDS - Leao ...) NOT-FOR-US: LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA) -CVE-2017-6015 - RESERVED +CVE-2017-6015 (Without quotation marks, any whitespace in the file path for Rockwell ...) + TODO: check CVE-2017-6014 (In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 ...) {DSA-3811-1 DLA-826-1} - wireshark 2.2.5+g440fd4d-2 (bug #855408) @@ -83703,8 +83716,7 @@ CVE-2016-8628 [jessie] - ansible <no-dsa> (Minor issue; can be fixed via point release) NOTE: Fixed upstream in v2.2.0.0-1 NOTE: Needs an attacker to compromise a controlled server. -CVE-2016-8627 - RESERVED +CVE-2016-8627 (admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an ...) NOT-FOR-US: Red Hat JBoss EAP CVE-2016-8626 [RGW Denial of Service by sending POST object with null conditions] RESERVED @@ -184719,7 +184731,7 @@ CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud b NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable ...) NOT-FOR-US: Red Hat CloudForms -CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudFroms 1.1, when ...) +CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does ...) NOT-FOR-US: Red Hat CloudForms View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f30dcf37e1ece3228aeaaf727fcc5fee45a2cdc8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f30dcf37e1ece3228aeaaf727fcc5fee45a2cdc8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits