Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
088339f4 by security tracker role at 2018-05-18T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,61 @@
+CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function ...)
+ TODO: check
+CVE-2018-11255 (An issue was discovered in PoDoFo 0.9.5. The function ...)
+ TODO: check
+CVE-2018-11254 (An issue was discovered in PoDoFo 0.9.5. There is an Excessive
...)
+ TODO: check
+CVE-2018-11253
+ RESERVED
+CVE-2018-11252
+ RESERVED
+CVE-2018-11251 (In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a
heap-based ...)
+ TODO: check
+CVE-2018-11250
+ RESERVED
+CVE-2018-11249
+ RESERVED
+CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not
check an ...)
+ TODO: check
+CVE-2018-11247
+ RESERVED
+CVE-2018-11246
+ RESERVED
+CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with
cortex ...)
+ TODO: check
+CVE-2018-11244 (The BBE theme before 1.53 for WordPress allows a direct launch
of an ...)
+ TODO: check
+CVE-2018-11243 (PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows
remote ...)
+ TODO: check
+CVE-2018-11242
+ RESERVED
+CVE-2018-11241
+ RESERVED
+CVE-2018-11240
+ RESERVED
+CVE-2018-11239
+ RESERVED
+CVE-2018-11238
+ RESERVED
+CVE-2018-11237 (An AVX-512-optimized implementation of the mempcpy function in
the GNU ...)
+ TODO: check
+CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or
libc6) 2.27 ...)
+ TODO: check
+CVE-2018-11235
+ RESERVED
+CVE-2018-11234
+ RESERVED
+CVE-2018-11233
+ RESERVED
+CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege
Context ...)
+ TODO: check
+CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite
loop ...)
+ TODO: check
+CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a ...)
+ TODO: check
+CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite
loop ...)
+ TODO: check
+CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in ...)
+ TODO: check
CVE-2018-11232 (The etm_setup_aux function in ...)
- linux <not-affected> (Vulnerable code never present in unstable)
NOTE: Fixed by:
https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
@@ -244,7 +302,8 @@ CVE-2018-11127 (e107 2.1.7 has CSRF resulting in arbitrary
user deletion. ...)
NOT-FOR-US: e107
CVE-2018-11126 (dg-user/?controller=users&action=add in doorGets 7.0 has
CSRF that ...)
NOT-FOR-US: doorGets
-CVE-2018-11125 (Tencent RapidJSON 1.1.0 has a heap-based buffer over-read in
the Peek ...)
+CVE-2018-11125
+ REJECTED
NOT-FOR-US: Tencent RapidJSON
CVE-2018-11124
RESERVED
@@ -426,7 +485,7 @@ CVE-2018-11040
RESERVED
CVE-2018-11039
RESERVED
-CVE-2017-18270 [KEYS: prevent creating a different user's keyrings]
+CVE-2017-18270 (In the Linux kernel before 4.13.5, a local user could create
keyrings ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.56-1
@@ -592,10 +651,10 @@ CVE-2018-10970
RESERVED
CVE-2018-10969
RESERVED
-CVE-2018-10968
- RESERVED
-CVE-2018-10967
- RESERVED
+CVE-2018-10968 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a
malicious ...)
+ TODO: check
+CVE-2018-10967 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a
malicious ...)
+ TODO: check
CVE-2018-10966
RESERVED
CVE-2018-10965
@@ -2188,10 +2247,10 @@ CVE-2018-10309 (The Responsive Cookie Consent plugin
before 1.8 for WordPress ..
NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
CVE-2018-10308
RESERVED
-CVE-2018-10307
- RESERVED
-CVE-2018-10306
- RESERVED
+CVE-2018-10307 (error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS
via the ...)
+ TODO: check
+CVE-2018-10306 (Services/Form/classes/class.ilDateDurationInputGUI.php and ...)
+ TODO: check
CVE-2018-10305 (The MessageSearch2 function in PersonalMessage.php in Simple
Machines ...)
NOT-FOR-US: Simple Machines Forum
CVE-2018-10304
@@ -4723,8 +4782,8 @@ CVE-2017-18258 (The xz_head function in xzlib.c in
libxml2 before 2.9.6 allows r
NOTE: Fixed by:
https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
NOTE: When fixing this issue make sure to not open CVE-2018-9251 and
apply
NOTE: the fix for CVE-2018-9251 /
https://bugzilla.gnome.org/show_bug.cgi?id=794914
-CVE-2018-9250
- RESERVED
+CVE-2018-9250 (interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows
remote ...)
+ TODO: check
CVE-2018-9249 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication
bypass by ...)
NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9248 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication
bypass via ...)
@@ -5721,8 +5780,8 @@ CVE-2018-8851
RESERVED
CVE-2018-8850
RESERVED
-CVE-2018-8849
- RESERVED
+CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician
...)
+ TODO: check
CVE-2018-8848
RESERVED
CVE-2018-8847
@@ -7699,8 +7758,7 @@ CVE-2018-8017
RESERVED
CVE-2018-8016
RESERVED
-CVE-2018-8015
- RESERVED
+CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger
an ...)
NOT-FOR-US: Apache ORC
CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache
Tomcat ...)
- tomcat9 <itp> (bug #802312)
@@ -16109,8 +16167,8 @@ CVE-2018-5258 (The Neon app 1.6.14 iOS does not verify
X.509 certificates from S
NOT-FOR-US: Neon app
CVE-2018-5257
RESERVED
-CVE-2018-5256
- RESERVED
+CVE-2018-5256 (CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before
...)
+ TODO: check
CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that
is shared ...)
NOT-FOR-US: Hitron CVE-30360 devices
CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20
before ...)
@@ -16130,6 +16188,7 @@ CVE-2018-5250
CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before
0.8.5 and ...)
- shaarli <itp> (bug #864559)
CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer
over-read in ...)
+ {DSA-4204-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886588)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/927
@@ -20545,7 +20604,7 @@ CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64
2017-12-21, there is a stack-
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/663b3b432c202cd2aeda7ea7e82b74cce51ab1cf
NOTE: webp support not enabled, see #806425
CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a
heap-based ...)
- {DSA-4074-1 DLA-1227-1}
+ {DSA-4204-1 DSA-4074-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #885125)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
@@ -26594,7 +26653,7 @@ CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer
dereference in the funct
NOTE: POC:
https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
- {DSA-4074-1 DLA-1227-1}
+ {DSA-4204-1 DSA-4074-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #885340)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
@@ -46943,7 +47002,7 @@ CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL
check vulnerability was f
NOTE: https://github.com/ImageMagick/ImageMagick/issues/547
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375
CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the
ReadMATImage ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4204-1 DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870012)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/362
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
@@ -47242,7 +47301,7 @@ CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a
crafted file in convert, it
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86
CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4204-1 DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870065)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/588
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014
@@ -47658,7 +47717,7 @@ CVE-2017-11536 (When ImageMagick 7.0.6-1 processes a
crafted file in convert, it
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/167e1538ae9818d46c9462a4273082871e35a480
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/dba1ccfbcdf61c0eb599c7c308b42ed46dc92be6
CVE-2017-11535 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4204-1 DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869827)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/561
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4
@@ -47669,7 +47728,7 @@ CVE-2017-11534 (When ImageMagick 7.0.6-1 processes a
crafted file in convert, it
NOTE: https://github.com/ImageMagick/ImageMagick/issues/564
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3f21b17f06eacb40dab08738e0abf68fb0d58c90
CVE-2017-11533 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- {DSA-4019-1 DLA-1081-1}
+ {DSA-4204-1 DSA-4019-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869834)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/562
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f0c29cc251578fe0ad8ec7b72f2487a77a1696b8
@@ -49359,7 +49418,7 @@ CVE-2017-10997 (In all Qualcomm products with Android
releases from CAF using th
CVE-2017-10996 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10995 (The mng_get_long function in coders/png.c in ImageMagick
7.0.6-0 allows ...)
- {DLA-1081-1}
+ {DSA-4204-1 DLA-1081-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #867748)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/538
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/24430226caf7eb468b4180f2883b2563e8cc1b23
@@ -53176,12 +53235,12 @@ CVE-2017-9639 (An issue was discovered in Fuji
Electric V-Server Version 3.3.22.
NOT-FOR-US: Fuji Electric V-Server
CVE-2017-9638 (Mitsubishi E-Designer, Version 7.52 Build 344 contains six code
...)
NOT-FOR-US: Mitsubishi E-Designer
-CVE-2017-9637
- RESERVED
+CVE-2017-9637 (Schneider Electric Ampla MES 6.4 provides capability to
interact with ...)
+ TODO: check
CVE-2017-9636 (Mitsubishi E-Designer, Version 7.52 Build 344 contains five
code ...)
NOT-FOR-US: Mitsubishi E-Designer
-CVE-2017-9635
- RESERVED
+CVE-2017-9635 (Schneider Electric Ampla MES 6.4 provides capability to
configure ...)
+ TODO: check
CVE-2017-9634 (Mitsubishi E-Designer, Version 7.52 Build 344 contains two code
...)
NOT-FOR-US: Mitsubishi E-Designer
CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a
Memory ...)
@@ -82957,8 +83016,8 @@ CVE-2016-9094 (Symantec Endpoint Protection clients
place detected malware in ..
NOT-FOR-US: Symantec
CVE-2016-9093 (A version of the SymEvent Driver that shipped with Symantec
Endpoint ...)
NOT-FOR-US: Symantec
-CVE-2016-9092
- REJECTED
+CVE-2016-9092 (The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1,
and Mail ...)
+ TODO: check
CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and
Content ...)
NOT-FOR-US: Blue Coat Advanced Secure Gateway
CVE-2016-9090
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/088339f4c3a3d678af18ee6bb74d3abbfc4aaf26
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/088339f4c3a3d678af18ee6bb74d3abbfc4aaf26
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
