[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 18 Jun 2018 01:10:43 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f6fd8a75 by security tracker role at 2018-06-18T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-12520
+       RESERVED
 CVE-2018-12519
        RESERVED
 CVE-2018-12518
@@ -513,6 +515,7 @@ CVE-2018-12328
 CVE-2018-12327
        RESERVED
 CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x 
before 5.0 ...)
+       {DSA-4230-1}
        - redis 5:4.0.10-1
        NOTE: 
https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0
        NOTE: 
https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
@@ -1007,8 +1010,8 @@ CVE-2018-12106
        RESERVED
 CVE-2018-12105
        RESERVED
-CVE-2018-12104
-       RESERVED
+CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge 
Repo 0.7.4 ...)
+       TODO: check
 CVE-2018-12103
        RESERVED
 CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
@@ -1083,12 +1086,12 @@ CVE-2018-12075
        RESERVED
 CVE-2018-12074
        RESERVED
-CVE-2018-12073
-       RESERVED
-CVE-2018-12072
-       RESERVED
-CVE-2018-12071
-       RESERVED
+CVE-2018-12073 (An issue was discovered on Eminent EM4544 9.10 devices. The 
device does ...)
+       TODO: check
+CVE-2018-12072 (An issue was discovered in Cloud Media Popcorn A-200 ...)
+       TODO: check
+CVE-2018-12071 (A Session Fixation issue exists in CodeIgniter before 3.1.9 
because ...)
+       TODO: check
 CVE-2018-12070
        RESERVED
 CVE-2018-12069
@@ -1184,24 +1187,20 @@ CVE-2018-12031 (Local file inclusion in Eaton 
Intelligent Power Manager v1.6 all
        NOT-FOR-US: Eaton Intelligent Power Manager
 CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
        NOT-FOR-US: Chevereto Free
-CVE-2018-12029 [CHMOD race vulnerability]
-       RESERVED
+CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x 
through ...)
        - passenger <unfixed>
        - ruby-passenger <removed>
        NOTE: 
https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
        NOTE: 
https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86
-CVE-2018-12028
-       RESERVED
+CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in 
Phusion ...)
        - passenger <not-affected> (Introduced in 5.3.0 with major refactoring 
of SpawningKit)
        - ruby-passenger <not-affected> (Introduced in 5.3.0 with major 
refactoring of SpawningKit)
        NOTE: 
https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
-CVE-2018-12027
-       RESERVED
+CVE-2018-12027 (An Insecure Permissions vulnerability in SpawningKit in 
Phusion ...)
        - passenger <not-affected> (Introduced in 5.3.0 with major refactoring 
of SpawningKit)
        - ruby-passenger <not-affected> (Introduced in 5.3.0 with major 
refactoring of SpawningKit)
        NOTE: 
https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
-CVE-2018-12026
-       RESERVED
+CVE-2018-12026 (During the spawning of a malicious Passenger-managed 
application, ...)
        - passenger <not-affected> (Introduced in 5.3.0 with major refactoring 
of SpawningKit)
        - ruby-passenger <not-affected> (Introduced in 5.3.0 with major 
refactoring of SpawningKit)
        NOTE: 
https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
@@ -96016,7 +96015,7 @@ CVE-2016-6192 (Buffer overflow in the Wi-Fi driver in 
Huawei P8 smartphones with
 CVE-2016-1000026
        RESERVED
 CVE-2016-1000025
-       RESERVED
+       REJECTED
        - node-ws <unfixed> (unimportant)
        NOTE: https://nodesecurity.io/advisories/120
        NOTE: https://github.com/nodejs/node/issues/7388
@@ -96049,7 +96048,7 @@ CVE-2016-1000015
 CVE-2016-1000014
        REJECTED
 CVE-2016-1000013
-       RESERVED
+       REJECTED
        - node-marked 0.3.6+dfsg-1 (unimportant)
        NOTE: https://nodesecurity.io/advisories/101
        NOTE: nodejs not covered by security support
@@ -96108,7 +96107,7 @@ CVE-2016-6223 (The TIFFReadRawStrip1 and 
TIFFReadRawTile1 functions in tif_read.
        NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
        NOTE: Upstream patch: 
https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496
 CVE-2016-1000023
-       RESERVED
+       REJECTED
        - node-minimatch <unfixed> (unimportant)
        NOTE: https://nodesecurity.io/advisories/118
        NOTE: 
https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6fd8a7568a9eb601602f998f62d947e83fc4063

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6fd8a7568a9eb601602f998f62d947e83fc4063
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to