Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
524832ad by security tracker role at 2018-07-06T08:11:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,69 @@
+CVE-2018-13364
+ RESERVED
+CVE-2018-13363
+ RESERVED
+CVE-2018-13362
+ RESERVED
+CVE-2018-13361
+ RESERVED
+CVE-2018-13360
+ RESERVED
+CVE-2018-13359
+ RESERVED
+CVE-2018-13358
+ RESERVED
+CVE-2018-13357
+ RESERVED
+CVE-2018-13356
+ RESERVED
+CVE-2018-13355
+ RESERVED
+CVE-2018-13354
+ RESERVED
+CVE-2018-13353
+ RESERVED
+CVE-2018-13352
+ RESERVED
+CVE-2018-13351
+ RESERVED
+CVE-2018-13350
+ RESERVED
+CVE-2018-13349
+ RESERVED
+CVE-2018-13345
+ RESERVED
+CVE-2018-13344
+ RESERVED
+CVE-2018-13343
+ RESERVED
+CVE-2018-13342
+ RESERVED
+CVE-2018-13341
+ RESERVED
+CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add
request. ...)
+ TODO: check
+CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML
content mode ...)
+ TODO: check
+CVE-2018-13338
+ RESERVED
+CVE-2018-13337
+ RESERVED
+CVE-2018-13336
+ RESERVED
+CVE-2018-13335
+ RESERVED
+CVE-2018-13334
+ RESERVED
+CVE-2018-13333
+ RESERVED
+CVE-2018-13332
+ RESERVED
+CVE-2018-13331
+ RESERVED
+CVE-2018-13330
+ RESERVED
+CVE-2018-13329
+ RESERVED
CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart
contract ...)
NOT-FOR-US: smart contract
CVE-2018-13327 (The transfer and transferFrom functions of a smart contract
...)
@@ -590,8 +656,8 @@ CVE-2018-13053 (The alarm_timer_nsleep function in
kernel/time/alarmtimer.c in t
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef
-CVE-2018-13052
- RESERVED
+CVE-2018-13052 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity),
...)
+ TODO: check
CVE-2018-13051
RESERVED
CVE-2018-13050 (A SQL Injection vulnerability exists in Zoho ManageEngine
Applications ...)
@@ -645,8 +711,8 @@ CVE-2018-13033 (The Binary File Descriptor (BFD) library
(aka libbfd), as distri
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23361
CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add
superuser ...)
NOT-FOR-US: ECESSA ShieldLink
-CVE-2018-13031
- RESERVED
+CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add
an ...)
+ TODO: check
CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The
build_huffman ...)
NOT-FOR-US: jpeg-compressor
CVE-2018-13029
@@ -915,6 +981,7 @@ CVE-2018-12912 (An issue wan discovered in
admin\controllers\database.php in Hon
CVE-2018-12911
RESERVED
CVE-2018-12910 (soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup
allows ...)
+ {DSA-4241-1}
- libsoup2.4 2.62.2-2
NOTE:
https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
CVE-2018-12909 (** DISPUTED ** Webgrind 1.5 relies on user input to display a
file, ...)
@@ -1310,8 +1377,8 @@ CVE-2018-12741
RESERVED
CVE-2018-12740
RESERVED
-CVE-2018-12739
- RESERVED
+CVE-2018-12739 (In BEESCMS 4.0, CSRF allows administrators to be added
arbitrarily, a ...)
+ TODO: check
CVE-2018-12738
RESERVED
CVE-2018-12737
@@ -1324,8 +1391,8 @@ CVE-2018-12734
RESERVED
CVE-2018-12733
RESERVED
-CVE-2016-10725
- RESERVED
+CVE-2016-10725 (In Bitcoin Core before v0.13.0, a non-final alert is able to
block the ...)
+ TODO: check
CVE-2018-12732
RESERVED
CVE-2018-12731
@@ -1376,8 +1443,8 @@ CVE-2018-12711 (An XSS issue was discovered in the
language switcher module in J
NOT-FOR-US: Joomla!
CVE-2018-12710
RESERVED
-CVE-2016-10724
- RESERVED
+CVE-2016-10724 (Bitcoin Core before v0.13.0 allows denial of service (memory
...)
+ TODO: check
CVE-2018-12709
RESERVED
CVE-2018-12708
@@ -1869,8 +1936,8 @@ CVE-2018-12573
RESERVED
CVE-2018-12572
RESERVED
-CVE-2018-12571
- RESERVED
+CVE-2018-12571 (uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront
Unified ...)
+ TODO: check
CVE-2018-12570
RESERVED
CVE-2018-12569
@@ -2013,8 +2080,8 @@ CVE-2018-12522 (An issue was discovered in perfSONAR
Monitoring and Debugging Da
NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12521
RESERVED
-CVE-2018-12520
- RESERVED
+CVE-2018-12520 (An issue was discovered in ntopng 3.4 before 3.4.180617. The
PRNG ...)
+ TODO: check
CVE-2018-12519 (An issue was discovered in ShopNx through 2017-11-17. The ...)
NOT-FOR-US: ShopNx
CVE-2018-12518
@@ -3088,8 +3155,8 @@ CVE-2018-12115
RESERVED
CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to
add user ...)
NOT-FOR-US: Maccms
-CVE-2018-12113
- RESERVED
+CVE-2018-12113 (Core FTP LE version 2.2 Build 1921 is prone to a buffer
overflow ...)
+ TODO: check
CVE-2018-12112 (md_build_attribute in md4c.c in md4c 0.2.6 allows remote
attackers to ...)
NOT-FOR-US: md4c
CVE-2018-12111 (Cross-site scripting (XSS) vulnerability in the Canon PrintMe
EFI ...)
@@ -3110,8 +3177,8 @@ CVE-2018-12105
RESERVED
CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge
Repo 0.7.4 ...)
NOT-FOR-US: Airbnb Knowledge Repo
-CVE-2018-12103
- RESERVED
+CVE-2018-12103 (An issue was discovered on D-Link DIR-890L A2 devices. Due to
the ...)
+ TODO: check
CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
NOT-FOR-US: md4c
CVE-2018-12101
@@ -3236,11 +3303,13 @@ CVE-2018-12051 (Arbitrary File Upload and Remote Code
Execution exist in PHP Scr
NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12050
RESERVED
-CVE-2018-13346 [OVE-20180430-0004: mpatch: ensure fragment start isn't past
the end of orig]
+CVE-2018-13346 (The mpatch_apply function in mpatch.c in Mercurial before
4.6.1 ...)
+ {DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/faa924469635
-CVE-2018-13347 [OVE-20180430-0002: mpatch: protect against underflow in
mpatch_apply]
+CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1 mishandles integer addition
and ...)
+ {DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
@@ -3248,7 +3317,8 @@ CVE-2018-13347 [OVE-20180430-0002: mpatch: protect
against underflow in mpatch_a
NOTE: see
https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
NOTE: upstream proposes we use OVE-20180430-0002 to cover all undefined
behavior
NOTE: cases which the 6 patches fix
-CVE-2018-13348 [OVE-20180430-0001: mpatch: be more careful about parsing
binary patch data]
+CVE-2018-13348 (The mpatch_decode function in mpatch.c in Mercurial before
4.6.1 ...)
+ {DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
@@ -5979,10 +6049,10 @@ CVE-2018-10990 (On Arris Touchstone Telephony Gateway
TG1682G 9.1.103J6 devices,
NOT-FOR-US: Arris Touchstone Telephony Gateway
CVE-2018-10989 (Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices
are ...)
NOT-FOR-US: Arris Touchstone Telephony Gateway
-CVE-2018-10988
- RESERVED
-CVE-2018-10987
- RESERVED
+CVE-2018-10988 (An issue was discovered on Diqee Diqee360 devices. A firmware
update ...)
+ TODO: check
+CVE-2018-10987 (An issue was discovered on Dongguan Diqee Diqee360 devices.
The ...)
+ TODO: check
CVE-2018-10986
RESERVED
CVE-2018-10985
@@ -7094,7 +7164,7 @@ CVE-2018-10551
CVE-2018-10550 (In Octopus Deploy before 2018.4.7, target and tenant tag
variable ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-10549 (An issue was discovered in PHP before 5.6.36, 7.0.x before
7.0.30, ...)
- {DLA-1397-1}
+ {DSA-4240-1 DLA-1397-1}
- php7.2 <unfixed>
- php7.1 <unfixed>
- php7.0 <unfixed>
@@ -7103,7 +7173,7 @@ CVE-2018-10549 (An issue was discovered in PHP before
5.6.36, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76130
CVE-2018-10548 (An issue was discovered in PHP before 5.6.36, 7.0.x before
7.0.30, ...)
- {DLA-1397-1 DLA-1373-1}
+ {DSA-4240-1 DLA-1397-1 DLA-1373-1}
- php7.2 <unfixed>
- php7.1 <unfixed>
- php7.0 <unfixed>
@@ -7111,7 +7181,7 @@ CVE-2018-10548 (An issue was discovered in PHP before
5.6.36, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76248
CVE-2018-10547 (An issue was discovered in ext/phar/phar_object.c in PHP
before 5.6.36, ...)
- {DLA-1397-1 DLA-1373-1}
+ {DSA-4240-1 DLA-1397-1 DLA-1373-1}
- php7.2 <unfixed>
- php7.1 <unfixed>
- php7.0 <unfixed>
@@ -7119,7 +7189,7 @@ CVE-2018-10547 (An issue was discovered in
ext/phar/phar_object.c in PHP before
NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76129
CVE-2018-10546 (An issue was discovered in PHP before 5.6.36, 7.0.x before
7.0.30, ...)
- {DLA-1397-1}
+ {DSA-4240-1 DLA-1397-1}
- php7.2 <unfixed>
- php7.1 <unfixed>
- php7.0 <unfixed>
@@ -7128,7 +7198,7 @@ CVE-2018-10546 (An issue was discovered in PHP before
5.6.36, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76249
CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before
7.0.29, ...)
- {DLA-1397-1 DLA-1373-1}
+ {DSA-4240-1 DLA-1397-1 DLA-1373-1}
- php7.2 7.2.4-1
- php7.1 7.1.16-1
- php7.0 7.0.29-1
@@ -8493,10 +8563,10 @@ CVE-2018-10019
RESERVED
CVE-2018-9999 (In Zulip Server versions before 1.7.2, there was an XSS issue
with user ...)
- zulip-server <itp> (bug #800052)
-CVE-2018-9998
- RESERVED
-CVE-2018-9997
- RESERVED
+CVE-2018-9998 (Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before ...)
+ TODO: check
+CVE-2018-9997 (Cross-site scripting (XSS) vulnerability in mail compose in ...)
+ TODO: check
CVE-2018-9996 (An issue was discovered in cplus-dem.c in GNU libiberty, as ...)
- binutils <unfixed> (low)
[stretch] - binutils <ignored> (Minor issue)
@@ -11732,8 +11802,8 @@ CVE-2016-10716 (The Mail.ru Calendar plugin before
2.5.0.61 for Atlassian Jira h
NOT-FOR-US: Atlassian Jira plugin
CVE-2016-10715 (The Artezio Kanban Board plugin 1.4 revision 1914 for
Atlassian Jira ...)
NOT-FOR-US: Atlassian Jira plugin
-CVE-2018-8738
- RESERVED
+CVE-2018-8738 (Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
...)
+ TODO: check
CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored
XSS within ...)
NOT-FOR-US: Bookme Control Panel Application
CVE-2018-8736 (A privilege escalation vulnerability in Nagios XI 5.2.x through
5.4.x ...)
@@ -13038,7 +13108,7 @@ CVE-2018-8111 (A remote code execution vulnerability
exists when Microsoft Edge
CVE-2018-8110 (A remote code execution vulnerability exists when Microsoft
Edge ...)
NOT-FOR-US: Microsoft
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect
Access Control ...)
- {DLA-1331-1}
+ {DLA-1414-1 DLA-1331-1}
- mercurial 4.5.2-1 (bug #892964)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1 (4.5.2)
@@ -13282,8 +13352,8 @@ CVE-2018-8048 (In the Loofah gem through 2.2.0 for
Ruby, non-whitelisted HTML ..
NOTE:
https://github.com/flavorjones/loofah/commit/56e95a6696b1e17a242eb8ebbbab64d613c4f1fe
CVE-2018-8047
RESERVED
-CVE-2018-8046
- RESERVED
+CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6
before ...)
+ TODO: check
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a
variable ...)
NOT-FOR-US: Joomla
CVE-2018-8044
@@ -14578,7 +14648,7 @@ CVE-2017-18212 (An issue was discovered in JerryScript
1.0. There is a heap-base
CVE-2018-7585
RESERVED
CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through
7.1.14, and ...)
- {DLA-1397-1 DLA-1326-1}
+ {DSA-4240-1 DLA-1397-1 DLA-1326-1}
- php7.2 7.2.3-1
- php7.1 7.1.15-1
- php7.0 7.0.28-1
@@ -32842,7 +32912,7 @@ CVE-2017-17459 (http_transport.c in Fossil before 2.4,
when the SSH sync protoco
[wheezy] - fossil <no-dsa> (Minor issue)
NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c
CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially
malformed ...)
- {DLA-1224-1}
+ {DLA-1414-1 DLA-1224-1}
- mercurial 4.4.1-1
NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730
NOTE:
https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
@@ -37774,8 +37844,7 @@ CVE-2017-16818 (RADOS Gateway in Ceph 12.1.0 through
12.2.1 allows remote ...)
NOTE:
https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
CVE-2017-16817
RESERVED
-CVE-2017-16816 [A user can cause the condor_schedd to crash by submitting a
job designed for that purpose]
- RESERVED
+CVE-2017-16816 (The condor_schedd component in HTCondor before 8.6.8 and 8.7.x
before ...)
- condor 8.6.8~dfsg.1-1
[stretch] - condor <not-affected> (VOMS support disabled)
[jessie] - condor <no-dsa> (Minor issue)
@@ -59743,7 +59812,7 @@ CVE-2017-9449 (SQL injection vulnerability in BigTree
CMS through 4.2.18 allows
CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS
through ...)
NOT-FOR-US: BigTree CMS
CVE-2017-9462 (In Mercurial before 4.1.3, "hg serve --stdio" allows
remote ...)
- {DLA-1005-1}
+ {DLA-1414-1 DLA-1005-1}
- mercurial 4.3.1-1 (bug #861243)
[stretch] - mercurial 4.0-1+deb9u1
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/524832ad62b90a109df4f7877d0b7d3ac6e52a9e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/524832ad62b90a109df4f7877d0b7d3ac6e52a9e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
