Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6675d42 by security tracker role at 2018-07-15T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-14079
+ RESERVED
+CVE-2018-14078
+ RESERVED
+CVE-2018-14077
+ RESERVED
+CVE-2018-14076
+ RESERVED
+CVE-2018-14075
+ RESERVED
+CVE-2018-14074
+ RESERVED
+CVE-2018-14073 (libsixel 1.8.1 has a memory leak in sixel_allocator_new in
allocator.c. ...)
+ TODO: check
+CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in
decoder.c, ...)
+ TODO: check
+CVE-2018-14071
+ RESERVED
+CVE-2018-14070
+ RESERVED
+CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF
vulnerability ...)
+ TODO: check
+CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF
vulnerability ...)
+ TODO: check
+CVE-2018-14067
+ RESERVED
+CVE-2018-14066 (The content://wappush content provider in ...)
+ TODO: check
+CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
+ TODO: check
+CVE-2018-14064 (The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera
devices ...)
+ TODO: check
+CVE-2018-14063 (The increaseApproval function of a smart contract
implementation for ...)
+ TODO: check
+CVE-2018-14062
+ RESERVED
CVE-2018-14061
RESERVED
CVE-2018-14060 (OS command injection in the AP mode settings feature in
/cgi-bin/luci ...)
@@ -9,10 +45,12 @@ CVE-2018-14058
CVE-2018-14057
RESERVED
CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted
lines coming ...)
+ {DLA-1427-1}
- znc <unfixed> (bug #903787)
NOTE:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
NOTE:
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../
in a web ...)
+ {DLA-1427-1}
- znc <unfixed> (bug #903788)
NOTE:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
CVE-2018-14053
@@ -8065,6 +8103,7 @@ CVE-2018-10852 (The UNIX pipe which sudo uses to contact
SSSD and read the avail
CVE-2018-10851
RESERVED
CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to
a race ...)
+ {DLA-1428-1}
- 389-ds-base <unfixed> (bug #903501)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588056
NOTE: https://pagure.io/389-ds-base/c/8f04487f99a
@@ -35375,6 +35414,7 @@ CVE-2018-1091 (In the flush_tmregs_to_thread function
in arch/powerpc/kernel/ptr
CVE-2018-1090 (In Pulp before version 2.16.2, secrets are passed into
override_config ...)
NOT-FOR-US: Pulp (Red Hat)
CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not
...)
+ {DLA-1428-1}
- 389-ds-base 1.3.8.2-1 (bug #898138)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/07/2
CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot
...)
@@ -35568,6 +35608,7 @@ CVE-2018-1056 [heap buffer overflow while running
advzip]
CVE-2018-1055
REJECTED
CVE-2018-1054 (An out-of-bounds memory read flaw was found in the way
389-ds-base ...)
+ {DLA-1428-1}
- 389-ds-base 1.3.7.10-1 (bug #892124)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1537314
NOTE: https://pagure.io/389-ds-base/issue/49545
@@ -37332,6 +37373,7 @@ CVE-2018-0619
RESERVED
CVE-2018-0618
RESERVED
+ {DSA-4246-1}
- mailman 1:2.1.27-1
NOTE:
https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
NOTE: https://launchpad.net/mailman/+milestone/2.1.27
@@ -44441,6 +44483,7 @@ CVE-2017-15135 (It was found that 389-ds-base since
1.3.6.1 up to and including
- 389-ds-base 1.3.7.9-1 (bug #888451)
[jessie] - 389-ds-base <not-affected> (vulnerable code (patch for
CVE-2016-5405) not applied)
CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base
1.3.6.x ...)
+ {DLA-1428-1}
- 389-ds-base 1.3.7.9-1 (bug #888452)
NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9
CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4.
A remote ...)
@@ -139768,6 +139811,7 @@ CVE-2015-1855 [OpenSSL extension hostname matching
implementation violates RFC 6
NOTE: https://bugs.ruby-lang.org/issues/9644
NOTE:
https://github.com/ruby/openssl/commit/e9a7bcb8bf2902f907c148a00bbcf21d3fa79596
CVE-2015-1854 (389 Directory Server before 1.3.3.10 allows attackers to bypass
...)
+ {DLA-1428-1}
- 389-ds-base 1.3.3.10-1 (bug #783923)
NOTE: Patch applied to CentOS package:
https://git.centos.org/raw/rpms!389-ds-base.git!/309aa9ee631432d72c845f70df2ce6475055423b/SOURCES!0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch
CVE-2015-1853 [authentication doesn't protect symmetric associations against
DoS attacks]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6675d42fc594b655795dd6631d676ddbcd137ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6675d42fc594b655795dd6631d676ddbcd137ae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
