[Git][security-tracker-team/security-tracker][master] automatic update

Wed, 08 Aug 2018 13:11:24 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
de85f1e5 by security tracker role at 2018-08-08T20:10:35Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -975,6 +975,7 @@ CVE-2018-1999034 (A man in the middle vulnerability exists 
in Jenkins Inedo ProG
 CVE-2018-1999035 (A man in the middle vulnerability exists in Jenkins Inedo 
BuildMaster ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2018-14767 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP 
message ...)
+       {DSA-4267-1}
        - kamailio 5.1.4-1
        NOTE: https://skalatan.de/blog/advisory-hw-2018-05
        NOTE: 
https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamailio-core/
@@ -1616,8 +1617,7 @@ CVE-2018-14528
        RESERVED
 CVE-2018-14527 (Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS 
protection ...)
        NOT-FOR-US: Xiao5uCompany
-CVE-2018-14526 [Unauthenticated EAPOL-Key decryption in wpa_supplicant]
-       RESERVED
+CVE-2018-14526 (An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 
2.0 ...)
        - wpa <unfixed> (bug #905739)
        [stretch] - wpa <no-dsa> (Minor issue)
        NOTE: 
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
@@ -2013,7 +2013,8 @@ CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 
2.0.0 incorrectly uses 
        [stretch] - mp4v2 <no-dsa> (Minor issue)
        [jessie] - mp4v2 <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
-CVE-2018-14378 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow 
can occur ...)
+CVE-2018-14378
+       REJECTED
        - tiff <unfixed>
        - tiff3 <removed>
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2806
@@ -2021,15 +2022,18 @@ CVE-2018-14377
        RESERVED
 CVE-2018-14376
        RESERVED
-CVE-2018-14375 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow 
...)
+CVE-2018-14375
+       REJECTED
        - tiff <unfixed>
        - tiff3 <removed>
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2803
-CVE-2018-14374 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow 
can occur ...)
+CVE-2018-14374
+       REJECTED
        - tiff <unfixed>
        - tiff3 <removed>
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2802
-CVE-2018-14373 (An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in 
...)
+CVE-2018-14373
+       REJECTED
        - tiff <unfixed>
        - tiff3 <removed>
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2801
@@ -6896,8 +6900,8 @@ CVE-2018-12410
        RESERVED
 CVE-2018-12409
        RESERVED
-CVE-2018-12408
-       RESERVED
+CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s 
TIBCO ...)
+       TODO: check
 CVE-2018-12407
        RESERVED
 CVE-2018-12406
@@ -8465,8 +8469,7 @@ CVE-2018-11771
        RESERVED
 CVE-2018-11770
        RESERVED
-CVE-2018-11769 [Remote Code Execution]
-       RESERVED
+CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the 
database ...)
        - couchdb <removed>
        NOTE: http://www.openwall.com/lists/oss-security/2018/08/08/2
 CVE-2018-11768
@@ -9035,8 +9038,8 @@ CVE-2018-11563
        RESERVED
 CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in ...)
        NOT-FOR-US: MISP
-CVE-2018-11561
-       RESERVED
+CVE-2018-11561 (An integer overflow in the unprotected distributeToken 
function of a ...)
+       TODO: check
 CVE-2018-11560 (The webService binary on Insteon HD IP Camera White 2864-222 
devices ...)
        NOT-FOR-US: Insteon
 CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the 
&quot;/settings/profile/index.php&quot; ...)
@@ -33848,6 +33851,7 @@ CVE-2018-2769 (Vulnerability in the MySQL Server 
component of Oracle MySQL ...)
 CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of 
Oracle ...)
        NOT-FOR-US: Oracle
 CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+       {DLA-1407-1}
        - mariadb-10.2 <removed>
        - mariadb-10.1 1:10.1.34-1
        [stretch] - mariadb-10.1 <postponed> (Wait for next upstream 
security/bugfix release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de85f1e5c41f724b96683e1c8f57ed3760b4d328

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de85f1e5c41f724b96683e1c8f57ed3760b4d328
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to