Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cfb057d5 by security tracker role at 2018-08-17T08:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -533,8 +533,8 @@ CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox Smart Home Controller B NOT-FOR-US: Zipato CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home Controller ...) NOT-FOR-US: Zipato -CVE-2018-15122 - RESERVED +CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 2018.1.323.2 ...) + TODO: check CVE-2018-15121 RESERVED CVE-2018-15120 @@ -1882,8 +1882,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST [stretch] - suricata <no-dsa> (Minor issue) NOTE: https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345 NOTE: https://redmine.openinfosecfoundation.org/issues/2501 -CVE-2018-14567 - RESERVED +CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to ...) - libxml2 <unfixed> [stretch] - libxml2 <postponed> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet) @@ -4565,8 +4564,8 @@ CVE-2018-13448 (SQL injection vulnerability in product/card.php in Dolibarr ERP/ CVE-2018-13447 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ...) - dolibarr <removed> NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb -CVE-2018-13446 - RESERVED +CVE-2018-13446 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line ...) + TODO: check CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability ...) NOT-FOR-US: SeaCMS CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability ...) @@ -4591,10 +4590,10 @@ CVE-2018-13437 RESERVED CVE-2018-13436 RESERVED -CVE-2018-13435 - RESERVED -CVE-2018-13434 - RESERVED +CVE-2018-13435 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line ...) + TODO: check +CVE-2018-13434 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line ...) + TODO: check CVE-2018-13433 (Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as ...) NOT-FOR-US: Boostnote CVE-2018-13432 @@ -7687,8 +7686,8 @@ CVE-2018-12258 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. Cus NOT-FOR-US: Momentum Axel 720P 5.1.8 devices CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is ...) NOT-FOR-US: Momentum Axel 720P 5.1.8 devices -CVE-2018-12256 - RESERVED +CVE-2018-12256 (admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote ...) + TODO: check CVE-2018-12255 (An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF ...) NOT-FOR-US: InvoicePlane CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for ...) @@ -9557,12 +9556,12 @@ CVE-2018-11513 RESERVED CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the "Website's name" ...) NOT-FOR-US: wityCMS -CVE-2018-11511 - RESERVED +CVE-2018-11511 (The tree list functionality in the photo gallery application in ...) + TODO: check CVE-2018-11510 (ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin ...) NOT-FOR-US: ASUSTOR -CVE-2018-11509 - RESERVED +CVE-2018-11509 (ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and ...) + TODO: check CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux kernel ...) - linux 4.16.12-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -49857,7 +49856,7 @@ CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x be NOTE: https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5 (rel-3_3) NOTE: https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Horde_Image ...) - {DLA-1395-1} + {DSA-4276-1 DLA-1395-1} - php-horde-image 2.5.2-1 (bug #876400) NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2 NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b @@ -64179,12 +64178,13 @@ CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler bef NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9 CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...) - {DLA-1395-1} + {DSA-4276-1 DLA-1395-1} - php-horde-image 2.5.1-1 (bug #865505) NOTE: https://lists.horde.org/archives/announce/2017/001234.html NOTE: https://github.com/horde/horde/commit/01a11ccd37149101d67e0b20261fa48ab07dae13 NOTE: Regression in upstream patch, fixing in https://github.com/horde/Image/pull/1 CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via a ...) + {DSA-4276-1} - php-horde-image 2.5.1-1 (bug #865504) [jessie] - php-horde-image <not-affected> (Only Horde_Image above 2.3.0 affected) NOTE: https://lists.horde.org/archives/announce/2017/001234.html @@ -92344,13 +92344,11 @@ CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer ...) NOTE: Not suitable for code injection, hardly denial of service CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an ...) NOT-FOR-US: puppet-tripleo -CVE-2016-9598 [out-of-bounds read] - RESERVED +CVE-2016-9598 (libxml2, as used in Red Hat JBoss Core Services, allows ...) - libxml2 <not-affected> (Red Hat specific security regressions) CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 ...) - libxml2 <not-affected> (Red Hat specific security regressions) -CVE-2016-9596 [stack exhaustion while parsing xml files in recovery mode] - RESERVED +CVE-2016-9596 (libxml2, as used in Red Hat JBoss Core Services and when in recovery ...) - libxml2 <not-affected> (Red Hat specific security regressions) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769658 CVE-2016-9595 (A flaw was found in katello-debug before 3.4.0 where certain scripts ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfb057d50633a271db0082576e0c8f383031a800 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfb057d50633a271db0082576e0c8f383031a800 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits