[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 17 Aug 2018 01:11:05 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cfb057d5 by security tracker role at 2018-08-17T08:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -533,8 +533,8 @@ CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox 
Smart Home Controller B
        NOT-FOR-US: Zipato
 CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home 
Controller ...)
        NOT-FOR-US: Zipato
-CVE-2018-15122
-       RESERVED
+CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 
2018.1.323.2 ...)
+       TODO: check
 CVE-2018-15121
        RESERVED
 CVE-2018-15120
@@ -1882,8 +1882,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream 
inspection upon a TCP RST
        [stretch] - suricata <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
        NOTE: https://redmine.openinfosecfoundation.org/issues/2501
-CVE-2018-14567
-       RESERVED
+CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers 
to ...)
        - libxml2 <unfixed>
        [stretch] - libxml2 <postponed> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
@@ -4565,8 +4564,8 @@ CVE-2018-13448 (SQL injection vulnerability in 
product/card.php in Dolibarr ERP/
 CVE-2018-13447 (SQL injection vulnerability in product/card.php in Dolibarr 
ERP/CRM ...)
        - dolibarr <removed>
        NOTE: 
https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
-CVE-2018-13446
-       RESERVED
+CVE-2018-13446 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
+       TODO: check
 CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF 
vulnerability ...)
        NOT-FOR-US: SeaCMS
 CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF 
vulnerability ...)
@@ -4591,10 +4590,10 @@ CVE-2018-13437
        RESERVED
 CVE-2018-13436
        RESERVED
-CVE-2018-13435
-       RESERVED
-CVE-2018-13434
-       RESERVED
+CVE-2018-13435 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
+       TODO: check
+CVE-2018-13434 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
+       TODO: check
 CVE-2018-13433 (Boostnote v0.11.7 allows XSS during highlighting of Markdown 
text, as ...)
        NOT-FOR-US: Boostnote
 CVE-2018-13432
@@ -7687,8 +7686,8 @@ CVE-2018-12258 (An issue was discovered on Momentum Axel 
720P 5.1.8 devices. Cus
        NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
 CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. 
There is ...)
        NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
-CVE-2018-12256
-       RESERVED
+CVE-2018-12256 (admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 
allows remote ...)
+       TODO: check
 CVE-2018-12255 (An XSS issue was discovered in InvoicePlane 1.5.10 via the 
&quot;Quote PDF ...)
        NOT-FOR-US: InvoicePlane
 CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 
component for ...)
@@ -9557,12 +9556,12 @@ CVE-2018-11513
        RESERVED
 CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the 
&quot;Website's name&quot; ...)
        NOT-FOR-US: wityCMS
-CVE-2018-11511
-       RESERVED
+CVE-2018-11511 (The tree list functionality in the photo gallery application 
in ...)
+       TODO: check
 CVE-2018-11510 (ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default 
root:admin ...)
        NOT-FOR-US: ASUSTOR
-CVE-2018-11509
-       RESERVED
+CVE-2018-11509 (ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin 
username and ...)
+       TODO: check
 CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux 
kernel ...)
        - linux 4.16.12-1
        [stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -49857,7 +49856,7 @@ CVE-2017-14635 (In Open Ticket Request System (OTRS) 
3.3.x before 3.3.18, 4.x be
        NOTE: 
https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5 
(rel-3_3)
        NOTE: 
https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/
 CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the 
Horde_Image ...)
-       {DLA-1395-1}
+       {DSA-4276-1 DLA-1395-1}
        - php-horde-image 2.5.2-1 (bug #876400)
        NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2
        NOTE: 
https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
@@ -64179,12 +64178,13 @@ CVE-2017-9775 (Stack buffer overflow in GfxState.cc 
in pdftocairo in Poppler bef
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540
        NOTE: Fixed by: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9
 CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 
via a ...)
-       {DLA-1395-1}
+       {DSA-4276-1 DLA-1395-1}
        - php-horde-image 2.5.1-1 (bug #865505)
        NOTE: https://lists.horde.org/archives/announce/2017/001234.html
        NOTE: 
https://github.com/horde/horde/commit/01a11ccd37149101d67e0b20261fa48ab07dae13
        NOTE: Regression in upstream patch, fixing in 
https://github.com/horde/Image/pull/1
 CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via 
a ...)
+       {DSA-4276-1}
        - php-horde-image 2.5.1-1 (bug #865504)
        [jessie] - php-horde-image <not-affected> (Only Horde_Image above 2.3.0 
affected)
        NOTE: https://lists.horde.org/archives/announce/2017/001234.html
@@ -92344,13 +92344,11 @@ CVE-2016-9600 (JasPer before version 2.0.10 is 
vulnerable to a null pointer ...)
        NOTE: Not suitable for code injection, hardly denial of service
 CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an 
...)
        NOT-FOR-US: puppet-tripleo
-CVE-2016-9598 [out-of-bounds read]
-       RESERVED
+CVE-2016-9598 (libxml2, as used in Red Hat JBoss Core Services, allows ...)
        - libxml2 <not-affected> (Red Hat specific security regressions)
 CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum 
RHSA-2016:2957 ...)
        - libxml2 <not-affected> (Red Hat specific security regressions)
-CVE-2016-9596 [stack exhaustion while parsing xml files in recovery mode]
-       RESERVED
+CVE-2016-9596 (libxml2, as used in Red Hat JBoss Core Services and when in 
recovery ...)
        - libxml2 <not-affected> (Red Hat specific security regressions)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769658
 CVE-2016-9595 (A flaw was found in katello-debug before 3.4.0 where certain 
scripts ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfb057d50633a271db0082576e0c8f383031a800

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfb057d50633a271db0082576e0c8f383031a800
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to