[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 08 Sep 2018 13:11:07 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cfd36119 by security tracker role at 2018-09-08T20:10:31Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2018-16735
+       RESERVED
+CVE-2018-16734
+       RESERVED
+CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in ...)
+       TODO: check
+CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF 
via ...)
+       TODO: check
+CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding 
the php ...)
+       TODO: check
+CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the 
site name. ...)
+       TODO: check
+CVE-2018-16729
+       RESERVED
+CVE-2018-16728
+       RESERVED
+CVE-2018-16727
+       RESERVED
+CVE-2018-16726
+       RESERVED
+CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...)
+       TODO: check
+CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection 
exists via ...)
+       TODO: check
+CVE-2018-16723
+       RESERVED
+CVE-2018-16722
+       RESERVED
+CVE-2018-16721
+       RESERVED
+CVE-2018-16720
+       RESERVED
+CVE-2018-16719
+       RESERVED
+CVE-2018-16718
+       RESERVED
+CVE-2018-16717
+       RESERVED
+CVE-2018-16716
+       RESERVED
+CVE-2018-16715 (An issue was discovered in Absolute Software CTES Windows 
Agent through ...)
+       TODO: check
 CVE-2018-16714
        RESERVED
 CVE-2018-16713
@@ -4996,7 +5038,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem 
of the Linux kernel bef
        NOTE: 
https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
        NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
 CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun 
in the ...)
-       {DSA-4286-1}
+       {DSA-4286-1 DLA-1498-1}
        - curl <unfixed> (bug #908327)
        NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
        NOTE: https://github.com/curl/curl/issues/2756
@@ -10307,6 +10349,7 @@ CVE-2018-12497
 CVE-2018-12496
        RESERVED
 CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in 
DISCOUNT ...)
+       {DLA-1499-1}
        - discount 2.2.4-1 (bug #901912)
        NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
        NOTE: Fixed by 
https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
@@ -13008,11 +13051,13 @@ CVE-2018-11506 (The sr_do_ioctl function in 
drivers/scsi/sr_ioctl.c in the Linux
 CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows 
attackers to ...)
        NOT-FOR-US: Werewolf Online application for Android
 CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 
2.2.3a ...)
+       {DLA-1499-1}
        - discount 2.2.4-1 (bug #901912)
        NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
        NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
        NOTE: Fixed by 
https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
 CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in 
DISCOUNT ...)
+       {DLA-1499-1}
        - discount 2.2.4-1 (bug #901912)
        NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
        NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
@@ -13106,6 +13151,7 @@ CVE-2018-11469 (Incorrect caching of responses to 
requests including an Authoriz
        [jessie] - haproxy <not-affected> (Issue introduced in 1.8.0)
        NOTE: 
https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06
 CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in 
DISCOUNT ...)
+       {DLA-1499-1}
        - discount 2.2.4-1 (bug #901912)
        NOTE: https://github.com/Orc/discount/issues/189
        NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfd36119e2c4232ef92298169d3afa914fc1157a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfd36119e2c4232ef92298169d3afa914fc1157a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to