[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 11 Sep 2018 01:10:45 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
280655d4 by security tracker role at 2018-09-11T08:10:12Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2018-16831
+       RESERVED
+CVE-2018-16830
+       RESERVED
+CVE-2018-16829
+       RESERVED
+CVE-2018-16828
+       RESERVED
+CVE-2018-16827
+       RESERVED
+CVE-2018-16826
+       RESERVED
+CVE-2018-16825
+       RESERVED
+CVE-2018-16824
+       RESERVED
+CVE-2018-16823
+       RESERVED
+CVE-2018-16822
+       RESERVED
+CVE-2018-16821
+       RESERVED
+CVE-2018-16820
+       RESERVED
+CVE-2018-16819
+       RESERVED
+CVE-2018-16818
+       RESERVED
+CVE-2018-16817
+       RESERVED
+CVE-2018-16816
+       RESERVED
+CVE-2018-16815
+       RESERVED
+CVE-2018-16814
+       RESERVED
+CVE-2018-16813
+       RESERVED
+CVE-2018-16812
+       RESERVED
+CVE-2018-16811
+       RESERVED
+CVE-2018-16810
+       RESERVED
+CVE-2018-16809
+       RESERVED
+CVE-2018-16808
+       RESERVED
+CVE-2018-16807 (In Bro through 2.5.5, there is a memory leak potentially 
leading to DoS ...)
+       TODO: check
+CVE-2018-16806 (A Pektron Passive Keyless Entry and Start (PKES) system, as 
used on the ...)
+       TODO: check
+CVE-2018-16805 (In b3log Solo 2.9.3, XSS in the Input page under the Publish 
Articles ...)
+       TODO: check
 CVE-2018-16804
        RESERVED
 CVE-2018-16803
@@ -10,7 +64,7 @@ CVE-2018-16799
        RESERVED
 CVE-2018-16798
        RESERVED
-CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 
1.8.7556 ...)
+CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 
1.7.8556 ...)
        NOT-FOR-US: PotPlayer
 CVE-2018-16796
        RESERVED
@@ -835,6 +889,7 @@ CVE-2018-16432 (BlueCMS 1.6 allows SQL Injection via the 
user_name parameter to
 CVE-2018-16431 (admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an 
...)
        NOT-FOR-US: YFCMF
 CVE-2018-16430 (GNU Libextractor through 1.7 has an out-of-bounds read 
vulnerability in ...)
+       {DSA-4290-1}
        - libextractor <unfixed> (bug #907987)
        NOTE: https://gnunet.org/bugs/view.php?id=5405
        NOTE: 
https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7
@@ -6078,13 +6133,13 @@ CVE-2018-14348 (libcgroup up to and including 0.41 
creates /var/log/cgred with m
        NOTE: 
https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
        NOTE: cgred not enabled by default, shipped example config logs to 
syslog by default
 CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop 
vulnerability in ...)
-       {DLA-1478-1}
+       {DSA-4290-1 DLA-1478-1}
        - libextractor <unfixed> (bug #904905)
        NOTE: 
http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html
        NOTE: https://gnunet.org/bugs/view.php?id=5399
        NOTE: 
https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
 CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow 
in ...)
-       {DLA-1478-1}
+       {DSA-4290-1 DLA-1478-1}
        - libextractor <unfixed> (bug #904903)
        NOTE: 
http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html
        NOTE: 
https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
@@ -12453,8 +12508,7 @@ CVE-2018-11777
 CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer 
from ...)
        - libstruts1.2-java <not-affected> (Specific to 2.x)
        NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
-CVE-2018-11775 [Missing TLS Hostname Verification]
-       RESERVED
+CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ 
Client before ...)
        - activemq <unfixed>
        NOTE: 
http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
@@ -34407,8 +34461,8 @@ CVE-2018-3877
        RESERVED
 CVE-2018-3876
        RESERVED
-CVE-2018-3875
-       RESERVED
+CVE-2018-3875 (An exploitable buffer overflow vulnerability exists in the 
credentials ...)
+       TODO: check
 CVE-2018-3874
        RESERVED
 CVE-2018-3873



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/280655d47f210d4d709f9470d8784d7c4208e8fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/280655d47f210d4d709f9470d8784d7c4208e8fd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to