[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
904d667a by security tracker role at 2018-09-17T20:10:30Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go 
mishandles ...)
+       TODO: check
+CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go 
mishandles ...)
+       TODO: check
+CVE-2018-17141
+       RESERVED
 CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to 
Stored XSS ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which 
leads to ...)
@@ -5934,8 +5940,8 @@ CVE-2018-14632 (An out of bound write can occur when 
patching an Openshift objec
        NOT-FOR-US: OpenShift
 CVE-2018-14631
        RESERVED
-CVE-2018-14630
-       RESERVED
+CVE-2018-14630 (moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is 
vulnerable to an ...)
+       TODO: check
 CVE-2018-14629
        RESERVED
 CVE-2018-14628
@@ -6966,8 +6972,7 @@ CVE-2018-14322
        RESERVED
 CVE-2018-14321
        RESERVED
-CVE-2018-14320 [PoDoFo Library ParseToUnicode Memory Corruption Information 
Disclosure Vulnerability]
-       RESERVED
+CVE-2018-14320 (This vulnerability allows remote attackers to disclose 
sensitive ...)
        - libpodofo <unfixed>
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-18-1046/
 CVE-2018-14319
@@ -13239,12 +13244,10 @@ CVE-2018-11783
        RESERVED
 CVE-2018-11782
        RESERVED
-CVE-2018-11781 [local user code injection in the meta rule syntax]
-       RESERVED
+CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in 
the ...)
        - spamassassin <unfixed> (bug #908971)
        NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
-CVE-2018-11780 [potential remote code execution bug with the PDFInfo plugin]
-       RESERVED
+CVE-2018-11780 (A potential Remote Code Execution bug exists with the PDFInfo 
plugin ...)
        - spamassassin <unfixed> (bug #908970)
        NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
 CVE-2018-11779
@@ -15182,12 +15185,12 @@ CVE-2018-11090 (An XSS issue was discovered in MyBiz 
MyProcureNet 5.0.0. This ..
        NOT-FOR-US: MyBiz MyProcureNet
 CVE-2018-11089
        RESERVED
-CVE-2018-11088
-       RESERVED
+CVE-2018-11088 (Pivotal Applications Manager in Pivotal Application Service, 
versions ...)
+       TODO: check
 CVE-2018-11087 (Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x 
versions ...)
        TODO: check
-CVE-2018-11086
-       RESERVED
+CVE-2018-11086 (Pivotal Usage Service in Pivotal Application Service, versions 
2.0 ...)
+       TODO: check
 CVE-2018-11085
        REJECTED
 CVE-2018-11084
@@ -22955,8 +22958,7 @@ CVE-2018-8043 (The unimac_mdio_probe function in 
drivers/net/phy/mdio-bcm-unimac
        NOTE: Negligable security impact, only enabled on armhf
 CVE-2018-8042 (Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop 
credential ...)
        NOT-FOR-US: Apache Ambari
-CVE-2018-8041
-       RESERVED
+CVE-2018-8041 (Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 
2.21.1 and ...)
        NOT-FOR-US: Apache Camel Mail component
 CVE-2018-8040 (Pages that are rendered using the ESI plugin can have access to 
the ...)
        {DSA-4282-1}
@@ -43108,8 +43110,8 @@ CVE-2018-1225
        REJECTED
 CVE-2018-1224
        REJECTED
-CVE-2018-1223
-       RESERVED
+CVE-2018-1223 (Cloud Foundry Container Runtime (kubo-release), versions prior 
to ...)
+       TODO: check
 CVE-2018-1222
        RESERVED
 CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 
0.172.0, the ...)
@@ -43161,8 +43163,8 @@ CVE-2018-1199 (Spring Security (Spring Security 4.1.x 
before 4.1.5, 4.2.x before
        [wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade)
        - libspring-security-java <itp> (bug #582181)
        NOTE: https://pivotal.io/security/cve-2018-1199
-CVE-2018-1198
-       RESERVED
+CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a 
superuser ...)
+       TODO: check
 CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running 
inside ...)
        NOT-FOR-US: Windows Stemcells
 CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used 
to ...)
@@ -51156,8 +51158,7 @@ CVE-2017-15706 (As part of the fix for bug 61201, the 
documentation for Apache T
        NOTE: https://svn.apache.org/r1814826 (8.5.x)
        NOTE: Introduced by fix for 
https://bz.apache.org/bugzilla/show_bug.cgi?id=61201
        NOTE: 
https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E
-CVE-2017-15705 [denial of service vulnerability]
-       RESERVED
+CVE-2017-15705 (A denial of service vulnerability was identified that exists 
in Apache ...)
        - spamassassin <unfixed> (bug #908969)
        NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
 CVE-2017-15704
@@ -55160,8 +55161,8 @@ CVE-2017-14445 (An exploitable buffer overflow 
vulnerability exists in Insteon H
        NOT-FOR-US: Insteon Hub
 CVE-2017-14444 (An exploitable buffer overflow vulnerability exists in Insteon 
Hub ...)
        NOT-FOR-US: Insteon Hub
-CVE-2017-14443
-       RESERVED
+CVE-2017-14443 (An exploitable information leak vulnerability exists in 
Insteon Hub ...)
+       TODO: check
 CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP 
image ...)
        {DSA-4184-1 DSA-4177-1 DLA-1341-1}
        - libsdl2-image 2.0.3+dfsg1-1
@@ -90833,8 +90834,8 @@ CVE-2017-2876
        RESERVED
 CVE-2017-2875
        RESERVED
-CVE-2017-2874
-       RESERVED
+CVE-2017-2874 (An information disclosure vulnerability exists in the 
Multi-Camera ...)
+       TODO: check
 CVE-2017-2873
        RESERVED
 CVE-2017-2872
@@ -91114,8 +91115,8 @@ CVE-2017-2779 (An exploitable memory corruption 
vulnerability exists in the RSRC
        NOT-FOR-US: Labview
 CVE-2017-2778
        RESERVED
-CVE-2017-2777
-       RESERVED
+CVE-2017-2777 (An exploitable heap overflow vulnerability exists in the ...)
+       TODO: check
 CVE-2017-2776
        RESERVED
 CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the 
...)
@@ -99141,8 +99142,8 @@ CVE-2016-9047
        RESERVED
 CVE-2016-9046
        RESERVED
-CVE-2016-9045
-       RESERVED
+CVE-2016-9045 (A code execution vulnerability exists in ProcessMaker 
Enterprise Core ...)
+       TODO: check
 CVE-2016-9044 (An exploitable command execution vulnerability exists in 
Information ...)
        TODO: check
 CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/904d667aefc7a783260eff0b2f9f7ae0e7dc48d8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/904d667aefc7a783260eff0b2f9f7ae0e7dc48d8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits