Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb63d911 by Moritz Muehlenhoff at 2018-09-25T20:27:11Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -181,35 +181,27 @@ CVE-2018-17440
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There
is a ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
- TODO: check
CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of
...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
- TODO: check
CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in
H5Odtype.c in ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
- TODO: check
CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3
library ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
- TODO: check
CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in
H5Oattr.c in the ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
- TODO: check
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of
...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
- TODO: check
CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in
gifread.c in the ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
- TODO: check
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in
H5Osdspace.c in ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
- TODO: check
CVE-2018-17431
RESERVED
CVE-2018-17430
@@ -436,17 +428,17 @@ CVE-2018-17324
CVE-2018-17323
RESERVED
CVE-2018-17322 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: YUNUCMS
CVE-2018-17321 (An issue was discovered in SeaCMS 6.64. XSS exists in ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2018-17320 (An issue was discovered in UCMS 1.4.6. aaddpost.php has stored
XSS via ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2018-17319
RESERVED
CVE-2018-17318
RESERVED
CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: FruityWifi
CVE-2018-17316
RESERVED
CVE-2018-17315
@@ -620,7 +612,6 @@ CVE-2018-17238
CVE-2018-17237 (A SIGFPE signal is raised in the function
H5D__chunk_set_info_real() of ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero
- TODO: check
CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0
internally ...)
- mp4v2 <unfixed> (bug #909277)
[stretch] - mp4v2 <no-dsa> (Minor issue)
@@ -634,11 +625,9 @@ CVE-2018-17235 (The function
mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in
H5Ocache.c in ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
- TODO: check
CVE-2018-17233 (A SIGFPE signal is raised in the function ...)
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
- TODO: check
CVE-2018-17232 (SQL injection vulnerability in archivebot.py in docmarionum1
Slack ...)
NOT-FOR-US: docmarionum1 Slack ArchiveBot (slack-archive-bot)
CVE-2018-17231 (** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might
allow ...)
@@ -772,9 +761,9 @@ CVE-2018-17175 (In the marshmallow library before 2.15.1
and 3.x before 3.0.0b9
- python-marshmallow 3.0.0b14-1 (bug #909140)
NOTE: https://github.com/marshmallow-code/marshmallow/issues/772
CVE-2018-17174 (A stack-based buffer overflow was discovered in the xtimor
NMEA ...)
- TODO: check
+ NOT-FOR-US: nmealib
CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary
code via ...)
- TODO: check
+ NOT-FOR-US: LG SuperSign CMS
CVE-2018-17172
RESERVED
CVE-2018-17171
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb63d911b3124adb0c52c0c965fe72bd53d1a101
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb63d911b3124adb0c52c0c965fe72bd53d1a101
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
