[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 27 Sep 2018 13:12:02 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b9c4ee5e by security tracker role at 2018-09-27T20:10:50Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -332,9 +332,9 @@ CVE-2018-17406
        RESERVED
 CVE-2018-17405
        RESERVED
-CVE-2018-17404 (** DISPUTED ** The SBIbuddy (aka com.sbi.erupee) application 
1.41 and ...)
+CVE-2018-17404 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 
for ...)
        NOT-FOR-US: SBIbuddy application
-CVE-2018-17403 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 
through ...)
+CVE-2018-17403 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) 
application ...)
        NOT-FOR-US: PhonePe wallet application
 CVE-2018-17402 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) 
application ...)
        NOT-FOR-US: PhonePe wallet application
@@ -603,6 +603,7 @@ CVE-2018-17407 (An issue was discovered in 
t1_check_unusual_charstring functions
        NOTE: Fixed by: 
https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
        NOTE: Introduced in: 
https://github.com/TeX-Live/texlive-source/commit/59cbb8f96b0543c2912d6370ce8021181661e1cf
 CVE-2018-17281 (There is a stack consumption vulnerability in the ...)
+       {DLA-1523-1}
        - asterisk 1:13.23.1~dfsg-1 (bug #909554)
        NOTE: https://downloads.asterisk.org/pub/security/AST-2018-009.html
        NOTE: :https://issues.asterisk.org/jira/browse/ASTERISK-28013
@@ -7219,6 +7220,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream 
inspection upon a TCP RST
        NOTE: 
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
        NOTE: https://redmine.openinfosecfoundation.org/issues/2501
 CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers 
to ...)
+       {DLA-1524-1}
        - libxml2 <unfixed>
        [stretch] - libxml2 <postponed> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
@@ -7642,6 +7644,7 @@ CVE-2018-14406
 CVE-2018-14405
        RESERVED
 CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the ...)
+       {DLA-1524-1}
        - libxml2 <unfixed> (bug #901817)
        [stretch] - libxml2 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
@@ -21022,6 +21025,7 @@ CVE-2018-9252 (JasPer 2.0.14 allows denial of service 
via a reachable assertion
        NOTE: https://github.com/mdadams/jasper/issues/173
        NOTE: Negligable impact
 CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if 
--with-lzma is ...)
+       {DLA-1524-1}
        - libxml2 <not-affected> (Fix for CVE-2017-18258 not applied, cf. bug 
#895195)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794914
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
@@ -21034,6 +21038,7 @@ CVE-2018-9251 (The xz_decomp function in xzlib.c in 
libxml2 2.9.8, if --with-lzm
        NOTE: Thus CVE-2018-9251 is only affecting libxml2 if 
e2a9122b8dde53d320750451e9907a7dcb2ca8bb
        NOTE: is applied.
 CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows 
remote ...)
+       {DLA-1524-1}
        - libxml2 <unfixed> (bug #895245)
        [stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for 
upstream bug 794914)
        [jessie] - libxml2 <postponed> (Minor issue; wait for upstream fix for 
upstream bug 794914)
@@ -27073,24 +27078,24 @@ CVE-2018-7111
        RESERVED
 CVE-2018-7110
        RESERVED
-CVE-2018-7109
-       RESERVED
-CVE-2018-7108
-       RESERVED
-CVE-2018-7107
-       RESERVED
-CVE-2018-7106
-       RESERVED
-CVE-2018-7105
-       RESERVED
-CVE-2018-7104
-       RESERVED
-CVE-2018-7103
-       RESERVED
-CVE-2018-7102
-       RESERVED
-CVE-2018-7101
-       RESERVED
+CVE-2018-7109 (HPE has addressed a remote arbitrary file modification 
vulnerability ...)
+       TODO: check
+CVE-2018-7108 (HPE StorageWorks XP7 Automation Director (AutoDir) version 
8.5.2-02 to ...)
+       TODO: check
+CVE-2018-7107 (A potential security vulnerability has been identified in HPE 
Device ...)
+       TODO: check
+CVE-2018-7106 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) 
for ...)
+       TODO: check
+CVE-2018-7105 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) 
for ...)
+       TODO: check
+CVE-2018-7104 (A Remote Code Execution vulnerability was identified in HPE ...)
+       TODO: check
+CVE-2018-7103 (A Remote Code Execution vulnerability was identified in HPE ...)
+       TODO: check
+CVE-2018-7102 (A security vulnerability in HPE Intelligent Management Center 
(iMC) ...)
+       TODO: check
+CVE-2018-7101 (A potential remote denial of service security vulnerability has 
been ...)
+       TODO: check
 CVE-2018-7100 (A potential security vulnerability has been identified in HPE 
...)
        NOT-FOR-US: HPE OfficeConnect 1810 Switch Series
 CVE-2018-7099 (A security vulnerability was identified in 3PAR Service 
Processor (SP) ...)
@@ -42114,8 +42119,8 @@ CVE-2018-1822
        RESERVED
 CVE-2018-1821
        RESERVED
-CVE-2018-1820
-       RESERVED
+CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to 
cross-site ...)
+       TODO: check
 CVE-2018-1819
        RESERVED
 CVE-2018-1818
@@ -42282,8 +42287,8 @@ CVE-2018-1738
        RESERVED
 CVE-2018-1737
        RESERVED
-CVE-2018-1736
-       RESERVED
+CVE-2018-1736 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a 
remote ...)
+       TODO: check
 CVE-2018-1735
        RESERVED
 CVE-2018-1734
@@ -42322,8 +42327,8 @@ CVE-2018-1718 (IBM Sterling B2B Integrator Standard 
Edition 5.2.0.1 - 5.2.6.3 is
        NOT-FOR-US: IBM
 CVE-2018-1717
        RESERVED
-CVE-2018-1716
-       RESERVED
+CVE-2018-1716 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to 
...)
+       TODO: check
 CVE-2018-1715 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to 
...)
        NOT-FOR-US: IBM
 CVE-2018-1714
@@ -42434,8 +42439,8 @@ CVE-2018-1662
        RESERVED
 CVE-2018-1661
        RESERVED
-CVE-2018-1660
-       RESERVED
+CVE-2018-1660 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to 
...)
+       TODO: check
 CVE-2018-1659 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 
6.0 ...)
        NOT-FOR-US: IBM
 CVE-2018-1658
@@ -43371,7 +43376,7 @@ CVE-2018-1357
        RESERVED
 CVE-2018-1356
        RESERVED
-CVE-2018-1355 (An open redirect vulnerability in Fortinet FortiManager 6.0.0 
and ...)
+CVE-2018-1355 (An open redirect vulnerability in Fortinet FortiManager 6.0.0, 
5.6.5 ...)
        NOT-FOR-US: Fortinet
 CVE-2018-1354 (An improper access control vulnerability in Fortinet 
FortiManager ...)
        NOT-FOR-US: Fortinet



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9c4ee5e11b8e6894a5ee1d92cbacaa18cd40631

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9c4ee5e11b8e6894a5ee1d92cbacaa18cd40631
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to