Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b993be9a by security tracker role at 2018-10-23T08:10:11Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,24 @@
-CVE-2018-18585 [Avoid returning CHM file entries that are "blank" because they
have embedded null bytes]
+CVE-2018-18583 (An issue has been found in LuPng through 2017-03-10. It is a
heap-based ...)
+ TODO: check
+CVE-2018-18582 (An issue has been found in LuPng through 2017-03-10. It is a
heap-based ...)
+ TODO: check
+CVE-2018-18581 (An issue has been found in LuPng through 2017-03-10. It is a
heap-based ...)
+ TODO: check
+CVE-2018-18580
+ RESERVED
+CVE-2018-18579 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php
folder ...)
+ TODO: check
+CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type
parameter. ...)
+ TODO: check
+CVE-2018-18577
+ RESERVED
+CVE-2018-18576
+ RESERVED
+CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before
0.8alpha accepts ...)
- libsmpack <unfixed> (bug #911637)
NOTE:
https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
-CVE-2018-18586 [add anti "../" and leading slash protection to chmextract]
+CVE-2018-18586 (** DISPUTED ** chmextract.c in the chmextract sample program,
as ...)
- libsmpack <unfixed> (unimportant; bug #911639)
NOTE:
https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
@@ -10,7 +26,7 @@ CVE-2018-18586 [add anti "../" and leading slash protection
to chmextract]
NOTE: This sample code is not installed into the binary packages and
was as well
NOTE: never the idea to use it in "productised" binaries, but rather
just simple
NOTE: examples of the library use.
-CVE-2018-18584 [CAB block input buffer is one byte too small for maximal
Quantum block]
+CVE-2018-18584 (In mspack/cab.h in libmspack before 0.8alpha and cabextract
before 1.8, ...)
- cabextract 1.4-5
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
- libsmpack <unfixed> (bug #911640)
@@ -2031,7 +2047,7 @@ CVE-2015-9268 (Nullsoft Scriptable Install System (NSIS)
before 2.49 has unsafe
CVE-2015-9267 (Nullsoft Scriptable Install System (NSIS) before 2.49 uses
temporary ...)
- nsis 2.50-1
NOTE: https://sourceforge.net/p/nsis/bugs/1125/
-CVE-2018-17793 (Virtualenv 16.0.0 allows a sandbox escape via "python
$(bash >&2)" and ...)
+CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via
"python ...)
- python-virtualenv <unfixed> (unimportant)
NOTE: https://github.com/pypa/virtualenv/issues/1207
NOTE: No real security impact. 3rd party requested CVE rejection
@@ -13300,10 +13316,10 @@ CVE-2018-13117
RESERVED
CVE-2018-13116 (/user/del.php in zzcms 8.3 allows SQL injection via the
tablename ...)
NOT-FOR-US: zzcms
-CVE-2018-13115
- RESERVED
-CVE-2018-13114
- RESERVED
+CVE-2018-13115 (Lack of an authentication mechanism in KERUI Wifi Endoscope
Camera ...)
+ TODO: check
+CVE-2018-13114 (Missing authentication and improper input validation in KERUI
Wifi ...)
+ TODO: check
CVE-2018-13113 (The transfer and transferFrom functions of a smart contract
...)
NOT-FOR-US: smart contract implementation for Easy Trading Token and
Ethereum token
CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows
remote ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b993be9ac1916d672d4316b2dd08b0fe8dc93eb2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b993be9ac1916d672d4316b2dd08b0fe8dc93eb2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
