Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e35d1aac by security tracker role at 2018-01-12T09:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,9 +1,67 @@ +CVE-2018-5374 + RESERVED +CVE-2018-5373 + RESERVED +CVE-2018-5372 + RESERVED +CVE-2018-5371 + RESERVED +CVE-2018-5370 + RESERVED +CVE-2018-5369 + RESERVED +CVE-2018-5368 + RESERVED +CVE-2018-5367 + RESERVED +CVE-2018-5366 + RESERVED +CVE-2018-5365 + RESERVED +CVE-2018-5364 + RESERVED +CVE-2018-5363 + RESERVED +CVE-2018-5362 + RESERVED +CVE-2018-5361 + RESERVED +CVE-2018-5360 + RESERVED +CVE-2018-5359 + RESERVED +CVE-2018-5358 + RESERVED +CVE-2018-5357 + RESERVED +CVE-2018-5356 + RESERVED +CVE-2018-5355 + RESERVED +CVE-2018-5354 + RESERVED +CVE-2018-5353 + RESERVED +CVE-2018-5352 + RESERVED +CVE-2018-5351 + RESERVED +CVE-2018-5350 + RESERVED +CVE-2018-5349 + RESERVED +CVE-2018-5348 + RESERVED +CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticated ...) + TODO: check +CVE-2018-5346 + RESERVED CVE-2018-1000001 [Libc Realpath Buffer Underflow] - glibc <unfixed> - eglibc <removed> NOTE: http://www.openwall.com/lists/oss-security/2018/01/11/5 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18203 -CVE-2018-5345 [Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code exectuion] +CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...) - gcab <unfixed> TODO: Asked Red Hat if providing more information possible, https://bugzilla.redhat.com/show_bug.cgi?id=1527296#c6 CVE-2018-5344 @@ -22,21 +80,18 @@ CVE-2018-5338 RESERVED CVE-2018-5337 RESERVED -CVE-2018-5336 [wnpa-sec-2018-01] - RESERVED +CVE-2018-5336 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, ...) - wireshark <unfixed> NOTE: https://www.wireshark.org/security/wnpa-sec-2018-01.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f4c95cf46ba6adbd10b09747e10742801bc706b NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6702e49a9720d173246668495eece6d77eca5b0 -CVE-2018-5335 [wnpa-sec-2018-04] - RESERVED +CVE-2018-5335 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector ...) - wireshark <unfixed> NOTE: https://www.wireshark.org/security/wnpa-sec-2018-04.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07 -CVE-2018-5334 [wnpa-sec-2018-03] - RESERVED +CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file ...) - wireshark <unfixed> NOTE: https://www.wireshark.org/security/wnpa-sec-2018-03.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297 @@ -59,10 +114,10 @@ CVE-2018-5329 RESERVED CVE-2018-5328 RESERVED -CVE-2018-5327 - RESERVED -CVE-2018-5326 - RESERVED +CVE-2018-5327 (Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when ...) + TODO: check +CVE-2018-5326 (Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified ...) + TODO: check CVE-2018-5325 RESERVED CVE-2018-5324 @@ -3434,7 +3489,7 @@ CVE-2017-17999 RESERVED CVE-2017-17998 RESERVED -CVE-2017-17997 (In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL ...) +CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL ...) - wireshark 2.4.0-1 [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) @@ -14820,16 +14875,16 @@ CVE-2017-16738 RESERVED CVE-2017-16737 RESERVED -CVE-2017-16736 - RESERVED +CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovered ...) + TODO: check CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) NOT-FOR-US: Ecava IntegraXor CVE-2017-16734 RESERVED CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) NOT-FOR-US: Ecava IntegraXor -CVE-2017-16732 - RESERVED +CVE-2017-16732 (A use-after-free issue was discovered in Advantech WebAccess versions ...) + TODO: check CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB ...) NOT-FOR-US: Ellipse CVE-2017-16730 @@ -27161,7 +27216,7 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP - tomcat7 <not-affected> (Windows-specific) CVE-2017-12614 RESERVED -CVE-2017-12613 (When apr_exp_time*() or apr_os_exp_time*() functions are invoked with ...) +CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...) {DLA-1162-1} - apr 1.6.3-1 (low; bug #879708) [stretch] - apr <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e35d1aac7dc00156d9954f45b4584de0d300ab9d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e35d1aac7dc00156d9954f45b4584de0d300ab9d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits