Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e35d1aac by security tracker role at 2018-01-12T09:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,9 +1,67 @@
+CVE-2018-5374
+ RESERVED
+CVE-2018-5373
+ RESERVED
+CVE-2018-5372
+ RESERVED
+CVE-2018-5371
+ RESERVED
+CVE-2018-5370
+ RESERVED
+CVE-2018-5369
+ RESERVED
+CVE-2018-5368
+ RESERVED
+CVE-2018-5367
+ RESERVED
+CVE-2018-5366
+ RESERVED
+CVE-2018-5365
+ RESERVED
+CVE-2018-5364
+ RESERVED
+CVE-2018-5363
+ RESERVED
+CVE-2018-5362
+ RESERVED
+CVE-2018-5361
+ RESERVED
+CVE-2018-5360
+ RESERVED
+CVE-2018-5359
+ RESERVED
+CVE-2018-5358
+ RESERVED
+CVE-2018-5357
+ RESERVED
+CVE-2018-5356
+ RESERVED
+CVE-2018-5355
+ RESERVED
+CVE-2018-5354
+ RESERVED
+CVE-2018-5353
+ RESERVED
+CVE-2018-5352
+ RESERVED
+CVE-2018-5351
+ RESERVED
+CVE-2018-5350
+ RESERVED
+CVE-2018-5349
+ RESERVED
+CVE-2018-5348
+ RESERVED
+CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has
unauthenticated ...)
+ TODO: check
+CVE-2018-5346
+ RESERVED
CVE-2018-1000001 [Libc Realpath Buffer Underflow]
- glibc <unfixed>
- eglibc <removed>
NOTE: http://www.openwall.com/lists/oss-security/2018/01/11/5
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18203
-CVE-2018-5345 [Extracting malformed .cab files causes stack smashing
potentially leading to arbitrary code exectuion]
+CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4
can be ...)
- gcab <unfixed>
TODO: Asked Red Hat if providing more information possible,
https://bugzilla.redhat.com/show_bug.cgi?id=1527296#c6
CVE-2018-5344
@@ -22,21 +80,18 @@ CVE-2018-5338
RESERVED
CVE-2018-5337
RESERVED
-CVE-2018-5336 [wnpa-sec-2018-01]
- RESERVED
+CVE-2018-5336 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML,
NTP, ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-01.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f4c95cf46ba6adbd10b09747e10742801bc706b
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6702e49a9720d173246668495eece6d77eca5b0
-CVE-2018-5335 [wnpa-sec-2018-04]
- RESERVED
+CVE-2018-5335 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP
dissector ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-04.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07
-CVE-2018-5334 [wnpa-sec-2018-03]
- RESERVED
+CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave
file ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-03.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297
@@ -59,10 +114,10 @@ CVE-2018-5329
RESERVED
CVE-2018-5328
RESERVED
-CVE-2018-5327
- RESERVED
-CVE-2018-5326
- RESERVED
+CVE-2018-5327 (Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010,
when ...)
+ TODO: check
+CVE-2018-5326 (Cheetah Mobile CM Browser 5.22.06.0012, when installed on
unspecified ...)
+ TODO: check
CVE-2018-5325
RESERVED
CVE-2018-5324
@@ -3434,7 +3489,7 @@ CVE-2017-17999
RESERVED
CVE-2017-17998
RESERVED
-CVE-2017-17997 (In Wireshark 2.2.11 and before, the MRDISC dissector misuses a
NULL ...)
+CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a
NULL ...)
- wireshark 2.4.0-1
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
@@ -14820,16 +14875,16 @@ CVE-2017-16738
RESERVED
CVE-2017-16737
RESERVED
-CVE-2017-16736
- RESERVED
+CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was
discovered ...)
+ TODO: check
CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v
6.1.1030.1 ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2017-16734
RESERVED
CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v
6.1.1030.1 ...)
NOT-FOR-US: Ecava IntegraXor
-CVE-2017-16732
- RESERVED
+CVE-2017-16732 (A use-after-free issue was discovered in Advantech WebAccess
versions ...)
+ TODO: check
CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered
in ABB ...)
NOT-FOR-US: Ellipse
CVE-2017-16730
@@ -27161,7 +27216,7 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to
7.0.79 on Windows with HTTP
- tomcat7 <not-affected> (Windows-specific)
CVE-2017-12614
RESERVED
-CVE-2017-12613 (When apr_exp_time*() or apr_os_exp_time*() functions are
invoked with ...)
+CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are
invoked with ...)
{DLA-1162-1}
- apr 1.6.3-1 (low; bug #879708)
[stretch] - apr <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e35d1aac7dc00156d9954f45b4584de0d300ab9d
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e35d1aac7dc00156d9954f45b4584de0d300ab9d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
