Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3bd0b4c3 by security tracker role at 2018-01-12T21:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,44 +1,404 @@ -CVE-2018-XXXX [rpc session-id mechanism design flaw results in RCE] - - transmission <unfixed> (bug #886990) - NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1 - NOTE: https://github.com/transmission/transmission/pull/468 - NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff -CVE-2018-5374 +CVE-2018-5549 RESERVED -CVE-2018-5373 +CVE-2018-5548 RESERVED -CVE-2018-5372 +CVE-2018-5547 RESERVED -CVE-2018-5371 +CVE-2018-5546 RESERVED -CVE-2018-5370 +CVE-2018-5545 RESERVED -CVE-2018-5369 +CVE-2018-5544 RESERVED -CVE-2018-5368 +CVE-2018-5543 RESERVED -CVE-2018-5367 +CVE-2018-5542 RESERVED -CVE-2018-5366 +CVE-2018-5541 RESERVED -CVE-2018-5365 +CVE-2018-5540 RESERVED -CVE-2018-5364 +CVE-2018-5539 RESERVED -CVE-2018-5363 +CVE-2018-5538 RESERVED -CVE-2018-5362 +CVE-2018-5537 RESERVED -CVE-2018-5361 +CVE-2018-5536 RESERVED -CVE-2018-5360 +CVE-2018-5535 RESERVED -CVE-2018-5359 +CVE-2018-5534 + RESERVED +CVE-2018-5533 + RESERVED +CVE-2018-5532 + RESERVED +CVE-2018-5531 + RESERVED +CVE-2018-5530 + RESERVED +CVE-2018-5529 + RESERVED +CVE-2018-5528 + RESERVED +CVE-2018-5527 + RESERVED +CVE-2018-5526 + RESERVED +CVE-2018-5525 + RESERVED +CVE-2018-5524 + RESERVED +CVE-2018-5523 + RESERVED +CVE-2018-5522 + RESERVED +CVE-2018-5521 + RESERVED +CVE-2018-5520 + RESERVED +CVE-2018-5519 + RESERVED +CVE-2018-5518 + RESERVED +CVE-2018-5517 + RESERVED +CVE-2018-5516 + RESERVED +CVE-2018-5515 + RESERVED +CVE-2018-5514 + RESERVED +CVE-2018-5513 + RESERVED +CVE-2018-5512 + RESERVED +CVE-2018-5511 + RESERVED +CVE-2018-5510 + RESERVED +CVE-2018-5509 + RESERVED +CVE-2018-5508 + RESERVED +CVE-2018-5507 + RESERVED +CVE-2018-5506 + RESERVED +CVE-2018-5505 + RESERVED +CVE-2018-5504 + RESERVED +CVE-2018-5503 + RESERVED +CVE-2018-5502 + RESERVED +CVE-2018-5501 + RESERVED +CVE-2018-5500 + RESERVED +CVE-2018-5499 + RESERVED +CVE-2018-5498 + RESERVED +CVE-2018-5497 + RESERVED +CVE-2018-5496 + RESERVED +CVE-2018-5495 + RESERVED +CVE-2018-5494 + RESERVED +CVE-2018-5493 + RESERVED +CVE-2018-5492 + RESERVED +CVE-2018-5491 + RESERVED +CVE-2018-5490 + RESERVED +CVE-2018-5489 + RESERVED +CVE-2018-5488 + RESERVED +CVE-2018-5487 + RESERVED +CVE-2018-5486 + RESERVED +CVE-2018-5485 + RESERVED +CVE-2018-5484 + RESERVED +CVE-2018-5483 + RESERVED +CVE-2018-5482 + RESERVED +CVE-2018-5481 + RESERVED +CVE-2018-5480 + RESERVED +CVE-2018-5479 + RESERVED +CVE-2018-5478 + RESERVED +CVE-2018-5477 + RESERVED +CVE-2018-5476 + RESERVED +CVE-2018-5475 + RESERVED +CVE-2018-5474 + RESERVED +CVE-2018-5473 + RESERVED +CVE-2018-5472 + RESERVED +CVE-2018-5471 + RESERVED +CVE-2018-5470 + RESERVED +CVE-2018-5469 + RESERVED +CVE-2018-5468 + RESERVED +CVE-2018-5467 + RESERVED +CVE-2018-5466 + RESERVED +CVE-2018-5465 + RESERVED +CVE-2018-5464 + RESERVED +CVE-2018-5463 + RESERVED +CVE-2018-5462 + RESERVED +CVE-2018-5461 + RESERVED +CVE-2018-5460 + RESERVED +CVE-2018-5459 + RESERVED +CVE-2018-5458 + RESERVED +CVE-2018-5457 + RESERVED +CVE-2018-5456 + RESERVED +CVE-2018-5455 + RESERVED +CVE-2018-5454 + RESERVED +CVE-2018-5453 + RESERVED +CVE-2018-5452 + RESERVED +CVE-2018-5451 + RESERVED +CVE-2018-5450 + RESERVED +CVE-2018-5449 + RESERVED +CVE-2018-5448 + RESERVED +CVE-2018-5447 + RESERVED +CVE-2018-5446 + RESERVED +CVE-2018-5445 + RESERVED +CVE-2018-5444 + RESERVED +CVE-2018-5443 + RESERVED +CVE-2018-5442 + RESERVED +CVE-2018-5441 + RESERVED +CVE-2018-5440 + RESERVED +CVE-2018-5439 + RESERVED +CVE-2018-5438 + RESERVED +CVE-2018-5437 + RESERVED +CVE-2018-5436 + RESERVED +CVE-2018-5435 + RESERVED +CVE-2018-5434 + RESERVED +CVE-2018-5433 + RESERVED +CVE-2018-5432 + RESERVED +CVE-2018-5431 + RESERVED +CVE-2018-5430 + RESERVED +CVE-2018-5429 + RESERVED +CVE-2018-5428 + RESERVED +CVE-2018-5427 + RESERVED +CVE-2018-5426 + RESERVED +CVE-2018-5425 + RESERVED +CVE-2018-5424 + RESERVED +CVE-2018-5423 + RESERVED +CVE-2018-5422 + RESERVED +CVE-2018-5421 + RESERVED +CVE-2018-5420 + RESERVED +CVE-2018-5419 + RESERVED +CVE-2018-5418 + RESERVED +CVE-2018-5417 + RESERVED +CVE-2018-5416 + RESERVED +CVE-2018-5415 + RESERVED +CVE-2018-5414 RESERVED -CVE-2018-5358 +CVE-2018-5413 RESERVED -CVE-2018-5357 +CVE-2018-5412 RESERVED +CVE-2018-5411 + RESERVED +CVE-2018-5410 + RESERVED +CVE-2018-5409 + RESERVED +CVE-2018-5408 + RESERVED +CVE-2018-5407 + RESERVED +CVE-2018-5406 + RESERVED +CVE-2018-5405 + RESERVED +CVE-2018-5404 + RESERVED +CVE-2018-5403 + RESERVED +CVE-2018-5402 + RESERVED +CVE-2018-5401 + RESERVED +CVE-2018-5400 + RESERVED +CVE-2018-5399 + RESERVED +CVE-2018-5398 + RESERVED +CVE-2018-5397 + RESERVED +CVE-2018-5396 + RESERVED +CVE-2018-5395 + RESERVED +CVE-2018-5394 + RESERVED +CVE-2018-5393 + RESERVED +CVE-2018-5392 + RESERVED +CVE-2018-5391 + RESERVED +CVE-2018-5390 + RESERVED +CVE-2018-5389 + RESERVED +CVE-2018-5388 + RESERVED +CVE-2018-5387 + RESERVED +CVE-2018-5386 + RESERVED +CVE-2018-5385 + RESERVED +CVE-2018-5384 + RESERVED +CVE-2018-5383 + RESERVED +CVE-2018-5382 + RESERVED +CVE-2018-5381 + RESERVED +CVE-2018-5380 + RESERVED +CVE-2018-5379 + RESERVED +CVE-2018-5378 + RESERVED +CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access ...) + TODO: check +CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php ...) + TODO: check +CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php ...) + TODO: check +CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found ...) + TODO: check +CVE-2017-18027 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2016-10706 (The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted ...) + TODO: check +CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes ...) + TODO: check +CVE-2018-XXXX [rpc session-id mechanism design flaw results in RCE] + - transmission <unfixed> (bug #886990) + NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1 + NOTE: https://github.com/transmission/transmission/pull/468 + NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff +CVE-2018-5374 (The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL ...) + TODO: check +CVE-2018-5373 (The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection ...) + TODO: check +CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has SQL ...) + TODO: check +CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ...) + TODO: check +CVE-2018-5370 + RESERVED +CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an ...) + TODO: check +CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an ...) + TODO: check +CVE-2018-5367 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...) + TODO: check +CVE-2018-5366 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...) + TODO: check +CVE-2018-5365 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...) + TODO: check +CVE-2018-5364 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...) + TODO: check +CVE-2018-5363 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...) + TODO: check +CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...) + TODO: check +CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...) + TODO: check +CVE-2018-5360 + RESERVED +CVE-2018-5359 + RESERVED +CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...) + TODO: check +CVE-2018-5357 (ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...) + TODO: check CVE-2018-5356 RESERVED CVE-2018-5355 @@ -73,8 +433,7 @@ CVE-2018-1000001 [Libc Realpath Buffer Underflow] CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...) - gcab <unfixed> TODO: Asked Red Hat if providing more information possible, https://bugzilla.redhat.com/show_bug.cgi?id=1527296#c6 -CVE-2018-5344 [loop: fix concurrent lo_open/lo_release] - RESERVED +CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...) - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 CVE-2018-5343 @@ -149,8 +508,8 @@ CVE-2018-5317 RESERVED CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for ...) NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for WordPress -CVE-2018-5315 - RESERVED +CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL ...) + TODO: check CVE-2018-5314 RESERVED CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...) @@ -290,8 +649,8 @@ CVE-2018-5264 RESERVED CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before ...) NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla! -CVE-2018-5262 - RESERVED +CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier ...) + TODO: check CVE-2018-5261 RESERVED CVE-2018-5260 @@ -3409,7 +3768,7 @@ CVE-2017-1000422 (Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several int NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785973 NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=0012e066ba37439d402ce46afbc1311530a4ec61 CVE-2017-1000421 (Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in ...) - {DLA-1233-1} + {DSA-4084-1 DLA-1233-1} - gifsicle 1.90-1 NOTE: https://github.com/kohler/gifsicle/issues/114 NOTE: https://github.com/kohler/gifsicle/commit/81fd7823f6d9c85ab598bc850e40382068361185 @@ -3439,8 +3798,8 @@ CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling&q NOT-FOR-US: CommuniGate Pro CVE-2017-18015 (The ILLID Share This Image plugin before 1.04 for WordPress has XSS via ...) NOT-FOR-US: ILLID Share This Image plugin for WordPress -CVE-2017-18014 - RESERVED +CVE-2017-18014 (An NC-25986 issue was discovered in the Logging subsystem of Sophos XG ...) + TODO: check CVE-2018-3814 (Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: Craft CMS CVE-2018-3813 (getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 ...) @@ -3786,8 +4145,8 @@ CVE-2018-3711 RESERVED CVE-2018-3710 RESERVED -CVE-2017-17970 - RESERVED +CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...) + TODO: check CVE-2017-17969 RESERVED CVE-2018-3709 @@ -14014,12 +14373,12 @@ CVE-2017-16889 RESERVED CVE-2017-16888 RESERVED -CVE-2017-16887 - RESERVED -CVE-2017-16886 - RESERVED -CVE-2017-16885 - RESERVED +CVE-2017-16887 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...) + TODO: check +CVE-2017-16886 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...) + TODO: check +CVE-2017-16885 (Improper Permissions Handling in the Portal on FiberHome LM53Q1 ...) + TODO: check CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...) {DSA-4082-1 DSA-4073-1 DLA-1200-1} - linux 4.14.7-1 @@ -14522,12 +14881,12 @@ CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting NOT-FOR-US: dayrui FineCms CVE-2017-16865 RESERVED -CVE-2017-16864 - RESERVED +CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 ...) + TODO: check CVE-2017-16863 RESERVED -CVE-2017-16862 - RESERVED +CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before version ...) + TODO: check CVE-2017-16861 RESERVED CVE-2017-16860 @@ -14872,20 +15231,20 @@ CVE-2017-16745 RESERVED CVE-2017-16744 RESERVED -CVE-2017-16743 - RESERVED +CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX CONTACT FL ...) + TODO: check CVE-2017-16742 RESERVED -CVE-2017-16741 - RESERVED +CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT FL ...) + TODO: check CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation ...) NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers -CVE-2017-16739 - RESERVED +CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...) + TODO: check CVE-2017-16738 RESERVED -CVE-2017-16737 - RESERVED +CVE-2017-16737 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...) + TODO: check CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovered ...) TODO: check CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) @@ -21240,8 +21599,8 @@ CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP authent NOT-FOR-US: Joomla! CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the ...) NOT-FOR-US: Joomla! -CVE-2017-14594 - RESERVED +CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ...) + TODO: check CVE-2017-14593 RESERVED CVE-2017-14592 @@ -22938,8 +23297,8 @@ CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2 NOTE: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada ...) NOT-FOR-US: Trihedral VTScada -CVE-2017-14030 - RESERVED +CVE-2017-14030 (An issue was discovered in Moxa MXview v2.8 and prior. The unquoted ...) + TODO: check CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...) NOT-FOR-US: Trihedral VTScada CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version ...) @@ -58999,8 +59358,8 @@ CVE-2017-2160 RESERVED CVE-2017-2159 RESERVED -CVE-2017-2158 - RESERVED +CVE-2017-2158 (Improper verification when expanding ZIP64 archives in Lhaplus ...) + TODO: check CVE-2017-2157 (Untrusted search path vulnerability in installers for The Public ...) NOT-FOR-US: The Public Certification Service CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows ...) @@ -61774,8 +62133,8 @@ CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework TODO: check CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework ...) TODO: check -CVE-2017-0869 - RESERVED +CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which could ...) + TODO: check CVE-2017-0868 RESERVED CVE-2017-0867 @@ -94579,16 +94938,16 @@ CVE-2016-0338 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 th NOT-FOR-US: IBM CVE-2016-0337 RESERVED -CVE-2016-0336 - RESERVED -CVE-2016-0335 - RESERVED +CVE-2016-0336 (Cross-site scripting (XSS) vulnerability in IBM Security Identity ...) + TODO: check +CVE-2016-0335 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...) + TODO: check CVE-2016-0334 RESERVED CVE-2016-0333 RESERVED -CVE-2016-0332 - RESERVED +CVE-2016-0332 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...) + TODO: check CVE-2016-0331 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...) NOT-FOR-US: IBM CVE-2016-0330 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...) @@ -94597,14 +94956,14 @@ CVE-2016-0329 RESERVED CVE-2016-0328 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...) NOT-FOR-US: IBM -CVE-2016-0327 - RESERVED +CVE-2016-0327 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...) + TODO: check CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative ...) NOT-FOR-US: IBM CVE-2016-0325 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...) NOT-FOR-US: IBM -CVE-2016-0324 - RESERVED +CVE-2016-0324 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...) + TODO: check CVE-2016-0323 (The Auto-Scaling agent in Liberty for Java in IBM Bluemix before ...) NOT-FOR-US: IBM CVE-2016-0322 (Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 ...) @@ -108392,8 +108751,8 @@ CVE-2015-3890 (Use-after-free vulnerability in Open Litespeed before 1.3.10. ... NOT-FOR-US: Open Litespeed CVE-2015-3889 RESERVED -CVE-2015-3888 - RESERVED +CVE-2015-3888 (Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof ...) + TODO: check CVE-2015-3887 (Untrusted search path vulnerability in ProxyChains-NG before 4.9 ...) NOT-FOR-US: proxychains-ng NOTE: proxychains does not contain the vulnerable code @@ -111117,8 +111476,8 @@ CVE-2015-2983 (Cross-site request forgery (CSRF) vulnerability in admin.php in P NOT-FOR-US: Kobo Photo Gallery CMS CVE-2015-2982 (Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js ...) NOT-FOR-US: Kobo Photo Gallery CMS -CVE-2015-2981 - RESERVED +CVE-2015-2981 (The Yodobashi App for Android 1.2.1.0 and earlier does not verify ...) + TODO: check CVE-2015-2980 (The Yodobashi application 1.2.1.0 and earlier for Android allows ...) NOT-FOR-US: Yodobashi application for Android CVE-2015-2979 (Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary ...) @@ -113331,8 +113690,7 @@ CVE-2009-5146 [memory leak in hostname TLS extension] NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k) NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f) NOTE: http://www.openwall.com/lists/oss-security/2015/03/16/4 -CVE-2015-2298 [information leak] - RESERVED +CVE-2015-2298 (node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might ...) - etherpad-lite <itp> (bug #576998) NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d CVE-2015-2296 (The resolve_redirects function in sessions.py in requests 2.1.0 ...) @@ -124519,8 +124877,7 @@ CVE-2014-8168 (Red Hat Satellite 6 allows local users to access mongod and delet CVE-2014-8167 RESERVED NOT-FOR-US: Red Hat vdms and vdsclient -CVE-2014-8166 [code execution via unescape ANSI escape sequences] - RESERVED +CVE-2014-8166 (The browsing feature in the server in CUPS does not filter ANSI escape ...) - cups <unfixed> (unimportant) NOTE: Patch: https://bugzilla.redhat.com/attachment.cgi?id=916761 NOTE: Terminal emulators need to perform proper escaping @@ -125195,8 +125552,8 @@ CVE-2014-7954 (Directory traversal vulnerability in the doSendObjectInfo method NOT-FOR-US: MtpServer class in Android CVE-2014-7953 (Race condition in the bindBackupAgent method in the ...) NOT-FOR-US: Android -CVE-2014-7952 - RESERVED +CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attackers ...) + TODO: check CVE-2014-7951 RESERVED CVE-2014-7950 @@ -128830,12 +129187,12 @@ CVE-2014-6438 (The URI.decode_www_form_component method in Ruby before 1.9.2-p33 NOTE: https://github.com/ruby/ruby/commit/5082e91876502a2f3dde862406a0efe9f85afcdb NOTE: https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943 NOTE: CVE assignment is specific to ruby 1.9.x series? -CVE-2014-6437 - RESERVED -CVE-2014-6436 - RESERVED -CVE-2014-6435 - RESERVED +CVE-2014-6437 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow ...) + TODO: check +CVE-2014-6436 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly ...) + TODO: check +CVE-2014-6435 (cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and ...) + TODO: check CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...) NOT-FOR-US: GoPro CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...) @@ -136315,8 +136672,7 @@ CVE-2014-3473 (Cross-site scripting (XSS) vulnerability in the Orchestration/Sta [wheezy] - horizon <no-dsa> (Minor issue) CVE-2014-3472 (The isCallerInRole function in SimpleSecurityManager in JBoss ...) NOT-FOR-US: JBoss Enterprise Application Platform -CVE-2014-3471 [hw: pci: use after free triggered via guest] - RESERVED +CVE-2014-3471 (Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick ...) - qemu 2.1+dfsg-1 [wheezy] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bd0b4c3f25177e6d82cf13c0b53b877567434ea --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bd0b4c3f25177e6d82cf13c0b53b877567434ea You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits