[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sun, 14 Jan 2018 01:10:44 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
53206d0d by security tracker role at 2018-01-14T09:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,38 @@
+CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based 
buffer ...)
+       TODO: check
+CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove 
request to ...)
+       TODO: check
+CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL 
injection ...)
+       TODO: check
+CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection 
via the ...)
+       TODO: check
+CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas 
Gudino ...)
+       TODO: check
+CVE-2018-5693 (The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows 
local users ...)
+       TODO: check
+CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, 
...)
+       TODO: check
+CVE-2018-5691 (SonicWall Global Management System (GMS) 8.1 has XSS via the 
`newName` ...)
+       TODO: check
+CVE-2018-5690 (Cross-site scripting (XSS) vulnerability in admin/users.php in 
Dotclear ...)
+       TODO: check
+CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in admin/auth.php in 
Dotclear ...)
+       TODO: check
+CVE-2018-5688
+       RESERVED
+CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings 
under ...)
+       TODO: check
+CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and 
...)
+       TODO: check
+CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and 
application ...)
+       TODO: check
+CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the 
...)
+       TODO: check
 CVE-2018-5683
        RESERVED
 CVE-2017-18030
        RESERVED
-CVE-2018-5682 (PrestaShop 1.7.2.4 allow user enumeration via the Reset 
Password ...)
+CVE-2018-5682 (PrestaShop 1.7.2.4 allows user enumeration via the Reset 
Password ...)
        NOT-FOR-US: PrestaShop
 CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the 
"Pages > Edit ...)
        NOT-FOR-US: PrestaShop
@@ -683,8 +713,8 @@ CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has 
XSS via the ...)
        NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
        NOT-FOR-US: WPGlobus plugin for WordPress
-CVE-2018-5360
-       RESERVED
+CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as 
...)
+       TODO: check
 CVE-2018-5359
        RESERVED
 CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the 
EncodeImageAttributes ...)
@@ -20102,22 +20132,19 @@ CVE-2017-15130
 CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces 
code ...)
        - linux 4.14.12-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0
-CVE-2017-15128 [Out of bound access in hugetlb_mcopy_atomic_pte function in 
mm/hugetlb.c]
-       RESERVED
+CVE-2017-15128 (A flaw was found in the hugetlb_mcopy_atomic_pte function in 
...)
        - linux 4.13.13-1
        [stretch] - linux <not-affected> (Vulnerable code not present)
        [jessie] - linux <not-affected> (Vulnerable code not present)
        [wheezy] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
http://post-office.corp.redhat.com/archives/rhkernel-list/2017-October/msg09574.html
-CVE-2017-15127 [Improper error handling of VM_SHARED hugetlbfs mapping in 
mm/hugetlb.c]
-       RESERVED
+CVE-2017-15127 (A flaw was found in the hugetlb_mcopy_atomic_pte function in 
...)
        - linux 3.13.4-1
        [stretch] - linux <not-affected> (Vulnerable code not present)
        [jessie] - linux <not-affected> (Vulnerable code not present)
        [wheezy] - linux <not-affected> (Vulnerable code not present)
        NOTE: Fixed by: 
https://git.kernel.org/linus/5af10dfd0afc559bb4b0f7e3e8227a1578333995
-CVE-2017-15126 [Use-after-free in userfaultfd_event_wait_completion function 
in userfaultfd.c]
-       RESERVED
+CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the 
Linux kernel ...)
        - linux 4.13.10-1
        [stretch] - linux <not-affected> (Vulnerable code not present)
        [jessie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/53206d0d5aac5a9396db67e338e44124088feb87

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/53206d0d5aac5a9396db67e338e44124088feb87
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to