Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec09ebd4 by security tracker role at 2018-01-18T21:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -68,8 +68,8 @@ CVE-2017-18035
RESERVED
CVE-2017-18034
RESERVED
-CVE-2017-18033
- RESERVED
+CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version
7.6.1 ...)
+ TODO: check
CVE-2018-5750
RESERVED
CVE-2018-5749
@@ -5336,9 +5336,9 @@ CVE-2017-17840 (An issue was discovered in Open-iSCSI
through 2.0.875. A local a
NOTE: Not marking the issue as unimportant, since vulnerable source is
present, but
NOTE: not in all suites iscsiuio is built.
CVE-2017-17839
- RESERVED
+ REJECTED
CVE-2017-17838
- RESERVED
+ REJECTED
CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection
leak in the ...)
NOT-FOR-US: Apache DeltaSpike-JSF module
CVE-2017-17836
@@ -7669,6 +7669,7 @@ CVE-2018-2670 (Vulnerability in the Oracle Financial
Services Profitability ...)
CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics
...)
NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7679,6 +7680,7 @@ CVE-2018-2667 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7749,6 +7751,7 @@ CVE-2018-2641 (Vulnerability in the Java SE, Java SE
Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7806,6 +7809,7 @@ CVE-2018-2624 (Vulnerability in the Sun ZFS Storage
Appliance Kit (AK) component
CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK)
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7972,6 +7976,7 @@ CVE-2018-2564 (Vulnerability in the Oracle WebCenter
Content component of Oracle
CVE-2018-2563
RESERVED
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-4091-1}
- mysql-5.7 5.7.20-1
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -15614,8 +15619,8 @@ CVE-2017-16865 (The Trello importer in Atlassian Jira
before version 7.6.1 allow
NOT-FOR-US: Atlassian Jira
CVE-2017-16864 (The issue search resource in Atlassian Jira before version
7.4.2 ...)
NOT-FOR-US: Atlassian Jira
-CVE-2017-16863
- RESERVED
+CVE-2017-16863 (The PieChart gadget in Atlassian Jira before version 7.5.3
allows ...)
+ TODO: check
CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before
version ...)
NOT-FOR-US: Atlassian Jira
CVE-2017-16861
@@ -18514,8 +18519,8 @@ CVE-2017-15871 (** DISPUTED ** The deserialize function
in serialize-to-js throu
NOT-FOR-US: Disputed serialize-to-js issue
CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows
attackers ...)
NOT-FOR-US: Palo Alto Networks GlobalProtect Agent
-CVE-2017-15869
- RESERVED
+CVE-2017-15869 (Cross-site scripting (XSS) vulnerability in knowledgebase.php
in ...)
+ TODO: check
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c
in the ...)
{DSA-4082-1 DLA-1200-1}
- linux 4.0.2-1
@@ -19286,13 +19291,13 @@ CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec
Endpoint Encryption can be ...
CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application
Firewall) ...)
NOT-FOR-US: Kemp Load Balancer
CVE-2017-15523
- RESERVED
+ REJECTED
CVE-2017-15522
- RESERVED
+ REJECTED
CVE-2017-15521
- RESERVED
+ REJECTED
CVE-2017-15520
- RESERVED
+ REJECTED
CVE-2017-15519
RESERVED
CVE-2017-15518
@@ -27959,7 +27964,7 @@ CVE-2017-12743
RESERVED
CVE-2017-12742
RESERVED
-CVE-2017-12741 (A vulnerability has been identified in the following Siemens
industrial ...)
+CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart,
SIMATIC ...)
NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks
integrity ...)
NOT-FOR-US: Siemens
@@ -27983,8 +27988,8 @@ CVE-2017-12731 (A SQL Injection issue was discovered in
OPW Fuel Management Syst
NOT-FOR-US: SiteSentinel
CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO
Versions ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2017-12729
- RESERVED
+CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live
Viewer ...)
+ TODO: check
CVE-2017-12728 (An Improper Privilege Management issue was discovered in
SpiderControl ...)
NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-12727
@@ -45948,7 +45953,7 @@ CVE-2017-6867 (A vulnerability was discovered in
Siemens SIMATIC WinCC (V7.3 bef
NOT-FOR-US: Siemens
CVE-2017-6866 (A vulnerability was discovered in Siemens XHQ server 4 and 5 (4
before ...)
NOT-FOR-US: Siemens
-CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2
and ...)
+CVE-2017-6865 (A vulnerability has been identified in Primary Setup Tool
(PST), ...)
NOT-FOR-US: Siemens
CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all
versions) at ...)
NOT-FOR-US: Siemens
@@ -51699,8 +51704,8 @@ CVE-2017-5172
RESERVED
CVE-2017-5171
RESERVED
-CVE-2017-5170
- RESERVED
+CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in
Moxa ...)
+ TODO: check
CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security
Manager ...)
NOT-FOR-US: Hanwha Techwin
CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security
Manager ...)
@@ -57394,8 +57399,8 @@ CVE-2017-3160
RESERVED
CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java
object ...)
NOT-FOR-US: Apache Camel
-CVE-2017-3158
- RESERVED
+CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions
0.9.5 ...)
+ TODO: check
CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders
embedded ...)
{DSA-3792-1 DLA-910-1}
- libreoffice 1:5.2.3-1
@@ -58797,9 +58802,9 @@ CVE-2017-2683 (A non-privileged user of the Siemens web
application RUGGEDCOM NM
NOT-FOR-US: Siemens
CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port
8080/TCP and ...)
NOT-FOR-US: Siemens
-CVE-2017-2681 (Siemens SIMATIC S7-300 incl. F and T (All versions before
V3.X.14), ...)
+CVE-2017-2681 (A vulnerability has been identified in Development/Evaluation
Kit DK ...)
NOT-FOR-US: Siemens
-CVE-2017-2680 (Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions),
SIMATIC CP ...)
+CVE-2017-2680 (A vulnerability has been identified in Extension Unit 12"
PROFINET, ...)
NOT-FOR-US: Siemens
CVE-2017-2679
RESERVED
@@ -72560,7 +72565,7 @@ CVE-2016-7167 (Multiple integer overflows in the (1)
curl_escape, (2) ...)
NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3
-CVE-2016-7165 (Unquoted Windows search path vulnerability in Siemens SIMATIC
WinCC ...)
+CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool
(PST), ...)
NOT-FOR-US: Microsoft
CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File
Roller ...)
- file-roller 3.20.3-1
@@ -73696,8 +73701,7 @@ CVE-2016-6816 (The code in Apache Tomcat 9.0.0.M1 to
9.0.0.M11, 8.5.0 to 8.5.6,
NOTE: Fixed by: http://svn.apache.org/r1767683 (6.0.x)
CVE-2016-6815 (In Apache Ranger before 0.6.2, users with "keyadmin"
role should not ...)
NOT-FOR-US: Apache Ranger
-CVE-2016-6814
- RESERVED
+CVE-2016-6814 (When an application with unsupported Codehaus versions of
Groovy from ...)
{DLA-794-1}
- groovy 2.4.8-1 (bug #851408)
[jessie] - groovy 1.8.6-4+deb8u2
@@ -141472,8 +141476,8 @@ CVE-2014-2019 (The iCloud subsystem in Apple iOS
before 7.1 allows physically ..
CVE-2014-2018 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird
17.x ...)
- icedove 24.2.0-1
[squeeze] - icedove <end-of-life>
-CVE-2014-2017
- RESERVED
+CVE-2014-2017 (CRLF injection vulnerability in OXID eShop Professional Edition
before ...)
+ TODO: check
CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID
eShop ...)
NOT-FOR-US: OXID eShop
CVE-2014-2012
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec09ebd4db48642bb7413af44f6515d47e1f9384
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec09ebd4db48642bb7413af44f6515d47e1f9384
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
