Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 12f63dfd by security tracker role at 2018-01-30T21:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,7 @@ +CVE-2018-6404 + RESERVED +CVE-2018-6403 + RESERVED CVE-2018-6402 RESERVED CVE-2018-6401 @@ -6,14 +10,14 @@ CVE-2018-6400 RESERVED CVE-2018-6399 RESERVED -CVE-2018-6398 - RESERVED -CVE-2018-6397 - RESERVED +CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...) + TODO: check +CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 component for ...) + TODO: check CVE-2018-6396 RESERVED -CVE-2018-6395 - RESERVED +CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! ...) + TODO: check CVE-2018-6394 RESERVED CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection via the ...) @@ -46,16 +50,16 @@ CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by inval - zziplib <unfixed> [wheezy] - zziplib <ignored> (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/12 -CVE-2018-6380 - RESERVED -CVE-2018-6379 - RESERVED +CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes leads ...) + TODO: check +CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ...) + TODO: check CVE-2018-6378 RESERVED -CVE-2018-6377 - RESERVED -CVE-2018-6376 - RESERVED +CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields leads ...) + TODO: check +CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a ...) + TODO: check CVE-2018-1000029 RESERVED CVE-2018-1000026 @@ -140,8 +144,8 @@ CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the . NOT-FOR-US: acurax-social-media-widget plugin for WordPress CVE-2018-6356 RESERVED -CVE-2018-6355 - RESERVED +CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 ...) + TODO: check CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS ...) NOT-FOR-US: Formspree CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 ...) @@ -489,11 +493,9 @@ CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via NOT-FOR-US: vBulletin CVE-2018-6199 RESERVED -CVE-2018-6195 - RESERVED +CVE-2018-6195 (admin/partials/wp-splashing-admin-main.php in the Splashing Images ...) NOT-FOR-US: WordPress plugin wp-splashing-images -CVE-2018-6194 - RESERVED +CVE-2018-6194 (A cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin wp-splashing-images CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...) NOT-FOR-US: Routers2 @@ -2411,8 +2413,8 @@ CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA NOT-FOR-US: Advantech WebAccess/SCADA CVE-2018-5442 RESERVED -CVE-2018-5441 - RESERVED +CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...) + TODO: check CVE-2018-5440 RESERVED CVE-2018-5439 @@ -3265,7 +3267,7 @@ CVE-2018-5118 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118 CVE-2018-5117 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3322,7 +3324,7 @@ CVE-2018-5105 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105 CVE-2018-5104 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3331,7 +3333,7 @@ CVE-2018-5104 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104 CVE-2018-5103 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3340,7 +3342,7 @@ CVE-2018-5103 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103 CVE-2018-5102 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3357,7 +3359,7 @@ CVE-2018-5100 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100 CVE-2018-5099 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3366,7 +3368,7 @@ CVE-2018-5099 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099 CVE-2018-5098 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3375,7 +3377,7 @@ CVE-2018-5098 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098 CVE-2018-5097 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3384,14 +3386,14 @@ CVE-2018-5097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097 CVE-2018-5096 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096 CVE-2018-5095 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - skia <itp> (bug #818180) @@ -3413,7 +3415,7 @@ CVE-2018-5092 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092 CVE-2018-5091 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091 @@ -3424,7 +3426,7 @@ CVE-2018-5090 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090 CVE-2018-5089 RESERVED - {DSA-4096-1 DLA-1262-1 DLA-1256-1} + {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3938,7 +3940,7 @@ CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site could set javascript in CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc1 sends ...) NOT-FOR-US: Plone CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...) - {DSA-4094-1 DLA-1249-1} + {DSA-4094-2 DSA-4094-1 DLA-1249-1} - smarty <removed> - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bug #886460) NOTE: https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61 @@ -6578,8 +6580,7 @@ CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import] NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...) NOT-FOR-US: Muviko -CVE-2017-17969 [ZIP Shrink: Heap Buffer Overflow] - RESERVED +CVE-2017-17969 (Heap-based buffer overflow in the ...) - p7zip 16.02+dfsg-5 (bug #888297) NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ NOTE: fixed in upstream 18.00-beta, backport available for testing in bug#888297 @@ -18514,7 +18515,7 @@ CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1 CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) - mahara <removed> CVE-2017-1000141 - RESERVED + REJECTED CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) - mahara <removed> CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) @@ -22526,6 +22527,7 @@ CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dns CVE-2017-15106 RESERVED CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...) + {DLA-1264-1} - unbound <unfixed> (bug #887733) NOTE: https://unbound.net/downloads/CVE-2017-15105.txt NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff @@ -62992,8 +62994,8 @@ CVE-2017-1733 RESERVED CVE-2017-1732 RESERVED -CVE-2017-1731 - RESERVED +CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...) + TODO: check CVE-2017-1730 RESERVED CVE-2017-1729 @@ -76646,10 +76648,10 @@ CVE-2016-6601 (Directory traversal vulnerability in the file download functional NOT-FOR-US: ZOHO WebNMS CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in ...) NOT-FOR-US: ZOHO WebNMS -CVE-2016-6599 - RESERVED -CVE-2016-6598 - RESERVED +CVE-2016-6599 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...) + TODO: check +CVE-2016-6598 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...) + TODO: check CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus ...) NOT-FOR-US: Sophos EAS Proxy NOTE: https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability @@ -136104,8 +136106,8 @@ CVE-2014-4707 (Huawei Campus S7700 with software V200R001C00SPC300, ...) NOT-FOR-US: Huawei CVE-2014-4706 (Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 ...) NOT-FOR-US: Huawei -CVE-2014-4705 - RESERVED +CVE-2014-4705 (Multiple heap-based buffer overflows in the eSap software platform in ...) + TODO: check CVE-2014-4704 RESERVED CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...) @@ -192262,8 +192264,7 @@ CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow ...) - tcptrack 1.4.2-1 (unimportant; bug #551092) NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917 -CVE-2011-2902 [xpdf: insecure tempfile usage] - RESERVED +CVE-2011-2902 (zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and ...) - xpdf 3.02-19 (low; bug #635849) [lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse) [squeeze] - xpdf 3.02-12+squeeze1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12f63dfde81f7ab402b4df693adba46569f4cd89 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/12f63dfde81f7ab402b4df693adba46569f4cd89 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits