Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
46ee12e8 by security tracker role at 2018-02-13T21:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,81 @@
+CVE-2018-6954 (systemd-tmpfiles in systemd through 237 mishandles symlinks 
present in ...)
+       TODO: check
+CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a 
certain ...)
+       TODO: check
+CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in 
GNU patch ...)
+       TODO: check
+CVE-2018-6951 (An issue was discovered in GNU patch through 2.7.6. There is a 
...)
+       TODO: check
+CVE-2018-6950
+       RESERVED
+CVE-2018-6949
+       RESERVED
+CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can 
cause a ...)
+       TODO: check
+CVE-2018-6947
+       RESERVED
+CVE-2018-6946
+       RESERVED
+CVE-2018-6945
+       RESERVED
+CVE-2018-6944
+       RESERVED
+CVE-2018-6943
+       RESERVED
+CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL 
pointer ...)
+       TODO: check
+CVE-2018-6941
+       RESERVED
+CVE-2018-6940
+       RESERVED
+CVE-2018-6939
+       RESERVED
+CVE-2018-6938
+       RESERVED
+CVE-2018-6937
+       RESERVED
+CVE-2018-6936
+       RESERVED
+CVE-2018-6935
+       RESERVED
+CVE-2018-6934
+       RESERVED
+CVE-2018-6933
+       RESERVED
+CVE-2018-6932
+       RESERVED
+CVE-2018-6931
+       RESERVED
+CVE-2018-6930 (A stack-based buffer over-read in the ComputeResizeImage 
function in ...)
+       TODO: check
+CVE-2018-6929
+       RESERVED
+CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection 
via a ...)
+       TODO: check
+CVE-2018-1000066
+       RESERVED
+CVE-2018-1000065
+       RESERVED
+CVE-2018-1000064
+       RESERVED
+CVE-2017-18186 (An issue was discovered in QPDF before 7.0.0. There is an 
infinite loop ...)
+       TODO: check
+CVE-2017-18185 (An issue was discovered in QPDF before 7.0.0. There is a large 
...)
+       TODO: check
+CVE-2017-18184 (An issue was discovered in QPDF before 7.0.0. There is a 
stack-based ...)
+       TODO: check
+CVE-2017-18183 (An issue was discovered in QPDF before 7.0.0. There is an 
infinite loop ...)
+       TODO: check
+CVE-2017-18182
+       RESERVED
+CVE-2017-18181
+       RESERVED
+CVE-2017-18180
+       RESERVED
+CVE-2016-10713 (An issue was discovered in GNU patch before 2.7.6. 
Out-of-bounds access ...)
+       TODO: check
+CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion 
causes ...)
+       TODO: check
 CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux 
kernel before ...)
        - linux <unfixed>
        NOTE: Fixed by: 
https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
@@ -46,8 +124,8 @@ CVE-2018-6912 (The decode_plane function in 
libavcodec/utvideodec.c in FFmpeg th
        [stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
        - libav <undetermined>
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
-CVE-2018-6911
-       RESERVED
+CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech 
WebAccess ...)
+       TODO: check
 CVE-2018-6910
        RESERVED
 CVE-2018-6909
@@ -142,7 +220,7 @@ CVE-2018-6872 (The elf_parse_notes function in elf.c in the 
Binary File Descript
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6
 CVE-2018-6871 (LibreOffice through 6.0.1 allows remote attackers to read 
arbitrary ...)
-       {DSA-4111-1}
+       {DSA-4111-2 DSA-4111-1}
        - libreoffice 1:6.0.1-1
        [wheezy] - libreoffice <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
@@ -1634,6 +1712,7 @@ CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a 
Cross Site Scripting (XS
 CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site 
Scripting ...)
        NOT-FOR-US: Mautic
 CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted 
headers, a ...)
+       {DLA-1280-1}
        - pound <unfixed> (bug #888786)
        NOTE: 
http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000
        NOTE: https://www.suse.com/de-de/security/cve/CVE-2016-10711/
@@ -1857,10 +1936,10 @@ CVE-2018-6295
        RESERVED
 CVE-2018-6294
        RESERVED
-CVE-2018-6293
-       RESERVED
-CVE-2018-6292
-       RESERVED
+CVE-2018-6293 (Arbitrary File Read in Saperion Web Client version 7.5.2 83166. 
...)
+       TODO: check
+CVE-2018-6292 (Remote Code Execution in Saperion Web Client version 7.5.2 
83166. ...)
+       TODO: check
 CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail 
Gateway ...)
        NOT-FOR-US: Kaspersky Secure Mail Gateway
 CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway 
version ...)
@@ -9264,14 +9343,14 @@ CVE-2017-17727 (DedeCMS through 5.6 allows arbitrary 
file upload and PHP code ex
        NOT-FOR-US: DedeCMS
 CVE-2017-17726
        RESERVED
-CVE-2017-17725
-       RESERVED
-CVE-2017-17724
-       RESERVED
-CVE-2017-17723
-       RESERVED
-CVE-2017-17722
-       RESERVED
+CVE-2017-17725 (In Exiv2 0.26, there is an integer overflow leading to a 
heap-based ...)
+       TODO: check
+CVE-2017-17724 (In Exiv2 0.26, there is a heap-based buffer over-read in the 
...)
+       TODO: check
+CVE-2017-17723 (In Exiv2 0.26, there is a heap-based buffer over-read in the 
...)
+       TODO: check
+CVE-2017-17722 (In Exiv2 0.26, there is a reachable assertion in the 
readHeader ...)
+       TODO: check
 CVE-2017-17721 (CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 
5.18.0.0 ...)
        NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
 CVE-2017-17720
@@ -13851,8 +13930,8 @@ CVE-2018-1385
        RESERVED
 CVE-2018-1384
        RESERVED
-CVE-2018-1383
-       RESERVED
+CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1, 
7.1, and ...)
+       TODO: check
 CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. 
This ...)
        NOT-FOR-US: IBM API Connect
 CVE-2018-1381
@@ -14677,8 +14756,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was 
found in Apache Qpid Broker
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=de509dd
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=30ca170
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
-CVE-2018-1297 [Apache JMeter uses an unsecure RMI connection in Distributed 
mode]
-       RESERVED
+CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x 
and ...)
        - jakarta-jmeter <unfixed>
        NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
        NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
@@ -14907,8 +14985,8 @@ CVE-2018-1216
        RESERVED
 CVE-2018-1215
        RESERVED
-CVE-2018-1214
-       RESERVED
+CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local 
Windows ...)
+       TODO: check
 CVE-2018-1213
        RESERVED
 CVE-2018-1212
@@ -15433,6 +15511,7 @@ CVE-2018-1057
        RESERVED
 CVE-2018-1056 [heap buffer overflow while running advzip]
        RESERVED
+       {DLA-1281-1}
        - advancecomp 2.1-1 (bug #889270)
        NOTE: https://sourceforge.net/p/advancemame/bugs/259/
        NOTE: 
https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
@@ -17419,13 +17498,11 @@ CVE-2018-0490
        RESERVED
 CVE-2018-0489
        RESERVED
-CVE-2018-0488 [Risk of remote code execution when truncated HMAC is enabled]
-       RESERVED
+CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, 
when the ...)
        - mbedtls <unfixed> (bug #890287)
        - polarssl <removed>
        NOTE: 
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
-CVE-2018-0487 [Risk of remote code execution when verifying RSASSA-PSS 
signatures]
-       RESERVED
+CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 
allows ...)
        - mbedtls <unfixed> (bug #890288)
        - polarssl <removed>
        NOTE: 
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
@@ -22429,8 +22506,7 @@ CVE-2017-15711
        REJECTED
 CVE-2017-15710
        RESERVED
-CVE-2017-15709 [Information Leak]
-       RESERVED
+CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 
to 5.15.2 ...)
        - activemq <unfixed> (bug #890352)
        [stretch] - activemq <no-dsa> (Minor issue)
        [jessie] - activemq <not-affected> (Issue introduced with OpenWire 
protocol support)
@@ -35343,7 +35419,7 @@ CVE-2017-11424 (In PyJWT 1.5.0 and below the 
`invalid_strings` check in ...)
        - pyjwt 1.4.2-1.1 (bug #873244)
        NOTE: https://github.com/jpadilla/pyjwt/pull/277
 CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 
0.5alpha, ...)
-       {DSA-3946-1}
+       {DSA-3946-1 DLA-1279-1}
        - libmspack 0.6-1 (bug #868956)
        - clamav 0.99.3~beta1+dfsg-1 (unimportant)
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public)
@@ -37879,22 +37955,22 @@ CVE-2017-9972
        RESERVED
 CVE-2017-9971
        RESERVED
-CVE-2017-9970
-       RESERVED
-CVE-2017-9969
-       RESERVED
-CVE-2017-9968
-       RESERVED
-CVE-2017-9967
-       RESERVED
-CVE-2017-9966 (An Improper Access Control issue was discovered in Schneider 
Electric ...)
+CVE-2017-9970 (A remote code execution vulnerability exists in Schneider 
Electric's ...)
+       TODO: check
+CVE-2017-9969 (An information disclosure vulnerability exists in Schneider 
Electric's ...)
+       TODO: check
+CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider 
...)
+       TODO: check
+CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider 
...)
+       TODO: check
+CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider 
Electric's ...)
        NOT-FOR-US: Schneider Electric
-CVE-2017-9965 (A Path Traversal issue was discovered in Schneider Electric 
Pelco ...)
+CVE-2017-9965 (An exposure of sensitive information vulnerability exists in 
Schneider ...)
        NOT-FOR-US: Schneider Electric
 CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric 
Pelco ...)
        NOT-FOR-US: Schneider Electric
-CVE-2017-9963
-       RESERVED
+CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure 
...)
+       TODO: check
 CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to 
August 2017 ...)
        NOT-FOR-US: Schneider Electric
 CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro 
EX ...)
@@ -51083,7 +51159,7 @@ CVE-2017-6420 (The wwunpack function in 
libclamav/wwunpack.c in ClamAV 0.99.2 al
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/60671e3deb1df6c626e5c7e13752c2eec1649f98
 CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, 
allows ...)
-       {DSA-3946-1}
+       {DSA-3946-1 DLA-1279-1}
        - libmspack 0.6-1 (bug #871263)
        - clamav 0.99.3~beta1+dfsg-1 (unimportant)
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11701
@@ -64796,8 +64872,8 @@ CVE-2017-1722
        RESERVED
 CVE-2017-1721
        RESERVED
-CVE-2017-1720
-       RESERVED
+CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute 
...)
+       TODO: check
 CVE-2017-1719
        RESERVED
 CVE-2017-1718
@@ -64808,14 +64884,14 @@ CVE-2017-1716 (IBM Tivoli Workload Scheduler 8.6.0, 
9.1.0, and 9.2.0 could discl
        NOT-FOR-US: IBM Tivoli Workload Scheduler
 CVE-2017-1715
        RESERVED
-CVE-2017-1714
-       RESERVED
+CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an 
authenticated ...)
+       TODO: check
 CVE-2017-1713
        RESERVED
 CVE-2017-1712
        RESERVED
-CVE-2017-1711
-       RESERVED
+CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running 
...)
+       TODO: check
 CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize 
V7000 ...)
        NOT-FOR-US: IBM
 CVE-2017-1709



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/46ee12e8e7b2c548d20057d84be760ec3886b45f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/46ee12e8e7b2c548d20057d84be760ec3886b45f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to