[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 23 Feb 2018 13:11:01 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
642a20f1 by security tracker role at 2018-02-23T21:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,33 @@
+CVE-2018-7443
+       RESERVED
+CVE-2018-7434
+       RESERVED
+CVE-2018-7433
+       RESERVED
+CVE-2018-7432
+       RESERVED
+CVE-2018-7431
+       RESERVED
+CVE-2018-7430
+       RESERVED
+CVE-2018-7429
+       RESERVED
+CVE-2018-7428
+       RESERVED
+CVE-2018-7427
+       RESERVED
+CVE-2018-7426
+       RESERVED
+CVE-2018-7425
+       RESERVED
+CVE-2018-7424
+       RESERVED
+CVE-2018-7423
+       RESERVED
+CVE-2017-18195
+       RESERVED
+CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL 
Certificate ...)
+       TODO: check
 CVE-2018-7422
        RESERVED
 CVE-2018-7421
@@ -13,18 +43,23 @@ CVE-2018-7417
 CVE-2018-7416
        RESERVED
 CVE-2018-7439 [heap-buffer-overflow in freexl.c:3912 
read_mini_biff_next_record]
+       RESERVED
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892
 CVE-2018-7438 [heap-buffer-overflow in freexl.c:383 parse_unicode_string]
+       RESERVED
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889
 CVE-2018-7437 [heap-buffer-overflow in freexl.c:1866 parse_SST]
+       RESERVED
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885
 CVE-2018-7436 [heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST]
+       RESERVED
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883
 CVE-2018-7435 [heap-buffer-overflow in freexl::destroy_cell]
+       RESERVED
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879
 CVE-2018-7415
@@ -179,8 +214,8 @@ CVE-2018-7341
        RESERVED
 CVE-2018-7340
        RESERVED
-CVE-2018-7339
-       RESERVED
+CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 
mishandles ...)
+       TODO: check
 CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the 
&quot;signup&quot; ...)
        NOT-FOR-US: HamayeshNegar CMS
 CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 
mishandles ...)
@@ -1491,12 +1526,12 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an 
uncontrolled memory allocation an
        [stretch] - zziplib <no-dsa> (Minor issue)
        [jessie] - zziplib <no-dsa> (Minor issue)
        NOTE: https://github.com/gdraheim/zziplib/issues/22
-CVE-2018-6868
-       RESERVED
-CVE-2018-6867
-       RESERVED
-CVE-2018-6866
-       RESERVED
+CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall 
Slickdeals / ...)
+       TODO: check
+CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba 
Clone ...)
+       TODO: check
+CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning 
and ...)
+       TODO: check
 CVE-2018-6865
        RESERVED
 CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi 
religion ...)
@@ -1509,8 +1544,8 @@ CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP 
Scripts Mall Lawyer Sear
        NOT-FOR-US: PHP Scripts Mall Lawyer Search Script
 CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP 
Scripts ...)
        NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
-CVE-2018-6859
-       RESERVED
+CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert 
Management ...)
+       TODO: check
 CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook 
Clone ...)
        NOT-FOR-US: PHP Scripts Mall Facebook Clone Script
 CVE-2018-6857
@@ -1743,8 +1778,7 @@ CVE-2018-6767 (A stack-based buffer over-read in the 
ParseRiffHeaderConfig funct
        [wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 
4.80.0)
        NOTE: https://github.com/dbry/WavPack/issues/27
        NOTE: 
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
-CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by 
libvirt_lxc before init]
-       RESERVED
+CVE-2018-6764 (util/virlog.c in libvirt does not properly determine the 
hostname on ...)
        - libvirt 4.0.0-2 (bug #889839)
        [stretch] - libvirt <no-dsa> (Minor issue)
        [jessie] - libvirt <no-dsa> (Minor issue)
@@ -9030,14 +9064,17 @@ CVE-2018-3838
 CVE-2018-3837
        RESERVED
 CVE-2018-7442 [path traversal or file overwrite]
+       RESERVED
        - leptonlib <unfixed>
        NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html
 CVE-2018-7441 [insecure use of /tmp]
+       RESERVED
        - leptonlib <unfixed>
        NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html
 CVE-2017-18196
        - leptonlib 1.74.4-2 (bug #885704)
 CVE-2018-7440 [command injection via $(command)]
+       RESERVED
        - leptonlib <unfixed>
        NOTE: 
https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
        NOTE: 
https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
@@ -18781,12 +18818,12 @@ CVE-2018-0522
        RESERVED
 CVE-2018-0521
        RESERVED
-CVE-2018-0520
-       RESERVED
-CVE-2018-0519
-       RESERVED
-CVE-2018-0518
-       RESERVED
+CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W 
firmware ...)
+       TODO: check
+CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware 
FS010W_00_V1.3.0 ...)
+       TODO: check
+CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 
certificates ...)
+       TODO: check
 CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for 
Windows ...)
        NOT-FOR-US: Anshin net security for Windows
 CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address 
...)
@@ -20029,7 +20066,7 @@ CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS 
via the Name field durin
        - php-horde <undetermined>
        NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
        TODO: check
-CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in 
a Create ...)
+CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the 
Color field ...)
        - php-horde <undetermined>
        NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
        TODO: check
@@ -48946,7 +48983,7 @@ CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel 
before 4.6.2, when ext4 ...)
        [jessie] - linux 3.16.39-1
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824
-CVE-2017-7494 (Samba since version 3.5.0 is vulnerable to remote code 
execution ...)
+CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 
is ...)
        {DSA-3860-1 DLA-951-1}
        - samba 2:4.5.8+dfsg-2
        NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html
@@ -143359,10 +143396,10 @@ CVE-2014-3210 (SQL injection vulnerability in 
dopbs-backend-forms.php in the Boo
        NOT-FOR-US: WordPress plugin Booking System
 CVE-2014-3208
        RESERVED
-CVE-2014-3206
-       RESERVED
-CVE-2014-3205
-       RESERVED
+CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute 
arbitrary ...)
+       TODO: check
+CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS 
contains a ...)
+       TODO: check
 CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly 
handle ...)
        NOT-FOR-US: Unity
 CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly 
...)
@@ -166248,7 +166285,7 @@ CVE-2013-1937 (Multiple cross-site scripting (XSS) 
vulnerabilities in ...)
        NOTE: http://seclists.org/fulldisclosure/2013/Apr/100
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a
 CVE-2013-1936
-       RESERVED
+       REJECTED
 CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel 
package ...)
        - linux <not-affected> (RHEL-specific backport regression)
        - linux-2.6 <not-affected> (RHEL-specific backport regression)
@@ -260998,7 +261035,7 @@ CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 
1.30, and RegistryCooker.pm 
        [etch] - libapache2-mod-perl2 <no-dsa> (Minor issue)
        [etch] - apache 1.3.34-4.1+etch1
 CVE-2007-1348
-       RESERVED
+       REJECTED
 CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 
FR, and ...)
        NOT-FOR-US: Microsoft Windows Explorer
 CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and 
X2200M2 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/642a20f183e76f797f329371173b1662169482ac

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/642a20f183e76f797f329371173b1662169482ac
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to