Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c52b872 by security tracker role at 2018-02-28T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-7567
+       RESERVED
+CVE-2018-7566
+       RESERVED
+CVE-2018-7565
+       RESERVED
+CVE-2018-7564
+       RESERVED
+CVE-2018-7563
+       RESERVED
+CVE-2018-7562
+       RESERVED
+CVE-2018-7561
+       RESERVED
+CVE-2018-7560
+       RESERVED
+CVE-2018-7559
+       RESERVED
 CVE-2018-7558
        RESERVED
 CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg 
through ...)
@@ -266,8 +284,8 @@ CVE-2018-7470 (An issue was discovered in ImageMagick 
7.0.7-22 Q16. The ...)
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/8130e12eb30685ef958f4e62fe624da393920be7
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/7305dacfcdf5e51c4f8d0ba9f77fa97792f8acf7
        NOTE: webp support not enabled, see #806425
-CVE-2018-7469
-       RESERVED
+CVE-2018-7469 (PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS 
via the ...)
+       TODO: check
 CVE-2018-7468
        RESERVED
 CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial 
/css//..%2f ...)
@@ -595,22 +613,22 @@ CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux 
kernel before 4.13 mishandle
        NOTE: Fixed by: 
https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
 CVE-2017-6932 [SA-CORE-2018-001: External link injection on 404 pages when 
linking to the current page]
        RESERVED
-       {DSA-4123-1}
+       {DSA-4123-1 DLA-1295-1}
        - drupal7 7.57-1 (bug #891154)
        NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6929 [SA-CORE-2018-001: jQuery vulnerability with untrusted domains]
        RESERVED
-       {DSA-4123-1}
+       {DSA-4123-1 DLA-1295-1}
        - drupal7 7.57-1 (bug #891153)
        NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6928 [SA-CORE-2018-001: Private file access bypass]
        RESERVED
-       {DSA-4123-1}
+       {DSA-4123-1 DLA-1295-1}
        - drupal7 7.57-1 (bug #891152)
        NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6927 [SA-CORE-2018-001: JavaScript cross-site scripting prevention is 
incomplete]
        RESERVED
-       {DSA-4123-1}
+       {DSA-4123-1 DLA-1295-1}
        - drupal8 <itp> (bug #756305)
        - drupal7 7.57-1 (bug #891150)
        NOTE: https://www.drupal.org/sa-core-2018-001
@@ -981,8 +999,8 @@ CVE-2018-7266
        RESERVED
 CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file 
that ...)
        NOT-FOR-US: Shimmie
-CVE-2018-7264
-       RESERVED
+CVE-2018-7264 (The Pictview image processing library embedded in the ActivePDF 
...)
+       TODO: check
 CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b 
...)
        - libid3tag 0.15.1b-5 (bug #304913)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
@@ -16625,8 +16643,7 @@ CVE-2018-1305 (Security constraints defined by 
annotations of Servlets in Apache
        NOTE: https://svn.apache.org/r1824359 (8.0.x)
        NOTE: https://svn.apache.org/r1823322 (7.0.x)
        NOTE: https://svn.apache.org/r1824360 (7.0.x)
-CVE-2018-1304 [Security constraints mapped to context root are ignored]
-       RESERVED
+CVE-2018-1304 (The URL pattern of &quot;&quot; (the empty string) which 
exactly maps to the ...)
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.28-1
        - tomcat8.0 <unfixed> (unimportant)
@@ -16682,8 +16699,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using 
Distributed Test only (R
        - jakarta-jmeter <unfixed>
        NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
        NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
-CVE-2018-1286
-       RESERVED
+CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on 
privileged ...)
        NOT-FOR-US: Apache OpenMeetings
 CVE-2018-1285
        RESERVED
@@ -19411,14 +19427,14 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 
2.1.10, and before 2.7.0, when
        - polarssl <removed>
        [wheezy] - polarssl <not-affected> (according to the upstream advisory 
< 1.2.19 not affected)
        NOTE: 
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
-        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
-        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
+       NOTE: 
https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
+       NOTE: 
https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
 CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 
allows ...)
        - mbedtls 2.7.0-2 (bug #890288)
        - polarssl <removed>
        [wheezy] - polarssl <not-affected> (according to the upstream advisory 
< 1.3.7 not affected)
        NOTE: 
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
-        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
+       NOTE: 
https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth 
Service ...)
        {DSA-4085-1 DLA-1242-1}
        - xmltooling 1.6.3-1
@@ -33583,7 +33599,7 @@ CVE-2017-12743
        RESERVED
 CVE-2017-12742
        RESERVED
-CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart, 
SIMATIC ...)
+CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart 
(All ...)
        NOT-FOR-US: Siemens
 CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks 
integrity ...)
        NOT-FOR-US: Siemens
@@ -35068,8 +35084,7 @@ CVE-2017-12192 (The keyctl_read_key function in 
security/keys/keyctl.c in the Ke
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/37863c43b2c6464f252862bf2e9768264e961678 (4.14-rc3)
        NOTE: Introduced by: 
https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1)
-CVE-2017-12191
-       RESERVED
+CVE-2017-12191 (A flaw was found in the CloudForms account configuration when 
using ...)
        NOT-FOR-US: Red Hat CloudForms
 CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in 
block/bio.c in the ...)
        {DLA-1200-1}
@@ -43034,8 +43049,8 @@ CVE-2017-9461 (smbd in Samba before 4.4.10 and 4.5.x 
before 4.5.6 has a denial o
        [wheezy] - samba <no-dsa> (Minor, non reproducible issue)
        NOTE: 
https://git.samba.org/?p=samba.git;a=commitdiff;h=10c3e3923022485c720f322ca4f0aca5d7501310
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12572
-CVE-2017-9447
-       RESERVED
+CVE-2017-9447 (In the web interface of Parallels Remote Application Server 
(RAS) 15.5 ...)
+       TODO: check
 CVE-2017-9446
        RESERVED
 CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new 
in ...)
@@ -64496,9 +64511,9 @@ CVE-2017-2683 (A non-privileged user of the Siemens web 
application RUGGEDCOM NM
        NOT-FOR-US: Siemens
 CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS &lt; V1.2 on port 
8080/TCP and ...)
        NOT-FOR-US: Siemens
-CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std, 
SIMATIC ...)
+CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std 
(All ...)
        NOT-FOR-US: Siemens
-CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std, 
SIMATIC ...)
+CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std 
(All ...)
        NOT-FOR-US: Siemens
 CVE-2017-2679
        RESERVED
@@ -101541,24 +101556,24 @@ CVE-2016-0301 (Heap-based buffer overflow in the 
KeyView PDF filter in IBM Domin
        NOT-FOR-US: IBM
 CVE-2016-0300 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 
...)
        NOT-FOR-US: IBM TRIRIGA Application Platform
-CVE-2016-0299
-       RESERVED
+CVE-2016-0299 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 
...)
+       TODO: check
 CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium 
Database ...)
        NOT-FOR-US: IBM
 CVE-2016-0297 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) 
could ...)
        NOT-FOR-US: IBM
 CVE-2016-0296 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) 
stores ...)
        NOT-FOR-US: IBM
-CVE-2016-0295
-       RESERVED
+CVE-2016-0295 (Cross-site request forgery (CSRF) vulnerability in the IBM 
BigFix ...)
+       TODO: check
 CVE-2016-0294
        RESERVED
 CVE-2016-0293 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 
...)
        NOT-FOR-US: IBM
 CVE-2016-0292 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint 
Manager) ...)
        NOT-FOR-US: IBM
-CVE-2016-0291
-       RESERVED
+CVE-2016-0291 (IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 
allow ...)
+       TODO: check
 CVE-2016-0290
        RESERVED
 CVE-2016-0289 (shiprec.xml in the SHIPREC application in IBM Maximo Asset 
Management ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c52b8723de450684fee13c6c4a420b7ecd77a09

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c52b8723de450684fee13c6c4a420b7ecd77a09
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to