Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0264902c by security tracker role at 2018-03-01T09:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,31 @@ +CVE-2018-7579 + RESERVED +CVE-2018-7578 + RESERVED +CVE-2018-7577 + RESERVED +CVE-2018-7576 + RESERVED +CVE-2018-7575 + RESERVED +CVE-2018-7574 + RESERVED +CVE-2018-7573 + RESERVED +CVE-2018-7572 + RESERVED +CVE-2018-7571 + RESERVED +CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in elf.c in ...) + TODO: check +CVE-2018-7569 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + TODO: check +CVE-2018-7568 (The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) ...) + TODO: check +CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kernel ...) + TODO: check +CVE-2017-18207 (The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through ...) + TODO: check CVE-2018-1000103 - jenkins <removed> CVE-2018-1000102 @@ -1827,8 +1855,8 @@ CVE-2018-6949 RESERVED CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a ...) NOT-FOR-US: CCN-lite 2 -CVE-2018-6947 - RESERVED +CVE-2018-6947 (An uninitialised stack variable in the nxfuse component that is part ...) + TODO: check CVE-2018-6946 RESERVED CVE-2018-6945 @@ -2563,8 +2591,8 @@ CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an NOT-FOR-US: PHP Scripts Mall Doctor Search Script CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...) NOT-FOR-US: Grammarly extension for Chrome -CVE-2018-6653 - RESERVED +CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used on ...) + TODO: check CVE-2018-6652 RESERVED CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as ...) @@ -3645,7 +3673,7 @@ CVE-2018-6358 (The printDefineFont2 function (util/listfdb.c) in libming through NOTE: https://github.com/libming/libming/issues/104 CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the ...) NOT-FOR-US: acurax-social-media-widget plugin for WordPress -CVE-2018-6356 (An issue was discovered in the Extended Choice Parameter (aka ...) +CVE-2018-6356 (Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly ...) - jenkins <removed> CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 ...) NOT-FOR-US: iBall 300M devices @@ -19453,7 +19481,7 @@ CVE-2018-0491 CVE-2018-0490 RESERVED CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service ...) - {DSA-4126-1} + {DSA-4126-1 DLA-1296-1} - xmltooling 1.6.4-1 NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128 @@ -112072,8 +112100,8 @@ CVE-2015-5082 (Endian Firewall before 3.0 allows remote attackers to execute ... NOT-FOR-US: Endian Firewall CVE-2015-5080 (The Management Interface in Citrix NetScaler Application Delivery ...) NOT-FOR-US: Citrix -CVE-2015-5079 - RESERVED +CVE-2015-5079 (Directory traversal vulnerability in widgets/logs.php in BlackCat CMS ...) + TODO: check CVE-2015-5078 (SQL injection vulnerability in the insert function in ...) - limesurvey <itp> (bug #472802) CVE-2015-5077 @@ -114659,8 +114687,8 @@ CVE-2015-4119 (Multiple cross-site request forgery (CSRF) vulnerabilities in ... NOT-FOR-US: ISPConfig CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig ...) NOT-FOR-US: ISPConfig -CVE-2015-4117 - RESERVED +CVE-2015-4117 (Vesta Control Panel before 0.9.8-14 allows remote authenticated users ...) + TODO: check CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert function in ...) - php5 5.6.11+dfsg-1 (unimportant) [jessie] - php5 5.6.12+dfsg-0+deb8u1 @@ -115328,8 +115356,8 @@ CVE-2015-3900 (RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x befor NOTE: http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html CVE-2015-3899 RESERVED -CVE-2015-3898 - RESERVED +CVE-2015-3898 (Multiple open redirect vulnerabilities in Bonita BPM Portal before ...) + TODO: check CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 ...) NOT-FOR-US: Bonita BPM Portal CVE-2015-3896 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0264902c25b424715343e795e07922c525589b47 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0264902c25b424715343e795e07922c525589b47 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits