[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 01 Mar 2018 01:11:33 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0264902c by security tracker role at 2018-03-01T09:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-7579
+       RESERVED
+CVE-2018-7578
+       RESERVED
+CVE-2018-7577
+       RESERVED
+CVE-2018-7576
+       RESERVED
+CVE-2018-7575
+       RESERVED
+CVE-2018-7574
+       RESERVED
+CVE-2018-7573
+       RESERVED
+CVE-2018-7572
+       RESERVED
+CVE-2018-7571
+       RESERVED
+CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in 
elf.c in ...)
+       TODO: check
+CVE-2018-7569 (dwarf2.c in the Binary File Descriptor (BFD) library (aka 
libbfd), as ...)
+       TODO: check
+CVE-2018-7568 (The parse_die function in dwarf1.c in the Binary File 
Descriptor (BFD) ...)
+       TODO: check
+CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux 
kernel ...)
+       TODO: check
+CVE-2017-18207 (The Wave_read._read_fmt_chunk function in Lib/wave.py in 
Python through ...)
+       TODO: check
 CVE-2018-1000103
        - jenkins <removed>
 CVE-2018-1000102
@@ -1827,8 +1855,8 @@ CVE-2018-6949
        RESERVED
 CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can 
cause a ...)
        NOT-FOR-US: CCN-lite 2
-CVE-2018-6947
-       RESERVED
+CVE-2018-6947 (An uninitialised stack variable in the nxfuse component that is 
part ...)
+       TODO: check
 CVE-2018-6946
        RESERVED
 CVE-2018-6945
@@ -2563,8 +2591,8 @@ CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 
1.0.2 has Stored XSS via an
        NOT-FOR-US: PHP Scripts Mall Doctor Search Script
 CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows 
remote ...)
        NOT-FOR-US: Grammarly extension for Chrome
-CVE-2018-6653
-       RESERVED
+CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as 
used on ...)
+       TODO: check
 CVE-2018-6652
        RESERVED
 CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 
0.07, as ...)
@@ -3645,7 +3673,7 @@ CVE-2018-6358 (The printDefineFont2 function 
(util/listfdb.c) in libming through
        NOTE: https://github.com/libming/libming/issues/104
 CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the 
...)
        NOT-FOR-US: acurax-social-media-widget plugin for WordPress
-CVE-2018-6356 (An issue was discovered in the Extended Choice Parameter (aka 
...)
+CVE-2018-6356 (Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not 
properly ...)
        - jenkins <removed>
 CVE-2018-6355 (/goform/setLang on iBall 300M devices with 
&quot;iB-WRB302N_1.0.1-Sep 8 ...)
        NOT-FOR-US: iBall 300M devices
@@ -19453,7 +19481,7 @@ CVE-2018-0491
 CVE-2018-0490
        RESERVED
 CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth 
Service ...)
-       {DSA-4126-1}
+       {DSA-4126-1 DLA-1296-1}
        - xmltooling 1.6.4-1
        NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt
        NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128
@@ -112072,8 +112100,8 @@ CVE-2015-5082 (Endian Firewall before 3.0 allows 
remote attackers to execute ...
        NOT-FOR-US: Endian Firewall
 CVE-2015-5080 (The Management Interface in Citrix NetScaler Application 
Delivery ...)
        NOT-FOR-US: Citrix
-CVE-2015-5079
-       RESERVED
+CVE-2015-5079 (Directory traversal vulnerability in widgets/logs.php in 
BlackCat CMS ...)
+       TODO: check
 CVE-2015-5078 (SQL injection vulnerability in the insert function in ...)
        - limesurvey <itp> (bug #472802)
 CVE-2015-5077
@@ -114659,8 +114687,8 @@ CVE-2015-4119 (Multiple cross-site request forgery 
(CSRF) vulnerabilities in ...
        NOT-FOR-US: ISPConfig
 CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in 
ISPConfig ...)
        NOT-FOR-US: ISPConfig
-CVE-2015-4117
-       RESERVED
+CVE-2015-4117 (Vesta Control Panel before 0.9.8-14 allows remote authenticated 
users ...)
+       TODO: check
 CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert 
function in ...)
        - php5 5.6.11+dfsg-1 (unimportant)
        [jessie] - php5 5.6.12+dfsg-0+deb8u1
@@ -115328,8 +115356,8 @@ CVE-2015-3900 (RubyGems 2.0.x before 2.0.16, 2.2.x 
before 2.2.4, and 2.4.x befor
        NOTE: http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
 CVE-2015-3899
        RESERVED
-CVE-2015-3898
-       RESERVED
+CVE-2015-3898 (Multiple open redirect vulnerabilities in Bonita BPM Portal 
before ...)
+       TODO: check
 CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before 
6.5.3 ...)
        NOT-FOR-US: Bonita BPM Portal
 CVE-2015-3896



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0264902c25b424715343e795e07922c525589b47

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0264902c25b424715343e795e07922c525589b47
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to