Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fc23b103 by security tracker role at 2018-03-02T09:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,107 @@
+CVE-2018-7636
+       RESERVED
+CVE-2018-7635
+       RESERVED
+CVE-2018-7634 (An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF 
attack ...)
+       TODO: check
+CVE-2018-7633
+       RESERVED
+CVE-2018-7632
+       RESERVED
+CVE-2018-7631
+       RESERVED
+CVE-2018-7630
+       RESERVED
+CVE-2018-7629
+       RESERVED
+CVE-2018-7628
+       RESERVED
+CVE-2018-7627
+       RESERVED
+CVE-2018-7626
+       RESERVED
+CVE-2018-7625
+       RESERVED
+CVE-2018-7624
+       RESERVED
+CVE-2018-7623
+       RESERVED
+CVE-2018-7622
+       RESERVED
+CVE-2018-7621
+       RESERVED
+CVE-2018-7620
+       RESERVED
+CVE-2018-7619
+       RESERVED
+CVE-2018-7618
+       RESERVED
+CVE-2018-7617
+       RESERVED
+CVE-2018-7616
+       RESERVED
+CVE-2018-7615
+       RESERVED
+CVE-2018-7614
+       RESERVED
+CVE-2018-7613
+       RESERVED
+CVE-2018-7612
+       RESERVED
+CVE-2018-7611
+       RESERVED
+CVE-2018-7610
+       RESERVED
+CVE-2018-7609
+       RESERVED
+CVE-2018-7608
+       RESERVED
+CVE-2018-7607
+       RESERVED
+CVE-2018-7606
+       RESERVED
+CVE-2018-7605
+       RESERVED
+CVE-2018-7604
+       RESERVED
+CVE-2018-7603
+       RESERVED
+CVE-2018-7602
+       RESERVED
+CVE-2018-7601
+       RESERVED
+CVE-2018-7600
+       RESERVED
+CVE-2018-7599
+       RESERVED
+CVE-2018-7598
+       RESERVED
+CVE-2018-7597
+       RESERVED
+CVE-2018-7596
+       RESERVED
+CVE-2018-7595
+       RESERVED
+CVE-2018-7594
+       RESERVED
+CVE-2018-7593
+       RESERVED
+CVE-2018-7592
+       RESERVED
+CVE-2018-7591
+       RESERVED
+CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting 
in ...)
+       TODO: check
+CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in 
load_bmp in ...)
+       TODO: check
+CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read in ...)
+       TODO: check
+CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading 
a ...)
+       TODO: check
+CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, 
gallery ...)
+       TODO: check
+CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a 
heap-based ...)
+       TODO: check
 CVE-2018-7585
        RESERVED
 CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 
7.1.14, and ...)
@@ -72,7 +176,7 @@ CVE-2017-18208 (The madvise_willneed function in 
mm/madvise.c in the Linux kerne
        - linux 4.14.7-1
        [stretch] - linux 4.9.80-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
-CVE-2017-18207 (The Wave_read._read_fmt_chunk function in Lib/wave.py in 
Python through ...)
+CVE-2017-18207 (** DISPUTED ** The Wave_read._read_fmt_chunk function in 
Lib/wave.py ...)
        TODO: check
 CVE-2018-1000103
        - jenkins <removed>
@@ -722,23 +826,19 @@ CVE-2017-18194 (SQL injection vulnerability in 
users/signup.php in the &quot;sig
 CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 
mishandles ...)
        - linux 4.13.4-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
-CVE-2017-6932 [SA-CORE-2018-001: External link injection on 404 pages when 
linking to the current page]
-       RESERVED
+CVE-2017-6932 (Drupal core 7.x versions before 7.57 has an external link 
injection ...)
        {DSA-4123-1 DLA-1295-1}
        - drupal7 7.57-1 (bug #891154)
        NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6929 [SA-CORE-2018-001: jQuery vulnerability with untrusted domains]
-       RESERVED
+CVE-2017-6929 (A jQuery cross site scripting vulnerability is present when 
making ...)
        {DSA-4123-1 DLA-1295-1}
        - drupal7 7.57-1 (bug #891153)
        NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6928 [SA-CORE-2018-001: Private file access bypass]
-       RESERVED
+CVE-2017-6928 (Drupal core 7.x versions before 7.57 when using Drupal's 
private file ...)
        {DSA-4123-1 DLA-1295-1}
        - drupal7 7.57-1 (bug #891152)
        NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6927 [SA-CORE-2018-001: JavaScript cross-site scripting prevention is 
incomplete]
-       RESERVED
+CVE-2017-6927 (Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions 
before 7.57 ...)
        {DSA-4123-1 DLA-1295-1}
        - drupal8 <itp> (bug #756305)
        - drupal7 7.57-1 (bug #891150)
@@ -3074,12 +3174,12 @@ CVE-2018-6551 (The malloc implementation in the GNU C 
Library (aka glibc or libc
 CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in ...)
        NOT-FOR-US: Monstra CMS
 CVE-2017-18122 (A signature-validation bypass issue was discovered in 
SimpleSAMLphp ...)
-       {DLA-1273-1}
+       {DSA-4127-1 DLA-1273-1}
        - simplesamlphp 1.15.0-1 (bug #889286)
        NOTE: https://simplesamlphp.org/security/201710-01
        NOTE: 
https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca
 (v1.14.17)
 CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is 
vulnerable ...)
-       {DLA-1273-1}
+       {DSA-4127-1 DLA-1273-1}
        - simplesamlphp 1.15.0-1 (bug #889286)
        NOTE: https://simplesamlphp.org/security/201709-01
        NOTE: 
https://github.com/simplesamlphp/simplesamlphp/commit/34e1bdb7660c0c9b627f8e5f0ca224a6afe641a8
 (v1.14.16)
@@ -3190,7 +3290,7 @@ CVE-2017-18120 (A double-free bug in the read_gif 
function in gifread.c in gifsi
        NOTE: https://github.com/kohler/gifsicle/issues/117
        NOTE: 
https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909
 CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the 
MySQL ...)
-       {DLA-1273-1}
+       {DSA-4127-1 DLA-1273-1}
        - simplesamlphp 1.15.2-1
        NOTE: https://simplesamlphp.org/security/201801-03
 CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass 
an open ...)
@@ -3200,6 +3300,7 @@ CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote 
attackers to bypass an 
        [wheezy] - simplesamlphp <not-affected> (Vulnerable code introduced in 
1.12)
        NOTE: https://simplesamlphp.org/security/201801-02
 CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x 
before 3.1.1 ...)
+       {DSA-4127-1}
        - simplesamlphp 1.15.2-1
        [wheezy] - simplesamlphp <ignored> (Minor issue)
        NOTE: https://simplesamlphp.org/security/201801-01
@@ -3271,8 +3372,8 @@ CVE-2018-6492
        RESERVED
 CVE-2018-6491
        RESERVED
-CVE-2018-6490
-       RESERVED
+CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
+       TODO: check
 CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project 
and ...)
        NOT-FOR-US: Micro Focus Project and Portfolio Management Center
 CVE-2018-6488 (Arbitrary Code Execution vulnerability in Micro Focus Universal 
CMDB, ...)
@@ -17223,10 +17324,10 @@ CVE-2018-1172
        RESERVED
 CVE-2018-1171
        RESERVED
-CVE-2018-1170
-       RESERVED
-CVE-2018-1169
-       RESERVED
+CVE-2018-1170 (This vulnerability allows adjacent attackers to inject 
arbitrary ...)
+       TODO: check
+CVE-2018-1169 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
+       TODO: check
 CVE-2018-1168 (This vulnerability allows local attackers to escalate 
privileges on ...)
        NOT-FOR-US: ABB MicroSCADA
 CVE-2018-1167
@@ -17539,12 +17640,10 @@ CVE-2018-1068
        RESERVED
 CVE-2018-1067
        RESERVED
-CVE-2018-1066 [cifs: empty TargetInfo leads to crash on recovery]
-       RESERVED
+CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL 
pointer ...)
        - linux 4.11.6-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/cabfb3680f78981d26c078a26e5c748531257ebb
-CVE-2018-1065 [netfilter: xtables NULL pointer dereference in 
ip6_tables.c:ip6t_do_table() leading to a crash]
-       RESERVED
+CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 
mishandles ...)
        - linux <unfixed>
        NOTE: Fixed by: 
https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
 CVE-2018-1064
@@ -26242,8 +26341,7 @@ CVE-2017-15136 (When registering and activating a new 
system with Red Hat Satell
        NOT-FOR-US: Red Hat Satellite 6
 CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and 
including ...)
        - 389-ds-base 1.3.7.9-1 (bug #888451)
-CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in 
slapd/util.c]
-       RESERVED
+CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 
1.3.6.x ...)
        - 389-ds-base 1.3.7.9-1 (bug #888452)
 CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. 
A remote ...)
        - golang-github-miekg-dns 0.0~git20170501.0.f282f80-3 (bug #888777)
@@ -33393,14 +33491,14 @@ CVE-2017-12856 (Cross-site scripting (XSS) 
vulnerability in C.P.Sub 5.2 allows r
 CVE-2017-12854
        RESERVED
 CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to 
spoof ...)
-       {DLA-1205-1}
+       {DSA-4127-1 DLA-1205-1}
        - simplesamlphp 1.14.11-1
        NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and 
fixed
        NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
        NOTE: https://simplesamlphp.org/security/201612-03
        NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
 CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to 
obtain ...)
-       {DLA-1205-1}
+       {DSA-4127-1 DLA-1205-1}
        - simplesamlphp 1.14.10-1
        NOTE: https://simplesamlphp.org/security/201612-04
        NOTE: Patches: 
https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa
@@ -33422,7 +33520,7 @@ CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make 
it easier for man-in-the-
        [wheezy] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS 
usage, hard to backport)
        NOTE: https://simplesamlphp.org/security/201704-01
 CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier 
allows ...)
-       {DLA-1205-1}
+       {DSA-4127-1 DLA-1205-1}
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201704-02
        NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a
@@ -33432,7 +33530,7 @@ CVE-2017-12868 (The secureCompare method in 
lib/SimpleSAML/Utils/Crypto.php in .
        NOTE: https://simplesamlphp.org/security/201705-01
        NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
 CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 
1.14.14 ...)
-       {DLA-1205-1}
+       {DSA-4127-1 DLA-1205-1}
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201708-01
        NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
@@ -51661,16 +51759,13 @@ CVE-2017-6934
        RESERVED
 CVE-2017-6933
        RESERVED
-CVE-2017-6931 [Settings Tray access bypass]
-       RESERVED
+CVE-2017-6931 (In Drupal versions 8.4.x versions before 8.4.5 the Settings 
Tray ...)
        - drupal8 <itp> (bug #756305)
        NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6930 [Language fallback can be incorrect on multilingual sites with 
node access restrictions]
-       RESERVED
+CVE-2017-6930 (In Drupal versions 8.4.x versions before 8.4.5 when using node 
access ...)
        - drupal8 <itp> (bug #756305)
        NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6926 [Comment reply form allows access to restricted content]
-       RESERVED
+CVE-2017-6926 (In Drupal versions 8.4.x versions before 8.4.5 users with 
permission ...)
        - drupal8 <itp> (bug #756305)
        NOTE: https://www.drupal.org/sa-core-2018-001
 CVE-2017-6925 [Entity access bypass for entities that do not have UUIDs or 
have protected revisions - Access Bypass]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc23b103cd9a32264b29ea4c16d831116044df8e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc23b103cd9a32264b29ea4c16d831116044df8e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to