Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d209c08b by security tracker role at 2018-03-02T21:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,29 @@
+CVE-2018-7650
+       RESERVED
+CVE-2018-7649
+       RESERVED
+CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 
2.3.0. The ...)
+       TODO: check
+CVE-2018-7647
+       RESERVED
+CVE-2018-7646
+       RESERVED
+CVE-2018-7645
+       RESERVED
+CVE-2018-7643 (The display_debug_ranges function in dwarf.c in GNU Binutils 
2.30 ...)
+       TODO: check
+CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File 
Descriptor ...)
+       TODO: check
+CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read in ...)
+       TODO: check
+CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read in ...)
+       TODO: check
+CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read in ...)
+       TODO: check
+CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read in ...)
+       TODO: check
+CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read in ...)
+       TODO: check
 CVE-2018-7636
        RESERVED
 CVE-2018-7635
@@ -313,6 +339,8 @@ CVE-2018-7540 (An issue was discovered in Xen through 
4.10.x allowing x86 PV gue
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-252.html
 CVE-2018-7644 [SSPSA 201802-01: Check for supported signature algorithms when 
casting a key]
+       RESERVED
+       {DSA-4127-1 DLA-1298-1}
        - simplesamlphp 1.15.3-1
        NOTE: https://simplesamlphp.org/security/201802-01
        NOTE: Fixed by: 
https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
@@ -458,7 +486,7 @@ CVE-2018-7484 (An issue was discovered in PureVPN through 
5.19.4.0 on Windows. T
        NOT-FOR-US: PureVPN on Windows
 CVE-2018-7483
        RESERVED
-CVE-2018-7482 (The K2 component 2.8.0 for Joomla! has Incorrect Access Control 
with ...)
+CVE-2018-7482 (** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect 
Access ...)
        NOT-FOR-US: K2 component for Joomla!
 CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 
mishandles ...)
        - linux <not-affected> (Vulnerable code not present)
@@ -592,8 +620,8 @@ CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c 
in ImageMagick 7.0.7-
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/5c0e1a31bc44829b1024ce599097f43285a05a42
 CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via 
a ...)
        NOT-FOR-US: zzcms
-CVE-2018-7433
-       RESERVED
+CVE-2018-7433 (The iThemes Security plugin before 6.9.1 for WordPress does not 
...)
+       TODO: check
 CVE-2018-7432
        RESERVED
 CVE-2018-7431
@@ -657,18 +685,23 @@ CVE-2018-7417 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 
2.4.4, the IPMI dissect
 CVE-2018-7416
        RESERVED
 CVE-2018-7439 (An issue was discovered in FreeXL before 1.0.5. There is a 
heap-based ...)
+       {DSA-4129-1 DLA-1297-1}
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892
 CVE-2018-7438 (An issue was discovered in FreeXL before 1.0.5. There is a 
heap-based ...)
+       {DSA-4129-1 DLA-1297-1}
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889
 CVE-2018-7437 (An issue was discovered in FreeXL before 1.0.5. There is a 
heap-based ...)
+       {DSA-4129-1 DLA-1297-1}
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885
 CVE-2018-7436 (An issue was discovered in FreeXL before 1.0.5. There is a 
heap-based ...)
+       {DSA-4129-1 DLA-1297-1}
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883
 CVE-2018-7435 (An issue was discovered in FreeXL before 1.0.5. There is a 
heap-based ...)
+       {DSA-4129-1 DLA-1297-1}
        - freexl 1.0.5-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879
 CVE-2018-7415
@@ -3310,7 +3343,7 @@ CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x 
before 2.3.5, and 3.x before
        {DSA-4127-1}
        - simplesamlphp 1.15.2-1
        [wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
-        NOTE: minor issue
+       NOTE: minor issue
        NOTE: https://simplesamlphp.org/security/201801-01
        NOTE: The issue lies in the simplesamlphp/saml2 part, which is
        NOTE: updated in 1.15.2 to the respective fixed version.
@@ -16099,8 +16132,8 @@ CVE-2018-1375
        RESERVED
 CVE-2018-1374
        RESERVED
-CVE-2018-1373
-       RESERVED
+CVE-2018-1373 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses 
an ...)
+       TODO: check
 CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does 
not ...)
        NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1371
@@ -17661,8 +17694,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux 
kernel through 4.15.7 mishan
        NOTE: Fixed by: 
https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
 CVE-2018-1064
        RESERVED
-CVE-2018-1063 [Relabelling of symbolic links in /tmp and /var/tmp change the 
context of their target instead]
-       RESERVED
+CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic 
link ...)
        - policycoreutils <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1550122
 CVE-2018-1062
@@ -17673,8 +17705,7 @@ CVE-2018-1060
        RESERVED
 CVE-2018-1059
        RESERVED
-CVE-2018-1058 [Security implications of using the default search_path and 
public schema]
-       RESERVED
+CVE-2018-1058 (A flaw was found in the way Postgresql allowed a user to modify 
the ...)
        - postgresql-10 10.3-1
        - postgresql-9.6 <removed>
        [stretch] - postgresql-9.6 <no-dsa> (Minor issue; documentation update 
for recommendations)
@@ -26382,8 +26413,7 @@ CVE-2017-15131 (It was found that system umask policy 
is not being honored when 
        NOTE: sessions.
        NOTE: Enforcements can be achieved e.g. by using pam_umask.
        NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=102303
-CVE-2017-15130 [TLS SNI config lookups are inefficient and can be used for DoS]
-       RESERVED
+CVE-2017-15130 (A denial of service flaw was found in dovecot before 2.2.34. 
An ...)
        - dovecot 1:2.2.34-1 (bug #891820)
        NOTE: 
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
        NOTE: 
https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391
@@ -27582,10 +27612,10 @@ CVE-2017-14804 (The build package before 20171128 did 
not check directory names 
        NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1069904
 CVE-2017-14803 (In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity 
Server ...)
        NOT-FOR-US: NetIQ Access Manager
-CVE-2017-14802
-       RESERVED
-CVE-2017-14801
-       RESERVED
+CVE-2017-14802 (Novell Access Manager Admin Console and IDP servers before 
4.3.3 have ...)
+       TODO: check
+CVE-2017-14801 (Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed 
...)
+       TODO: check
 CVE-2017-14800 (A reflected cross site scripting attack in the NetIQ Access 
Manager ...)
        TODO: check
 CVE-2017-14799 (A cross site scripting attack in handling the ESP login 
parameter ...)
@@ -28647,8 +28677,7 @@ CVE-2017-14463
        RESERVED
 CVE-2017-14462
        RESERVED
-CVE-2017-14461 [rfc822_parse_domain information leak vulnerability]
-       RESERVED
+CVE-2017-14461 (A specially crafted email delivered over SMTP and passed on to 
Dovecot ...)
        - dovecot 1:2.2.34-1 (bug #891819)
        NOTE: 
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
        NOTE: 
https://github.com/dovecot/core/commit/30dc856f7b97b75b0e0d69f5003d5d99a13249b4
@@ -44010,8 +44039,8 @@ CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress 
is vulnerable to a refle
        NOT-FOR-US: Wordpress plugin
 CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in 
an ...)
        TODO: check
-CVE-2017-9285
-       RESERVED
+CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login 
restrictions ...)
+       TODO: check
 CVE-2017-9284
        RESERVED
 CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro 
Focus ...)
@@ -44020,16 +44049,16 @@ CVE-2017-9282 (An integer overflow (CWE-190) led to 
an out-of-bounds write (CWE-
        NOT-FOR-US: Micro Focus VisiBroker
 CVE-2017-9281 (An integer overflow (CWE-190) potentially causing an 
out-of-bounds ...)
        NOT-FOR-US: Micro Focus VisiBroker
-CVE-2017-9280
-       RESERVED
-CVE-2017-9279
-       RESERVED
-CVE-2017-9278
-       RESERVED
-CVE-2017-9277
-       RESERVED
-CVE-2017-9276
-       RESERVED
+CVE-2017-9280 (Some NetIQ Identity Manager Applications before Identity 
Manager ...)
+       TODO: check
+CVE-2017-9279 (NetIQ Identity Manager before 4.5.6.1 allowed uploading files 
with ...)
+       TODO: check
+CVE-2017-9278 (The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 
sent EBS ...)
+       TODO: check
+CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when 
switched to ...)
+       TODO: check
+CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate 
...)
+       TODO: check
 CVE-2017-9275
        RESERVED
 CVE-2017-9274 (A shell command injection in the obs-service-source_validator 
before ...)
@@ -44053,8 +44082,8 @@ CVE-2017-9269 (In libzypp before August 2018 GPG keys 
attached to YUM repositori
        TODO: check
 CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and 
rebuild ...)
        TODO: check
-CVE-2017-9267
-       RESERVED
+CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not 
...)
+       TODO: check
 CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! 
allows SQL ...)
        NOT-FOR-US: Joomla addon
 CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated 
administrators ...)
@@ -49112,6 +49141,7 @@ CVE-2017-7672 (If an application allows enter an URL in 
a form field and built-i
        - libstruts1.2-java <not-affected> (Vulnerable code not present)
        NOTE: Issue is specific to Struts 2.x.
 CVE-2017-7671 (There is a DOS attack vulnerability in Apache Traffic Server 
(ATS) ...)
+       {DSA-4128-1}
        - trafficserver 7.1.2+ds-1
        NOTE: https://github.com/apache/trafficserver/pull/1941
 CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic 
Control ...)
@@ -50043,16 +50073,16 @@ CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and 
Kerio Connect Client deskt
        NOT-FOR-US: Kerio
 CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 
5.2.2P1 might ...)
        NOT-FOR-US: NetApp
-CVE-2017-7438
-       RESERVED
+CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 
allowed ...)
+       TODO: check
 CVE-2017-7437
        RESERVED
 CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned 
...)
        TODO: check
 CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM 
...)
        TODO: check
-CVE-2017-7434
-       RESERVED
+CVE-2017-7434 (In the JDBC driver of NetIQ Identity Manager before 4.6 sending 
out ...)
+       TODO: check
 CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro 
Focus Vibe ...)
        NOT-FOR-US: Micro Focus Vibe
 CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ 
iManager ...)
@@ -50061,8 +50091,8 @@ CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 
Patch 10 HF1 and NetIQ iMana
        NOT-FOR-US: Novell Novell iManager and NetIQ iManager
 CVE-2017-7430 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ 
iManager ...)
        NOT-FOR-US: Novell Novell iManager and NetIQ iManager
-CVE-2017-7429
-       RESERVED
+CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 
8.8.8 ...)
+       TODO: check
 CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the 
renegotiation of ...)
        NOT-FOR-US: NetIQ iManager
 CVE-2017-7427
@@ -50081,8 +50111,8 @@ CVE-2017-7421 (Reflected and stored Cross-Site 
Scripting (XSS, CWE-79) ...)
        NOT-FOR-US: Micro Focus
 CVE-2017-7420 (An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka 
...)
        NOT-FOR-US: Micro Focus
-CVE-2017-7419
-       RESERVED
+CVE-2017-7419 (A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 
and 4.2 ...)
+       TODO: check
 CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls 
whether the ...)
        - proftpd-dfsg 1.3.5b-4 (low; bug #859592)
        [jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2
@@ -55692,6 +55722,7 @@ CVE-2017-5661 (In Apache FOP before 2.2, files lying on 
the filesystem of the se
        NOTE: Fixed by: http://svn.apache.org/r1769967
        NOTE: Fixed by: http://svn.apache.org/r1769968 (fix for Java 6)
 CVE-2017-5660 (There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 
and ...)
+       {DSA-4128-1}
        - trafficserver 7.1.2+ds-1
        NOTE: https://github.com/apache/trafficserver/pull/1657
        NOTE: https://issues.apache.org/jira/browse/TS-4930
@@ -57637,8 +57668,8 @@ CVE-2017-5191 (An XSS vulnerability on the /NAGErrors 
URI in NetIQ Access Manage
        NOT-FOR-US: NetIQ Access Manager
 CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, 
when ...)
        NOT-FOR-US: NetIQ Access Manager
-CVE-2017-5189
-       RESERVED
+CVE-2017-5189 (NetIQ iManager before 3.0.3 delivered a SSL private key in a 
Java ...)
+       TODO: check
 CVE-2017-5188 (The bs_worker code in open build service before 20170320 
followed ...)
        TODO: check
 CVE-2017-5187 (A Cross-Site Request Forgery (CWE-352) vulnerability in 
Directory ...)
@@ -61585,6 +61616,7 @@ CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c 
in LibVNCClient in ...)
 CVE-2016-9940
        RESERVED
 CVE-2016-9955 (The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp 
before ...)
+       {DLA-1298-1}
        - simplesamlphp 1.14.11-1 (low)
        [jessie] - simplesamlphp <no-dsa> (Minor issue)
        NOTE: https://simplesamlphp.org/security/201612-02
@@ -64176,6 +64208,7 @@ CVE-2016-9815 (Xen through 4.7.x allows local ARM guest 
OS users to cause a deni
        NOTE: https://xenbits.xen.org/xsa/advisory-201.html
        NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch
 CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in 
SimpleSAMLphp ...)
+       {DLA-1298-1}
        - simplesamlphp 1.14.10-1 (low)
        [jessie] - simplesamlphp <no-dsa> (Minor issue)
        NOTE: https://simplesamlphp.org/security/201612-01
@@ -66883,8 +66916,8 @@ CVE-2017-1789
        RESERVED
 CVE-2017-1788
        RESERVED
-CVE-2017-1787
-       RESERVED
+CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed 
...)
+       TODO: check
 CVE-2017-1786
        RESERVED
 CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated 
remote ...)
@@ -67149,8 +67182,8 @@ CVE-2017-1656
        RESERVED
 CVE-2017-1655
        RESERVED
-CVE-2017-1654
-       RESERVED
+CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2,0 - 4.2.3 could allow a local 
...)
+       TODO: check
 CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle 
Management ...)
        NOT-FOR-US: IBM Jazz Foundation
 CVE-2017-1652
@@ -125709,8 +125742,8 @@ CVE-2015-0797 (GStreamer before 1.4.5, as used in 
Mozilla Firefox before 38.0, .
        - icedove 31.7.0-1
        [squeeze] - icedove <end-of-life>
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/
-CVE-2015-0796
-       RESERVED
+CVE-2015-0796 (In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 
before ...)
+       TODO: check
 CVE-2015-0795 (Multiple stack-based buffer overflows in the SafeShellExecute 
method ...)
        NOT-FOR-US: NetIQ
 CVE-2015-0794 (modules.d/90crypt/module-setup.sh in the dracut package before 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d209c08b4cd42b74b9b16caa6c69d903a6dae1ca

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d209c08b4cd42b74b9b16caa6c69d903a6dae1ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to