[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Mon, 02 Apr 2018 01:12:13 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
77af6ecb by security tracker role at 2018-04-02T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-9176
+       RESERVED
+CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP 
code via ...)
+       TODO: check
+CVE-2018-9174 (sys_verifies.php in DedeCMS 5.7 allows remote attackers to 
execute ...)
+       TODO: check
+CVE-2018-9173 (Cross-site scripting (XSS) vulnerability in ...)
+       TODO: check
+CVE-2018-9172 (The Iptanus WordPress File Upload plugin before 4.3.3 for 
WordPress ...)
+       TODO: check
+CVE-2018-9171
+       RESERVED
+CVE-2018-9170
+       RESERVED
+CVE-2018-9169
+       RESERVED
 CVE-2018-9168
        RESERVED
 CVE-2018-9167
@@ -5612,6 +5628,7 @@ CVE-2018-7056 (RoomWizard before 4.4.x allows remote 
attackers to obtain potenti
 CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF 
via the ...)
        NOT-FOR-US: RoomWizard
 CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 
1.1.1. ...)
+       {DSA-4162-1}
        - irssi 1.0.7-1 (bug #890674)
        [jessie] - irssi <not-affected> (Vulnerable netsplit code introduced in 
1.0.0)
        [wheezy] - irssi <not-affected> (Vulnerable netsplit code introduced in 
1.0.0)
@@ -5622,25 +5639,26 @@ CVE-2018-7054 (An issue was discovered in Irssi before 
1.0.7 and 1.1.x before 1.
        NOTE: 
https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92
        NOTE: But the CVE is specifically for the use-after-free issue.
 CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 
1.1.1. ...)
+       {DSA-4162-1}
        - irssi 1.0.7-1 (bug #890674)
        [jessie] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
        [wheezy] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
        NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
        NOTE: Fixed by: 
https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c
 CVE-2018-7052 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 
1.1.1. ...)
-       {DLA-1289-1}
+       {DSA-4162-1 DLA-1289-1}
        - irssi 1.0.7-1 (bug #890676)
        [jessie] - irssi <ignored> (Minor issue)
        NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
        NOTE: Fixed by: 
https://github.com/irssi/irssi/commit/5b5bfef03596d95079c728f65f523570dd7b03aa
 CVE-2018-7051 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 
1.1.1. ...)
-       {DLA-1318-1}
+       {DSA-4162-1 DLA-1318-1}
        - irssi 1.0.7-1 (bug #890677)
        [jessie] - irssi <ignored> (Minor issue)
        NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
        NOTE: Fixed by: 
https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af
 CVE-2018-7050 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 
1.1.1. A ...)
-       {DLA-1289-1}
+       {DSA-4162-1 DLA-1289-1}
        - irssi 1.0.7-1 (bug #890678)
        [jessie] - irssi <ignored> (Minor issue)
        NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
@@ -10855,24 +10873,28 @@ CVE-2018-5210 (On Samsung mobile devices with N(7.x) 
software and Exynos chipset
 CVE-2018-5209
        RESERVED
 CVE-2018-5208 (In Irssi before 1.0.6, a calculation error in the completion 
code could ...)
+       {DSA-4162-1}
        - irssi 1.0.7-1 (bug #886475)
        [jessie] - irssi <ignored> (Minor issue)
        [wheezy] - irssi <no-dsa> (Minor issue)
        NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
        NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5207 (When using an incomplete variable argument, Irssi before 1.0.6 
may ...)
+       {DSA-4162-1}
        - irssi 1.0.7-1 (bug #886475)
        [jessie] - irssi <ignored> (Minor issue)
        [wheezy] - irssi <no-dsa> (Minor issue)
        NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
        NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5206 (When the channel topic is set without specifying a sender, 
Irssi before ...)
+       {DSA-4162-1}
        - irssi 1.0.7-1 (bug #886475)
        [jessie] - irssi <ignored> (Minor issue)
        [wheezy] - irssi <no-dsa> (Minor issue)
        NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
        NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may 
access data ...)
+       {DSA-4162-1}
        - irssi 1.0.7-1 (bug #886475)
        [jessie] - irssi <ignored> (Minor issue)
        [wheezy] - irssi <no-dsa> (Minor issue)
@@ -21759,20 +21781,16 @@ CVE-2018-1096 [SQL injection in dashboard page]
        - foreman <itp> (bug #663101)
        NOTE: http://projects.theforeman.org/issues/23028
        NOTE: https://github.com/theforeman/foreman/pull/5363
-CVE-2018-1095 [NULL pointer dereference in fs/posix_acl.c:get_acl() causes 
crash with crafted ext4 image]
-       RESERVED
+CVE-2018-1095 (The ext4_xattr_check_entries function in fs/ext4/xattr.c in the 
Linux ...)
        - linux <unfixed>
        NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199185
-CVE-2018-1094 [NULL pointer dereference in 
ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image]
-       RESERVED
+CVE-2018-1094 (The ext4_fill_super function in fs/ext4/super.c in the Linux 
kernel ...)
        - linux <unfixed>
        NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199183
-CVE-2018-1093 [Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() 
causes crash with crafted ext4 image]
-       RESERVED
+CVE-2018-1093 (The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the 
Linux ...)
        - linux <unfixed>
        NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199181
-CVE-2018-1092 [NULL pointer dereference in 
ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image]
-       RESERVED
+CVE-2018-1092 (The ext4_iget function in fs/ext4/inode.c in the Linux kernel 
through ...)
        - linux <unfixed>
        NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199179
 CVE-2018-1091 (In the flush_tmregs_to_thread function in 
arch/powerpc/kernel/ptrace.c ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/77af6ecb291dae4fa7b3b5081e326a05b66df627

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/77af6ecb291dae4fa7b3b5081e326a05b66df627
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to