Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 77af6ecb by security tracker role at 2018-04-02T08:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,19 @@ +CVE-2018-9176 + RESERVED +CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via ...) + TODO: check +CVE-2018-9174 (sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute ...) + TODO: check +CVE-2018-9173 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2018-9172 (The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress ...) + TODO: check +CVE-2018-9171 + RESERVED +CVE-2018-9170 + RESERVED +CVE-2018-9169 + RESERVED CVE-2018-9168 RESERVED CVE-2018-9167 @@ -5612,6 +5628,7 @@ CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potenti CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the ...) NOT-FOR-US: RoomWizard CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...) + {DSA-4162-1} - irssi 1.0.7-1 (bug #890674) [jessie] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0) [wheezy] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0) @@ -5622,25 +5639,26 @@ CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1. NOTE: https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92 NOTE: But the CVE is specifically for the use-after-free issue. CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...) + {DSA-4162-1} - irssi 1.0.7-1 (bug #890674) [jessie] - irssi <not-affected> (Vulnerable code introduced in 0.8.18) [wheezy] - irssi <not-affected> (Vulnerable code introduced in 0.8.18) NOTE: https://irssi.org/security/irssi_sa_2018_02.txt NOTE: Fixed by: https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c CVE-2018-7052 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...) - {DLA-1289-1} + {DSA-4162-1 DLA-1289-1} - irssi 1.0.7-1 (bug #890676) [jessie] - irssi <ignored> (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2018_02.txt NOTE: Fixed by: https://github.com/irssi/irssi/commit/5b5bfef03596d95079c728f65f523570dd7b03aa CVE-2018-7051 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...) - {DLA-1318-1} + {DSA-4162-1 DLA-1318-1} - irssi 1.0.7-1 (bug #890677) [jessie] - irssi <ignored> (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2018_02.txt NOTE: Fixed by: https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af CVE-2018-7050 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A ...) - {DLA-1289-1} + {DSA-4162-1 DLA-1289-1} - irssi 1.0.7-1 (bug #890678) [jessie] - irssi <ignored> (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2018_02.txt @@ -10855,24 +10873,28 @@ CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipset CVE-2018-5209 RESERVED CVE-2018-5208 (In Irssi before 1.0.6, a calculation error in the completion code could ...) + {DSA-4162-1} - irssi 1.0.7-1 (bug #886475) [jessie] - irssi <ignored> (Minor issue) [wheezy] - irssi <no-dsa> (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2018_01.txt NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff CVE-2018-5207 (When using an incomplete variable argument, Irssi before 1.0.6 may ...) + {DSA-4162-1} - irssi 1.0.7-1 (bug #886475) [jessie] - irssi <ignored> (Minor issue) [wheezy] - irssi <no-dsa> (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2018_01.txt NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff CVE-2018-5206 (When the channel topic is set without specifying a sender, Irssi before ...) + {DSA-4162-1} - irssi 1.0.7-1 (bug #886475) [jessie] - irssi <ignored> (Minor issue) [wheezy] - irssi <no-dsa> (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2018_01.txt NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may access data ...) + {DSA-4162-1} - irssi 1.0.7-1 (bug #886475) [jessie] - irssi <ignored> (Minor issue) [wheezy] - irssi <no-dsa> (Minor issue) @@ -21759,20 +21781,16 @@ CVE-2018-1096 [SQL injection in dashboard page] - foreman <itp> (bug #663101) NOTE: http://projects.theforeman.org/issues/23028 NOTE: https://github.com/theforeman/foreman/pull/5363 -CVE-2018-1095 [NULL pointer dereference in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image] - RESERVED +CVE-2018-1095 (The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux ...) - linux <unfixed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199185 -CVE-2018-1094 [NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image] - RESERVED +CVE-2018-1094 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...) - linux <unfixed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199183 -CVE-2018-1093 [Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image] - RESERVED +CVE-2018-1093 (The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux ...) - linux <unfixed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199181 -CVE-2018-1092 [NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image] - RESERVED +CVE-2018-1092 (The ext4_iget function in fs/ext4/inode.c in the Linux kernel through ...) - linux <unfixed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199179 CVE-2018-1091 (In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/77af6ecb291dae4fa7b3b5081e326a05b66df627 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/77af6ecb291dae4fa7b3b5081e326a05b66df627 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits