[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Fri, 19 Jan 2018 01:11:18 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e58c19f4 by security tracker role at 2018-01-19T09:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop 
and ...)
+       TODO: check
+CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an 
...)
+       TODO: check
+CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption 
in the ...)
+       TODO: check
+CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in 
the ...)
+       TODO: check
+CVE-2018-5782
+       RESERVED
+CVE-2018-5781
+       RESERVED
+CVE-2018-5780
+       RESERVED
+CVE-2018-5779
+       RESERVED
+CVE-2018-5778
+       RESERVED
+CVE-2018-5777
+       RESERVED
+CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in 
...)
+       TODO: check
+CVE-2018-5775
+       RESERVED
+CVE-2018-5774
+       RESERVED
+CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) 
through ...)
+       TODO: check
+CVE-2017-18043
+       RESERVED
+CVE-2016-10707 (jQuery before 3.0.0 is vulnerable to Denial of Service (DoS) 
due to ...)
+       TODO: check
+CVE-2015-9251 (jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) 
attacks ...)
+       TODO: check
+CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) 
...)
+       TODO: check
 CVE-2018-XXXX [XSS vulnerability in MediaElement]
        - wordpress <unfixed> (bug #887596)
        NOTE: 
https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
@@ -22,6 +58,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid 
memcpy in the av_packe
 CVE-2018-5765
        RESERVED
 CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync 
before ...)
+       {DLA-1247-1}
        - rsync <unfixed> (bug #887588)
        NOTE: 
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
 CVE-2018-5763
@@ -164,7 +201,7 @@ CVE-2018-5712 (An issue was discovered in PHP before 
5.6.33, 7.0.x before 7.0.27
        NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782
 CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in 
PHP ...)
-       {DSA-4081-1 DSA-4080-1}
+       {DSA-4081-1 DSA-4080-1 DLA-1248-1}
        - php7.1 7.1.13-1 (unimportant)
        - php7.0 7.0.27-1 (unimportant)
        - php5 <removed> (unimportant)
@@ -921,7 +958,7 @@ CVE-2016-10706 (The Jetpack plugin before 4.0.3 for 
WordPress has XSS via a craf
 CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the 
Likes ...)
        NOT-FOR-US: WordPress plugin jetpack
 CVE-2018-5702 (Transmission through 2.92 relies on X-Transmission-Session-Id 
(which is ...)
-       {DSA-4087-1}
+       {DSA-4087-1 DLA-1246-1}
        - transmission 2.92-3 (bug #886990)
        NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
        NOTE: https://github.com/transmission/transmission/pull/468
@@ -4524,7 +4561,7 @@ CVE-2017-1000436
 CVE-2017-1000435
        REJECTED
 CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path 
traversal flaw ...)
-       {DLA-1238-1}
+       {DSA-4092-1 DLA-1238-1}
        - awstats <unfixed> (bug #885835)
        NOTE: 
https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
        NOTE: 
https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
@@ -5274,8 +5311,8 @@ CVE-2017-17862 (kernel/bpf/verifier.c in the Linux kernel 
through 4.14.8 ignores
        NOTE: https://www.spinics.net/lists/stable/msg206984.html
 CVE-2017-17861
        RESERVED
-CVE-2017-17860
-       RESERVED
+CVE-2017-17860 (In Samsung Gear products, Bluetooth link key is updated to the 
...)
+       TODO: check
 CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to 
bypass ...)
        NOT-FOR-US: Samsung Internet Browser
 CVE-2017-17858
@@ -29380,8 +29417,7 @@ CVE-2017-12199 (The Etoile Ultimate Product Catalog 
plugin 4.2.11 for WordPress 
        NOT-FOR-US: Wordpress plugin
 CVE-2017-12198
        RESERVED
-CVE-2017-12197
-       RESERVED
+CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not 
properly ...)
        {DSA-4025-1 DLA-1165-1}
        - libpam4j 1.4-3 (bug #879001)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e58c19f4330bcf6d358b2a4232b2efea0c3272c0

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e58c19f4330bcf6d358b2a4232b2efea0c3272c0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to