Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e58c19f4 by security tracker role at 2018-01-19T09:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,39 @@ +CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...) + TODO: check +CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an ...) + TODO: check +CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...) + TODO: check +CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...) + TODO: check +CVE-2018-5782 + RESERVED +CVE-2018-5781 + RESERVED +CVE-2018-5780 + RESERVED +CVE-2018-5779 + RESERVED +CVE-2018-5778 + RESERVED +CVE-2018-5777 + RESERVED +CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ...) + TODO: check +CVE-2018-5775 + RESERVED +CVE-2018-5774 + RESERVED +CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) through ...) + TODO: check +CVE-2017-18043 + RESERVED +CVE-2016-10707 (jQuery before 3.0.0 is vulnerable to Denial of Service (DoS) due to ...) + TODO: check +CVE-2015-9251 (jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks ...) + TODO: check +CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) ...) + TODO: check CVE-2018-XXXX [XSS vulnerability in MediaElement] - wordpress <unfixed> (bug #887596) NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/ @@ -22,6 +58,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe CVE-2018-5765 RESERVED CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before ...) + {DLA-1247-1} - rsync <unfixed> (bug #887588) NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07 CVE-2018-5763 @@ -164,7 +201,7 @@ CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27 NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782 CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP ...) - {DSA-4081-1 DSA-4080-1} + {DSA-4081-1 DSA-4080-1 DLA-1248-1} - php7.1 7.1.13-1 (unimportant) - php7.0 7.0.27-1 (unimportant) - php5 <removed> (unimportant) @@ -921,7 +958,7 @@ CVE-2016-10706 (The Jetpack plugin before 4.0.3 for WordPress has XSS via a craf CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes ...) NOT-FOR-US: WordPress plugin jetpack CVE-2018-5702 (Transmission through 2.92 relies on X-Transmission-Session-Id (which is ...) - {DSA-4087-1} + {DSA-4087-1 DLA-1246-1} - transmission 2.92-3 (bug #886990) NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1 NOTE: https://github.com/transmission/transmission/pull/468 @@ -4524,7 +4561,7 @@ CVE-2017-1000436 CVE-2017-1000435 REJECTED CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path traversal flaw ...) - {DLA-1238-1} + {DSA-4092-1 DLA-1238-1} - awstats <unfixed> (bug #885835) NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899 NOTE: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651 @@ -5274,8 +5311,8 @@ CVE-2017-17862 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores NOTE: https://www.spinics.net/lists/stable/msg206984.html CVE-2017-17861 RESERVED -CVE-2017-17860 - RESERVED +CVE-2017-17860 (In Samsung Gear products, Bluetooth link key is updated to the ...) + TODO: check CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass ...) NOT-FOR-US: Samsung Internet Browser CVE-2017-17858 @@ -29380,8 +29417,7 @@ CVE-2017-12199 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress NOT-FOR-US: Wordpress plugin CVE-2017-12198 RESERVED -CVE-2017-12197 - RESERVED +CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not properly ...) {DSA-4025-1 DLA-1165-1} - libpam4j 1.4-3 (bug #879001) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e58c19f4330bcf6d358b2a4232b2efea0c3272c0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e58c19f4330bcf6d358b2a4232b2efea0c3272c0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits