Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 712d9cbc by security tracker role at 2018-01-26T09:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,29 @@ +CVE-2018-6324 + RESERVED +CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descriptor ...) + TODO: check +CVE-2018-6322 + RESERVED +CVE-2018-6321 + RESERVED +CVE-2018-6320 + RESERVED +CVE-2018-6319 + RESERVED +CVE-2018-6318 + RESERVED +CVE-2018-6317 + RESERVED +CVE-2018-6316 + RESERVED +CVE-2018-6315 (The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming ...) + TODO: check +CVE-2018-6314 + RESERVED +CVE-2018-6313 (Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote ...) + TODO: check +CVE-2016-10710 (Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not ...) + TODO: check CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, users with ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2017-1000468 @@ -296,7 +322,7 @@ CVE-2018-6181 CVE-2018-6180 RESERVED CVE-2018-1000017 - RESERVED + REJECTED CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...) NOT-FOR-US: FreeSSHd CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...) @@ -2118,8 +2144,8 @@ CVE-2018-5449 RESERVED CVE-2018-5448 RESERVED -CVE-2018-5447 - RESERVED +CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 ...) + TODO: check CVE-2018-5446 RESERVED CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ...) @@ -12323,8 +12349,8 @@ CVE-2018-1344 RESERVED CVE-2018-1343 RESERVED -CVE-2018-1342 - RESERVED +CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload ...) + TODO: check CVE-2018-1341 RESERVED CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and ...) @@ -16657,62 +16683,43 @@ CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problemat NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0 NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1 NOTE: https://github.com/bindecy/HugeDirtyCowPOC -CVE-2017-1000404 - RESERVED +CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used ...) NOT-FOR-US: Jenkins plugin -CVE-2017-1000403 - RESERVED +CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users with ...) NOT-FOR-US: Jenkins plugin -CVE-2017-1000402 - RESERVED +CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the ...) NOT-FOR-US: Jenkins plugin -CVE-2017-1000401 - RESERVED +CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control ...) NOT-FOR-US: Jenkins -CVE-2017-1000400 - RESERVED +CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at ...) NOT-FOR-US: Jenkins -CVE-2017-1000399 - RESERVED +CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at ...) NOT-FOR-US: Jenkins -CVE-2017-1000398 - RESERVED +CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at ...) NOT-FOR-US: Jenkins -CVE-2017-1000397 - RESERVED +CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the ...) NOT-FOR-US: Jenkins plugin -CVE-2017-1000396 - RESERVED +CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) NOT-FOR-US: Jenkins -CVE-2017-1000395 - RESERVED +CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information ...) NOT-FOR-US: Jenkins -CVE-2017-1000394 - RESERVED +CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) NOT-FOR-US: Jenkins -CVE-2017-1000393 - RESERVED +CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to ...) NOT-FOR-US: Jenkins -CVE-2017-1000392 - RESERVED +CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion ...) NOT-FOR-US: Jenkins -CVE-2017-1000391 - RESERVED +CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores ...) NOT-FOR-US: Jenkins -CVE-2017-1000390 - RESERVED +CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check ...) NOT-FOR-US: Jenkins plugin -CVE-2017-1000389 - RESERVED +CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 ...) NOT-FOR-US: Jenkins plugin -CVE-2017-1000388 - RESERVED +CVE-2017-1000388 (Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not ...) NOT-FOR-US: Jenkins plugin -CVE-2017-1000387 - RESERVED +CVE-2017-1000387 (Jenkins Build-Publisher plugin version 1.21 and earlier stores ...) NOT-FOR-US: Jenkins plugin -CVE-2017-1000386 - RESERVED +CVE-2017-1000386 (Jenkins Active Choices plugin version 1.5.3 and earlier allowed users ...) NOT-FOR-US: Jenkins plugin CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 ...) NOT-FOR-US: MistServer @@ -20421,8 +20428,7 @@ CVE-2017-15705 RESERVED CVE-2017-15704 REJECTED -CVE-2017-15703 - RESERVED +CVE-2017-15703 (Any authenticated user (valid client certificate but without ACL ...) NOT-FOR-US: Apache NiFi CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...) - qpid-java <itp> (bug #840131) @@ -23884,10 +23890,10 @@ CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead t NOT-FOR-US: Joomla! CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ...) NOT-FOR-US: Atlassian Jira -CVE-2017-14593 - RESERVED -CVE-2017-14592 - RESERVED +CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...) + TODO: check +CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs ...) + TODO: check CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...) NOT-FOR-US: Atlassian CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial ...) @@ -56791,8 +56797,8 @@ CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator ( NOT-FOR-US: Lenovo XClarity Administrator CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file ...) NOT-FOR-US: Lenovo LXCA -CVE-2017-3762 - RESERVED +CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro, version ...) + TODO: check CVE-2017-3761 (The Lenovo Service Framework Android application executes some system ...) NOT-FOR-US: Lenovo CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/712d9cbc0f45254e692f3d54357ce5535b357073 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/712d9cbc0f45254e692f3d54357ce5535b357073 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits