[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 27 Jan 2018 13:10:48 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
295314d6 by security tracker role at 2018-01-27T21:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the 
...)
+       TODO: check
+CVE-2018-6356
+       RESERVED
+CVE-2018-6355
+       RESERVED
+CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 
allows XSS ...)
+       TODO: check
+CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 
3.0.5 ...)
+       TODO: check
+CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the ...)
+       TODO: check
 CVE-2018-6351
        RESERVED
 CVE-2018-6350
@@ -52,7 +64,7 @@ CVE-2018-6326
        RESERVED
 CVE-2018-6325
        RESERVED
-CVE-2017-18077 [regular expression denial of service]
+CVE-2017-18077 (index.js in brace-expansion before 1.1.7 is vulnerable to 
Regular ...)
        - node-brace-expansion 1.1.8-1 (unimportant; bug #862712)
        [stretch] - node-brace-expansion 1.1.6-1+deb9u1
        NOTE: https://nodesecurity.io/advisories/338
@@ -6025,6 +6037,7 @@ CVE-2018-3811 (SQL Injection vulnerability in the Oturia 
Smart Google Code Inser
 CVE-2018-3810 (Authentication Bypass vulnerability in the Oturia Smart Google 
Code ...)
        NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
 CVE-2017-18013 (In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the 
...)
+       {DSA-4100-1 DLA-1260-1 DLA-1259-1}
        - tiff 4.0.9-3 (bug #885985)
        - tiff3 <removed>
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2770
@@ -14898,6 +14911,7 @@ CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 
to 2.2.10, the NetBIOS dis
 CVE-2017-17082
        REJECTED
 CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in 
FFmpeg 3.4 ...)
+       {DSA-4099-1}
        - ffmpeg 7:3.4.1-1
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8
 CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka 
libbfd), as ...)
@@ -26518,14 +26532,14 @@ CVE-2017-13728 (There is an infinite loop in the 
next_char function in comp_scan
        [wheezy] - ncurses <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274
 CVE-2017-13727 (There is a reachable assertion abort in the function ...)
-       {DLA-1093-1}
+       {DSA-4100-1 DLA-1093-1}
        - tiff 4.0.8-5 (bug #873879)
        - tiff3 <removed>
        [wheezy] - tiff3 <not-affected> (Vulnerable code not present)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2728
        NOTE: Fixed by: 
https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc
 CVE-2017-13726 (There is a reachable assertion abort in the function ...)
-       {DLA-1093-1}
+       {DSA-4100-1 DLA-1093-1}
        - tiff 4.0.8-5 (bug #873880)
        - tiff3 <removed>
        [wheezy] - tiff3 <not-affected> (Vulnerable code not present)
@@ -28485,7 +28499,7 @@ CVE-2017-12946 (classes\controller\admin\modals.php in 
the Easy Modal plugin bef
 CVE-2017-12945
        RESERVED
 CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 
4.0.8 ...)
-       {DLA-1093-1}
+       {DSA-4100-1 DLA-1093-1}
        - tiff 4.0.8-6 (bug #872607)
        - tiff3 <removed>
        [wheezy] - tiff3 <not-affected> (Vulnerable code not present)
@@ -33610,7 +33624,7 @@ CVE-2017-11336 (There is a heap-based buffer over-read 
in the Image::printIFDStr
        NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind).
        NOTE: Reproducible with 0.26-1 (experimental) although I get another 
error "free(): invalid next size (fast)".
 CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of 
LibTIFF ...)
-       {DLA-1094-1 DLA-1093-1}
+       {DSA-4100-1 DLA-1094-1 DLA-1093-1}
        - tiff 4.0.8-4 (bug #868513)
        [stretch] - tiff <no-dsa> (Minor issue)
        [jessie] - tiff <no-dsa> (Minor issue)
@@ -35951,7 +35965,7 @@ CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak 
in tif_jbig.c. A crafted
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
        NOTE: Fixed by: 
https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
 CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the 
...)
-       {DLA-1206-1}
+       {DSA-4100-1 DLA-1206-1}
        - tiff 4.0.9-2 (bug #866109)
        - tiff3 <removed>
        [wheezy] - tiff3 <not-affected> (does not build vulnerable tiff2pdf)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/295314d6a279b0a2e3afccd458eaa0a0d41b2468

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/295314d6a279b0a2e3afccd458eaa0a0d41b2468
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to