Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 295314d6 by security tracker role at 2018-01-27T21:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,15 @@ +CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the ...) + TODO: check +CVE-2018-6356 + RESERVED +CVE-2018-6355 + RESERVED +CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS ...) + TODO: check +CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 ...) + TODO: check +CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the ...) + TODO: check CVE-2018-6351 RESERVED CVE-2018-6350 @@ -52,7 +64,7 @@ CVE-2018-6326 RESERVED CVE-2018-6325 RESERVED -CVE-2017-18077 [regular expression denial of service] +CVE-2017-18077 (index.js in brace-expansion before 1.1.7 is vulnerable to Regular ...) - node-brace-expansion 1.1.8-1 (unimportant; bug #862712) [stretch] - node-brace-expansion 1.1.6-1+deb9u1 NOTE: https://nodesecurity.io/advisories/338 @@ -6025,6 +6037,7 @@ CVE-2018-3811 (SQL Injection vulnerability in the Oturia Smart Google Code Inser CVE-2018-3810 (Authentication Bypass vulnerability in the Oturia Smart Google Code ...) NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress CVE-2017-18013 (In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the ...) + {DSA-4100-1 DLA-1260-1 DLA-1259-1} - tiff 4.0.9-3 (bug #885985) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2770 @@ -14898,6 +14911,7 @@ CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dis CVE-2017-17082 REJECTED CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...) + {DSA-4099-1} - ffmpeg 7:3.4.1-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8 CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) @@ -26518,14 +26532,14 @@ CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274 CVE-2017-13727 (There is a reachable assertion abort in the function ...) - {DLA-1093-1} + {DSA-4100-1 DLA-1093-1} - tiff 4.0.8-5 (bug #873879) - tiff3 <removed> [wheezy] - tiff3 <not-affected> (Vulnerable code not present) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2728 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc CVE-2017-13726 (There is a reachable assertion abort in the function ...) - {DLA-1093-1} + {DSA-4100-1 DLA-1093-1} - tiff 4.0.8-5 (bug #873880) - tiff3 <removed> [wheezy] - tiff3 <not-affected> (Vulnerable code not present) @@ -28485,7 +28499,7 @@ CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin bef CVE-2017-12945 RESERVED CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 ...) - {DLA-1093-1} + {DSA-4100-1 DLA-1093-1} - tiff 4.0.8-6 (bug #872607) - tiff3 <removed> [wheezy] - tiff3 <not-affected> (Vulnerable code not present) @@ -33610,7 +33624,7 @@ CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStr NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind). NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF ...) - {DLA-1094-1 DLA-1093-1} + {DSA-4100-1 DLA-1094-1 DLA-1093-1} - tiff 4.0.8-4 (bug #868513) [stretch] - tiff <no-dsa> (Minor issue) [jessie] - tiff <no-dsa> (Minor issue) @@ -35951,7 +35965,7 @@ CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...) - {DLA-1206-1} + {DSA-4100-1 DLA-1206-1} - tiff 4.0.9-2 (bug #866109) - tiff3 <removed> [wheezy] - tiff3 <not-affected> (does not build vulnerable tiff2pdf) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/295314d6a279b0a2e3afccd458eaa0a0d41b2468 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/295314d6a279b0a2e3afccd458eaa0a0d41b2468 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits