[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 07 Feb 2018 13:11:02 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1ceafe59 by security tracker role at 2018-02-07T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,43 @@
+CVE-2018-6827
+       RESERVED
+CVE-2018-6826
+       RESERVED
+CVE-2018-6825
+       RESERVED
+CVE-2018-6824 (Cozy has XSS allowing remote attackers to obtain administrative 
access ...)
+       TODO: check
+CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, 
the ...)
+       TODO: check
+CVE-2018-6822 (In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements 
an ...)
+       TODO: check
+CVE-2018-6821
+       RESERVED
+CVE-2018-6820
+       RESERVED
+CVE-2018-6819
+       RESERVED
+CVE-2018-6818
+       RESERVED
+CVE-2018-6817
+       RESERVED
+CVE-2018-6816
+       RESERVED
+CVE-2018-6815
+       RESERVED
+CVE-2018-6814
+       RESERVED
+CVE-2018-6813
+       RESERVED
+CVE-2018-6812
+       RESERVED
+CVE-2018-6811
+       RESERVED
+CVE-2018-6810
+       RESERVED
+CVE-2018-6809
+       RESERVED
+CVE-2018-6808
+       RESERVED
 CVE-2018-6807
        RESERVED
 CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read 
arbitrary files ...)
@@ -2330,6 +2370,7 @@ CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a 
collision-prone OID compariso
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser 
resulting ...)
        NOT-FOR-US: axTLS
 CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function 
in ...)
+       {DSA-4106-1}
        - libtasn1-6 4.13-2
        [jessie] - libtasn1-6 <not-affected> (Vulnerable code introduced in 4.3)
        - libtasn1-3 <not-affected> (Vulnerable code introduced in 4.3)
@@ -13492,8 +13533,8 @@ CVE-2018-1390
        RESERVED
 CVE-2018-1389
        RESERVED
-CVE-2018-1388
-       RESERVED
+CVE-2018-1388 (GSKit V7 may disclose side channel information via 
discrepancies ...)
+       TODO: check
 CVE-2018-1387
        RESERVED
 CVE-2018-1386
@@ -13504,8 +13545,8 @@ CVE-2018-1384
        RESERVED
 CVE-2018-1383
        RESERVED
-CVE-2018-1382
-       RESERVED
+CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. 
This ...)
+       TODO: check
 CVE-2018-1381
        RESERVED
 CVE-2018-1380
@@ -13536,8 +13577,8 @@ CVE-2018-1368
        RESERVED
 CVE-2018-1367
        RESERVED
-CVE-2018-1366
-       RESERVED
+CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma 
Separated ...)
+       TODO: check
 CVE-2018-1365
        RESERVED
 CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML 
External ...)
@@ -13867,8 +13908,8 @@ CVE-2017-17554 (A NULL pointer dereference (DoS) 
Vulnerability was found in the 
        NOTE: https://github.com/aubio/aubio/issues/137
 CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an 
insecure parsing ...)
        NOT-FOR-US: Dolphin Browser for Android
-CVE-2017-17552
-       RESERVED
+CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 
6613 ...)
+       TODO: check
 CVE-2018-1360
        RESERVED
 CVE-2018-1359
@@ -14184,8 +14225,8 @@ CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in 
ucnv_u8.cpp in International .
        NOTE: Introduced by https://ssl.icu-project.org/trac/changeset/40455/
 CVE-2017-17483
        RESERVED
-CVE-2017-17482
-       RESERVED
+CVE-2017-17482 (An issue was discovered in OpenVMS through V8.4-2L2 on Alpha 
and ...)
+       TODO: check
 CVE-2017-17481
        RESERVED
 CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was 
discovered in the ...)
@@ -15069,6 +15110,7 @@ CVE-2018-1054
        RESERVED
 CVE-2018-1053 [Ensure that all temp files made during pg_upgrade are 
non-world-readable]
        RESERVED
+       {DLA-1271-1}
        - postgresql-10 10.2-1
        - postgresql-9.6 <removed>
        [stretch] - postgresql-9.6 <no-dsa> (Minor issue)
@@ -31922,28 +31964,28 @@ CVE-2017-12475 (The AP4_Processor::Process function 
in Core/Ap4Processor.cpp in 
        NOT-FOR-US: Bento4
 CVE-2017-12474 (The AP4_AtomSampleTable::GetSample function in ...)
        NOT-FOR-US: Bento4
-CVE-2017-12473
-       RESERVED
-CVE-2017-12472
-       RESERVED
-CVE-2017-12471
-       RESERVED
-CVE-2017-12470
-       RESERVED
-CVE-2017-12469
-       RESERVED
-CVE-2017-12468
-       RESERVED
-CVE-2017-12467
-       RESERVED
-CVE-2017-12466
-       RESERVED
-CVE-2017-12465
-       RESERVED
-CVE-2017-12464
-       RESERVED
-CVE-2017-12463
-       RESERVED
+CVE-2017-12473 (ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent 
attackers ...)
+       TODO: check
+CVE-2017-12472 (ccnl-ext-mgmt.c in CCN-lite before 2.00 allows 
context-dependent ...)
+       TODO: check
+CVE-2017-12471 (The cnb_parse_lev function in CCN-lite before 2.00 allows ...)
+       TODO: check
+CVE-2017-12470 (Integer overflow in the ndn_parse_sequence function in 
CCN-lite before ...)
+       TODO: check
+CVE-2017-12469 (Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 
allows ...)
+       TODO: check
+CVE-2017-12468 (Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 
allows ...)
+       TODO: check
+CVE-2017-12467 (Memory leak in CCN-lite before 2.00 allows context-dependent 
attackers ...)
+       TODO: check
+CVE-2017-12466 (CCN-lite before 2.00 allows context-dependent attackers to 
have ...)
+       TODO: check
+CVE-2017-12465 (Multiple integer overflows in CCN-lite before 2.00 allow ...)
+       TODO: check
+CVE-2017-12464 (ccn-lite-valid.c in CCN-lite before 2.00 allows 
context-dependent ...)
+       TODO: check
+CVE-2017-12463 (Memory leak in the ccnl_app_RX function in ccnl-uapi.c in 
CCN-lite ...)
+       TODO: check
 CVE-2017-12462
        RESERVED
 CVE-2017-12461
@@ -32151,8 +32193,8 @@ CVE-2017-12414 (Format Factory 4.1.0 has a DLL 
Hijacking Vulnerability because a
        NOT-FOR-US: Format Factory
 CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related 
to ...)
        NOT-FOR-US: AXIS 2100 devices
-CVE-2017-12412
-       RESERVED
+CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows 
context-dependent ...)
+       TODO: check
 CVE-2017-12411
        RESERVED
 CVE-2017-12410
@@ -36848,7 +36890,7 @@ CVE-2017-10791 (There is an Integer overflow in the 
hash_int function of the lib
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
        NOTE: No security impact as built in Debian
 CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 
4.12 causes ...)
-       {DLA-1038-1}
+       {DSA-4106-1 DLA-1038-1}
        - libtasn1-6 4.12-2.1 (bug #867398)
        [stretch] - libtasn1-6 <no-dsa> (Minor issue)
        [jessie] - libtasn1-6 <no-dsa> (Minor issue)
@@ -64207,8 +64249,8 @@ CVE-2017-1787
        RESERVED
 CVE-2017-1786
        RESERVED
-CVE-2017-1785
-       RESERVED
+CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated 
remote ...)
+       TODO: check
 CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary 
files ...)
        NOT-FOR-US: IBM Cognos Analytics
 CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change 
...)
@@ -64393,8 +64435,8 @@ CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 
transmits user credentials in pl
        NOT-FOR-US: IBM Integration Bus
 CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that 
has ...)
        NOT-FOR-US: IBM Integration Bus
-CVE-2017-1692
-       RESERVED
+CVE-2017-1692 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified 
vulnerability ...)
+       TODO: check
 CVE-2017-1691
        RESERVED
 CVE-2017-1690
@@ -79634,10 +79676,10 @@ CVE-2016-6175 (Eval injection vulnerability in 
php-gettext 1.0.12 and earlier al
        NOTE: 
https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html
 CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision 
Power ...)
        NOT-FOR-US: Inivision
-CVE-2016-6169
-       RESERVED
-CVE-2016-6168
-       RESERVED
+CVE-2016-6169 (Heap-based buffer overflow in Foxit Reader and PhantomPDF 
7.3.4.311 ...)
+       TODO: check
+CVE-2016-6168 (Use-after-free vulnerability in Foxit Reader and PhantomPDF 
7.3.4.311 ...)
+       TODO: check
 CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta 
0.67 ...)
        - putty <not-affected> (Windows-specific)
 CVE-2016-6166
@@ -90993,10 +91035,10 @@ CVE-2016-3171 (Drupal 6.x before 6.38, when used with 
PHP before 5.4.45, 5.5.x b
        [squeeze] - drupal6 <end-of-life>
        NOTE: https://www.drupal.org/SA-CORE-2016-001
        NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
-CVE-2016-2541
-       RESERVED
-CVE-2016-2540
-       RESERVED
+CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial 
of ...)
+       TODO: check
+CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial 
of ...)
+       TODO: check
 CVE-2016-2539 (Cross-site request forgery (CSRF) vulnerability in 
install_modules.php ...)
        NOT-FOR-US: ATutor
 CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ceafe5952dedf5344fefc6b158242cc0eb114fb

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ceafe5952dedf5344fefc6b158242cc0eb114fb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to