Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40704c01 by security tracker role at 2018-02-09T09:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File
Descriptor ...)
+ TODO: check
+CVE-2018-6871 (LibreOffice through 6.0.1 allows remote attackers to read
arbitrary ...)
+ TODO: check
+CVE-2018-6870
+ RESERVED
+CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation
and a ...)
+ TODO: check
+CVE-2018-6868
+ RESERVED
+CVE-2018-6867
+ RESERVED
+CVE-2018-6866
+ RESERVED
+CVE-2016-10712 (In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before
7.0.3, all of ...)
+ TODO: check
CVE-2018-6865
RESERVED
CVE-2018-6864
@@ -170,8 +186,7 @@ CVE-2018-6790 (An issue was discovered in KDE Plasma
Workspace before 5.12.0. ..
NOTE:
https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
NOTE:
https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
TODO: check kde-workspace
-CVE-2018-6789 [buffer overflow]
- RESERVED
+CVE-2018-6789 (An issue was discovered in the SMTP listener in Exim 4.90 and
earlier. ...)
- exim4 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/02/07/2
NOTE: https://exim.org/static/doc/security/CVE-2018-6789.txt
@@ -477,8 +492,7 @@ CVE-2018-6646
RESERVED
CVE-2018-6645
RESERVED
-CVE-2018-6644
- RESERVED
+CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null
pointer (DoS) ...)
- sblim-sfcb <itp> (bug #754493)
CVE-2018-6643
RESERVED
@@ -876,10 +890,12 @@ CVE-2018-6551 (The malloc implementation in the GNU C
Library (aka glibc or libc
CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in ...)
NOT-FOR-US: Monstra CMS
CVE-2017-18122 (A signature-validation bypass issue was discovered in
SimpleSAMLphp ...)
+ {DLA-1273-1}
- simplesamlphp 1.15.0-1 (bug #889286)
NOTE: https://simplesamlphp.org/security/201710-01
NOTE:
https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca
(v1.14.17)
CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is
vulnerable ...)
+ {DLA-1273-1}
- simplesamlphp 1.15.0-1 (bug #889286)
NOTE: https://simplesamlphp.org/security/201709-01
NOTE:
https://github.com/simplesamlphp/simplesamlphp/commit/34e1bdb7660c0c9b627f8e5f0ca224a6afe641a8
(v1.14.16)
@@ -977,6 +993,7 @@ CVE-2017-18120 (A double-free bug in the read_gif function
in gifread.c in gifsi
NOTE: https://github.com/kohler/gifsicle/issues/117
NOTE:
https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909
CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the
MySQL ...)
+ {DLA-1273-1}
- simplesamlphp 1.15.2-1
[stretch] - simplesamlphp <no-dsa> (Minor issue)
[jessie] - simplesamlphp <no-dsa> (Minor issue)
@@ -1937,8 +1954,8 @@ CVE-2018-6182
RESERVED
CVE-2018-6181
RESERVED
-CVE-2018-6180
- RESERVED
+CVE-2018-6180 (A flaw in the profile section of Online Voting System 1.0
allows an ...)
+ TODO: check
CVE-2018-1000017
REJECTED
CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path
Service ...)
@@ -2612,6 +2629,7 @@ CVE-2018-5951
CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the
email_ftp_password_change ...)
NOT-FOR-US: JBMC DirectAdmin
CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in
Mailman ...)
+ {DSA-4108-1 DLA-1272-1}
- mailman 1:2.1.26-1 (bug #888201)
NOTE:
https://mail.python.org/pipermail/mailman-users/2018-February/083011.html
NOTE: Patch: https://launchpadlibrarian.net/355686141/options.patch
@@ -21741,8 +21759,8 @@ CVE-2017-15916
RESERVED
CVE-2017-15915
RESERVED
-CVE-2017-15914
- RESERVED
+CVE-2017-15914 (Incorrect implementation of access controls allows remote
users to ...)
+ TODO: check
CVE-2017-15913 (The Installer in Whale allows DLL hijacking. ...)
NOT-FOR-US: Installer in Whale
CVE-2017-15912
@@ -51431,12 +51449,12 @@ CVE-2017-6229
RESERVED
CVE-2017-6228
RESERVED
-CVE-2017-6227
- RESERVED
+CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN
...)
+ TODO: check
CVE-2017-6226
RESERVED
-CVE-2017-6225
- RESERVED
+CVE-2017-6225 (Cross-site scripting (XSS) vulnerability in the web-based
management ...)
+ TODO: check
CVE-2017-6224 (Ruckus Wireless Zone Director Controller firmware releases
ZD9.x, ...)
NOT-FOR-US: Ruckus
CVE-2017-6223 (Ruckus Wireless Zone Director Controller firmware releases
ZD9.9.x, ...)
@@ -117762,8 +117780,8 @@ CVE-2015-2749 (Open redirect vulnerability in Drupal
6.x before 6.35 and 7.x bef
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-001
NOTE: http://www.openwall.com/lists/oss-security/2015/03/19/5
-CVE-2015-2329
- RESERVED
+CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce
plugin ...)
+ TODO: check
CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and
related ...)
- mongodb <unfixed> (unimportant)
NOTE: CVE for bundled version of pcre3 in mongodb
@@ -127071,8 +127089,8 @@ CVE-2014-8986 (Cross-site scripting (XSS)
vulnerability in the selection list in
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE:
https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40
NOTE: https://github.com/mantisbt/mantisbt/commit/e326b73a (1.2.x)
-CVE-2014-8985
- RESERVED
+CVE-2014-8985 (Microsoft Internet Explorer 11 allows remote attackers to
execute ...)
+ TODO: check
CVE-2014-8984
REJECTED
CVE-2014-8983
@@ -139000,8 +139018,8 @@ CVE-2014-4147
REJECTED
CVE-2014-4146
REJECTED
-CVE-2014-4145
- RESERVED
+CVE-2014-4145 (Microsoft Internet Explorer 11 allows remote attackers to
execute ...)
+ TODO: check
CVE-2014-4144
REJECTED
CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote
attackers to ...)
@@ -139066,8 +139084,8 @@ CVE-2014-4114 (Microsoft Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1,
NOT-FOR-US: Microsoft
CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows
Server 2003 ...)
NOT-FOR-US: Microsoft
-CVE-2014-4112
- RESERVED
+CVE-2014-4112 (Microsoft Internet Explorer 11 allows remote attackers to
execute ...)
+ TODO: check
CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4110 (Microsoft Internet Explorer 6 through 11 allows remote
attackers to ...)
@@ -139158,8 +139176,8 @@ CVE-2014-4068 (The Response Group Service in
Microsoft Lync Server 2010 and 2013
NOT-FOR-US: Microsoft Lync Server
CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers
to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-4066
- RESERVED
+CVE-2014-4066 (Microsoft Internet Explorer 11 allows remote attackers to
execute ...)
+ TODO: check
CVE-2014-4065 (Microsoft Internet Explorer 6 through 11 allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4064 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
@@ -160257,10 +160275,10 @@ CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in
the GTPv2 dissector in Wireshar
NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html
CVE-2013-3554
RESERVED
-CVE-2013-3553
- RESERVED
-CVE-2013-3552
- RESERVED
+CVE-2013-3553 (Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and
earlier ...)
+ TODO: check
+CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and
earlier ...)
+ TODO: check
CVE-2013-3551
RESERVED
{DSA-2696-1}
@@ -161993,8 +162011,8 @@ CVE-2013-2832 (The Buffer::Set function in
core/cross/buffer.cc in the O3D plug-
NOT-FOR-US: Google Chrome OS
CVE-2013-2831
RESERVED
-CVE-2013-2830
- RESERVED
+CVE-2013-2830 (Use-after-free vulnerability in SumatraPDF Reader 2.x before
2.2.1 ...)
+ TODO: check
CVE-2013-2829 (MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows
remote ...)
NOT-FOR-US: MatrikonOPC SCADA DNP3 OPC Server
CVE-2013-2828 (The DNP Master Driver in the OSIsoft PI Interface before
3.1.2.54 for ...)
@@ -173188,21 +173206,19 @@ CVE-2012-5363
CVE-2012-5362
RESERVED
NOT-FOR-US: Microsoft Windows
-CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to
cause a ...)
+CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to
execute ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too
many checks missing)
- libav 6:0.8.5-1 (bug #694483)
NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
NOTE: upstream needs a proper sample to reproduce the issue
-CVE-2012-5360
- RESERVED
+CVE-2012-5360 (Libavcodec in FFmpeg before 0.11 allows remote attackers to
execute ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too
many checks missing)
- libav 6:0.8.5-1 (bug #694483)
NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
NOTE: upstream needs a proper sample to reproduce the issue
-CVE-2012-5359
- RESERVED
+CVE-2012-5359 (Libavcodec in FFmpeg before 0.11 allows remote attackers to
execute ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too
many checks missing)
- libav 6:0.8.5-1 (bug #694483)
@@ -178825,8 +178841,8 @@ CVE-2012-3333 (CRLF injection vulnerability in IBM
Maximo Asset Management 7.x b
NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2012-3332
RESERVED
-CVE-2012-3331
- RESERVED
+CVE-2012-3331 (IBM Sametime allows remote attackers to obtain sensitive
information ...)
+ TODO: check
CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before
...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3329 (IBM Advanced Settings Utility (ASU) through 3.62 and 3.70
through 9.21 ...)
@@ -181767,8 +181783,8 @@ CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before
7.1.2.7 and 8.x before 8.0.0
NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2167 (The IBM XIV Storage System Gen3 before 11.1.0.a allows remote
...)
NOT-FOR-US: IBM XIV Storage System Gen3
-CVE-2012-2166
- RESERVED
+CVE-2012-2166 (IBM XIV Storage System 2810-A14 and 2812-A14 devices before
level ...)
+ TODO: check
CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before
8.0.0.3, ...)
NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7
and 8.x ...)
@@ -184757,8 +184773,8 @@ CVE-2012-0943 (debian/guest-account in Light Display
Manager (lightdm) 1.0.x bef
- lightdm <not-affected> (Ubuntu-specific script)
CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and
Helix ...)
NOT-FOR-US: RealNetworks Helix
-CVE-2012-0941
- RESERVED
+CVE-2012-0941 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet
...)
+ TODO: check
CVE-2012-0940
RESERVED
CVE-2012-0939 (Multiple SQL injection vulnerabilities in TestLink 1.8.5b and
earlier ...)
@@ -187184,8 +187200,8 @@ CVE-2011-4891
RESERVED
CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1
allows ...)
NOT-FOR-US: IBM solidDB
-CVE-2011-4889
- RESERVED
+CVE-2011-4889 (The javax.naming.directory.AttributeInUseException class in the
...)
+ TODO: check
CVE-2011-4888
RESERVED
CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations
Table in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/40704c01b7ad6dc09313d9e4d02478ee741a6ab5
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/40704c01b7ad6dc09313d9e4d02478ee741a6ab5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
