[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 09 Feb 2018 13:10:57 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e172e2c1 by security tracker role at 2018-02-09T21:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-6881
+       RESERVED
+CVE-2018-6880
+       RESERVED
+CVE-2018-6879
+       RESERVED
+CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP 
Scripts ...)
+       TODO: check
+CVE-2018-6877
+       RESERVED
+CVE-2018-6876 (THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as 
used in ...)
+       TODO: check
+CVE-2018-6875
+       RESERVED
+CVE-2018-6874
+       RESERVED
+CVE-2018-6873
+       RESERVED
 CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File 
Descriptor ...)
        - binutils 2.30-4
        [stretch] - binutils <ignored> (Minor issue)
@@ -103,12 +121,12 @@ CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 
1.8.2, when used to encrypt
        NOTE: 
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
 CVE-2018-6828
        RESERVED
-CVE-2018-6827
-       RESERVED
-CVE-2018-6826
-       RESERVED
-CVE-2018-6825
-       RESERVED
+CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 
certificates ...)
+       TODO: check
+CVE-2018-6826 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. 
...)
+       TODO: check
+CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. 
An SSH ...)
+       TODO: check
 CVE-2018-6824 (Cozy has XSS allowing remote attackers to obtain administrative 
access ...)
        NOT-FOR-US: Cozy
 CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, 
the ...)
@@ -1039,8 +1057,7 @@ CVE-2018-6510
        RESERVED
 CVE-2018-6509
        RESERVED
-CVE-2018-6508 [Unparameterized input in multiple modules can allow a remote 
user to execute arbitrary code]
-       RESERVED
+CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to 
a ...)
        - puppet-module-puppetlabs-apt <unfixed>
        - puppet-module-puppetlabs-apache <unfixed>
        - puppet-module-puppetlabs-mysql <unfixed>
@@ -13644,8 +13661,8 @@ CVE-2018-1403
        RESERVED
 CVE-2018-1402
        RESERVED
-CVE-2018-1401
-       RESERVED
+CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to 
cross-site ...)
+       TODO: check
 CVE-2018-1400
        RESERVED
 CVE-2018-1399
@@ -13710,8 +13727,8 @@ CVE-2018-1370
        RESERVED
 CVE-2018-1369
        RESERVED
-CVE-2018-1368
-       RESERVED
+CVE-2018-1368 (IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 
9.5 ...)
+       TODO: check
 CVE-2018-1367
        RESERVED
 CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma 
Separated ...)
@@ -14475,8 +14492,7 @@ CVE-2018-1309
        RESERVED
 CVE-2018-1308
        RESERVED
-CVE-2018-1307
-       RESERVED
+CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or 
WSDL2Java ...)
        NOT-FOR-US: Apache juddi-client
 CVE-2018-1306
        RESERVED
@@ -14494,8 +14510,7 @@ CVE-2018-1300
        RESERVED
 CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may 
retrieve ...)
        NOT-FOR-US: Apache Allura
-CVE-2018-1298 [Incorrect implementation of some SASL mechanisms can allow a 
remote unauthenticated attacker to cause a denial of service]
-       RESERVED
+CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid 
Broker-J ...)
        - qpid-java <itp> (bug #840131)
        NOTE: https://issues.apache.org/jira/browse/QPID-8046
        NOTE: 
https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=de509dd
@@ -15256,8 +15271,7 @@ CVE-2018-1055
        REJECTED
 CVE-2018-1054
        RESERVED
-CVE-2018-1053 [Ensure that all temp files made during pg_upgrade are 
non-world-readable]
-       RESERVED
+CVE-2018-1053 (In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x 
before ...)
        {DLA-1271-1}
        - postgresql-10 10.2-1
        - postgresql-9.6 <removed>
@@ -15267,8 +15281,7 @@ CVE-2018-1053 [Ensure that all temp files made during 
pg_upgrade are non-world-r
        - postgresql-9.1 <removed>
        [jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is 
PL/Perl only)
        NOTE: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca
-CVE-2018-1052 [Fix processing of partition keys containing multiple 
expressions]
-       RESERVED
+CVE-2018-1052 (Memory disclosure vulnerability in table partitioning was found 
in ...)
        - postgresql-10 10.2-1
        - postgresql-9.6 <not-affected> (code introduced in 10)
        - postgresql-9.4 <not-affected> (code introduced in 10)
@@ -37302,10 +37315,9 @@ CVE-2017-10692
        RESERVED
 CVE-2017-10691
        RESERVED
-CVE-2017-10690
-       RESERVED
-CVE-2017-10689 [Unpacking of tarballs in tar/mini.rb can create files with 
insecure permissions]
-       RESERVED
+CVE-2017-10690 (In previous versions of Puppet Agent it was possible for the 
agent to ...)
+       TODO: check
+CVE-2017-10689 (In previous versions of Puppet Agent it was possible to 
install a ...)
        - puppet <unfixed>
        NOTE: https://puppet.com/security/cve/CVE-2017-10689
        NOTE: https://tickets.puppetlabs.com/browse/PUP-7866
@@ -64473,8 +64485,8 @@ CVE-2017-1763
        RESERVED
 CVE-2017-1762
        RESERVED
-CVE-2017-1761
-       RESERVED
+CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to 
...)
+       TODO: check
 CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to 
crash ...)
        NOT-FOR-US: IBM WebSphere MQ
 CVE-2017-1759
@@ -92012,7 +92024,7 @@ CVE-2016-XXXX [exec functions ignore length but look 
for NULL termination]
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494
        NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
        NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
-CVE-2016-10712 [Output of stream_get_meta_data can be falsified by its input]
+CVE-2016-10712 (In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 
7.0.3, all of ...)
        - php5 5.6.18+dfsg-1
        [jessie] - php5 5.6.19+dfsg-0+deb8u1
        [wheezy] - php5 5.4.45-0+deb7u7



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e172e2c1cbae3122e74977d3f78581eb632b12c2

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e172e2c1cbae3122e74977d3f78581eb632b12c2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to