Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8c867cbc by Moritz Muehlenhoff at 2018-02-10T14:32:29+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -20,7 +20,7 @@ CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Sc CVE-2018-6877 RESERVED CVE-2018-6876 (THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ...) - TODO: check + NOT-FOR-US: libfpx CVE-2018-6875 RESERVED CVE-2018-6874 @@ -596,17 +596,17 @@ CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a Use After Free vulnera NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698873 NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384 CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer ...) - TODO: check + NOT-FOR-US: Sean Barrett stb_vorbis CVE-2018-1000049 (nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote ...) - TODO: check + NOT-FOR-US: nanopool Claymore Dual Miner CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502 ...) - TODO: check + NOT-FOR-US: NASA RtRetrievalFramework CVE-2018-1000047 (NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak ...) - TODO: check + NOT-FOR-US: NASA Kodiak CVE-2018-1000046 (NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in ...) - TODO: check + NOT-FOR-US: NASA Pyblock CVE-2018-1000045 (NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA ...) - TODO: check + NOT-FOR-US: NASA Singledop CVE-2018-1000044 (Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a ...) NOT-FOR-US: Security Onion Solutions Squert CVE-2018-1000043 (Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a ...) @@ -944,7 +944,6 @@ CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 2018-02- [wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS) NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493 NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md - TODO: check CVE-2018-6547 RESERVED CVE-2018-6546 @@ -1381,7 +1380,6 @@ CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in [wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS) NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492 NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md - TODO: check CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before ...) [experimental] - imagemagick 8:6.9.9.34+dfsg-1 - imagemagick <unfixed> (unimportant) @@ -1491,9 +1489,9 @@ CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably wel NOTE: https://git.kernel.org/linus/8914a595110a6eca69a5e275b323f5d09e18f4f9 NOTE: https://git.kernel.org/linus/2b16f048729bf35e6c28a40cbfad07239f9dcd90 CVE-2018-1000025 (Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 ...) - TODO: check + NOT-FOR-US: Jerome Gamez Firebase Admin SDK for PHP CVE-2018-1000023 (Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a ...) - TODO: check + NOT-FOR-US: Bitpay/insight-api Insight-api CVE-2018-1000021 (GIT version 2.15.1 and earlier contains a Input Validation Error ...) - git <unfixed> (unimportant; bug #889680) NOTE: http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html @@ -1510,7 +1508,7 @@ CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) . CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site ...) NOT-FOR-US: Invoice Plane CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: Canvs Canvas CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site Scripting ...) NOT-FOR-US: Mautic CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted headers, a ...) @@ -22691,7 +22689,7 @@ CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS before ...) NOT-FOR-US: ILIAS CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x ...) - TODO: check + NOT-FOR-US: Cloudera Data Science Workbench CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...) - mongodb <not-affected> (wire protocol compression introduced in 3.4.x and disabled by default) NOTE: https://jira.mongodb.org/browse/SERVER-31273 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c867cbcea1ce57a39c62740c211a321534f94fd --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c867cbcea1ce57a39c62740c211a321534f94fd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits