Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e0b41caf by security tracker role at 2018-02-12T21:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,43 @@ +CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel before ...) + TODO: check +CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...) + TODO: check +CVE-2018-6925 + RESERVED +CVE-2018-6924 + RESERVED +CVE-2018-6923 + RESERVED +CVE-2018-6922 + RESERVED +CVE-2018-6921 + RESERVED +CVE-2018-6920 + RESERVED +CVE-2018-6919 + RESERVED +CVE-2018-6918 + RESERVED +CVE-2018-6917 + RESERVED +CVE-2018-6916 + RESERVED +CVE-2018-6915 + RESERVED +CVE-2018-6914 + RESERVED +CVE-2018-1000063 + RESERVED +CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring ...) + TODO: check +CVE-2017-18178 (Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue ...) + TODO: check +CVE-2017-18177 (Progress Sitefinity 9.1 has XSS via the Last name, First name, and ...) + TODO: check +CVE-2017-18176 (Progress Sitefinity 9.1 has XSS via file upload, because JavaScript ...) + TODO: check +CVE-2017-18175 (Progress Sitefinity 9.1 has XSS via the Content Management Template ...) + TODO: check CVE-2018-6913 RESERVED CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...) @@ -41,8 +81,8 @@ CVE-2018-6895 RESERVED CVE-2018-6894 RESERVED -CVE-2018-6893 - RESERVED +CVE-2018-6893 (controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a ...) + TODO: check CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthenticated ...) NOT-FOR-US: CloudMe CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a ...) @@ -690,6 +730,7 @@ CVE-2018-1000043 (Security Onion Solutions Squert version 1.0.1 through 1.6.7 co CVE-2018-1000042 (Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a ...) NOT-FOR-US: Security Onion Solutions Squert CVE-2018-1000041 (GNOME librsvg version before commit ...) + {DLA-1278-1} - librsvg 2.40.20-1 NOTE: Fixed by: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0 CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in ...) @@ -895,22 +936,22 @@ CVE-2018-1000037 RESERVED CVE-2018-1000036 RESERVED -CVE-2018-1000035 (A heap-based buffer overflow exists in InfoZip UnZip version <= 6.00 ...) +CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 ...) - unzip <unfixed> (bug #889838) [stretch] - unzip <no-dsa> (Harmless crash, builds with fortified source) [jessie] - unzip <no-dsa> (Harmless crash, builds with fortified source) [wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source) NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html -CVE-2018-1000034 (An out-of-bounds read exists in InfoZip UnZip version 6.10c22 that ...) +CVE-2018-1000034 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that ...) - unzip <not-affected> (Only affects 6.1c22) NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html -CVE-2018-1000033 (An out-of-bounds read exists in InfoZip UnZip version 6.10c22 that ...) +CVE-2018-1000033 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that ...) - unzip <not-affected> (Only affects 6.1c22) NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html -CVE-2018-1000032 (A heap-based buffer overflow exists in InfoZip UnZip version 6.10c22 ...) +CVE-2018-1000032 (A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 ...) - unzip <not-affected> (Only affects 6.1c22) NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html -CVE-2018-1000031 (A heap-based buffer overflow exists in InfoZip UnZip version 6.10c22 ...) +CVE-2018-1000031 (A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 ...) - unzip <not-affected> (Only affects 6.1c22) NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html CVE-2017-18123 (The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e ...) @@ -29548,64 +29589,45 @@ CVE-2017-13249 RESERVED CVE-2017-13248 RESERVED -CVE-2017-13247 - RESERVED +CVE-2017-13247 (In the Pixel 2 bootloader, there is a missing permission check which ...) NOT-FOR-US: HTC Android components -CVE-2017-13246 - RESERVED +CVE-2017-13246 (A information disclosure vulnerability in the Upstream kernel network ...) NOT-FOR-US: Closed source network driver for Pixel phones -CVE-2017-13245 - RESERVED +CVE-2017-13245 (A elevation of privilege vulnerability in the Upstream kernel audio ...) NOT-FOR-US: Closed source audio driver for Pixel phones -CVE-2017-13244 - RESERVED +CVE-2017-13244 (A elevation of privilege vulnerability in the Upstream kernel easel. ...) NOT-FOR-US: Easel driver for Pixel phones -CVE-2017-13243 - RESERVED +CVE-2017-13243 (A information disclosure vulnerability in the Android system (ui). ...) NOT-FOR-US: Android -CVE-2017-13242 - RESERVED +CVE-2017-13242 (A information disclosure vulnerability in the Android system ...) NOT-FOR-US: Android -CVE-2017-13241 - RESERVED +CVE-2017-13241 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework -CVE-2017-13240 - RESERVED +CVE-2017-13240 (A information disclosure vulnerability in the Android framework ...) NOT-FOR-US: Android -CVE-2017-13239 - RESERVED +CVE-2017-13239 (A information disclosure vulnerability in the Android framework (ui ...) NOT-FOR-US: Android -CVE-2017-13238 - RESERVED +CVE-2017-13238 (In XBLRamDump mode, there is a debug feature that can be used to dump ...) NOT-FOR-US: HTC Android components CVE-2017-13237 RESERVED -CVE-2017-13236 - RESERVED +CVE-2017-13236 (In the KeyStore service, there is a permissions bypass that allows ...) NOT-FOR-US: Android -CVE-2017-13235 - RESERVED +CVE-2017-13235 (A other vulnerability in the Android media framework (n/a). Product: ...) NOT-FOR-US: Android Media Framework -CVE-2017-13234 - RESERVED +CVE-2017-13234 (In DLSParser of the sonivox library, there is possible resource ...) NOT-FOR-US: Android Media Framework -CVE-2017-13233 - RESERVED +CVE-2017-13233 (In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible ...) NOT-FOR-US: Android Media Framework -CVE-2017-13232 - RESERVED +CVE-2017-13232 (In audioserver, there is an out-of-bounds write due to a log statement ...) NOT-FOR-US: Android Media Framework -CVE-2017-13231 - RESERVED +CVE-2017-13231 (In libmediadrm, there is an out-of-bounds write due to improper input ...) NOT-FOR-US: Android Media Framework -CVE-2017-13230 - RESERVED +CVE-2017-13230 (In hevc codec, there is an out-of-bounds write due to an incorrect ...) NOT-FOR-US: Android Media Framework -CVE-2017-13229 - RESERVED +CVE-2017-13229 (A remote code execution vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework -CVE-2017-13228 - RESERVED +CVE-2017-13228 (In function ih264d_ref_idx_reordering of libavc, there is an ...) NOT-FOR-US: Android Media Framework CVE-2017-13227 RESERVED @@ -68454,10 +68476,10 @@ CVE-2016-9572 NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d CVE-2016-9571 REJECTED -CVE-2016-9570 - RESERVED -CVE-2016-9569 - RESERVED +CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial ...) + TODO: check +CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users ...) + TODO: check CVE-2016-9568 RESERVED CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) ...) @@ -71180,8 +71202,8 @@ CVE-2016-8743 (Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, w NOTE: Affects: 2.2.0 to 2.4.23. NOTE: Fixed in 2.4.25. NOTE: For 2.2 preparation is done in http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/ -CVE-2016-8742 - RESERVED +CVE-2016-8742 (The Windows installer that the Apache CouchDB team provides was ...) + TODO: check CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use different so ...) - qpid-java <itp> (bug #840131) CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...) @@ -82299,8 +82321,8 @@ CVE-2016-5399 (The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x NOTE: underlying bzip2 library is at fault. CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process Editor in ...) NOT-FOR-US: JBoss BPMS -CVE-2016-5397 - RESERVED +CVE-2016-5397 (The Apache Thrift Go client library exposed the potential during code ...) + TODO: check CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...) - trafficserver 7.0.0-1 [wheezy] - trafficserver <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b41cafa3de278a1417db206a00358bd9cf18ce --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b41cafa3de278a1417db206a00358bd9cf18ce You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits