[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 22 Feb 2018 13:11:30 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
02977357 by security tracker role at 2018-02-22T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,161 @@
+CVE-2018-7415
+       RESERVED
+CVE-2018-7414
+       RESERVED
+CVE-2018-7413
+       RESERVED
+CVE-2018-7412
+       RESERVED
+CVE-2018-7411
+       RESERVED
+CVE-2018-7410
+       RESERVED
+CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...)
+       TODO: check
+CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release 
(marked ...)
+       TODO: check
+CVE-2018-7407
+       RESERVED
+CVE-2018-7406
+       RESERVED
+CVE-2018-7405
+       RESERVED
+CVE-2018-7404
+       RESERVED
+CVE-2018-7403
+       RESERVED
+CVE-2018-7402
+       RESERVED
+CVE-2018-7401
+       RESERVED
+CVE-2018-7400
+       RESERVED
+CVE-2018-7399
+       RESERVED
+CVE-2018-7398
+       RESERVED
+CVE-2018-7397
+       RESERVED
+CVE-2018-7396
+       RESERVED
+CVE-2018-7395
+       RESERVED
+CVE-2018-7394
+       RESERVED
+CVE-2018-7393
+       RESERVED
+CVE-2018-7392
+       RESERVED
+CVE-2018-7391
+       RESERVED
+CVE-2018-7390
+       RESERVED
+CVE-2018-7389
+       RESERVED
+CVE-2018-7388
+       RESERVED
+CVE-2018-7387
+       RESERVED
+CVE-2018-7386
+       RESERVED
+CVE-2018-7385
+       RESERVED
+CVE-2018-7384
+       RESERVED
+CVE-2018-7383
+       RESERVED
+CVE-2018-7382
+       RESERVED
+CVE-2018-7381
+       RESERVED
+CVE-2018-7380
+       RESERVED
+CVE-2018-7379
+       RESERVED
+CVE-2018-7378
+       RESERVED
+CVE-2018-7377
+       RESERVED
+CVE-2018-7376
+       RESERVED
+CVE-2018-7375
+       RESERVED
+CVE-2018-7374
+       RESERVED
+CVE-2018-7373
+       RESERVED
+CVE-2018-7372
+       RESERVED
+CVE-2018-7371
+       RESERVED
+CVE-2018-7370
+       RESERVED
+CVE-2018-7369
+       RESERVED
+CVE-2018-7368
+       RESERVED
+CVE-2018-7367
+       RESERVED
+CVE-2018-7366
+       RESERVED
+CVE-2018-7365
+       RESERVED
+CVE-2018-7364
+       RESERVED
+CVE-2018-7363
+       RESERVED
+CVE-2018-7362
+       RESERVED
+CVE-2018-7361
+       RESERVED
+CVE-2018-7360
+       RESERVED
+CVE-2018-7359
+       RESERVED
+CVE-2018-7358
+       RESERVED
+CVE-2018-7357
+       RESERVED
+CVE-2018-7356
+       RESERVED
+CVE-2018-7355
+       RESERVED
+CVE-2018-7354
+       RESERVED
+CVE-2018-7353
+       RESERVED
+CVE-2018-7352
+       RESERVED
+CVE-2018-7351
+       RESERVED
+CVE-2018-7350
+       RESERVED
+CVE-2018-7349
+       RESERVED
+CVE-2018-7348
+       RESERVED
+CVE-2018-7347
+       RESERVED
+CVE-2018-7346
+       RESERVED
+CVE-2018-7345
+       RESERVED
+CVE-2018-7344
+       RESERVED
+CVE-2018-7343
+       RESERVED
+CVE-2018-7342
+       RESERVED
+CVE-2018-7341
+       RESERVED
+CVE-2018-7340
+       RESERVED
+CVE-2018-7339
+       RESERVED
+CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the 
&quot;signup&quot; ...)
+       TODO: check
+CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 
mishandles ...)
+       TODO: check
 CVE-2018-XXXX [SA-CORE-2018-001: External link injection on 404 pages when 
linking to the current page]
        - drupal7 <unfixed> (bug #891154)
        NOTE: https://www.drupal.org/sa-core-2018-001
@@ -48,22 +206,22 @@ CVE-2018-7321
        RESERVED
 CVE-2018-7320
        RESERVED
-CVE-2018-7319
-       RESERVED
-CVE-2018-7318
-       RESERVED
-CVE-2018-7317
-       RESERVED
-CVE-2018-7316
-       RESERVED
-CVE-2018-7315
-       RESERVED
-CVE-2018-7314
-       RESERVED
-CVE-2018-7313
-       RESERVED
-CVE-2018-7312
-       RESERVED
+CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 
component ...)
+       TODO: check
+CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for 
Joomla! via ...)
+       TODO: check
+CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for 
Joomla! via ...)
+       TODO: check
+CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component 
for ...)
+       TODO: check
+CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! 
via the ...)
+       TODO: check
+CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for 
Joomla! ...)
+       TODO: check
+CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! 
via the ...)
+       TODO: check
+CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 
component for ...)
+       TODO: check
 CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root 
...)
        NOT-FOR-US: PrivateVPN for macOS
 CVE-2018-7310
@@ -84,18 +242,18 @@ CVE-2018-7303 (The Calendar component in Tiki 17.1 allows 
HTML injection. ...)
        NOT-FOR-US: Tiki
 CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG 
content, ...)
        NOT-FOR-US: Tiki
-CVE-2018-7301
-       RESERVED
-CVE-2018-7300
-       RESERVED
-CVE-2018-7299
-       RESERVED
-CVE-2018-7298
-       RESERVED
-CVE-2018-7297
-       RESERVED
-CVE-2018-7296
-       RESERVED
+CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC 
port ...)
+       TODO: check
+CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code 
Execution in ...)
+       TODO: check
+CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 
AG ...)
+       TODO: check
+CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG 
HomeMatic ...)
+       TODO: check
+CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG 
...)
+       TODO: check
+CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage 
method ...)
+       TODO: check
 CVE-2018-7295
        RESERVED
 CVE-2018-7294
@@ -497,6 +655,7 @@ CVE-2018-7182
 CVE-2018-7181
        RESERVED
 CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
+       {DLA-1288-1}
        - cups 2.2.3-2
        [stretch] - cups <no-dsa> (Minor issue, can be fixed via pu)
        [jessie] - cups <no-dsa> (Minor issue, can be fixed via pu)
@@ -1225,8 +1384,8 @@ CVE-2018-6892 (An issue was discovered in CloudMe before 
1.11.0. An unauthentica
        NOT-FOR-US: CloudMe
 CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via 
a ...)
        NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
-CVE-2018-6890
-       RESERVED
+CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 
via the ...)
+       TODO: check
 CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a 
Host ...)
        NOT-FOR-US: Typesetter CMS
 CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions 
page ...)
@@ -4445,6 +4604,7 @@ CVE-2017-18034 (The source browse resource in Atlassian 
FishEye and Crucible bef
 CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 
7.6.1 ...)
        NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
 CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the 
Linux ...)
+       {DSA-4120-1}
        - linux 4.15.4-1
        NOTE: https://patchwork.kernel.org/patch/10174835/
 CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit 
c1cd164 and ...)
@@ -14977,14 +15137,14 @@ CVE-2018-1419
        RESERVED
 CVE-2018-1418
        RESERVED
-CVE-2018-1417
-       RESERVED
+CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes 
for ...)
+       TODO: check
 CVE-2018-1416
        RESERVED
-CVE-2018-1415
-       RESERVED
-CVE-2018-1414
-       RESERVED
+CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site 
scripting. ...)
+       TODO: check
+CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL 
...)
+       TODO: check
 CVE-2018-1413
        RESERVED
 CVE-2018-1412
@@ -15027,10 +15187,10 @@ CVE-2018-1394
        RESERVED
 CVE-2018-1393
        RESERVED
-CVE-2018-1392
-       RESERVED
-CVE-2018-1391
-       RESERVED
+CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH 
Services for ...)
+       TODO: check
+CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH 
Services for ...)
+       TODO: check
 CVE-2018-1390
        RESERVED
 CVE-2018-1389
@@ -30939,6 +31099,7 @@ CVE-2017-13168 (An elevation of privilege vulnerability 
in the kernel scsi drive
 CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound 
timer. ...)
        NOT-FOR-US: Android kernel components (no source release, so apparently 
not present in mainline)
 CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 
video ...)
+       {DSA-4120-1}
        - linux 4.15.4-1
        NOTE: 
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html
        NOTE: 
https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a
@@ -54114,7 +54275,7 @@ CVE-2017-5756
 CVE-2017-5755
        RESERVED
 CVE-2017-5754 (Systems with microprocessors utilizing speculative execution 
and ...)
-       {DSA-4082-1 DSA-4078-1 DLA-1232-1}
+       {DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1}
        - linux 4.14.12-1
        - nvidia-graphics-drivers 384.111-1 (bug #886852)
        [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -54224,6 +54385,7 @@ CVE-2017-5717 (Type Confusion in Content Protection 
HECI Service in Intel Graphi
 CVE-2017-5716
        REJECTED
 CVE-2017-5715 (Systems with microprocessors utilizing speculative execution 
and ...)
+       {DSA-4120-1}
        - linux 4.14.17-1
        NOTE: https://spectreattack.com/
        NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -56318,12 +56480,12 @@ CVE-2017-5253
        RESERVED
 CVE-2017-5252
        RESERVED
-CVE-2017-5251
-       RESERVED
-CVE-2017-5250
-       RESERVED
-CVE-2017-5249
-       RESERVED
+CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio 
...)
+       TODO: check
+CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android 
app, ...)
+       TODO: check
+CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home 
Android ...)
+       TODO: check
 CVE-2017-5248
        RESERVED
 CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site 
scripting in ...)
@@ -86449,7 +86611,7 @@ CVE-2016-4660 (An issue was discovered in certain Apple 
products. iOS before 10.
        NOT-FOR-US: Apple
 CVE-2016-4659
        REJECTED
-CVE-2016-4658 (libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 
10, and ...)
+CVE-2016-4658 (xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 
10, OS ...)
        {DSA-3744-1 DLA-691-1}
        - libxml2 2.9.4+dfsg1-2.1 (bug #840553)
        NOTE: Fixed by: 
https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02977357c5272d1dcc03fe34054a46e7838033b9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02977357c5272d1dcc03fe34054a46e7838033b9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to