Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 49218f03 by security tracker role at 2018-02-24T09:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,55 @@ -CVE-2018-7443 +CVE-2018-7464 RESERVED -CVE-2018-7434 +CVE-2018-7463 RESERVED +CVE-2018-7462 + RESERVED +CVE-2018-7461 + RESERVED +CVE-2018-7460 + RESERVED +CVE-2018-7459 + RESERVED +CVE-2018-7458 + RESERVED +CVE-2018-7457 + RESERVED +CVE-2018-7456 (A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in ...) + TODO: check +CVE-2018-7455 (An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in ...) + TODO: check +CVE-2018-7454 (A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf ...) + TODO: check +CVE-2018-7453 (Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ...) + TODO: check +CVE-2018-7452 (A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in ...) + TODO: check +CVE-2018-7451 + RESERVED +CVE-2018-7450 + RESERVED +CVE-2018-7449 + RESERVED +CVE-2018-7448 + RESERVED +CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site ...) + TODO: check +CVE-2018-7446 + RESERVED +CVE-2018-7445 + RESERVED +CVE-2018-7444 + RESERVED +CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote ...) + TODO: check +CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows ...) + TODO: check +CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the ...) + TODO: check +CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 ...) + TODO: check +CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via a ...) + TODO: check CVE-2018-7433 RESERVED CVE-2018-7432 @@ -33,36 +81,31 @@ CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate TODO: Check elinks, we compile with GnuTLS CVE-2018-7422 RESERVED -CVE-2018-7421 - RESERVED -CVE-2018-7420 - RESERVED -CVE-2018-7419 - RESERVED -CVE-2018-7418 - RESERVED -CVE-2018-7417 - RESERVED +CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector ...) + TODO: check +CVE-2018-7420 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser ...) + TODO: check +CVE-2018-7419 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector ...) + TODO: check +CVE-2018-7418 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector ...) + TODO: check +CVE-2018-7417 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector ...) + TODO: check CVE-2018-7416 RESERVED -CVE-2018-7439 [heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record] - RESERVED +CVE-2018-7439 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...) - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892 -CVE-2018-7438 [heap-buffer-overflow in freexl.c:383 parse_unicode_string] - RESERVED +CVE-2018-7438 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...) - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889 -CVE-2018-7437 [heap-buffer-overflow in freexl.c:1866 parse_SST] - RESERVED +CVE-2018-7437 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...) - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885 -CVE-2018-7436 [heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST] - RESERVED +CVE-2018-7436 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...) - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883 -CVE-2018-7435 [heap-buffer-overflow in freexl::destroy_cell] - RESERVED +CVE-2018-7435 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...) - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879 CVE-2018-7415 @@ -238,42 +281,42 @@ CVE-2018-XXXX [SA-CORE-2018-001: JavaScript cross-site scripting prevention is i NOTE: https://www.drupal.org/sa-core-2018-001 CVE-2018-7338 RESERVED -CVE-2018-7337 - RESERVED -CVE-2018-7336 - RESERVED -CVE-2018-7335 - RESERVED -CVE-2018-7334 - RESERVED -CVE-2018-7333 - RESERVED -CVE-2018-7332 - RESERVED -CVE-2018-7331 - RESERVED -CVE-2018-7330 - RESERVED -CVE-2018-7329 - RESERVED -CVE-2018-7328 - RESERVED -CVE-2018-7327 - RESERVED -CVE-2018-7326 - RESERVED -CVE-2018-7325 - RESERVED -CVE-2018-7324 - RESERVED -CVE-2018-7323 - RESERVED -CVE-2018-7322 - RESERVED -CVE-2018-7321 - RESERVED -CVE-2018-7320 - RESERVED +CVE-2018-7337 (In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. ...) + TODO: check +CVE-2018-7336 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol ...) + TODO: check +CVE-2018-7335 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 ...) + TODO: check +CVE-2018-7334 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector ...) + TODO: check +CVE-2018-7333 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7332 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7331 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7330 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7329 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7328 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7327 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7326 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7325 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7324 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7323 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7322 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7321 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...) + TODO: check +CVE-2018-7320 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol ...) + TODO: check CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component ...) NOT-FOR-US: OS Property Real Estate component for Joomla! CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via ...) @@ -9069,18 +9112,15 @@ CVE-2018-3838 RESERVED CVE-2018-3837 RESERVED -CVE-2018-7442 [path traversal or file overwrite] - RESERVED +CVE-2018-7442 (An issue was discovered in Leptonica through 1.75.3. The ...) - leptonlib <unfixed> NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html -CVE-2018-7441 [insecure use of /tmp] - RESERVED +CVE-2018-7441 (Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might ...) - leptonlib <unfixed> NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html -CVE-2017-18196 +CVE-2017-18196 (Leptonica 1.74.4 constructs unintended pathnames (containing duplicated ...) - leptonlib 1.74.4-2 (bug #885704) -CVE-2018-7440 [command injection via $(command)] - RESERVED +CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The ...) - leptonlib <unfixed> NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212 NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b @@ -10556,17 +10596,14 @@ CVE-2017-17769 NOT-FOR-US: Qualcomm component for Android CVE-2017-17768 RESERVED -CVE-2017-17767 - RESERVED +CVE-2017-17767 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-17766 RESERVED NOT-FOR-US: Qualcomm component for Android -CVE-2017-17765 - RESERVED +CVE-2017-17765 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android -CVE-2017-17764 - RESERVED +CVE-2017-17764 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-17763 (SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share ...) NOT-FOR-US: SuperBeam @@ -16107,8 +16144,7 @@ CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL NOT-FOR-US: Apache juddi-client CVE-2018-1306 RESERVED -CVE-2018-1305 [Security constraint annotations applied too late] - RESERVED +CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache ...) - tomcat9 <itp> (bug #802312) - tomcat8 8.5.28-1 - tomcat8.0 <unfixed> (unimportant) @@ -20920,8 +20956,8 @@ CVE-2017-16771 RESERVED CVE-2017-16770 RESERVED -CVE-2017-16769 - RESERVED +CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in ...) + TODO: check CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in ...) NOT-FOR-US: Synology MailPlus Server CVE-2017-16767 @@ -23562,12 +23598,12 @@ CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol S NOTE: https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50 CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin ...) NOT-FOR-US: WordPress plugin wp-noexternallinks -CVE-2017-15862 - RESERVED -CVE-2017-15861 - RESERVED -CVE-2017-15860 - RESERVED +CVE-2017-15862 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2017-15859 RESERVED NOT-FOR-US: Qualcomm component for Android @@ -23631,8 +23667,7 @@ CVE-2017-15831 RESERVED CVE-2017-15830 RESERVED -CVE-2017-15829 - RESERVED +CVE-2017-15829 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15828 RESERVED @@ -23652,15 +23687,13 @@ CVE-2017-15822 RESERVED CVE-2017-15821 RESERVED -CVE-2017-15820 - RESERVED +CVE-2017-15820 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15819 RESERVED CVE-2017-15818 RESERVED -CVE-2017-15817 - RESERVED +CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15816 RESERVED @@ -24345,8 +24378,8 @@ CVE-2017-15520 REJECTED CVE-2017-15519 RESERVED -CVE-2017-15518 - RESERVED +CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp Service ...) + TODO: check CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to ...) NOT-FOR-US: AltaVault OST Plug-in CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a ...) @@ -26487,8 +26520,7 @@ CVE-2017-14912 CVE-2017-14911 RESERVED NOT-FOR-US: Qualcomm components for Android -CVE-2017-14910 - RESERVED +CVE-2017-14910 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android @@ -26543,8 +26575,7 @@ CVE-2017-14886 RESERVED CVE-2017-14885 RESERVED -CVE-2017-14884 - RESERVED +CVE-2017-14884 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14883 RESERVED @@ -33072,7 +33103,7 @@ CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Module NOT-FOR-US: Siemens CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) NOT-FOR-US: Siemens -CVE-2017-12736 (A vulnerability has been identified in the following Siemens products: ...) +CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 ...) NOT-FOR-US: Siemens CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An ...) NOT-FOR-US: Siemens @@ -50077,7 +50108,7 @@ CVE-2016-10261 RESERVED CVE-2016-10260 RESERVED -CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptible to ...) +CVE-2016-10259 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and ...) NOT-FOR-US: Blue Coat CVE-2016-10258 RESERVED @@ -63982,9 +64013,9 @@ CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NM NOT-FOR-US: Siemens CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...) NOT-FOR-US: Siemens -CVE-2017-2681 (A vulnerability has been identified in Development/Evaluation Kit DK ...) +CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std, SIMATIC ...) NOT-FOR-US: Siemens -CVE-2017-2680 (A vulnerability has been identified in Development/Evaluation Kit DK ...) +CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std, SIMATIC ...) NOT-FOR-US: Siemens CVE-2017-2679 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49218f034d22df0aa3dcbbc03ff8712a1b655105 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49218f034d22df0aa3dcbbc03ff8712a1b655105 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits