Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ff249099 by security tracker role at 2018-02-26T09:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,11 @@ +CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. The ...) + TODO: check +CVE-2018-7483 + RESERVED +CVE-2018-7482 + RESERVED +CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 mishandles ...) + TODO: check CVE-2018-XXXX [AST-2018-003: Crash with an invalid SDP fmtp attribute] - pjproject 2.7.2~dfsg-1 NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html @@ -12,8 +20,8 @@ CVE-2018-7481 CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux ...) - linux 4.11.6-1 NOTE: Fixed by: https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258 -CVE-2018-7479 - RESERVED +CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via a ...) + TODO: check CVE-2018-7478 RESERVED CVE-2018-7477 @@ -24142,8 +24150,7 @@ CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Ap NOTE: Affects: 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ...) NOT-FOR-US: Apache NiFi -CVE-2017-15696 - RESERVED +CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in secure ...) NOT-FOR-US: Apache Geode CVE-2017-15695 RESERVED @@ -42777,10 +42784,10 @@ CVE-2017-9428 (A directory traversal vulnerability exists in ...) NOT-FOR-US: BigTree CMS CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...) NOT-FOR-US: BigTree CMS -CVE-2017-9426 - RESERVED -CVE-2017-9425 - RESERVED +CVE-2017-9426 (ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection ...) + TODO: check +CVE-2017-9425 (The Facetag extension 0.0.3 for Piwigo allows XSS via the name ...) + TODO: check CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers ...) NOT-FOR-US: IdeaBlade Breeze Breeze.Server.NET CVE-2017-9423 @@ -50079,7 +50086,7 @@ CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the - linux 4.9.6-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110 -CVE-2017-7272 (PHP through 7.1.3 enables potential SSRF in applications that accept an ...) +CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept ...) {DLA-875-1} - php7.1 7.1.4-1 - php7.0 7.0.18-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff249099624f653bcd7a8e4c2d673451c6391db3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff249099624f653bcd7a8e4c2d673451c6391db3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits