[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Mon, 26 Feb 2018 01:11:17 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ff249099 by security tracker role at 2018-02-26T09:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. 
The ...)
+       TODO: check
+CVE-2018-7483
+       RESERVED
+CVE-2018-7482
+       RESERVED
+CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 
mishandles ...)
+       TODO: check
 CVE-2018-XXXX [AST-2018-003: Crash with an invalid SDP fmtp attribute]
        - pjproject 2.7.2~dfsg-1
        NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
@@ -12,8 +20,8 @@ CVE-2018-7481
 CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the 
Linux ...)
        - linux 4.11.6-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
-CVE-2018-7479
-       RESERVED
+CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path 
via a ...)
+       TODO: check
 CVE-2018-7478
        RESERVED
 CVE-2018-7477
@@ -24142,8 +24150,7 @@ CVE-2017-15698 (When parsing the AIA-Extension field of 
a client certificate, Ap
        NOTE: Affects: 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34
 CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header 
...)
        NOT-FOR-US: Apache NiFi
-CVE-2017-15696
-       RESERVED
+CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in 
secure ...)
        NOT-FOR-US: Apache Geode
 CVE-2017-15695
        RESERVED
@@ -42777,10 +42784,10 @@ CVE-2017-9428 (A directory traversal vulnerability 
exists in ...)
        NOT-FOR-US: BigTree CMS
 CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18 
allows remote ...)
        NOT-FOR-US: BigTree CMS
-CVE-2017-9426
-       RESERVED
-CVE-2017-9425
-       RESERVED
+CVE-2017-9426 (ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL 
injection ...)
+       TODO: check
+CVE-2017-9425 (The Facetag extension 0.0.3 for Piwigo allows XSS via the name 
...)
+       TODO: check
 CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote 
attackers ...)
        NOT-FOR-US: IdeaBlade Breeze Breeze.Server.NET
 CVE-2017-9423
@@ -50079,7 +50086,7 @@ CVE-2017-7273 (The cp_report_fixup function in 
drivers/hid/hid-cypress.c in the 
        - linux 4.9.6-1
        [jessie] - linux 3.16.43-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
-CVE-2017-7272 (PHP through 7.1.3 enables potential SSRF in applications that 
accept an ...)
+CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that 
accept ...)
        {DLA-875-1}
        - php7.1 7.1.4-1
        - php7.0 7.0.18-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff249099624f653bcd7a8e4c2d673451c6391db3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff249099624f653bcd7a8e4c2d673451c6391db3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to