Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9fa18d45 by security tracker role at 2018-02-28T09:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-7558
+ RESERVED
+CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg
through ...)
+ TODO: check
+CVE-2018-7556 (LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x
before ...)
+ TODO: check
+CVE-2018-7555
+ RESERVED
+CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that
leads to a ...)
+ TODO: check
+CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster
function of ...)
+ TODO: check
+CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in
mapping.cpp ...)
+ TODO: check
+CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that
leads to ...)
+ TODO: check
+CVE-2018-7550
+ RESERVED
+CVE-2018-7549 (In params.c in zsh through 5.4.2, there is a crash during a
copy of an ...)
+ TODO: check
+CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer
dereference ...)
+ TODO: check
+CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to
the ...)
+ TODO: check
+CVE-2018-7546
+ RESERVED
+CVE-2018-7545
+ RESERVED
+CVE-2018-1057
+ RESERVED
+CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer
overflow. ...)
+ TODO: check
+CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is
used, ...)
+ TODO: check
+CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized
buffers ...)
+ TODO: check
+CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow
when ...)
+ TODO: check
+CVE-2014-10071 (In exec.c in zsh before 5.0.7, there is a buffer overflow for
very long ...)
+ TODO: check
+CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of
integer ...)
+ TODO: check
CVE-2018-7544
RESERVED
CVE-2018-7543
@@ -162,8 +204,8 @@ CVE-2018-7484 (An issue was discovered in PureVPN through
5.19.4.0 on Windows. T
NOT-FOR-US: PureVPN on Windows
CVE-2018-7483
RESERVED
-CVE-2018-7482
- RESERVED
+CVE-2018-7482 (The K2 component 2.8.0 for Joomla! has Incorrect Access Control
with ...)
+ TODO: check
CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14
mishandles ...)
- linux <not-affected> (Vulnerable code not present)
CVE-2018-1000099 [AST-2018-003: Crash with an invalid SDP fmtp attribute]
@@ -188,8 +230,8 @@ CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to
discover the full path via
NOT-FOR-US: YzmCMS
CVE-2018-7478
RESERVED
-CVE-2018-7477
- RESERVED
+CVE-2018-7477 (SQL Injection exists in PHP Scripts Mall School Management
Script 3.0.4 ...)
+ TODO: check
CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross
Site ...)
NOT-FOR-US: FineCms
CVE-2018-7475
@@ -213,8 +255,8 @@ CVE-2018-7469
RESERVED
CVE-2018-7468
RESERVED
-CVE-2018-7467
- RESERVED
+CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial
/css//..%2f ...)
+ TODO: check
CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows
remote ...)
NOT-FOR-US: TestLink
CVE-2018-7465
@@ -2476,14 +2518,14 @@ CVE-2018-6643
RESERVED
CVE-2018-6642
RESERVED
-CVE-2018-6641
- RESERVED
-CVE-2018-6640
- RESERVED
-CVE-2018-6639
- RESERVED
-CVE-2018-6638
- RESERVED
+CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered
in ...)
+ TODO: check
+CVE-2018-6640 (A Heap Overflow (Remote Code Execution) issue was discovered in
Design ...)
+ TODO: check
+CVE-2018-6639 (An out-of-bounds write (Remote Code Execution) issue was
discovered in ...)
+ TODO: check
+CVE-2018-6638 (A stack-based buffer overflow (Remote Code Execution) issue was
...)
+ TODO: check
CVE-2018-6637
RESERVED
CVE-2018-6636
@@ -2817,7 +2859,7 @@ CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4,
and Go 1.10 pre-releases
[stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
[jessie] - golang <ignored> (Minor issue)
- [wheezy] - golang <ignored> (Minor issue)
+ [wheezy] - golang <ignored> (Minor issue)
NOTE: https://github.com/golang/go/issues/23672
NOTE:
https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
NOTE:
https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
@@ -17335,6 +17377,7 @@ CVE-2018-1060
CVE-2018-1059
RESERVED
CVE-2018-1058 [Security implications of using the default search_path and
public schema]
+ RESERVED
- postgresql-10 10.3-1
- postgresql-9.6 <removed>
- postgresql-9.4 <removed>
@@ -26004,8 +26047,7 @@ CVE-2017-15138
RESERVED
CVE-2017-15137
RESERVED
-CVE-2017-15136
- RESERVED
+CVE-2017-15136 (When registering and activating a new system with Red Hat
Satellite 6 ...)
NOT-FOR-US: Red Hat Satellite 6
CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and
including ...)
- 389-ds-base 1.3.7.9-1 (bug #888451)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fa18d451cf4e9c0e4aa04e6abd6b5e5408c5e14
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fa18d451cf4e9c0e4aa04e6abd6b5e5408c5e14
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
