Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9fa18d45 by security tracker role at 2018-02-28T09:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,45 @@ +CVE-2018-7558 + RESERVED +CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) + TODO: check +CVE-2018-7556 (LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before ...) + TODO: check +CVE-2018-7555 + RESERVED +CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that leads to a ...) + TODO: check +CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster function of ...) + TODO: check +CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp ...) + TODO: check +CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that leads to ...) + TODO: check +CVE-2018-7550 + RESERVED +CVE-2018-7549 (In params.c in zsh through 5.4.2, there is a crash during a copy of an ...) + TODO: check +CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer dereference ...) + TODO: check +CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the ...) + TODO: check +CVE-2018-7546 + RESERVED +CVE-2018-7545 + RESERVED +CVE-2018-1057 + RESERVED +CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...) + TODO: check +CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is used, ...) + TODO: check +CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized buffers ...) + TODO: check +CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow when ...) + TODO: check +CVE-2014-10071 (In exec.c in zsh before 5.0.7, there is a buffer overflow for very long ...) + TODO: check +CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of integer ...) + TODO: check CVE-2018-7544 RESERVED CVE-2018-7543 @@ -162,8 +204,8 @@ CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. T NOT-FOR-US: PureVPN on Windows CVE-2018-7483 RESERVED -CVE-2018-7482 - RESERVED +CVE-2018-7482 (The K2 component 2.8.0 for Joomla! has Incorrect Access Control with ...) + TODO: check CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 mishandles ...) - linux <not-affected> (Vulnerable code not present) CVE-2018-1000099 [AST-2018-003: Crash with an invalid SDP fmtp attribute] @@ -188,8 +230,8 @@ CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via NOT-FOR-US: YzmCMS CVE-2018-7478 RESERVED -CVE-2018-7477 - RESERVED +CVE-2018-7477 (SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 ...) + TODO: check CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site ...) NOT-FOR-US: FineCms CVE-2018-7475 @@ -213,8 +255,8 @@ CVE-2018-7469 RESERVED CVE-2018-7468 RESERVED -CVE-2018-7467 - RESERVED +CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f ...) + TODO: check CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote ...) NOT-FOR-US: TestLink CVE-2018-7465 @@ -2476,14 +2518,14 @@ CVE-2018-6643 RESERVED CVE-2018-6642 RESERVED -CVE-2018-6641 - RESERVED -CVE-2018-6640 - RESERVED -CVE-2018-6639 - RESERVED -CVE-2018-6638 - RESERVED +CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered in ...) + TODO: check +CVE-2018-6640 (A Heap Overflow (Remote Code Execution) issue was discovered in Design ...) + TODO: check +CVE-2018-6639 (An out-of-bounds write (Remote Code Execution) issue was discovered in ...) + TODO: check +CVE-2018-6638 (A stack-based buffer overflow (Remote Code Execution) issue was ...) + TODO: check CVE-2018-6637 RESERVED CVE-2018-6636 @@ -2817,7 +2859,7 @@ CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases [stretch] - golang-1.7 <ignored> (Minor issue) - golang <removed> [jessie] - golang <ignored> (Minor issue) - [wheezy] - golang <ignored> (Minor issue) + [wheezy] - golang <ignored> (Minor issue) NOTE: https://github.com/golang/go/issues/23672 NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6 NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a @@ -17335,6 +17377,7 @@ CVE-2018-1060 CVE-2018-1059 RESERVED CVE-2018-1058 [Security implications of using the default search_path and public schema] + RESERVED - postgresql-10 10.3-1 - postgresql-9.6 <removed> - postgresql-9.4 <removed> @@ -26004,8 +26047,7 @@ CVE-2017-15138 RESERVED CVE-2017-15137 RESERVED -CVE-2017-15136 - RESERVED +CVE-2017-15136 (When registering and activating a new system with Red Hat Satellite 6 ...) NOT-FOR-US: Red Hat Satellite 6 CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including ...) - 389-ds-base 1.3.7.9-1 (bug #888451) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fa18d451cf4e9c0e4aa04e6abd6b5e5408c5e14 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fa18d451cf4e9c0e4aa04e6abd6b5e5408c5e14 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits