Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e6cc756 by security tracker role at 2018-03-04T21:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,8 +11,8 @@ CVE-2018-7655
RESERVED
CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter "file" in
the request ...)
NOT-FOR-US: 3CX 15.5.6354.2 devices
-CVE-2018-7653
- RESERVED
+CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
...)
+ TODO: check
CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI
before 1.0.11 ...)
TODO: check
CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can
elevate ...)
@@ -305,8 +305,8 @@ CVE-2018-1000105
NOT-FOR-US: Jenkins plugin
CVE-2018-1000104
NOT-FOR-US: Jenkins plugin
-CVE-2018-7567
- RESERVED
+CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System
(OTRS) 5.0.0 ...)
+ TODO: check
CVE-2018-7566 [ALSA: seq: Fix racy pool initializations]
RESERVED
- linux <unfixed>
@@ -321,8 +321,8 @@ CVE-2018-7562
RESERVED
CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
NOT-FOR-US: Tenda AC9 devices
-CVE-2018-7560
- RESERVED
+CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM
package ...)
+ TODO: check
CVE-2018-7559
RESERVED
CVE-2018-7558
@@ -394,14 +394,17 @@ CVE-2018-7539
CVE-2018-7538
RESERVED
CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing
x86 PVH ...)
+ {DSA-4131-1}
- xen <unfixed>
[jessie] - xen <not-affected> (Vulnerable code introduced later)
[wheezy] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-256.html
CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS
users ...)
+ {DSA-4131-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-255.html
CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV
guest OS ...)
+ {DSA-4131-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-252.html
CVE-2018-7644 [SSPSA 201802-01: Check for supported signature algorithms when
casting a key]
@@ -32118,7 +32121,7 @@ CVE-2017-13196 (In several places in ihevcd_decode.c, a
dead loop could occur du
CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c,
several ...)
NOT-FOR-US: Android media framework
CVE-2017-13194 (A vulnerability in the Android media framework (libvpx)
related to odd ...)
- {DLA-1290-1}
+ {DSA-4132-1 DLA-1290-1}
- libvpx 1.7.0-2
NOTE: Android patch:
https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9
CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to
bytes for ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e6cc756b95a4fd8e7d316a5b3a28cdb60b7563f
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e6cc756b95a4fd8e7d316a5b3a28cdb60b7563f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
