Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0e6cc756 by security tracker role at 2018-03-04T21:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -11,8 +11,8 @@ CVE-2018-7655 RESERVED CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter "file" in the request ...) NOT-FOR-US: 3CX 15.5.6354.2 devices -CVE-2018-7653 - RESERVED +CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. ...) + TODO: check CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 ...) TODO: check CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...) @@ -305,8 +305,8 @@ CVE-2018-1000105 NOT-FOR-US: Jenkins plugin CVE-2018-1000104 NOT-FOR-US: Jenkins plugin -CVE-2018-7567 - RESERVED +CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 ...) + TODO: check CVE-2018-7566 [ALSA: seq: Fix racy pool initializations] RESERVED - linux <unfixed> @@ -321,8 +321,8 @@ CVE-2018-7562 RESERVED CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...) NOT-FOR-US: Tenda AC9 devices -CVE-2018-7560 - RESERVED +CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...) + TODO: check CVE-2018-7559 RESERVED CVE-2018-7558 @@ -394,14 +394,17 @@ CVE-2018-7539 CVE-2018-7538 RESERVED CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH ...) + {DSA-4131-1} - xen <unfixed> [jessie] - xen <not-affected> (Vulnerable code introduced later) [wheezy] - xen <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-256.html CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS users ...) + {DSA-4131-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-255.html CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...) + {DSA-4131-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-252.html CVE-2018-7644 [SSPSA 201802-01: Check for supported signature algorithms when casting a key] @@ -32118,7 +32121,7 @@ CVE-2017-13196 (In several places in ihevcd_decode.c, a dead loop could occur du CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several ...) NOT-FOR-US: Android media framework CVE-2017-13194 (A vulnerability in the Android media framework (libvpx) related to odd ...) - {DLA-1290-1} + {DSA-4132-1 DLA-1290-1} - libvpx 1.7.0-2 NOTE: Android patch: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9 CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to bytes for ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e6cc756b95a4fd8e7d316a5b3a28cdb60b7563f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e6cc756b95a4fd8e7d316a5b3a28cdb60b7563f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits