[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-7652: NOT-FOR-US: Zonemaster Web GUI

Sun, 04 Mar 2018 19:46:29 -0800 

Luciano Bello pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2e743078 by Luciano Bello at 2018-03-04T22:00:11-05:00
CVE-2018-7652: NOT-FOR-US: Zonemaster Web GUI

- - - - -
ea3ccaff by Luciano Bello at 2018-03-04T22:45:04-05:00
CVE-2018-7567

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,7 +15,8 @@ CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter 
"file" in the
 CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. 
...)
        NOT-FOR-US: YzmCMS
 CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI 
before 1.0.11 ...)
-       TODO: check
+       NOT-FOR-US: Zonemaster Web GUI
+       NOTE: The source (1.0.7) is in Salsa, but never uploaded: 
https://salsa.debian.org/perl-team/modules/packages/zonemaster-gui
 CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can 
elevate ...)
        NOT-FOR-US: Exponent CMS
 CVE-2017-18214 [Regular Expression Denial of Service]
@@ -307,7 +308,10 @@ CVE-2018-1000105
 CVE-2018-1000104
        NOT-FOR-US: Jenkins plugin
 CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System 
(OTRS) 5.0.0 ...)
-       TODO: check
+       - otrs2 6.0.2-1
+       [stretch] - otrs2 <no-dsa> (non-free not supported)
+       NOTE: PoC https://0day.today/exploit/29938
+       NOTE: According with the reporter, affects "5.0.0 through 5.0.24 and 
6.0.0 through 6.0.1".
 CVE-2018-7566 [ALSA: seq: Fix racy pool initializations]
        RESERVED
        - linux <unfixed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b7f549729d2c08c63c729930246f3338338582f7...ea3ccaffa640a6995000841234a0b584d425c5b5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b7f549729d2c08c63c729930246f3338338582f7...ea3ccaffa640a6995000841234a0b584d425c5b5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to