Luciano Bello pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2e743078 by Luciano Bello at 2018-03-04T22:00:11-05:00 CVE-2018-7652: NOT-FOR-US: Zonemaster Web GUI - - - - - ea3ccaff by Luciano Bello at 2018-03-04T22:45:04-05:00 CVE-2018-7567 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -15,7 +15,8 @@ CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter "file" in the CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. ...) NOT-FOR-US: YzmCMS CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 ...) - TODO: check + NOT-FOR-US: Zonemaster Web GUI + NOTE: The source (1.0.7) is in Salsa, but never uploaded: https://salsa.debian.org/perl-team/modules/packages/zonemaster-gui CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...) NOT-FOR-US: Exponent CMS CVE-2017-18214 [Regular Expression Denial of Service] @@ -307,7 +308,10 @@ CVE-2018-1000105 CVE-2018-1000104 NOT-FOR-US: Jenkins plugin CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 ...) - TODO: check + - otrs2 6.0.2-1 + [stretch] - otrs2 <no-dsa> (non-free not supported) + NOTE: PoC https://0day.today/exploit/29938 + NOTE: According with the reporter, affects "5.0.0 through 5.0.24 and 6.0.0 through 6.0.1". CVE-2018-7566 [ALSA: seq: Fix racy pool initializations] RESERVED - linux <unfixed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b7f549729d2c08c63c729930246f3338338582f7...ea3ccaffa640a6995000841234a0b584d425c5b5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b7f549729d2c08c63c729930246f3338338582f7...ea3ccaffa640a6995000841234a0b584d425c5b5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits