Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5b13839f by security tracker role at 2018-03-12T09:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,23 @@ +CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...) + TODO: check +CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...) + TODO: check +CVE-2018-8068 + RESERVED +CVE-2018-8067 + RESERVED +CVE-2018-8066 + RESERVED +CVE-2018-8065 (An issue was discovered in the web server in Flexense SyncBreeze ...) + TODO: check +CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation for the ...) + TODO: check +CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...) + TODO: check +CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, ...) + TODO: check +CVE-2017-18224 (In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a ...) + TODO: check CVE-2018-8064 RESERVED CVE-2018-8063 @@ -10,8 +30,8 @@ CVE-2018-8060 RESERVED CVE-2018-8059 (The Djelibeybi configuration examples for use of NGINX in SUSE Portus ...) TODO: check -CVE-2018-8058 - RESERVED +CVE-2018-8058 (CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via ...) + TODO: check CVE-2018-8057 (A SQL Injection vulnerability exists in Western Bridge Cobub Razor ...) TODO: check CVE-2018-8056 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an ...) @@ -360,8 +380,8 @@ CVE-2018-7895 RESERVED CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in ...) NOT-FOR-US: Eramba -CVE-2018-7893 - RESERVED +CVE-2018-7893 (CMS Made Simple (CMSMS) 2.2.6 has stored XSS in ...) + TODO: check CVE-2018-7892 RESERVED CVE-2018-7891 @@ -84338,7 +84358,7 @@ CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the galle - owncloud <removed> NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010 CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compression format] - RESERVED + REJECTED {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.6-2 (bug #830700) - tiff3 <removed> @@ -86200,7 +86220,7 @@ CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows . NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558 NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657 CVE-2016-5320 [rgb2ycbcr: command excution] - RESERVED + REJECTED {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.6-2 (bug #830700) - tiff3 <removed> @@ -86228,8 +86248,7 @@ CVE-2016-5315 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earli NOTE: Possible duplicate with PixarLogDecode() issue NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2 NOTE: Upstream marked this duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2554 -CVE-2016-5314 [PixarLogDecode() out-of-bound writes] - RESERVED +CVE-2016-5314 (Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in ...) {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.6-2 (bug #830700) - tiff3 <removed> @@ -133206,15 +133225,13 @@ CVE-2014-8131 (The qemu implementation of virConnectGetAllDomainStats in libvirt NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f4831ee (v1.2.9-rc1) NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00600.html -CVE-2014-8130 [divide by zero] - RESERVED +CVE-2014-8130 (The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not ...) - tiff <unfixed> (unimportant; bug #776185) - tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools) NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2483 NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant -CVE-2014-8129 [out-of-bound read and write] - RESERVED +CVE-2014-8129 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service ...) {DSA-3273-1 DLA-610-1 DLA-221-1} - tiff 4.0.3-12.1 (bug #776185) - tiff3 <removed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b13839f76af095075b5970383e8c9ce7fb2a11a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b13839f76af095075b5970383e8c9ce7fb2a11a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits