[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 12 Mar 2018 02:10:59 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5b13839f by security tracker role at 2018-03-12T09:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
+       TODO: check
+CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...)
+       TODO: check
+CVE-2018-8068
+       RESERVED
+CVE-2018-8067
+       RESERVED
+CVE-2018-8066
+       RESERVED
+CVE-2018-8065 (An issue was discovered in the web server in Flexense 
SyncBreeze ...)
+       TODO: check
+CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation 
for the ...)
+       TODO: check
+CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the 
ownership of ...)
+       TODO: check
+CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs 
jabberd, ...)
+       TODO: check
+CVE-2017-18224 (In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of 
a ...)
+       TODO: check
 CVE-2018-8064
        RESERVED
 CVE-2018-8063
@@ -10,8 +30,8 @@ CVE-2018-8060
        RESERVED
 CVE-2018-8059 (The Djelibeybi configuration examples for use of NGINX in SUSE 
Portus ...)
        TODO: check
-CVE-2018-8058
-       RESERVED
+CVE-2018-8058 (CMS Made Simple (CMSMS) 2.2.6 has XSS in 
admin/moduleinterface.php via ...)
+       TODO: check
 CVE-2018-8057 (A SQL Injection vulnerability exists in Western Bridge Cobub 
Razor ...)
        TODO: check
 CVE-2018-8056 (Physical path Leakage exists in Western Bridge Cobub Razor 
0.8.0 via an ...)
@@ -360,8 +380,8 @@ CVE-2018-7895
        RESERVED
 CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in ...)
        NOT-FOR-US: Eramba
-CVE-2018-7893
-       RESERVED
+CVE-2018-7893 (CMS Made Simple (CMSMS) 2.2.6 has stored XSS in ...)
+       TODO: check
 CVE-2018-7892
        RESERVED
 CVE-2018-7891
@@ -84338,7 +84358,7 @@ CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x 
before 9.0.3, when the galle
        - owncloud <removed>
        NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010
 CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog 
compression format]
-       RESERVED
+       REJECTED
        {DSA-3762-1 DLA-610-1 DLA-606-1}
        - tiff 4.0.6-2 (bug #830700)
        - tiff3 <removed>
@@ -86200,7 +86220,7 @@ CVE-2016-5321 (The DumpModeDecode function in libtiff 
4.0.6 and earlier allows .
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558
        NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
 CVE-2016-5320 [rgb2ycbcr: command excution]
-       RESERVED
+       REJECTED
        {DSA-3762-1 DLA-610-1 DLA-606-1}
        - tiff 4.0.6-2 (bug #830700)
        - tiff3 <removed>
@@ -86228,8 +86248,7 @@ CVE-2016-5315 (The setByteArray function in tif_dir.c 
in libtiff 4.0.6 and earli
        NOTE: Possible duplicate with PixarLogDecode() issue
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
        NOTE: Upstream marked this duplicate of 
http://bugzilla.maptools.org/show_bug.cgi?id=2554
-CVE-2016-5314 [PixarLogDecode() out-of-bound writes]
-       RESERVED
+CVE-2016-5314 (Buffer overflow in the PixarLogDecode function in 
tif_pixarlog.c in ...)
        {DSA-3762-1 DLA-610-1 DLA-606-1}
        - tiff 4.0.6-2 (bug #830700)
        - tiff3 <removed>
@@ -133206,15 +133225,13 @@ CVE-2014-8131 (The qemu implementation of 
virConnectGetAllDomainStats in libvirt
        NOTE: Introduced by 
http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f4831ee (v1.2.9-rc1)
        NOTE: 
https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html
        NOTE: 
https://www.redhat.com/archives/libvir-list/2014-December/msg00600.html
-CVE-2014-8130 [divide by zero]
-       RESERVED
+CVE-2014-8130 (The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does 
not ...)
        - tiff <unfixed> (unimportant; bug #776185)
        - tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF 
tools)
        NOTE: Advisory: 
http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2483
        NOTE: Crash in a frontend tool w/o potential for code injection, marked 
as unimportant
-CVE-2014-8129 [out-of-bound read and write]
-       RESERVED
+CVE-2014-8129 (LibTIFF 4.0.3 allows remote attackers to cause a denial of 
service ...)
        {DSA-3273-1 DLA-610-1 DLA-221-1}
        - tiff 4.0.3-12.1 (bug #776185)
        - tiff3 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b13839f76af095075b5970383e8c9ce7fb2a11a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b13839f76af095075b5970383e8c9ce7fb2a11a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to