Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d6cf9747 by security tracker role at 2018-03-21T21:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,25 @@ +CVE-2018-8892 + RESERVED +CVE-2018-8891 + RESERVED +CVE-2018-8890 + RESERVED +CVE-2018-8889 + RESERVED +CVE-2018-8888 + RESERVED +CVE-2018-8887 + RESERVED +CVE-2018-8886 + RESERVED +CVE-2018-8885 + RESERVED +CVE-2018-1000136 + RESERVED +CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...) + TODO: check +CVE-2016-10717 + RESERVED CVE-2018-8884 RESERVED CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...) @@ -367,6 +389,7 @@ CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows CVE-2018-8727 RESERVED CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...) + {DLA-1310-1} - exempi 2.4.4-1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102483 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331 @@ -376,6 +399,7 @@ CVE-2017-18237 (An issue was discovered in Exempi before 2.4.3. The ...) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101914 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048 CVE-2017-18236 (An issue was discovered in Exempi before 2.4.4. The ...) + {DLA-1310-1} - exempi 2.4.4-1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102484 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806 @@ -385,10 +409,12 @@ CVE-2017-18235 (An issue was discovered in Exempi before 2.4.3. The VPXChunk cla NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101913 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4 CVE-2017-18234 (An issue was discovered in Exempi before 2.4.3. It allows remote ...) + {DLA-1310-1} - exempi 2.4.3-1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100397 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c CVE-2017-18233 (An issue was discovered in Exempi before 2.4.4. Integer overflow in the ...) + {DLA-1310-1} - exempi 2.4.4-1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102151 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260 @@ -1782,10 +1808,10 @@ CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion vulnerabili NOT-FOR-US: ZenMate CVE-2018-8075 RESERVED -CVE-2018-8074 - RESERVED -CVE-2018-8073 - RESERVED +CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintended ...) + TODO: check +CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...) + TODO: check CVE-2018-8072 RESERVED CVE-2018-8071 @@ -2588,6 +2614,7 @@ CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105247 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666 CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a ...) + {DLA-1310-1} - exempi 2.4.5-1 (low; bug #892782) [stretch] - exempi <no-dsa> (Minor issue) [jessie] - exempi <no-dsa> (Minor issue) @@ -2601,6 +2628,7 @@ CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105206 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...) + {DLA-1310-1} - exempi 2.4.5-1 (low; bug #892782) [stretch] - exempi <no-dsa> (Minor issue) [jessie] - exempi <no-dsa> (Minor issue) @@ -3318,32 +3346,32 @@ CVE-2018-7527 RESERVED CVE-2018-7526 RESERVED -CVE-2018-7525 - RESERVED +CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...) + TODO: check CVE-2018-7524 RESERVED -CVE-2018-7523 - RESERVED +CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) + TODO: check CVE-2018-7522 RESERVED -CVE-2018-7521 - RESERVED +CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free ...) + TODO: check CVE-2018-7520 RESERVED -CVE-2018-7519 - RESERVED +CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) + TODO: check CVE-2018-7518 RESERVED -CVE-2018-7517 - RESERVED +CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) + TODO: check CVE-2018-7516 RESERVED -CVE-2018-7515 - RESERVED +CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...) + TODO: check CVE-2018-7514 RESERVED -CVE-2018-7513 - RESERVED +CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) + TODO: check CVE-2018-7512 RESERVED CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases ...) @@ -4219,8 +4247,8 @@ CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In install/install.php NOT-FOR-US: MetInfo CVE-2018-7270 RESERVED -CVE-2018-7269 - RESERVED +CVE-2018-7269 (The findByCondition function in framework/db/ActiveRecord.php in Yii ...) + TODO: check CVE-2018-7268 RESERVED CVE-2018-7267 @@ -5004,7 +5032,7 @@ CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x be CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...) NOT-FOR-US: opentmpfiles CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...) - {DSA-4138-1} + {DSA-4147-1 DSA-4138-1} - mbedtls 2.7.0-2 - polarssl <removed> [wheezy] - polarssl <not-affected> (vulnerable code not present) @@ -13642,8 +13670,7 @@ CVE-2018-3711 NOTE: https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76 NOTE: https://hackerone.com/reports/303632 NOTE: https://nodesecurity.io/advisories/564 -CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import] - RESERVED +CVE-2018-3710 (Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable ...) {DSA-4145-1} - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ @@ -19756,14 +19783,14 @@ CVE-2018-1349 RESERVED CVE-2018-1348 RESERVED -CVE-2018-1347 - RESERVED -CVE-2018-1346 - RESERVED -CVE-2018-1345 - RESERVED -CVE-2018-1344 - RESERVED +CVE-2018-1347 (The administrative web interface in NetIQ iManager, versions prior to ...) + TODO: check +CVE-2018-1346 (Addresses denial of service attack to eDirectory versions prior to ...) + TODO: check +CVE-2018-1345 (NetIQ iManager, versions prior to 3.1, under some circumstances could ...) + TODO: check +CVE-2018-1344 (Addresses potential communication downgrade attack in NetIQ iManager ...) + TODO: check CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...) NOT-FOR-US: NetIQ CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload ...) @@ -20388,10 +20415,10 @@ CVE-2018-1232 RESERVED CVE-2018-1231 RESERVED -CVE-2018-1230 - RESERVED -CVE-2018-1229 - RESERVED +CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site ...) + TODO: check +CVE-2018-1229 (Pivotal Spring Batch Admin, all versions, contains a stored XSS ...) + TODO: check CVE-2018-1228 RESERVED CVE-2018-1227 (Pivotal Concourse after 2018-03-05 might allow remote attackers to ...) @@ -22990,7 +23017,7 @@ CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Servi NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations NOTE: https://www.kb.cert.org/vuls/id/475445 CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...) - {DSA-4138-1} + {DSA-4147-1 DSA-4138-1} - mbedtls 2.7.0-2 (bug #890287) - polarssl <removed> [wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected) @@ -22998,7 +23025,7 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87 NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...) - {DSA-4138-1} + {DSA-4147-1 DSA-4138-1} - mbedtls 2.7.0-2 (bug #890288) - polarssl <removed> [wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected) @@ -72017,33 +72044,27 @@ CVE-2017-0929 RESERVED CVE-2017-0928 RESERVED -CVE-2017-0927 [Guest Users Can Give Deploy Keys in Other Projects Write Access] - RESERVED +CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...) - gitlab <unfixed> (bug #888508) [stretch] - gitlab <not-affected> (Doesn't affect 8.x) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ -CVE-2017-0926 [Login with Disabled OAuth Provider via POST] - RESERVED +CVE-2017-0926 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...) {DSA-4145-1} - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ -CVE-2017-0925 [Sensitive Fields Exposed to Admins / Masters in the Services API] - RESERVED +CVE-2017-0925 (Gitlab Enterprise Edition version 10.1.0 is vulnerable to an ...) {DSA-4145-1} - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ -CVE-2017-0924 [XSS in Label Dropdown] - RESERVED +CVE-2017-0924 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...) - gitlab <unfixed> [stretch] - gitlab <not-affected> (Only affects 9.0 and later) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ -CVE-2017-0923 [Jupyter Notebook XSS] - RESERVED +CVE-2017-0923 (Gitlab Community Edition version 9.1 is vulnerable to lack of input ...) - gitlab <unfixed> (bug #888508) [stretch] - gitlab <not-affected> (Doesn't affect 8.x) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ -CVE-2017-0922 [Milestone Authorization Issue on Boards] - RESERVED +CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...) - gitlab <unfixed> [stretch] - gitlab <not-affected> (Only affects 9.1 and later) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ @@ -72053,29 +72074,24 @@ CVE-2017-0920 RESERVED CVE-2017-0919 RESERVED -CVE-2017-0918 [GitLab CI Runner Can Read and Poison Cache of All Other Projects] - RESERVED +CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path ...) {DSA-4145-1} - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ -CVE-2017-0917 [Cross-site scripting (XSS) vulnerability in CI job output] - RESERVED +CVE-2017-0917 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...) {DSA-4145-1} - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ -CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks] - RESERVED +CVE-2017-0916 (Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...) {DSA-4145-1} - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82 -CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import] - RESERVED +CVE-2017-0915 (Gitlab Community Edition version 10.2.4 is vulnerable to a lack of ...) {DSA-4145-1} - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ -CVE-2017-0914 [Critical SQL Injection in MilestoneFinder] - RESERVED +CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2, and ...) - gitlab <unfixed> [stretch] - gitlab <not-affected> (Only affects 9.4 and later) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6cf974723a7fc992dae6d3cbe38b252748ada45 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6cf974723a7fc992dae6d3cbe38b252748ada45 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits