Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3fe1a52 by security tracker role at 2018-03-23T09:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-8946
+ RESERVED
+CVE-2018-8945 (The bfd_section_from_shdr function in elf.c in the Binary File
...)
+ TODO: check
+CVE-2018-8944 (PHPOK 4.8.338 has an arbitrary file upload vulnerability. ...)
+ TODO: check
+CVE-2018-8943 (There is a SQL injection in the PHPSHE 1.6 userbank parameter.
...)
+ TODO: check
+CVE-2018-8942 (Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter.
...)
+ TODO: check
+CVE-2017-18244 (The stereo_processing function in libavcodec/aacps.c in Libav
12.2 ...)
+ TODO: check
+CVE-2017-18243 (The unpack_parse_unit function in libavcodec/dirac_parser.c in
Libav ...)
+ TODO: check
+CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c
in Libav ...)
+ TODO: check
CVE-2018-8941
RESERVED
CVE-2018-8940
@@ -76,8 +92,8 @@ CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow
occurs in the func
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
CVE-2018-8904 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
NOT-FOR-US: Windows Optimization Master
-CVE-2018-8903
- RESERVED
+CVE-2018-8903 (Open-AudIT Professional 2.1 allows XSS via the Name or
Description ...)
+ TODO: check
CVE-2018-8902
RESERVED
CVE-2018-8901
@@ -237,6 +253,7 @@ CVE-2018-8830
CVE-2018-8829
RESERVED
CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before
4.4.7, 5.0.x ...)
+ {DSA-4148-1}
- kamailio 5.1.2-1
NOTE:
https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
NOTE:
https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
@@ -8796,7 +8813,7 @@ CVE-2018-5734 [A malformed request can trigger an
assertion failure in badcache.
NOTE: https://kb.isc.org/article/AA-01562/74/CVE-2018-5734
CVE-2018-5733 [A malicious client can overflow a reference counter in ISC
dhcpd]
RESERVED
- {DSA-4133-1}
+ {DSA-4133-1 DLA-1313-1}
- isc-dhcp 4.3.5-3.1 (bug #891785)
NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733
NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140
@@ -8804,7 +8821,7 @@ CVE-2018-5733 [A malicious client can overflow a
reference counter in ISC dhcpd]
NOTE: Fixes for 4.3.6p1:
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-5732 [A specially constructed response from a malicious server can
cause a buffer overflow in dhclient]
RESERVED
- {DSA-4133-1}
+ {DSA-4133-1 DLA-1313-1}
- isc-dhcp 4.3.5-3.1 (bug #891786)
NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139
@@ -10283,7 +10300,7 @@ CVE-2018-5148
RESERVED
CVE-2018-5147 [out-of-bound write]
RESERVED
- {DSA-4143-1 DSA-4141-1}
+ {DSA-4143-1 DSA-4141-1 DLA-1312-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
@@ -11083,7 +11100,7 @@ CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a
SSO plugin installed cou
CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS
XSS attack ...)
NOT-FOR-US: Mautic
CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command
injection because ...)
- {DSA-4146-1 DLA-1237-1 DLA-1236-1}
+ {DSA-4149-1 DSA-4146-1 DLA-1237-1 DLA-1236-1}
- plexus-utils 1:1.5.15-5
- plexus-utils2 3.0.22-1
NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3fe1a52a981c2bbc06ad7f62f7ec4b58eb0e342
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3fe1a52a981c2bbc06ad7f62f7ec4b58eb0e342
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
