Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b3fe1a52 by security tracker role at 2018-03-23T09:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,19 @@ +CVE-2018-8946 + RESERVED +CVE-2018-8945 (The bfd_section_from_shdr function in elf.c in the Binary File ...) + TODO: check +CVE-2018-8944 (PHPOK 4.8.338 has an arbitrary file upload vulnerability. ...) + TODO: check +CVE-2018-8943 (There is a SQL injection in the PHPSHE 1.6 userbank parameter. ...) + TODO: check +CVE-2018-8942 (Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. ...) + TODO: check +CVE-2017-18244 (The stereo_processing function in libavcodec/aacps.c in Libav 12.2 ...) + TODO: check +CVE-2017-18243 (The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav ...) + TODO: check +CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c in Libav ...) + TODO: check CVE-2018-8941 RESERVED CVE-2018-8940 @@ -76,8 +92,8 @@ CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the func NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780 CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) NOT-FOR-US: Windows Optimization Master -CVE-2018-8903 - RESERVED +CVE-2018-8903 (Open-AudIT Professional 2.1 allows XSS via the Name or Description ...) + TODO: check CVE-2018-8902 RESERVED CVE-2018-8901 @@ -237,6 +253,7 @@ CVE-2018-8830 CVE-2018-8829 RESERVED CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x ...) + {DSA-4148-1} - kamailio 5.1.2-1 NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097 @@ -8796,7 +8813,7 @@ CVE-2018-5734 [A malformed request can trigger an assertion failure in badcache. NOTE: https://kb.isc.org/article/AA-01562/74/CVE-2018-5734 CVE-2018-5733 [A malicious client can overflow a reference counter in ISC dhcpd] RESERVED - {DSA-4133-1} + {DSA-4133-1 DLA-1313-1} - isc-dhcp 4.3.5-3.1 (bug #891785) NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733 NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140 @@ -8804,7 +8821,7 @@ CVE-2018-5733 [A malicious client can overflow a reference counter in ISC dhcpd] NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3 CVE-2018-5732 [A specially constructed response from a malicious server can cause a buffer overflow in dhclient] RESERVED - {DSA-4133-1} + {DSA-4133-1 DLA-1313-1} - isc-dhcp 4.3.5-3.1 (bug #891786) NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732 NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139 @@ -10283,7 +10300,7 @@ CVE-2018-5148 RESERVED CVE-2018-5147 [out-of-bound write] RESERVED - {DSA-4143-1 DSA-4141-1} + {DSA-4143-1 DSA-4141-1 DLA-1312-1} - firefox 59.0.1-1 - firefox-esr 52.7.2esr-1 - libvorbisidec 1.2.1+git20180316-1 (bug #893132) @@ -11083,7 +11100,7 @@ CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed cou CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack ...) NOT-FOR-US: Mautic CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command injection because ...) - {DSA-4146-1 DLA-1237-1 DLA-1236-1} + {DSA-4149-1 DSA-4146-1 DLA-1237-1 DLA-1236-1} - plexus-utils 1:1.5.15-5 - plexus-utils2 3.0.22-1 NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3fe1a52a981c2bbc06ad7f62f7ec4b58eb0e342 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3fe1a52a981c2bbc06ad7f62f7ec4b58eb0e342 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits