Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd1b40e8 by security tracker role at 2018-03-27T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,84 @@
-CVE-2017-18249 [f2fs: fix race condition in between free nid
allocator/initializer]
+CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable
assertion in the ...)
+ TODO: check
+CVE-2018-9054 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9053 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9052 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9051 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9050 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9049 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9048 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9047 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9046 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9045 (In Windows Master (aka Windows Optimization Master)
7.99.13.604, the ...)
+ TODO: check
+CVE-2018-9044 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+ TODO: check
+CVE-2018-9043 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+ TODO: check
+CVE-2018-9042 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+ TODO: check
+CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+ TODO: check
+CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+ TODO: check
+CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an
authenticated user, ...)
+ TODO: check
+CVE-2018-9038
+ RESERVED
+CVE-2018-9037
+ RESERVED
+CVE-2018-9036
+ RESERVED
+CVE-2018-9035
+ RESERVED
+CVE-2018-9034
+ RESERVED
+CVE-2018-9033
+ RESERVED
+CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L
Wireless ...)
+ TODO: check
+CVE-2018-9031
+ RESERVED
+CVE-2018-9030
+ RESERVED
+CVE-2018-9029
+ RESERVED
+CVE-2018-9028
+ RESERVED
+CVE-2018-9027
+ RESERVED
+CVE-2018-9026
+ RESERVED
+CVE-2018-9025
+ RESERVED
+CVE-2018-9024
+ RESERVED
+CVE-2018-9023
+ RESERVED
+CVE-2018-9022
+ RESERVED
+CVE-2018-9021
+ RESERVED
+CVE-2017-18254 (An issue was discovered in ImageMagick 7.0.7. A memory leak
...)
+ TODO: check
+CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer
...)
+ TODO: check
+CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The
MogrifyImageList ...)
+ TODO: check
+CVE-2017-18251 (An issue was discovered in ImageMagick 7.0.7. A memory leak
...)
+ TODO: check
+CVE-2017-18250 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer
...)
+ TODO: check
+CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux
kernel before ...)
- linux 4.12.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6,
when ...)
@@ -170,6 +250,7 @@ CVE-2018-1000141 (I, Librarian version 4.9 and earlier
contains an Incorrect Acc
- i-librarian <itp> (bug #649291)
NOTE: https://github.com/mkucej/i-librarian/issues/124
CVE-2018-1000140 (rsyslog librelp version 1.2.14 and earlier contains a Buffer
Overflow ...)
+ {DSA-4151-1}
- librelp 1.2.15-1
[wheezy] - librelp <not-affected> (vulnerable code not present)
NOTE: https://www.rsyslog.com/cve-2018-1000140/
@@ -544,8 +625,8 @@ CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick
7.0.7-25 Q16 allows
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025
CVE-2018-8803
RESERVED
-CVE-2018-8802
- RESERVED
+CVE-2018-8802 (SQL injection vulnerability in the management interface in
ePortal ...)
+ TODO: check
CVE-2018-8801
RESERVED
- gitlab 10.5.6+dfsg-1 (bug #893905)
@@ -3228,8 +3309,8 @@ CVE-2018-7711 (HTTPRedirect.php in the saml2 library in
SimpleSAMLphp before 1.1
NOTE: failure mode hard to trigger for an attacker, signing of redirect
binding in many cases not that important
NOTE: https://simplesamlphp.org/security/201803-01
NOTE:
https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
-CVE-2018-7658
- RESERVED
+CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System
2.3.4 ...)
+ TODO: check
CVE-2018-7657
RESERVED
CVE-2018-7656
@@ -3811,7 +3892,7 @@ CVE-2018-7491 (In PrestaShop through 1.7.2.5, a
UI-Redressing/Clickjacking ...)
CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use
of the ...)
{DSA-4142-1}
- uwsgi 2.0.15-10.4 (bug #891639)
- [wheezy] - uwsgi <not-affected> (plugin package introduced in jessie)
+ [wheezy] - uwsgi <not-affected> (plugin package introduced in jessie)
NOTE: Fixed in 2.0.17 upstream
NOTE:
https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
@@ -10548,7 +10629,7 @@ CVE-2018-5148 [Use-after-free in compositor]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/
CVE-2018-5147 [out-of-bound write]
RESERVED
- {DSA-4143-1 DSA-4141-1 DLA-1312-1}
+ {DSA-4143-1 DSA-4141-1 DLA-1319-1 DLA-1312-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
@@ -10556,7 +10637,7 @@ CVE-2018-5147 [out-of-bound write]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
CVE-2018-5146 [out-of-bound write]
RESERVED
- {DSA-4143-1 DSA-4140-1}
+ {DSA-4143-1 DSA-4140-1 DLA-1319-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
- thunderbird 1:52.7.0-1
@@ -37480,8 +37561,8 @@ CVE-2017-12817 (In Kaspersky Internet Security for
Android 11.12.4.1622, some of
NOT-FOR-US: Kaspersky Internet Security for Android
CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some
of ...)
NOT-FOR-US: Kaspersky Internet Security for Android
-CVE-2017-12815
- RESERVED
+CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar
Applet ...)
+ TODO: check
CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in
...)
- perl <not-affected> (Windows specific issue)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet
public)
@@ -38687,8 +38768,8 @@ CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before
2.0.0 allows context-depend
NOT-FOR-US: CCN-lite
CVE-2017-12411
RESERVED
-CVE-2017-12410
- RESERVED
+CVE-2017-12410 (It is possible to exploit a Time of Check & Time of Use
(TOCTOU) ...)
+ TODO: check
CVE-2017-12409
RESERVED
CVE-2017-12408
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd1b40e88519a11b848038f836ad4007f2056f11
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd1b40e88519a11b848038f836ad4007f2056f11
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
