[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 28 Mar 2018 13:11:41 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
88c3d339 by security tracker role at 2018-03-28T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,13 @@
+CVE-2018-9114
+       RESERVED
+CVE-2018-9113
+       RESERVED
+CVE-2018-9112
+       RESERVED
+CVE-2018-9111
+       RESERVED
+CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory 
Traversal via ...)
+       TODO: check
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via 
the ...)
        NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 
allows an ...)
@@ -107,6 +117,7 @@ CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there 
is an infinite loop in
        [wheezy] - lrzip <ignored> (Minor issue)
        NOTE: https://github.com/ckolivas/lrzip/issues/93
 CVE-2018-7600 [SA-CORE-2018-002]
+       RESERVED
        - drupal7 <unfixed> (bug #894259)
        NOTE: https://www.drupal.org/sa-core-2018-002
        NOTE: https://groups.drupal.org/security/faq-2018-002
@@ -225,6 +236,7 @@ CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for 
WordPress allows XSS
 CVE-2018-9019
        RESERVED
 CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the 
ReadMNGImage ...)
+       {DLA-1322-1}
        - graphicsmagick <unfixed>
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
@@ -2334,14 +2346,17 @@ CVE-2018-1000124 (I Librarian I-librarian version 4.8 
and earlier contains a XML
 CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit 
...)
        NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
 CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL 
pointer ...)
+       {DLA-1322-1}
        - graphicsmagick 1.3.27-1
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/475/
 CVE-2017-18230 (An issue was discovered in GraphicsMagick 1.3.26. A NULL 
pointer ...)
+       {DLA-1322-1}
        - graphicsmagick 1.3.27-1
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/473/
 CVE-2017-18229 (An issue was discovered in GraphicsMagick 1.3.26. An 
allocation failure ...)
+       {DLA-1322-1}
        - graphicsmagick 1.3.27-1
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/461/
@@ -3159,7 +3174,7 @@ CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the 
Date Filter via the cr
 CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier 
contains a ...)
        - electron <itp> (bug #842420)
 CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption 
vulnerability in the ...)
-       {DLA-1317-1}
+       {DSA-4154-1 DLA-1317-1}
        - net-snmp 5.7.3+dfsg-1.1 (bug #894110)
        NOTE: https://sourceforge.net/p/net-snmp/bugs/2821/
        NOTE: 
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
@@ -3327,12 +3342,14 @@ CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 
allows remote attackers to sp
 CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
        NOT-FOR-US: SecurEnvoy SecurMail
 CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c 
in ...)
+       {DLA-1322-1}
        - graphicsmagick 1.3.26-8
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
        NOTE: Issue is related to CVE-2017-11403 but not the same issue.
        TODO: check, needs clarification, the issue is CloseBlob use-after-free
 CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An 
allocation failure ...)
+       {DLA-1322-1}
        - graphicsmagick 1.3.27-1
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
@@ -3384,12 +3401,12 @@ CVE-2018-7678 (A cross site scripting vulnerability 
exist in the Administration 
        NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 
Identity ...)
        NOT-FOR-US: NetIQ Access Manager
-CVE-2018-7676
-       RESERVED
+CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp 
with log ...)
+       TODO: check
 CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into 
the ...)
        NOT-FOR-US: NetIQ Sentinel
-CVE-2018-7674
-       RESERVED
+CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to 
4.7, is ...)
+       TODO: check
 CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions 
prior to ...)
        NOT-FOR-US: NetIQ Identity Manager
 CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux 
kernel ...)
@@ -3994,8 +4011,8 @@ CVE-2018-7500 (A Permissions, Privileges, and Access 
Controls issue was discover
        NOT-FOR-US: OSIsoft PI
 CVE-2018-7499
        RESERVED
-CVE-2018-7498
-       RESERVED
+CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of 
proper ...)
+       TODO: check
 CVE-2018-7497
        RESERVED
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI 
Vision ...)
@@ -9946,8 +9963,8 @@ CVE-2018-5453 (An Improper Handling of Length Parameter 
Inconsistency issue was 
        NOT-FOR-US: Moxa
 CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson 
Process ...)
        NOT-FOR-US: Emerson Process Management ControlWave Micro Process 
Automation Controller
-CVE-2018-5451
-       RESERVED
+CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an 
actor ...)
+       TODO: check
 CVE-2018-5450
        RESERVED
 CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell 
...)
@@ -21329,8 +21346,8 @@ CVE-2018-1144
        RESERVED
 CVE-2018-1143
        RESERVED
-CVE-2018-1142
-       RESERVED
+CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to 
...)
+       TODO: check
 CVE-2018-1141 (When installing Nessus to a directory outside of the default 
location, ...)
        NOT-FOR-US: Nessus
 CVE-2017-17425 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
@@ -21568,8 +21585,7 @@ CVE-2018-1085
        NOT-FOR-US: openshift-ansible
 CVE-2018-1084
        RESERVED
-CVE-2018-1083 [check bounds on PATH_MAX-sized buffer used for file completion 
candidates]
-       RESERVED
+CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer 
overflow in ...)
        - zsh <unfixed> (low; bug #894043)
        [stretch] - zsh <no-dsa> (Minor issue)
        [jessie] - zsh <no-dsa> (Minor issue)
@@ -21626,8 +21642,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux 
kernel through 4.15.7 mishan
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
-CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent]
-       RESERVED
+CVE-2018-1064 (libvirt version before 4.2.0-rc1 is vulnerable to a resource 
...)
        {DSA-4137-1 DLA-1315-1}
        - libvirt 4.1.0-1
        NOTE: Fixed by: 
https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
@@ -41429,10 +41444,10 @@ CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 
is vulnerable to arbitrary
        NOT-FOR-US: ManageEngine ServiceDesk
 CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to 
arbitrary file ...)
        NOT-FOR-US: ManageEngine ServiceDesk
-CVE-2017-11510
-       RESERVED
-CVE-2017-11509
-       RESERVED
+CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera 
that ...)
+       TODO: check
+CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in 
...)
+       TODO: check
 CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL 
Injection ...)
        NOT-FOR-US: SecurityCenter
 CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK 
versions ...)
@@ -122318,7 +122333,7 @@ CVE-2015-3310 (Buffer overflow in the rc_mksid 
function in plugins/radius/util.c
        NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
        NOTE: Patch: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450
 CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and 
...)
-       {DLA-1317-1}
+       {DSA-4154-1 DLA-1317-1}
        - net-snmp 5.7.3+dfsg-1.1 (bug #788964)
        [squeeze] - net-snmp <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/88c3d339465f0740404cd5e489228c37326b249d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/88c3d339465f0740404cd5e489228c37326b249d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to