[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 29 Mar 2018 13:11:11 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
af8d7294 by security tracker role at 2018-03-29T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-9125
+       RESERVED
+CVE-2018-9124
+       RESERVED
 CVE-2018-9123 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via 
a User ...)
        TODO: check
 CVE-2018-9122 (In Crea8social 2018.2, there is Reflected Cross-Site Scripting 
via the ...)
@@ -196,8 +200,8 @@ CVE-2018-9033
        RESERVED
 CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L 
Wireless ...)
        NOT-FOR-US: D-Link
-CVE-2018-9031
-       RESERVED
+CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x 
devices ...)
+       TODO: check
 CVE-2018-9030
        RESERVED
 CVE-2018-9029
@@ -3716,6 +3720,7 @@ CVE-2017-18212 (An issue was discovered in JerryScript 
1.0. There is a heap-base
 CVE-2018-7585
        RESERVED
 CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 
7.1.14, and ...)
+       {DLA-1326-1}
        - php7.2 7.2.3-1
        - php7.1 7.1.15-1
        - php7.0 7.0.28-1
@@ -6762,12 +6767,12 @@ CVE-2018-6590
        RESERVED
 CVE-2018-6589
        RESERVED
-CVE-2018-6588
-       RESERVED
-CVE-2018-6587
-       RESERVED
-CVE-2018-6586
-       RESERVED
+CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a 
...)
+       TODO: check
+CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a 
...)
+       TODO: check
+CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a 
stored ...)
+       TODO: check
 CVE-2018-1000040
        RESERVED
 CVE-2018-1000039
@@ -10657,10 +10662,10 @@ CVE-2018-5226
        RESERVED
 CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 
4.13.0 ...)
        NOT-FOR-US: Atlassian Bitbucket Server
-CVE-2018-5224
-       RESERVED
-CVE-2018-5223
-       RESERVED
+CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial 
repository ...)
+       TODO: check
+CVE-2018-5223 (Fisheye and Crucible did not correctly check if a configured 
Mercurial ...)
+       TODO: check
 CVE-2018-5222
        RESERVED
 CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 
ActiveX ...)
@@ -10845,7 +10850,7 @@ CVE-2018-5147 [out-of-bound write]
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
 CVE-2018-5146 [out-of-bound write]
        RESERVED
-       {DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1319-1}
+       {DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1327-1 DLA-1319-1}
        - firefox 59.0.1-1
        - firefox-esr 52.7.2esr-1
        - thunderbird 1:52.7.0-1
@@ -10855,14 +10860,14 @@ CVE-2018-5146 [out-of-bound write]
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
 CVE-2018-5145
        RESERVED
-       {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+       {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
        - firefox-esr 52.7.0esr-1
        - thunderbird 1:52.7.0-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
 CVE-2018-5144
        RESERVED
-       {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+       {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
        - firefox-esr 52.7.0esr-1
        - thunderbird 1:52.7.0-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
@@ -10929,7 +10934,7 @@ CVE-2018-5130
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5129
        RESERVED
-       {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+       {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
        - firefox 59.0-1
        - firefox-esr 52.7.0esr-1
        - thunderbird 1:52.7.0-1
@@ -10942,7 +10947,7 @@ CVE-2018-5128
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5127
        RESERVED
-       {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+       {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
        - firefox 59.0-1
        - firefox-esr 52.7.0esr-1
        - thunderbird 1:52.7.0-1
@@ -10955,7 +10960,7 @@ CVE-2018-5126
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5125
        RESERVED
-       {DSA-4155-1 DSA-4139-1 DLA-1308-1}
+       {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
        - firefox 59.0-1
        - firefox-esr 52.7.0esr-1
        - thunderbird 1:52.7.0-1
@@ -11760,8 +11765,8 @@ CVE-2018-4843 (A vulnerability has been identified in 
SIMATIC CP 343-1 Advanced 
        NOT-FOR-US: SIMATIC
 CVE-2018-4842
        RESERVED
-CVE-2018-4841
-       RESERVED
+CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All 
versions &lt; ...)
+       TODO: check
 CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All 
versions &lt; ...)
        NOT-FOR-US: Siemens
 CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All 
versions &lt; ...)
@@ -58858,8 +58863,8 @@ CVE-2017-5949 (JavaScriptCore in WebKit, as distributed 
in Safari Technology Pre
        NOTE: Not covered by security support
 CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T 
devices. ...)
        NOT-FOR-US: OnePlus One
-CVE-2017-5947
-       RESERVED
+CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 
devices ...)
+       TODO: check
 CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for 
Ruby has a ...)
        {DSA-3801-1 DLA-846-1}
        - ruby-zip 1.2.0-1.1 (bug #856269)
@@ -65332,31 +65337,31 @@ CVE-2016-10029 (The virtio_gpu_set_scanout function 
in QEMU (aka Quick Emulator)
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f 
(v2.7.0-rc0)
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/2
 CVE-2017-3789
-       RESERVED
+       REJECTED
 CVE-2017-3788
-       RESERVED
+       REJECTED
 CVE-2017-3787
-       RESERVED
+       REJECTED
 CVE-2017-3786
-       RESERVED
+       REJECTED
 CVE-2017-3785
-       RESERVED
+       REJECTED
 CVE-2017-3784
-       RESERVED
+       REJECTED
 CVE-2017-3783
-       RESERVED
+       REJECTED
 CVE-2017-3782
-       RESERVED
+       REJECTED
 CVE-2017-3781
-       RESERVED
+       REJECTED
 CVE-2017-3780
-       RESERVED
+       REJECTED
 CVE-2017-3779
-       RESERVED
+       REJECTED
 CVE-2017-3778
-       RESERVED
+       REJECTED
 CVE-2017-3777
-       RESERVED
+       REJECTED
 CVE-2017-3776
        RESERVED
 CVE-2017-3775
@@ -116742,10 +116747,10 @@ CVE-2015-4955 (Cross-site scripting (XSS) 
vulnerability in IBM Business Process 
        NOT-FOR-US: IBM
 CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...)
        NOT-FOR-US: IBM
-CVE-2015-4953
-       RESERVED
-CVE-2015-4952
-       RESERVED
+CVE-2015-4953 (IBM BigFix Remote Control before Interim Fix pack ...)
+       TODO: check
+CVE-2015-4952 (The on-demand plugin in IBM Endpoint Manager for Remote Control 
9.0.1 ...)
+       TODO: check
 CVE-2015-4951 (Client Acceptor Daemon (CAD) in the client in IBM Spectrum 
Protect ...)
        NOT-FOR-US: IBM Spectrum Protect
 CVE-2015-4950 (The mailbox-restore feature in IBM Tivoli Storage Manager for 
Mail: ...)
@@ -125506,8 +125511,8 @@ CVE-2015-2022
        RESERVED
 CVE-2015-2021
        RESERVED
-CVE-2015-2020
-       RESERVED
+CVE-2015-2020 (The MyScript SDK before 1.3 for Android might allow attackers 
to ...)
+       TODO: check
 CVE-2015-2019 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 
before ...)
        NOT-FOR-US: IBM
 CVE-2015-2018 (IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere 
Message ...)
@@ -125528,8 +125533,8 @@ CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM 
QRadar SIEM 7.1 MR2 before Pa
        NOT-FOR-US: IBM
 CVE-2015-2010
        REJECTED
-CVE-2015-2009
-       RESERVED
+CVE-2015-2009 (Cross-site request forgery (CSRF) vulnerability in the 
xmlrpc.cgi ...)
+       TODO: check
 CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 
7.2.x ...)
        NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 
7.2.x ...)
@@ -125538,16 +125543,16 @@ CVE-2015-2006
        RESERVED
 CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 
7.2.x ...)
        NOT-FOR-US: IBM Security QRadar SIEM
-CVE-2015-2004
-       RESERVED
-CVE-2015-2003
-       RESERVED
-CVE-2015-2002
-       RESERVED
-CVE-2015-2001
-       RESERVED
-CVE-2015-2000
-       RESERVED
+CVE-2015-2004 (The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android 
might ...)
+       TODO: check
+CVE-2015-2003 (The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android 
might ...)
+       TODO: check
+CVE-2015-2002 (The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might 
allow ...)
+       TODO: check
+CVE-2015-2001 (The MetaIO SDK before 6.0.2.1 for Android might allow attackers 
to ...)
+       TODO: check
+CVE-2015-2000 (The Jumio SDK before 1.5.0 for Android might allow attackers to 
...)
+       TODO: check
 CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 
5 ...)
        NOT-FOR-US: IBM QRadar
 CVE-2015-1998
@@ -139634,8 +139639,8 @@ CVE-2014-6606
        RESERVED
 CVE-2014-6605
        RESERVED
-CVE-2014-6604
-       RESERVED
+CVE-2014-6604 (Cross-site scripting (XSS) vulnerability in 
class-s2-list-table.php in ...)
+       TODO: check
 CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in 
...)
        [squeeze] - suricata <not-affected> (Vulnerable code not yet present)
        [wheezy] - suricata <not-affected> (Vulnerable code not yet present)
@@ -143147,8 +143152,8 @@ CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 
1.2.5, when fine grained acces
        [wheezy] - libvirt <not-affected> (Not exploitable in that version)
        [squeeze] - libvirt <not-affected> (Not exploitable in that version)
        NOTE: http://security.libvirt.org/2014/0003.html
-CVE-2014-5170
-       RESERVED
+CVE-2014-5170 (The Storage API module 7.x before 7.x-1.6 for Drupal might 
allow ...)
+       TODO: check
 CVE-2014-5169 (Cross-site scripting (XSS) vulnerability in the Date module 
before ...)
        NOT-FOR-US: Drupal module Date
 CVE-2014-5168
@@ -143541,8 +143546,7 @@ CVE-2014-5029 (The web interface in CUPS 1.7.4 allows 
local users in the lp grou
        - cups 1.7.4-2
        [squeeze] - cups 1.4.4-7+squeeze6
        NOTE: https://cups.org/str.php?L4455
-CVE-2014-5028
-       RESERVED
+CVE-2014-5028 (The Original File and Patched File resources in Review Board 
1.7.x ...)
        - reviewboard <itp> (bug #653113)
 CVE-2014-5027 (Cross-site scripting (XSS) vulnerability in Review Board 1.7.x 
before ...)
        - reviewboard <itp> (bug #653113)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/af8d72946d09d4edb159f924c92b88734c056781

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/af8d72946d09d4edb159f924c92b88734c056781
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to