Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
441f7458 by security tracker role at 2018-03-30T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-9143
+ RESERVED
+CVE-2018-9142
+ RESERVED
+CVE-2018-9141
+ RESERVED
+CVE-2018-9140
+ RESERVED
+CVE-2018-9139
+ RESERVED
+CVE-2018-9138
+ RESERVED
+CVE-2018-9137
+ RESERVED
+CVE-2018-9136
+ RESERVED
+CVE-2018-9135
+ RESERVED
+CVE-2018-9134
+ RESERVED
+CVE-2018-9133
+ RESERVED
+CVE-2018-9132
+ RESERVED
+CVE-2018-9131
+ RESERVED
+CVE-2018-9130
+ RESERVED
+CVE-2018-9129
+ RESERVED
+CVE-2018-9128
+ RESERVED
+CVE-2018-9127
+ RESERVED
+CVE-2018-9126
+ RESERVED
CVE-2018-9125
RESERVED
CVE-2018-9124
@@ -2355,6 +2391,7 @@ CVE-2018-8095
CVE-2018-1000128
REJECTED
CVE-2018-1000127 (memcached version prior to 1.4.37 contains an Integer
Overflow ...)
+ {DLA-1329-1}
- memcached 1.5.0-1 (bug #894404)
NOTE:
https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
NOTE: https://github.com/memcached/memcached/issues/271
@@ -21202,8 +21239,8 @@ CVE-2018-1193
RESERVED
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285;
...)
NOT-FOR-US: Cloud Foundry
-CVE-2018-1191
- RESERVED
+CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains
an ...)
+ TODO: check
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry
products: all ...)
NOT-FOR-US: Pivotal
CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 -
8.0.1.2, ...)
@@ -23097,6 +23134,7 @@ CVE-2017-17080 (elf.c in the Binary File Descriptor
(BFD) library (aka libbfd),
CVE-2018-0740
RESERVED
CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as
can be ...)
+ {DSA-4158-1 DSA-4157-1}
- openssl 1.1.0h-1
- openssl1.0 1.0.2o-1
NOTE: https://www.openssl.org/news/secadv/20180327.txt
@@ -25137,8 +25175,8 @@ CVE-2017-16875 (An issue was discovered in Teluu
pjproject (pjlib and pjlib-util
NOTE: https://trac.pjsip.org/repos/changeset/5680
CVE-2017-16874
RESERVED
-CVE-2017-16873
- RESERVED
+CVE-2017-16873 (It is possible to exploit an unsanitized PATH in the suid
binary that ...)
+ TODO: check
CVE-2017-1000233
REJECTED
CVE-2017-1000222
@@ -25564,8 +25602,8 @@ CVE-2017-16840 (The VC-2 Video Compression encoder in
FFmpeg 3.4 allows remote .
{DSA-4049-1}
- ffmpeg 7:3.4.1-1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
-CVE-2017-16839
- RESERVED
+CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to
steal root ...)
+ TODO: check
CVE-2017-16838
RESERVED
CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through
1.9.6 are not ...)
@@ -26510,8 +26548,8 @@ CVE-2017-16514 (Multiple persistent stored
Cross-Site-Scripting (XSS) vulnerabil
NOT-FOR-US: WebsiteBaker
CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer
overflows in ...)
NOT-FOR-US: Ipswitch WS_FTP Professional
-CVE-2017-16512
- RESERVED
+CVE-2017-16512 (The vagrant update process in Hashicorp vagrant-vmware-fusion
5.0.2 ...)
+ TODO: check
CVE-2017-16511
RESERVED
CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being
sent to ...)
@@ -38341,6 +38379,7 @@ CVE-2017-12629 (Remote code execution occurs in Apache
Solr before 7.1 with Apac
CVE-2017-12628 (The JMX server embedded in Apache James, also used by the
command line ...)
NOT-FOR-US: Apache James
CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing
of ...)
+ {DLA-1328-1}
- xerces-c 3.2.1+debian-1 (bug #894050)
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
@@ -84345,8 +84384,8 @@ CVE-2016-6660
REJECTED
CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before
3.6.5, ...)
NOT-FOR-US: Pivotal
-CVE-2016-6658
- RESERVED
+CVE-2016-6658 (Applications in cf-release before 245 can be configured and
pushed ...)
+ TODO: check
CVE-2016-6657 (An open redirect vulnerability has been detected with some
Pivotal ...)
NOT-FOR-US: Pivotal
CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0.
Creation ...)
@@ -104023,8 +104062,8 @@ CVE-2016-0900 (Cross-site scripting (XSS)
vulnerability in EMC RSA Authenticatio
NOT-FOR-US: RSA Authentication Manager
CVE-2016-0899 (EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote
authenticated ...)
NOT-FOR-US: RSA Archer GRC Platform
-CVE-2016-0898
- RESERVED
+CVE-2016-0898 (MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log
the AWS ...)
+ TODO: check
CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x
before ...)
NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and
1.7.x ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/441f745838966feb3b468b72c8406269fed6bd58
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/441f745838966feb3b468b72c8406269fed6bd58
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
