automatic update

author: security tracker role <sectracker@soriano.debian.org> 2018-02-21 09:10:21 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2018-02-21 09:10:21 +0000
commit: 5bb814c27801febe96b85a5e3ee3eb0521e33dda (patch)
tree: 82d40ca37fdb7d0f95fe81c541f4ab97a0b7635b /data
parent: a90928569f203332286243650a2c10dc8e663079 (diff)
3 files changed, 46 insertions, 11 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index cf87a3b51e..bd711e2aca 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,3 +1,5 @@
+CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b ...)
+	TODO: check
 CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending ...)
 	NOT-FOR-US: Gentoo ebuilds dir permissions at install time
 CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 88e8bf463b..01a0b9bc4a 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -2413,10 +2413,10 @@ CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 m
 	[jessie] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/344
-CVE-2017-17455
-	RESERVED
-CVE-2017-17454
-	RESERVED
+CVE-2017-17455 (Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before ...)
+	TODO: check
+CVE-2017-17454 (Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before ...)
+	TODO: check
 CVE-2017-17453
 	RESERVED
 CVE-2017-17452
@@ -9329,8 +9329,8 @@ CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows rem
 	- graphicsmagick 1.3.26-13
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
-CVE-2017-14993
-	RESERVED
+CVE-2017-14993 (OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x ...)
+	TODO: check
 CVE-2017-14992 (Lack of content verification in Docker-CE (Also known as Moby) ...)
 	- docker.io <undetermined>
 CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...)
@@ -16587,8 +16587,8 @@ CVE-2017-12417
 	RESERVED
 CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2017-12415
-	RESERVED
+CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x ...)
+	TODO: check
 CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an ...)
 	NOT-FOR-US: Format Factory
 CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related to ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index a37ac62b3f..603d549e3e 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,5 +1,37 @@
-CVE-2018-7263
+CVE-2018-7279
 	RESERVED
+CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP ...)
+	TODO: check
+CVE-2018-7277 (An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent ...)
+	TODO: check
+CVE-2018-7276 (An issue was discovered on Lutron Quantum BACnet Integration 2.0 ...)
+	TODO: check
+CVE-2018-7275
+	RESERVED
+CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-site ...)
+	TODO: check
+CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the ...)
+	TODO: check
+CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part ...)
+	TODO: check
+CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In install/install.php in the ...)
+	TODO: check
+CVE-2018-7270
+	RESERVED
+CVE-2018-7269
+	RESERVED
+CVE-2018-7268
+	RESERVED
+CVE-2018-7267
+	RESERVED
+CVE-2018-7266
+	RESERVED
+CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that ...)
+	TODO: check
+CVE-2018-7264
+	RESERVED
+CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad through ...)
+	TODO: check
 CVE-2018-7262
 	RESERVED
 CVE-2018-7261
@@ -903,6 +935,7 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attac
 CVE-2018-6870
 	RESERVED
 CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...)
+	{DLA-1287-1}
 	- zziplib <unfixed>
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
@@ -1884,8 +1917,8 @@ CVE-2018-6489
 	RESERVED
 CVE-2018-6488
 	RESERVED
-CVE-2018-6487
-	RESERVED
+CVE-2018-6487 (Remote Disclosure of Information in Micro Focus Universal CMDB ...)
+	TODO: check
 CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit ...)
 	NOT-FOR-US: Micro Focus Fortify Audit Workbench
 CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign in ...)
author	security tracker role <sectracker@soriano.debian.org>	2018-02-21 09:10:21 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2018-02-21 09:10:21 +0000
commit	5bb814c27801febe96b85a5e3ee3eb0521e33dda (patch)
tree	82d40ca37fdb7d0f95fe81c541f4ab97a0b7635b /data
parent	a90928569f203332286243650a2c10dc8e663079 (diff)