automatic update

author: security tracker role <sectracker@soriano.debian.org> 2018-02-23 21:10:17 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2018-02-23 21:10:17 +0000
commit: dfcb20e17b5649ccf180df2659738f77eeefe9a3 (patch)
tree: 216de55bf1ee28df5fddbbaa9a7b5a4646628a2d /data
parent: 8df2b81523ca09edac78fa3b102f99c02f320db9 (diff)
6 files changed, 63 insertions, 26 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 9bcd0abbc6..0ec0aa8229 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -12883,7 +12883,7 @@ CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm
 	[etch] - libapache2-mod-perl2 <no-dsa> (Minor issue)
 	[etch] - apache 1.3.34-4.1+etch1
 CVE-2007-1348
-	RESERVED
+	REJECTED
 CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
 	NOT-FOR-US: Microsoft Windows Explorer
 CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 8e27faf676..7b3d30e6d3 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,3 +1,5 @@
+CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...)
+	TODO: check
 CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) ...)
 	- jquery 1.11.3+dfsg-1
 	[wheezy] - jquery <ignored> (Too invasive to fix)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 4b012c3a4b..6427c3c20c 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -14691,7 +14691,7 @@ CVE-2013-1937 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOTE: http://seclists.org/fulldisclosure/2013/Apr/100
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a
 CVE-2013-1936
-	RESERVED
+	REJECTED
 CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package ...)
 	- linux <not-affected> (RHEL-specific backport regression)
 	- linux-2.6 <not-affected> (RHEL-specific backport regression)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index ecb0992e08..c95860290c 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -17740,10 +17740,10 @@ CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Boo
 	NOT-FOR-US: WordPress plugin Booking System
 CVE-2014-3208
 	RESERVED
-CVE-2014-3206
-	RESERVED
-CVE-2014-3205
-	RESERVED
+CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary ...)
+	TODO: check
+CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a ...)
+	TODO: check
 CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle ...)
 	NOT-FOR-US: Unity
 CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 7485fcc0a2..e8065bc3b1 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,5 @@
+CVE-2017-18195
+	RESERVED
 CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the &quot;signup&quot; ...)
 	NOT-FOR-US: HamayeshNegar CMS
 CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...)
@@ -3829,7 +3831,7 @@ CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field durin
 	- php-horde <undetermined>
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
 	TODO: check
-CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...)
+CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...)
 	- php-horde <undetermined>
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
 	TODO: check
@@ -31043,7 +31045,7 @@ CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...)
 	[jessie] - linux 3.16.39-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824
-CVE-2017-7494 (Samba since version 3.5.0 is vulnerable to remote code execution ...)
+CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is ...)
 	{DSA-3860-1 DLA-951-1}
 	- samba 2:4.5.8+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 08d95bebb1..3d4a86fadf 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,3 +1,29 @@
+CVE-2018-7443
+	RESERVED
+CVE-2018-7434
+	RESERVED
+CVE-2018-7433
+	RESERVED
+CVE-2018-7432
+	RESERVED
+CVE-2018-7431
+	RESERVED
+CVE-2018-7430
+	RESERVED
+CVE-2018-7429
+	RESERVED
+CVE-2018-7428
+	RESERVED
+CVE-2018-7427
+	RESERVED
+CVE-2018-7426
+	RESERVED
+CVE-2018-7425
+	RESERVED
+CVE-2018-7424
+	RESERVED
+CVE-2018-7423
+	RESERVED
 CVE-2018-7422
 	RESERVED
 CVE-2018-7421
@@ -13,18 +39,23 @@ CVE-2018-7417
 CVE-2018-7416
 	RESERVED
 CVE-2018-7439 [heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892
 CVE-2018-7438 [heap-buffer-overflow in freexl.c:383 parse_unicode_string]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889
 CVE-2018-7437 [heap-buffer-overflow in freexl.c:1866 parse_SST]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885
 CVE-2018-7436 [heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883
 CVE-2018-7435 [heap-buffer-overflow in freexl::destroy_cell]
+	RESERVED
 	- freexl 1.0.5-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879
 CVE-2018-7415
@@ -179,8 +210,8 @@ CVE-2018-7341
 	RESERVED
 CVE-2018-7340
 	RESERVED
-CVE-2018-7339
-	RESERVED
+CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles ...)
+	TODO: check
 CVE-2018-XXXX [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page]
 	- drupal7 7.57-1 (bug #891154)
 	NOTE: https://www.drupal.org/sa-core-2018-001
@@ -1387,12 +1418,12 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation an
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/22
-CVE-2018-6868
-	RESERVED
-CVE-2018-6867
-	RESERVED
-CVE-2018-6866
-	RESERVED
+CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / ...)
+	TODO: check
+CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone ...)
+	TODO: check
+CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and ...)
+	TODO: check
 CVE-2018-6865
 	RESERVED
 CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion ...)
@@ -1405,8 +1436,8 @@ CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Sear
 	NOT-FOR-US: PHP Scripts Mall Lawyer Search Script
 CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts ...)
 	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
-CVE-2018-6859
-	RESERVED
+CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert Management ...)
+	TODO: check
 CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone ...)
 	NOT-FOR-US: PHP Scripts Mall Facebook Clone Script
 CVE-2018-6857
@@ -1639,8 +1670,7 @@ CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig funct
 	[wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
 	NOTE: https://github.com/dbry/WavPack/issues/27
 	NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
-CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init]
-	RESERVED
+CVE-2018-6764 (util/virlog.c in libvirt does not properly determine the hostname on ...)
 	- libvirt 4.0.0-2 (bug #889839)
 	[stretch] - libvirt <no-dsa> (Minor issue)
 	[jessie] - libvirt <no-dsa> (Minor issue)
@@ -8348,12 +8378,15 @@ CVE-2018-3838
 CVE-2018-3837
 	RESERVED
 CVE-2018-7442 [path traversal or file overwrite]
+	RESERVED
 	- leptonlib <unfixed>
 	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html
 CVE-2018-7441 [insecure use of /tmp]
+	RESERVED
 	- leptonlib <unfixed>
 	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html
 CVE-2018-7440 [command injection via $(command)]
+	RESERVED
 	- leptonlib <unfixed>
 	NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
 	NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
@@ -15212,12 +15245,12 @@ CVE-2018-0522
 	RESERVED
 CVE-2018-0521
 	RESERVED
-CVE-2018-0520
-	RESERVED
-CVE-2018-0519
-	RESERVED
-CVE-2018-0518
-	RESERVED
+CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware ...)
+	TODO: check
+CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...)
+	TODO: check
+CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...)
+	TODO: check
 CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...)
 	NOT-FOR-US: Anshin net security for Windows
 CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address ...)
author	security tracker role <sectracker@soriano.debian.org>	2018-02-23 21:10:17 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2018-02-23 21:10:17 +0000
commit	dfcb20e17b5649ccf180df2659738f77eeefe9a3 (patch)
tree	216de55bf1ee28df5fddbbaa9a7b5a4646628a2d /data
parent	8df2b81523ca09edac78fa3b102f99c02f320db9 (diff)