Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3b701757 by Salvatore Bonaccorso at 2018-06-23T11:29:44+02:00
Further fixed verified for inclusion in 8.11
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6247,7 +6247,7 @@ CVE-2018-10242
CVE-2014-10073 (The create_response function in server/server.c in Psensor
before 1.1.4 ...)
{DLA-1361-1}
- psensor 1.1.5-1 (low; bug #896195)
- [jessie] - psensor <no-dsa> (Minor issue)
+ [jessie] - psensor 1.1.3-2+deb8u1
NOTE:
http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before
15.1.6 ...)
NOT-FOR-US: SolarWinds Serv-U
@@ -12642,7 +12642,7 @@ CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the
server parameter. ...)
{DLA-1311-1}
- adminer 4.5.0-1 (bug #893668)
[stretch] - adminer <no-dsa> (Minor issue, issue can be mitigated by
upfront application firewalling)
- [jessie] - adminer <no-dsa> (Minor issue, issue can be mitigated by
upfront application firewalling)
+ [jessie] - adminer 3.3.3-1+deb8u1
NOTE:
http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
NOTE:
https://github.com/vrana/adminer/commit/0fae40fb611b5c8167fa2b8d40bf576a8935a380
NOTE: adminer 4.4.0 disallows connecting to privileged ports, and thus
not "enumerating"
@@ -13060,7 +13060,7 @@ CVE-2018-7555
CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that
leads to a ...)
{DLA-1340-1}
- sam2p <removed>
- [jessie] - sam2p <no-dsa> (Will be fixed via point release)
+ [jessie] - sam2p 0.49.2-3+deb8u2
NOTE: https://github.com/pts/sam2p/issues/29
NOTE:
https://github.com/pts/sam2p/commit/a6621e996f976912252018be8a8836ee6a966ee3
NOTE:
https://github.com/pts/sam2p/commit/118cb8102b767df4100d8a14184e44b33a822861
@@ -13070,18 +13070,18 @@ CVE-2018-7554 (There is an invalid free in ReadImage
in input-bmp.ci that leads
CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster
function of ...)
{DLA-1340-1}
- sam2p <removed>
- [jessie] - sam2p <no-dsa> (Will be fixed via point release)
+ [jessie] - sam2p 0.49.2-3+deb8u2
NOTE: https://github.com/pts/sam2p/issues/32
CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in
mapping.cpp ...)
{DLA-1340-1}
- sam2p <removed>
- [jessie] - sam2p <no-dsa> (Will be fixed via point release)
+ [jessie] - sam2p 0.49.2-3+deb8u2
NOTE: https://github.com/pts/sam2p/issues/30
NOTE: CVE-2018-7554 patches will address this issue too.
CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that
leads to ...)
{DLA-1340-1}
- sam2p <removed>
- [jessie] - sam2p <no-dsa> (Will be fixed via point release)
+ [jessie] - sam2p 0.49.2-3+deb8u2
NOTE: https://github.com/pts/sam2p/issues/28
CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick
Emulator ...)
{DSA-4213-1 DLA-1351-1 DLA-1350-1}
@@ -13297,7 +13297,7 @@ CVE-2018-7488
CVE-2018-7487 (There is a heap-based buffer overflow in the LoadPCX function
of ...)
{DLA-1340-1}
- sam2p <removed>
- [jessie] - sam2p <no-dsa> (Will be fixed via point release)
+ [jessie] - sam2p 0.49.2-3+deb8u2
NOTE: https://github.com/pts/sam2p/issues/18
CVE-2018-7486 (Blue River Mura CMS before v7.0.7029 supports inline function
calls ...)
NOT-FOR-US: Blue River Mura CMS
@@ -48779,7 +48779,7 @@ CVE-2017-12627 (In Apache Xerces-C XML Parser library
before 3.2.1, processing o
{DLA-1328-1}
- xerces-c 3.2.1+debian-1 (bug #894050)
[stretch] - xerces-c <no-dsa> (Minor issue; can be fixed via point
release)
- [jessie] - xerces-c <no-dsa> (Minor issue; can be fixed via point
release)
+ [jessie] - xerces-c 3.1.1-5.1+deb8u4
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to
Denial ...)
@@ -137731,7 +137731,7 @@ CVE-2018-1000156 (GNU Patch version 2.7.6 contains an
input validation vulnerabi
{DLA-1348-1}
- patch 2.7.6-2 (bug #894993)
[stretch] - patch <no-dsa> (Can be fixed via point release)
- [jessie] - patch <no-dsa> (Can be fixed via point release)
+ [jessie] - patch 2.7.5-1+deb8u1
NOTE: Upstream bug: https://savannah.gnu.org/bugs/?53566
NOTE: https://rachelbythebay.com/w/2018/04/05/bangpatch/
NOTE: https://twitter.com/kurtseifried/status/982028968877436928
=====================================
data/next-oldstable-point-update.txt
=====================================
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -1,21 +1,3 @@
-CVE-2818-7667
- [jessie] - adminer 3.3.3-1+deb8u1
-CVE-2018-7487
- [jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-7551
- [jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-7552
- [jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-7553
- [jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-7554
- [jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-1000156
- [jessie] - patch 2.7.5-1+deb8u1
-CVE-2017-12627
- [jessie] - xerces-c 3.1.1-5.1+deb8u4
-CVE-2014-10073
- [jessie] - psensor 1.1.3-2+deb8u1
CVE-2017-9218
[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9219
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b701757bb8f385b699a535b09f9b9a68b10c68b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b701757bb8f385b699a535b09f9b9a68b10c68b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
