Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: e58a341d by Thorsten Alteholz at 2018-06-27T14:59:53+02:00 follow security team for binutils - - - - - 695f3274 by Thorsten Alteholz at 2018-06-27T14:59:56+02:00 follow security team for devscripts - - - - - bbc6501c by Thorsten Alteholz at 2018-06-27T14:59:58+02:00 follow security team for exempi - - - - - 05f0e8ac by Thorsten Alteholz at 2018-06-27T15:00:01+02:00 follow security team for libpff - - - - - c873a81a by Thorsten Alteholz at 2018-06-27T15:00:04+02:00 follow security team for libquazip - - - - - 27c9acad by Thorsten Alteholz at 2018-06-27T15:00:07+02:00 follow security team for libtomcrypt - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -47,6 +47,7 @@ CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerabil CVE-2018-XXXX [grep-excuses: uses YAML::Syck in a unsafe way] - devscripts <unfixed> (low; bug #902409) [stretch] - devscripts <no-dsa> (Minor issue) + [jessie] - devscripts <no-dsa> (Minor issue) CVE-2018-1000610 (A exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin CVE-2018-1000609 (A exposure of sensitive information vulnerability exists in Jenkins ...) @@ -450,21 +451,25 @@ CVE-2018-12701 CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...) - binutils <unfixed> (low) [stretch] - binutils <ignored> (Minor issue) + [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a ...) - binutils <unfixed> (low) [stretch] - binutils <ignored> (Minor issue) + [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as distributed in ...) - binutils <unfixed> (low) [stretch] - binutils <ignored> (Minor issue) + [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) ...) - binutils <unfixed> (low) [stretch] - binutils <ignored> (Minor issue) + [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 CVE-2018-12696 (mao10cms 6 allows XSS via the article page. ...) @@ -567,6 +572,7 @@ CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php in CVE-2018-12648 (The WEBP::GetLE32 function in ...) - exempi <unfixed> (low; bug #902175) [stretch] - exempi <no-dsa> (Minor issue) + [jessie] - exempi <no-dsa> (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106981 CVE-2018-12647 RESERVED @@ -1297,6 +1303,7 @@ CVE-2018-12438 (The Elliptic Curve Cryptography library (aka sunec or libsunec) CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ...) - libtomcrypt <unfixed> (low; bug #901626) [stretch] - libtomcrypt <no-dsa> (Minor issue) + [jessie] - libtomcrypt <no-dsa> (Minor issue) NOTE: https://github.com/libtom/libtomcrypt/issues/407 CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a ...) - wolfssl <unfixed> (bug #901627) @@ -2718,6 +2725,7 @@ CVE-2018-12066 (BIRD Internet Routing Daemon before 1.6.4 allows local users to CVE-2018-1002209 [arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file] - libquazip <unfixed> [stretch] - libquazip <no-dsa> (Minor issue) + [jessie] - libquazip <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1593011 TODO: further checks, should be fixedin 0.7.6 CVE-2018-1002204 [nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file] @@ -2993,6 +3001,7 @@ CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 all CVE-2018-11723 (The libpff_name_to_id_map_entry_read function in ...) - libpff <unfixed> (low; bug #901967) [stretch] - libpff <no-dsa> (Minor issue) + [jessie] - libpff <no-dsa> (Minor issue) NOTE: http://seclists.org/fulldisclosure/2018/Jun/15 CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' ...) NOT-FOR-US: WUZHI CMS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/37355e969e44181fc94ed383319757b56924c2fb...27c9acadf5e47dd4e02cce91595b398582d405ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/37355e969e44181fc94ed383319757b56924c2fb...27c9acadf5e47dd4e02cce91595b398582d405ff You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits