[Git][security-tracker-team/security-tracker][master] 6 commits: follow security team for binutils

Thorsten Alteholz Wed, 27 Jun 2018 06:04:18 -0700

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e58a341d by Thorsten Alteholz at 2018-06-27T14:59:53+02:00
follow security team for binutils

- - - - -
695f3274 by Thorsten Alteholz at 2018-06-27T14:59:56+02:00
follow security team for devscripts

- - - - -
bbc6501c by Thorsten Alteholz at 2018-06-27T14:59:58+02:00
follow security team for exempi

- - - - -
05f0e8ac by Thorsten Alteholz at 2018-06-27T15:00:01+02:00
follow security team for libpff

- - - - -
c873a81a by Thorsten Alteholz at 2018-06-27T15:00:04+02:00
follow security team for libquazip

- - - - -
27c9acad by Thorsten Alteholz at 2018-06-27T15:00:07+02:00
follow security team for libtomcrypt

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -47,6 +47,7 @@ CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input 
Validation vulnerabil
 CVE-2018-XXXX [grep-excuses: uses YAML::Syck in a unsafe way]
        - devscripts <unfixed> (low; bug #902409)
        [stretch] - devscripts <no-dsa> (Minor issue)
+       [jessie] - devscripts <no-dsa> (Minor issue)
 CVE-2018-1000610 (A exposure of sensitive information vulnerability exists in 
Jenkins ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2018-1000609 (A exposure of sensitive information vulnerability exists in 
Jenkins ...)
@@ -450,21 +451,25 @@ CVE-2018-12701
 CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in 
debug.c ...)
        - binutils <unfixed> (low)
        [stretch] - binutils <ignored> (Minor issue)
+       [jessie] - binutils <ignored> (Minor issue)
        NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers 
to cause a ...)
        - binutils <unfixed> (low)
        [stretch] - binutils <ignored> (Minor issue)
+       [jessie] - binutils <ignored> (Minor issue)
        NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as 
distributed in ...)
        - binutils <unfixed> (low)
        [stretch] - binutils <ignored> (Minor issue)
+       [jessie] - binutils <ignored> (Minor issue)
        NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address 
0x000000000000) ...)
        - binutils <unfixed> (low)
        [stretch] - binutils <ignored> (Minor issue)
+       [jessie] - binutils <ignored> (Minor issue)
        NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 CVE-2018-12696 (mao10cms 6 allows XSS via the article page. ...)
@@ -567,6 +572,7 @@ CVE-2018-12649 (An issue was discovered in 
app/Controller/UsersController.php in
 CVE-2018-12648 (The WEBP::GetLE32 function in ...)
        - exempi <unfixed> (low; bug #902175)
        [stretch] - exempi <no-dsa> (Minor issue)
+       [jessie] - exempi <no-dsa> (Minor issue)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106981
 CVE-2018-12647
        RESERVED
@@ -1297,6 +1303,7 @@ CVE-2018-12438 (The Elliptic Curve Cryptography library 
(aka sunec or libsunec) 
 CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel 
attack on ...)
        - libtomcrypt <unfixed> (low; bug #901626)
        [stretch] - libtomcrypt <no-dsa> (Minor issue)
+       [jessie] - libtomcrypt <no-dsa> (Minor issue)
        NOTE: https://github.com/libtom/libtomcrypt/issues/407
 CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a 
...)
        - wolfssl <unfixed> (bug #901627)
@@ -2718,6 +2725,7 @@ CVE-2018-12066 (BIRD Internet Routing Daemon before 1.6.4 
allows local users to 
 CVE-2018-1002209 [arbitrary file write vulnerability / arbitrary code 
execution using a specially crafted zip file]
        - libquazip <unfixed>
        [stretch] - libquazip <no-dsa> (Minor issue)
+       [jessie] - libquazip <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1593011
        TODO: further checks, should be fixedin 0.7.6
 CVE-2018-1002204 [nodejs-adm-zip: arbitrary file write vulnerability / 
arbitrary code execution using a specially crafted zip file]
@@ -2993,6 +3001,7 @@ CVE-2018-11724 (The mobi_pk1_decrypt function in 
encryption.c in Libmobi 0.3 all
 CVE-2018-11723 (The libpff_name_to_id_map_entry_read function in ...)
        - libpff <unfixed> (low; bug #901967)
        [stretch] - libpff <no-dsa> (Minor issue)
+       [jessie] - libpff <no-dsa> (Minor issue)
        NOTE: http://seclists.org/fulldisclosure/2018/Jun/15
 CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 
'code' ...)
        NOT-FOR-US: WUZHI CMS



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/37355e969e44181fc94ed383319757b56924c2fb...27c9acadf5e47dd4e02cce91595b398582d405ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/37355e969e44181fc94ed383319757b56924c2fb...27c9acadf5e47dd4e02cce91595b398582d405ff
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 6 commits: follow security team for binutils

Reply via email to