Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d68d7beb by Salvatore Bonaccorso at 2018-07-14T08:25:43+02:00
Regroup some entries by source package
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9360,8 +9360,8 @@ CVE-2018-10323 (The xfs_bmap_extents_to_btree function in
fs/xfs/libxfs/xfs_bmap
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199423
CVE-2018-10322 (The xfs_dinode_verify function in
fs/xfs/libxfs/xfs_inode_buf.c in the ...)
- linux 4.16.5-1
- [jessie] - linux-4.9 <unfixed>
[wheezy] - linux <ignored> (dinode verifier not implemented)
+ [jessie] - linux-4.9 <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199377
CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability
via ...)
NOT-FOR-US: Frog CMS
@@ -12574,8 +12574,8 @@ CVE-2017-18250 (An issue was discovered in ImageMagick
7.0.7. A NULL pointer ...
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2f368e74a51ec7541b6595af712d17d6d1376534
CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux
kernel before ...)
- linux 4.12.6-1
- [jessie] - linux-4.9 <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux-4.9 <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6,
when ...)
{DLA-1412-1 DLA-1387-1}
@@ -13486,8 +13486,8 @@ CVE-2018-8718 (Cross-site request forgery (CSRF)
vulnerability in the Mailer Plu
CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux
kernel ...)
{DSA-4187-1}
- linux 4.15.17-1
- [jessie] - linux-4.9 <unfixed>
[wheezy] - linux <not-affected> (Vulnerability introduced later)
+ [jessie] - linux-4.9 <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an
administrator ...)
NOT-FOR-US: joyplus-cms
@@ -17499,8 +17499,8 @@ CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to
multiple persistent cross-sit
NOT-FOR-US: Yab Quarx
CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals
the ...)
- linux 4.15.4-1
- [jessie] - linux-4.9 <unfixed>
[wheezy] - linux <ignored> (Minor issue)
+ [jessie] - linux-4.9 <unfixed>
NOTE: https://lkml.org/lkml/2018/2/20/669
CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs
as part ...)
NOT-FOR-US: ForgeRock AM
@@ -35220,9 +35220,9 @@ CVE-2018-1109
NOTE: nodejs not covered by security support
CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a
weakness in ...)
- linux 4.16.5-1
- [jessie] - linux-4.9 <unfixed>
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux-4.9 <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
CVE-2018-1107
@@ -92148,9 +92148,9 @@ CVE-2016-8666 (The IP stack in the Linux kernel before
4.6 allows remote attacke
NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows
local users ...)
- linux <unfixed> (low)
- [jessie] - linux-4.9 <unfixed> (low)
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux-4.9 <unfixed> (low)
CVE-2016-8659 (Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which
might ...)
- bubblewrap 0.1.2-2 (bug #840605)
NOTE: https://github.com/projectatomic/bubblewrap/issues/107
@@ -122601,9 +122601,9 @@ CVE-2015-7812 (The hypercall_create_continuation
function in arch/arm/domain.c i
CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux
kernel ...)
- linux <unfixed>
[stretch] - linux <ignored> (Minor issue, requires invasive changes)
- [jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes)
[jessie] - linux <ignored> (Minor issue, requires invasive changes)
[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
+ [jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes)
- linux-2.6 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533
CVE-2015-8011 [lldpd: buffer overflow when handling management address TLV]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d68d7bebcf6da758ee5de509b0c9f29194dbfc42
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d68d7bebcf6da758ee5de509b0c9f29194dbfc42
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
