Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3347ff67 by security tracker role at 2018-07-28T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-14677
+ RESERVED
+CVE-2018-14676
+ RESERVED
+CVE-2018-14675
+ RESERVED
+CVE-2018-14674
+ RESERVED
+CVE-2018-14673
+ RESERVED
+CVE-2018-14672
+ RESERVED
+CVE-2018-14671
+ RESERVED
+CVE-2018-14670
+ RESERVED
+CVE-2018-14669
+ RESERVED
+CVE-2018-14668
+ RESERVED
CVE-2018-XXXX [off-by-one error in CHM PMGI/PMGL chunk number validity checks]
- libmspack <unfixed> (bug #904802)
NOTE:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
@@ -37035,6 +37055,7 @@ CVE-2018-1118 (Linux kernel vhost since version 4.8
does not properly initialize
CVE-2018-1117 (ovirt-ansible-roles before version 1.0.6 has a vulnerability
due to a ...)
NOT-FOR-US: ovirt-ansible-roles
CVE-2018-1116 (A flaw was found in polkit before version 0.116. The
implementation of ...)
+ {DLA-1448-1}
- policykit-1 0.105-21 (bug #903563)
[stretch] - policykit-1 <no-dsa> (Minor issue; can be fixed via point
release)
NOTE:
https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad53643a9c80231fc41f5582d6a8931c32c
@@ -38718,6 +38739,7 @@ CVE-2018-0739 (Constructed ASN.1 types with a recursive
definition (such as can
CVE-2018-0738
RESERVED
CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be
...)
+ {DLA-1449-1}
- openssl 1.1.0h-3 (low; bug #895844)
[stretch] - openssl <postponed> (Can wait for next DSA and upstream
release)
[wheezy] - openssl <postponed> (Can wait for next update)
@@ -38742,6 +38764,7 @@ CVE-2018-0733 (Because of an implementation bug the
PA-RISC CRYPTO_memcmp functi
NOTE: Issue specific to HP-UX
NOTE: https://www.openssl.org/news/secadv/20180327.txt
CVE-2018-0732 (During key agreement in a TLS handshake using a DH(E) based ...)
+ {DLA-1449-1}
- openssl <unfixed> (low)
[stretch] - openssl <postponed> (Minor issue, can be fixed along with
next OpenSSL security release)
- openssl1.0 <unfixed> (low)
@@ -46338,8 +46361,7 @@ CVE-2017-15119 (The Network Block Device (NBD) server
in Quick Emulator (QEMU) b
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code introduced later)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html
-CVE-2017-15118 [stack buffer overflow in NBD server triggered via long export
name]
- RESERVED
+CVE-2017-15118 (A stack-based buffer overflow vulnerability was found in NBD
server ...)
- qemu 1:2.11+dfsg-1 (bug #883406)
[stretch] - qemu <not-affected> (Vulnerable code introduced in 2.10)
[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.10)
@@ -46409,8 +46431,7 @@ CVE-2017-15102 (The tower_probe function in
drivers/usb/misc/legousbtower.c in t
[jessie] - linux 3.16.43-1
[wheezy] - linux 3.2.86-1
NOTE: Fixed by:
https://git.kernel.org/linus/2fae9e5a7babada041e2e161699ade2447a01989 (4.9-rc1)
-CVE-2017-15101 [Incomplete fix for CVE-2014-8184]
- RESERVED
+CVE-2017-15101 (A missing patch for a stack-based buffer overflow in
findTable() was ...)
- liblouis <not-affected> (Incomplete fix not applied in Debian)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023
@@ -46430,8 +46451,7 @@ CVE-2017-15098 (Invalid json_populate_recordset or
jsonb_populate_recordset func
- postgresql-9.1 <removed>
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only
provides PL/Perl)
[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code does not
exist)
-CVE-2017-15097
- RESERVED
+CVE-2017-15097 (Privilege escalation flaws were found in the Red Hat
initialization ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1508985
NOTE: Similar issues as CVE-2016-1255 in Debian
NOT-FOR-US: Red Hat specific provides scripts for starting the database
server during system boot and for initializing the database
@@ -84774,8 +84794,7 @@ CVE-2017-2665 (The skyring-setup command creates random
password for mongodb sky
NOT-FOR-US: Red Hat Storage / skyring
CVE-2017-2664 (CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x
before ...)
NOT-FOR-US: Red Hat CloudForms
-CVE-2017-2663
- RESERVED
+CVE-2017-2663 (It was found that subscription-manager's DBus interface before
1.19.4 ...)
NOT-FOR-US: candlepin / subscription-manager
CVE-2017-2662
RESERVED
@@ -84801,16 +84820,15 @@ CVE-2017-2654
RESERVED
CVE-2017-2653 (A number of unused delete routes are present in CloudForms
before ...)
NOT-FOR-US: Red Hat CloudForms
-CVE-2017-2652
- RESERVED
+CVE-2017-2652 (It was found that there were no permission checks performed in
the ...)
+ TODO: check
CVE-2017-2651 (jenkins-mailer-plugin before version 1.20 is vulnerable to an
...)
NOT-FOR-US: jenkins-mailer-plugin
-CVE-2017-2650
- RESERVED
-CVE-2017-2649
- RESERVED
-CVE-2017-2648
- RESERVED
+CVE-2017-2650 (It was found that the use of Pipeline: Classpath Step Jenkins
plugin ...)
+ TODO: check
+CVE-2017-2649 (It was found that the Active Directory Plugin for Jenkins up to
and ...)
+ TODO: check
+CVE-2017-2648 (It was found that jenkins-ssh-slaves-plugin before version 1.15
did ...)
NOT-FOR-US: jenkins-ssh-slaves-plugin
CVE-2017-2647 (The KEYS subsystem in the Linux kernel before 3.18 allows local
users ...)
{DLA-922-1}
@@ -90380,8 +90398,7 @@ CVE-2016-9604 (It was discovered in the Linux kernel
before 4.11-rc8 that root c
- linux 4.9.25-1
[jessie] - linux 3.16.43-1
NOTE: Fixed by:
https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
-CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection]
- RESERVED
+CVE-2016-9603 (A heap buffer overflow flaw was found in QEMU's Cirrus CLGD
54xx VGA ...)
{DLA-1270-1 DLA-1035-1 DLA-939-1}
- qemu 1:2.8+dfsg-4 (bug #857744)
- qemu-kvm <removed>
@@ -90501,14 +90518,12 @@ CVE-2016-9579 [RGW server DoS via request with
invalid HTTP Origin header]
- ceph 10.2.5-2 (bug #849048)
[jessie] - ceph 0.80.7-2+deb8u2
NOTE: http://tracker.ceph.com/issues/18187
-CVE-2016-9578
- RESERVED
+CVE-2016-9578 (A vulnerability was discovered in SPICE before 0.13.90 in the
server's ...)
{DSA-3790-1 DLA-825-1}
- spice 0.12.8-2.1 (bug #854336)
NOTE: Fixed by:
https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=1c6517973095a67c8cb57f3550fc1298404ab556
(0.12.x)
NOTE: Fixed by:
https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
(0.12.x)
-CVE-2016-9577
- RESERVED
+CVE-2016-9577 (A vulnerability was discovered in SPICE before 0.13.90 in the
server's ...)
{DSA-3790-1 DLA-825-1}
- spice 0.12.8-2.1 (bug #854336)
NOTE: Fixed by:
https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3
(0.12.x)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3347ff6706d9f2b26844c193b4b929dca657242b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3347ff6706d9f2b26844c193b4b929dca657242b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
