[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 01 Aug 2018 01:10:41 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6329b4db by security tracker role at 2018-08-01T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-14776 (Click Studios Passwordstate before 8.3 Build 8397 allows XSS 
by ...)
+       TODO: check
+CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 
has a ...)
+       TODO: check
+CVE-2018-14774
+       RESERVED
+CVE-2018-14773
+       RESERVED
+CVE-2018-14772
+       RESERVED
+CVE-2018-14771
+       RESERVED
+CVE-2018-14770
+       RESERVED
+CVE-2018-14769
+       RESERVED
+CVE-2018-14768
+       RESERVED
 CVE-2018-1999025
        NOT-FOR-US: Jenkins plugin
 CVE-2018-1999026
@@ -1267,158 +1285,158 @@ CVE-2018-14318
        RESERVED
 CVE-2018-14317
        RESERVED
-CVE-2018-14316
-       RESERVED
-CVE-2018-14315
-       RESERVED
-CVE-2018-14314
-       RESERVED
-CVE-2018-14313
-       RESERVED
-CVE-2018-14312
-       RESERVED
-CVE-2018-14311
-       RESERVED
-CVE-2018-14310
-       RESERVED
-CVE-2018-14309
-       RESERVED
-CVE-2018-14308
-       RESERVED
-CVE-2018-14307
-       RESERVED
-CVE-2018-14306
-       RESERVED
-CVE-2018-14305
-       RESERVED
-CVE-2018-14304
-       RESERVED
-CVE-2018-14303
-       RESERVED
-CVE-2018-14302
-       RESERVED
-CVE-2018-14301
-       RESERVED
-CVE-2018-14300
-       RESERVED
-CVE-2018-14299
-       RESERVED
-CVE-2018-14298
-       RESERVED
-CVE-2018-14297
-       RESERVED
-CVE-2018-14296
-       RESERVED
-CVE-2018-14295
-       RESERVED
-CVE-2018-14294
-       RESERVED
-CVE-2018-14293
-       RESERVED
-CVE-2018-14292
-       RESERVED
-CVE-2018-14291
-       RESERVED
-CVE-2018-14290
-       RESERVED
-CVE-2018-14289
-       RESERVED
-CVE-2018-14288
-       RESERVED
-CVE-2018-14287
-       RESERVED
-CVE-2018-14286
-       RESERVED
-CVE-2018-14285
-       RESERVED
-CVE-2018-14284
-       RESERVED
-CVE-2018-14283
-       RESERVED
-CVE-2018-14282
-       RESERVED
-CVE-2018-14281
-       RESERVED
-CVE-2018-14280
-       RESERVED
-CVE-2018-14279
-       RESERVED
-CVE-2018-14278
-       RESERVED
-CVE-2018-14277
-       RESERVED
-CVE-2018-14276
-       RESERVED
-CVE-2018-14275
-       RESERVED
-CVE-2018-14274
-       RESERVED
-CVE-2018-14273
-       RESERVED
-CVE-2018-14272
-       RESERVED
-CVE-2018-14271
-       RESERVED
-CVE-2018-14270
-       RESERVED
-CVE-2018-14269
-       RESERVED
-CVE-2018-14268
-       RESERVED
-CVE-2018-14267
-       RESERVED
-CVE-2018-14266
-       RESERVED
-CVE-2018-14265
-       RESERVED
-CVE-2018-14264
-       RESERVED
-CVE-2018-14263
-       RESERVED
-CVE-2018-14262
-       RESERVED
-CVE-2018-14261
-       RESERVED
-CVE-2018-14260
-       RESERVED
-CVE-2018-14259
-       RESERVED
-CVE-2018-14258
-       RESERVED
-CVE-2018-14257
-       RESERVED
-CVE-2018-14256
-       RESERVED
-CVE-2018-14255
-       RESERVED
-CVE-2018-14254
-       RESERVED
-CVE-2018-14253
-       RESERVED
-CVE-2018-14252
-       RESERVED
-CVE-2018-14251
-       RESERVED
-CVE-2018-14250
-       RESERVED
-CVE-2018-14249
-       RESERVED
-CVE-2018-14248
-       RESERVED
-CVE-2018-14247
-       RESERVED
-CVE-2018-14246
-       RESERVED
-CVE-2018-14245
-       RESERVED
-CVE-2018-14244
-       RESERVED
-CVE-2018-14243
-       RESERVED
-CVE-2018-14242
-       RESERVED
-CVE-2018-14241
-       RESERVED
+CVE-2018-14316 (This vulnerability allows remote attackers to disclose 
sensitive ...)
+       TODO: check
+CVE-2018-14315 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14314 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14313 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14312 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14311 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14310 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14309 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14308 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14307 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14306 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14305 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14304 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14303 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14302 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14301 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14300 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14299 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14298 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14297 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14296 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14295 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14294 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14293 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14292 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14291 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14290 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14289 (This vulnerability allows remote attackers to disclose 
sensitive ...)
+       TODO: check
+CVE-2018-14288 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14287 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14286 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14285 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14284 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14283 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14282 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14281 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14280 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14279 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14278 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14277 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14276 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14275 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14274 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14273 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14272 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14271 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14270 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14269 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14268 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14267 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14266 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14265 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14264 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14263 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14262 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14261 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14260 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14259 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14258 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14257 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14256 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14255 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14254 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14253 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14252 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14251 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14250 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14249 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14248 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14247 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14246 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14245 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14244 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14243 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14242 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-14241 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
 CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant 
memory ...)
        - mp4v2 <unfixed> (bug #904900)
        [stretch] - mp4v2 <no-dsa> (Minor issue)
@@ -7852,20 +7870,20 @@ CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the 
ReadMATImage function in coders
        [jessie] - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/172d82afe89d3499ef0cab06dc58d380cc1ab946
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1149
-CVE-2018-11623
-       RESERVED
-CVE-2018-11622
-       RESERVED
-CVE-2018-11621
-       RESERVED
-CVE-2018-11620
-       RESERVED
-CVE-2018-11619
-       RESERVED
-CVE-2018-11618
-       RESERVED
-CVE-2018-11617
-       RESERVED
+CVE-2018-11623 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-11622 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-11621 (This vulnerability allows remote attackers to disclose 
sensitive ...)
+       TODO: check
+CVE-2018-11620 (This vulnerability allows remote attackers to disclose 
sensitive ...)
+       TODO: check
+CVE-2018-11619 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-11618 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
+CVE-2018-11617 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+       TODO: check
 CVE-2018-11616
        RESERVED
 CVE-2018-11615
@@ -9362,8 +9380,8 @@ CVE-2018-11052 (Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 
contain an authenticat
        NOT-FOR-US: EMC
 CVE-2018-11051 (RSA Certificate Manager Versions 6.9 build 560 through 6.9 
build 564 ...)
        NOT-FOR-US: RSA Certificate Manager
-CVE-2018-11050
-       RESERVED
+CVE-2018-11050 (Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 
9.2.1.3, ...)
+       TODO: check
 CVE-2018-11049 (RSA Identity Governance and Lifecycle, RSA Via Lifecycle and 
...)
        NOT-FOR-US: RSA
 CVE-2018-11048
@@ -15175,7 +15193,7 @@ CVE-2018-8781 (The udl_fb_mmap function in 
drivers/gpu/drm/udl/udl_fb.c at the L
        NOTE: https://patchwork.freedesktop.org/patch/211845/
        NOTE: Fixed by: 
https://git.kernel.org/linus/3b82a4db8eaccce735dffd50b4d4e1578099b8e8
 CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 
2.5.x ...)
-       {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+       {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
        - ruby2.5 2.5.1-1
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -15186,7 +15204,7 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 
2.3.7, 2.4.x before 2.4.4, 2.
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 
(2.2.10)
 CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 
2.5.x ...)
-       {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+       {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
        - ruby2.5 2.5.1-1
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -15198,7 +15216,7 @@ CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 
2.3.7, 2.4.x before 2.4.4, 2.
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 
(2.2.10)
        NOTE: ruby1.8: test examples from hackerone doesn't work. 
ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
 CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 
2.5.x ...)
-       {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+       {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
        - ruby2.5 2.5.1-1
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -15209,7 +15227,7 @@ CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 
2.3.7, 2.4.x before 2.4.4, 2.
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 
(2.2.10)
 CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 
2.5.x ...)
-       {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+       {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
        - ruby2.5 2.5.1-1
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -19356,7 +19374,7 @@ CVE-2018-1000081 (Ajenti version version 2 contains a 
Input Validation vulnerabi
 CVE-2018-1000080 (Ajenti version version 2 contains a Insecure Permissions 
vulnerability ...)
        - ajenti <itp> (bug #792019)
 CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 
2.3 series: ...)
-       {DSA-4219-1 DLA-1421-1}
+       {DSA-4259-1 DSA-4219-1 DLA-1421-1}
        - ruby2.5 2.5.0-5
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -19371,7 +19389,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3 
        NOTE: 
https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
        NOTE: 
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 
2.3 series: ...)
-       {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+       {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
        - ruby2.5 2.5.0-5
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -19382,7 +19400,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3 
        NOTE: 
https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
        NOTE: 
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 
2.3 series: ...)
-       {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+       {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
        - ruby2.5 2.5.0-5
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -19393,7 +19411,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3 
        NOTE: 
https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
        NOTE: 
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 
2.3 series: ...)
-       {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+       {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
        - ruby2.5 2.5.0-5
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -19404,7 +19422,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3 
        NOTE: 
https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
        NOTE: 
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 
2.3 series: ...)
-       {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+       {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
        - ruby2.5 2.5.0-5
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -19415,7 +19433,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3 
        NOTE: 
https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
        NOTE: 
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 
2.3 series: ...)
-       {DSA-4219-1 DLA-1352-1}
+       {DSA-4259-1 DSA-4219-1 DLA-1352-1}
        - ruby2.5 2.5.0-5
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -19428,7 +19446,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 
2.2.9 and earlier, Ruby 2.3 
        NOTE: 
https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
        NOTE: 
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 
2.3 series: ...)
-       {DSA-4219-1}
+       {DSA-4259-1 DSA-4219-1}
        - ruby2.5 2.5.0-5
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -50166,7 +50184,7 @@ CVE-2017-14022 (An Improper Input Validation issue was 
discovered in Rockwell ..
        NOT-FOR-US: Rockwell Automation FactoryTalk Alarms and Events
 CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in 
Korenix ...)
        NOT-FOR-US: Korenix
-CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in 
...)
+CVE-2017-14020 (In AutomationDirect CLICK Programming Software (Part Number 
C0-PGMSW) ...)
        NOT-FOR-US: AutomationDirect
 CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in 
Progea ...)
        NOT-FOR-US: Progea Movicon
@@ -90820,8 +90838,7 @@ CVE-2016-9574 (nss before version 3.30 is vulnerable to 
a remote denial of servi
        NOTE: The CVE is specific to the segfault resulting from the 
reproducing steps
        NOTE: as per buzilla entry, and 
https://bugzilla.redhat.com/show_bug.cgi?id=1397482
        NOTE: https://hg.mozilla.org/projects/nss/rev/7385cd821735
-CVE-2016-9573
-       RESERVED
+CVE-2016-9573 (An out-of-bounds read vulnerability was found in OpenJPEG 
2.1.2, in ...)
        {DSA-3768-1}
        - openjpeg2 2.1.2-1.1 (bug #851422)
        NOTE: https://github.com/uclouvain/openjpeg/issues/863
@@ -94108,8 +94125,7 @@ CVE-2016-8632 (The tipc_msg_build function in 
net/tipc/msg.c in the Linux kernel
        [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.17-rc1)
        NOTE: https://www.mail-archive.com/[email protected]/msg133205.html
        NOTE: Fixed by: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3de81b758853f0b29c61e246679d20b513c4cfec
 (v4.9-rc8)
-CVE-2016-8631
-       RESERVED
+CVE-2016-8631 (The OpenShift Enterprise 3 router does not properly sort routes 
when ...)
        NOT-FOR-US: OpenShift Enterprise
 CVE-2016-8630 (The x86_decode_insn function in arch/x86/kvm/emulate.c in the 
Linux ...)
        - linux 4.8.7-1
@@ -94119,8 +94135,7 @@ CVE-2016-8630 (The x86_decode_insn function in 
arch/x86/kvm/emulate.c in the Lin
        NOTE: Introduced by: 
https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 
(v3.17-rc1)
 CVE-2016-8629 (Red Hat Keycloak before version 2.4.0 did not correctly check 
...)
        NOT-FOR-US: Keycloak
-CVE-2016-8628
-       RESERVED
+CVE-2016-8628 (Ansible before version 2.2.0 fails to properly sanitize fact 
variables ...)
        - ansible 2.2.0.0-1 (bug #842985)
        [jessie] - ansible <not-affected> (Vulnerable code not present)
        NOTE: Fixed upstream in v2.2.0.0-1
@@ -94131,102 +94146,88 @@ CVE-2016-8626 (A flaw was found in Red Hat Ceph 
before 0.94.9-8. The way Ceph Ob
        - ceph 10.2.5-1 (bug #844200)
        [jessie] - ceph 0.80.7-2+deb8u2
        NOTE: http://tracker.ceph.com/issues/17635
-CVE-2016-8625
-       RESERVED
+CVE-2016-8625 (curl before version 7.51.0 uses outdated IDNA 2003 standard to 
handle ...)
        - curl 7.51.0-1
        [jessie] - curl <no-dsa> (the fix is too invasive)
        [wheezy] - curl <no-dsa> (the fix is too invasive)
        NOTE: 
https://github.com/curl/curl/commit/9c91ec778104ae3b744b39444d544e82d5ee9ece
        NOTE: https://curl.haxx.se/docs/adv_20161102K.html
        NOTE: https://curl.haxx.se/CVE-2016-8625.patch
-CVE-2016-8624
-       RESERVED
+CVE-2016-8624 (curl before version 7.51.0 doesn't parse the authority 
component of ...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/3bb273db7e40ebc284cff45f3ce3f0475c8339c2
        NOTE: https://curl.haxx.se/docs/adv_20161102J.html
        NOTE: https://curl.haxx.se/CVE-2016-8624.patch
-CVE-2016-8623
-       RESERVED
+CVE-2016-8623 (A flaw was found in curl before version 7.51.0. The way curl 
handles ...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5
        NOTE: https://curl.haxx.se/docs/adv_20161102I.html
        NOTE: https://curl.haxx.se/CVE-2016-8623.patch
-CVE-2016-8622
-       RESERVED
+CVE-2016-8622 (The URL percent-encoding decode function in libcurl before 
7.51.0 is ...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/53e71e47d6b81650d26ec33a58d0dca24c7ffb2c
        NOTE: https://curl.haxx.se/docs/adv_20161102H.html
        NOTE: https://curl.haxx.se/CVE-2016-8622.patch
-CVE-2016-8621
-       RESERVED
+CVE-2016-8621 (The `curl_getdate` function in curl before version 7.51.0 is 
...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/96a80b5a262fb6dd2ddcea7987296f3b9a405618
        NOTE: https://curl.haxx.se/docs/adv_20161102G.html
        NOTE: https://curl.haxx.se/CVE-2016-8621.patch
-CVE-2016-8620
-       RESERVED
+CVE-2016-8620 (The 'globbing' feature in curl before version 7.51.0 has a flaw 
that ...)
        {DSA-3705-1}
        - curl 7.51.0-1
        [wheezy] - curl <not-affected> (Vulnerable code introduced in 7.34.0)
        NOTE: 
https://github.com/curl/curl/commit/fbb5f1aa0326d485d5a7ac643b48481897ca667f
        NOTE: https://curl.haxx.se/docs/adv_20161102F.html
        NOTE: https://curl.haxx.se/CVE-2016-8620.patch
-CVE-2016-8619
-       RESERVED
+CVE-2016-8619 (The function `read_data()` in security.c in curl before version 
7.51.0 ...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/3d6460edeee21d7d790ec570d0887bed1f4366dd
        NOTE: https://curl.haxx.se/docs/adv_20161102E.html
        NOTE: https://curl.haxx.se/CVE-2016-8619.patch
-CVE-2016-8618
-       RESERVED
+CVE-2016-8618 (The libcurl API function called `curl_maprintf()` before 
version ...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/8732ec40db652c53fa58cd13e2acb8eab6e40874
        NOTE: https://curl.haxx.se/docs/adv_20161102D.html
        NOTE: https://curl.haxx.se/CVE-2016-8618.patch
-CVE-2016-8617
-       RESERVED
+CVE-2016-8617 (The base64 encode function in curl before version 7.51.0 is 
prone to a ...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/efd24d57426bd77c9b5860e6b297904703750412
        NOTE: https://curl.haxx.se/docs/adv_20161102C.html
        NOTE: https://curl.haxx.se/CVE-2016-8617.patch
-CVE-2016-8616
-       RESERVED
+CVE-2016-8616 (A flaw was found in curl before version 7.51.0 When re-using a 
...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/b3ee26c5df75d97f6895e6ec4538894ebaf76e48
        NOTE: https://curl.haxx.se/docs/adv_20161102B.html
        NOTE: https://curl.haxx.se/CVE-2016-8616.patch
-CVE-2016-8615
-       RESERVED
+CVE-2016-8615 (A flaw was found in curl before version 7.51. If cookie state 
is ...)
        {DSA-3705-1 DLA-711-1}
        - curl 7.51.0-1
        NOTE: 
https://github.com/curl/curl/commit/cff89bc088b7884098ea0c5378bbda3d49c437bc
        NOTE: https://curl.haxx.se/docs/adv_20161102A.html
        NOTE: https://curl.haxx.se/CVE-2016-8615.patch
-CVE-2016-8614
-       RESERVED
+CVE-2016-8614 (A flaw was found in Ansible before version 2.2.0. The apt_key 
module ...)
        - ansible 2.2.0.0-1 (bug #842984)
        [jessie] - ansible <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed upstream in v2.2.0.0-1
        NOTE: https://github.com/ansible/ansible-modules-core/issues/5237
        NOTE: https://github.com/ansible/ansible-modules-core/pull/5353
        NOTE: https://github.com/ansible/ansible-modules-core/pull/5357
-CVE-2016-8613
-       RESERVED
+CVE-2016-8613 (A flaw was found in foreman 1.5.1. The remote execution plugin 
runs ...)
        - foreman <itp> (bug #663101)
        NOTE: http://projects.theforeman.org/issues/17066/
        NOTE: https://github.com/theforeman/foreman_remote_execution/pull/208
 CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is 
...)
        - libapache2-mod-cluster <itp> (bug #731410)
-CVE-2016-8611 [Glance Image service v1 and v2 api image-create vulnerability]
-       RESERVED
+CVE-2016-8611 (A vulnerability was found in Openstack Glance. No limits are 
enforced ...)
        - glance <unfixed> (unimportant)
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16
 CVE-2016-8610 (A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 
1.0.2 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6329b4db8c6774856019ab7e57d0404cddefe805

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6329b4db8c6774856019ab7e57d0404cddefe805
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to