Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5dfb79e by security tracker role at 2018-08-02T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before
5.6.37, ...)
+ TODO: check
+CVE-2018-14850
+ RESERVED
+CVE-2018-14849
+ RESERVED
CVE-2018-14848
RESERVED
CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote
attackers to ...)
@@ -1279,79 +1285,94 @@ CVE-2018-14364 (GitLab Community and Enterprise Edition
before 10.7.7, 10.8.x be
- gitlab <unfixed> (bug #904026)
NOTE:
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c
does not ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
NOTE:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c
proceeds ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16.
nntp_add_group in ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85
NOTE:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725
NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82
NOTE:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d
NOTE:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb
NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14353 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
NOTE:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14352 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4
NOTE:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14351 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741
NOTE:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14350 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
@@ -5863,8 +5884,8 @@ CVE-2018-12450
RESERVED
CVE-2018-12449
RESERVED
-CVE-2018-12448
- RESERVED
+CVE-2018-12448 (Whale Browser before 1.3.48.4 displays no URL information but
only a ...)
+ TODO: check
CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in
libavcodec, as used ...)
NOT-FOR-US: libbpg
CVE-2018-12446 (** DISPUTED ** An issue was discovered in the
com.dropbox.android ...)
@@ -9892,12 +9913,12 @@ CVE-2018-10924
RESERVED
CVE-2018-10923
RESERVED
-CVE-2018-10922
- RESERVED
-CVE-2018-10921
- RESERVED
-CVE-2018-10920
- RESERVED
+CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted
input file, ...)
+ TODO: check
+CVE-2018-10921 (Certain input files may trigger an integer overflow in ttembed
input ...)
+ TODO: check
+CVE-2018-10920 (Improper input validation bug in DNS resolver component of
Knot ...)
+ TODO: check
CVE-2018-10919
RESERVED
CVE-2018-10918
@@ -17127,8 +17148,7 @@ CVE-2018-8039 (It is possible to configure Apache CXF
to use the com.sun.net.ssl
NOT-FOR-US: Apache CXF
CVE-2018-8038 (Versions of Apache CXF Fediz prior to 1.4.4 do not fully
disable ...)
NOT-FOR-US: Apache CXF
-CVE-2018-8037 [Due to a mishandling of close in NIO/NIO2 connectors user
sessions can get mixed up]
- RESERVED
+CVE-2018-8037 (A bug in the tracking of connection closures can lead to reuse
of user ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.32-1
- tomcat8.0 <not-affected> (Vulnerable code only present in 8.5.5 to
8.5.31 in 8.x series)
@@ -17156,8 +17176,8 @@ CVE-2018-8034 (The host name verification when using
TLS with the WebSocket clie
NOTE: https://svn.apache.org/r1833760 (7.0.x)
CVE-2018-8033
RESERVED
-CVE-2018-8032
- RESERVED
+CVE-2018-8032 (Apache Axis 1.x up to and including 1.4 is vulnerable to a
cross-site ...)
+ TODO: check
CVE-2018-8031 (The TomEE console (tomee-webapp) has a XSS vulnerability which
could ...)
NOT-FOR-US: Apache TomEE
CVE-2018-8030 (A Denial of Service vulnerability was found in Apache Qpid
Broker-J ...)
@@ -18243,8 +18263,8 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an
Insufficient Control of Ne
NOTE: it's listening on a firewalled interface."
CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version
3.1 ...)
NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified
Application
-CVE-2018-7649
- RESERVED
+CVE-2018-7649 (Monitorix before 3.10.1 allows XSS via CGI variables. ...)
+ TODO: check
CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG
2.3.0. The ...)
- openjpeg2 <unfixed> (unimportant)
NOTE:
https://github.com/kbabioch/openjpeg/commit/6d8c0c06ee32dc03ba80acd48334e98728e56cf5
@@ -29373,8 +29393,8 @@ CVE-2018-3836 (An exploitable command injection
vulnerability exists in the ...)
NOTE: to not open CVE-2018-7440.
CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in
version 2.2 ...)
NOT-FOR-US: Per Face Texture (PTEX)
-CVE-2018-3834
- RESERVED
+CVE-2018-3834 (An exploitable permanent denial of service vulnerability exists
in ...)
+ TODO: check
CVE-2018-3833
RESERVED
CVE-2018-3832
@@ -32016,10 +32036,10 @@ CVE-2018-3111
RESERVED
CVE-2018-3110
RESERVED
-CVE-2018-3109
- RESERVED
-CVE-2018-3108
- RESERVED
+CVE-2018-3109 (Vulnerability in the Oracle Fusion Middleware MapViewer
component of ...)
+ TODO: check
+CVE-2018-3108 (Vulnerability in the Oracle Fusion Middleware component of
Oracle ...)
+ TODO: check
CVE-2018-3107
RESERVED
CVE-2018-3106
@@ -32402,8 +32422,8 @@ CVE-2018-2935 (Vulnerability in the Oracle WebLogic
Server component of Oracle F
NOT-FOR-US: Oracle
CVE-2018-2934 (Vulnerability in the Oracle Application Object Library
component of ...)
NOT-FOR-US: Oracle
-CVE-2018-2933
- RESERVED
+CVE-2018-2933 (Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion ...)
+ TODO: check
CVE-2018-2932 (Vulnerability in the Oracle SuperCluster Specific Software
component ...)
NOT-FOR-US: Oracle
CVE-2018-2931
@@ -35588,8 +35608,8 @@ CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and
5.5.0 is vulnerable to ...)
NOT-FOR-US: IBM FileNet Content Manager
CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to
...)
NOT-FOR-US: IBM FileNet Content Manager
-CVE-2018-1554
- RESERVED
+CVE-2018-1554 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site
scripting. ...)
+ TODO: check
CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2
could allow ...)
NOT-FOR-US: IBM
CVE-2018-1552
@@ -36678,8 +36698,7 @@ CVE-2018-1338 (A carefully crafted (or fuzzed) file can
trigger an infinite loop
NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/6
CVE-2018-1337 (In Apache LDAP API before 1.0.2, a bug in the way the SSL
Filter was ...)
NOT-FOR-US: Apache LDAP API
-CVE-2018-1336 [A bug in the UTF-8 decoder can lead to DoS]
- RESERVED
+CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.31-1
- tomcat8.0 <unfixed> (unimportant)
@@ -36711,7 +36730,7 @@ CVE-2018-1331 (In Apache Storm 0.10.0 through 0.10.2,
1.0.0 through 1.0.6, 1.1.0
CVE-2018-1330
RESERVED
CVE-2018-1329
- RESERVED
+ REJECTED
CVE-2018-1328
RESERVED
CVE-2018-1327 (The Apache Struts REST Plugin is using XStream library which is
...)
@@ -37300,10 +37319,10 @@ CVE-2018-1157
RESERVED
CVE-2018-1156
RESERVED
-CVE-2018-1155
- RESERVED
-CVE-2018-1154
- RESERVED
+CVE-2018-1155 (In SecurityCenter versions prior to 5.7.0, a cross-site
scripting ...)
+ TODO: check
+CVE-2018-1154 (In SecurityCenter versions prior to 5.7.0, a username
enumeration ...)
+ TODO: check
CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate
the ...)
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service ...)
@@ -43149,30 +43168,30 @@ CVE-2017-16351
RESERVED
CVE-2017-16350
RESERVED
-CVE-2017-16349
- RESERVED
+CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the
...)
+ TODO: check
CVE-2017-16348
RESERVED
-CVE-2017-16347
- RESERVED
-CVE-2017-16346
- RESERVED
-CVE-2017-16345
- RESERVED
-CVE-2017-16344
- RESERVED
-CVE-2017-16343
- RESERVED
-CVE-2017-16342
- RESERVED
-CVE-2017-16341
- RESERVED
-CVE-2017-16340
- RESERVED
-CVE-2017-16339
- RESERVED
-CVE-2017-16338
- RESERVED
+CVE-2017-16347 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16346 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16345 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16344 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16343 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16342 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16341 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16340 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16339 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
+CVE-2017-16338 (An attacker could send an authenticated HTTP request to
trigger this ...)
+ TODO: check
CVE-2017-16337
RESERVED
CVE-2017-16336
@@ -49092,12 +49111,12 @@ CVE-2017-14448 (An exploitable code execution
vulnerability exists in the XCF im
NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695
CVE-2017-14447
RESERVED
-CVE-2017-14446
- RESERVED
-CVE-2017-14445
- RESERVED
-CVE-2017-14444
- RESERVED
+CVE-2017-14446 (An exploitable stack-based buffer overflow vulnerability
exists in ...)
+ TODO: check
+CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon
Hub ...)
+ TODO: check
+CVE-2017-14444 (An exploitable buffer overflow vulnerability exists in Insteon
Hub ...)
+ TODO: check
CVE-2017-14443
RESERVED
CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP
image ...)
@@ -65153,16 +65172,16 @@ CVE-2017-9122 (The quicktime_read_moov function in
moov.c in libquicktime 1.2.4
[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9121
RESERVED
-CVE-2017-9120
- RESERVED
+CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial
of ...)
+ TODO: check
CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP
7.1.5 ...)
- php7.1 <unfixed> (unimportant)
- php7.0 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593
NOTE: Only triggerable by malicious script
-CVE-2017-9118
- RESERVED
+CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl
via a ...)
+ TODO: check
CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without
verifying ...)
- tiff <unfixed> (unimportant)
- tiff3 <not-affected> (Does not ship libtiff-tools)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5dfb79e37b5578f07bbd1fb8f6130faf9f729b0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5dfb79e37b5578f07bbd1fb8f6130faf9f729b0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
