Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: bd04f976 by security tracker role at 2018-08-22T20:10:16Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,85 @@ +CVE-2018-15726 + RESERVED +CVE-2018-15725 + RESERVED +CVE-2018-15724 + RESERVED +CVE-2018-15723 + RESERVED +CVE-2018-15722 + RESERVED +CVE-2018-15721 + RESERVED +CVE-2018-15720 + RESERVED +CVE-2018-15719 + RESERVED +CVE-2018-15718 + RESERVED +CVE-2018-15717 + RESERVED +CVE-2018-15716 + RESERVED +CVE-2018-15715 + RESERVED +CVE-2018-15714 + RESERVED +CVE-2018-15713 + RESERVED +CVE-2018-15712 + RESERVED +CVE-2018-15711 + RESERVED +CVE-2018-15710 + RESERVED +CVE-2018-15709 + RESERVED +CVE-2018-15708 + RESERVED +CVE-2018-15707 + RESERVED +CVE-2018-15706 + RESERVED +CVE-2018-15705 + RESERVED +CVE-2018-15704 + RESERVED +CVE-2018-15703 + RESERVED +CVE-2018-15702 + RESERVED +CVE-2018-15701 + RESERVED +CVE-2018-15700 + RESERVED +CVE-2018-15699 + RESERVED +CVE-2018-15698 + RESERVED +CVE-2018-15697 + RESERVED +CVE-2018-15696 + RESERVED +CVE-2018-15695 + RESERVED +CVE-2018-15694 + RESERVED +CVE-2018-15693 + RESERVED +CVE-2018-15692 + RESERVED +CVE-2018-15691 + RESERVED +CVE-2018-15690 + RESERVED +CVE-2018-15689 + RESERVED +CVE-2018-15688 + RESERVED +CVE-2018-15687 + RESERVED +CVE-2018-15686 + RESERVED CVE-2018-15685 RESERVED CVE-2018-15684 @@ -1952,12 +2034,12 @@ CVE-2018-14803 RESERVED CVE-2018-14802 RESERVED -CVE-2018-14801 - RESERVED +CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...) + TODO: check CVE-2018-14800 RESERVED -CVE-2018-14799 - RESERVED +CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...) + TODO: check CVE-2018-14798 RESERVED CVE-2018-14797 @@ -1976,12 +2058,12 @@ CVE-2018-14791 RESERVED CVE-2018-14790 RESERVED -CVE-2018-14789 - RESERVED +CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...) + TODO: check CVE-2018-14788 RESERVED -CVE-2018-14787 - RESERVED +CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...) + TODO: check CVE-2018-14786 RESERVED CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...) @@ -9596,8 +9678,8 @@ CVE-2018-11778 RESERVED CVE-2018-11777 RESERVED -CVE-2018-11776 - RESERVED +CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from ...) + TODO: check CVE-2018-11775 RESERVED CVE-2018-11774 @@ -11919,13 +12001,11 @@ CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot - knot-resolver <unfixed> (bug #905325) NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch) -CVE-2018-10919 - RESERVED +CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an ...) {DSA-4271-1} - samba 2:4.8.4+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html -CVE-2018-10918 - RESERVED +CVE-2018-10918 (A null pointer dereference flaw was found in the way samba checked ...) - samba 2:4.8.4+dfsg-1 [stretch] - samba <not-affected> (Only affects Samba 4.7.0 onwards) [jessie] - samba <not-affected> (Only affects Samba 4.7.0 onwards) @@ -12062,8 +12142,7 @@ CVE-2018-10886 NOTE: scope of the assigning CNA. CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy ...) NOT-FOR-US: atomic-openshift -CVE-2018-10884 - RESERVED +CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to ...) NOT-FOR-US: Ansible Tower CVE-2018-10883 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...) {DLA-1423-1} @@ -12166,8 +12245,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypti [stretch] - git-annex 6.20170101-1+deb9u2 NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4 NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/ -CVE-2018-10858 - RESERVED +CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients processed ...) {DSA-4271-1} - samba 2:4.8.4+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html @@ -12215,20 +12293,17 @@ CVE-2018-10847 (prosody before versions 0.10.2, 0.9.14 is vulnerable to an ...) NOTE: https://blog.prosody.im/prosody-0-10-2-security-release/ NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.10.1.patch (0.10.1) NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.9.patch (0.9.x) -CVE-2018-10846 ["Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery] - RESERVED +CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads to ...) - gnutls28 <unfixed> - gnutls26 <removed> NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657 NOTE: https://eprint.iacr.org/2018/747 -CVE-2018-10845 [HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant] - RESERVED +CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 was ...) - gnutls28 <unfixed> - gnutls26 <removed> NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657 NOTE: https://eprint.iacr.org/2018/747 -CVE-2018-10844 [HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls] - RESERVED +CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 was ...) - gnutls28 <unfixed> - gnutls26 <removed> NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657 @@ -19264,10 +19339,12 @@ CVE-2018-8022 CVE-2018-8021 RESERVED CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw ...) + {DLA-1475-1} - tomcat-native 1.2.17-1 [stretch] - tomcat-native <no-dsa> (Minor issue) NOTE: https://svn.apache.org/r1832863 CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and ...) + {DLA-1475-1} - tomcat-native 1.2.17-1 [stretch] - tomcat-native <no-dsa> (Minor issue) NOTE: https://svn.apache.org/r1832832 @@ -28168,14 +28245,14 @@ CVE-2018-5240 (The Inventory Plugin for Symantec Management Agent prior to 7.6 P NOT-FOR-US: Inventory Plugin for Symantec Management Agent CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass ...) NOT-FOR-US: Norton -CVE-2018-5238 - RESERVED +CVE-2018-5238 (Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) ...) + TODO: check CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 ...) NOT-FOR-US: Symantec CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may ...) NOT-FOR-US: Symantec -CVE-2018-5235 - RESERVED +CVE-2018-5235 (Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL ...) + TODO: check CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a command ...) NOT-FOR-US: Norton Core router CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...) @@ -37721,8 +37798,8 @@ CVE-2018-1601 RESERVED CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...) NOT-FOR-US: IBM -CVE-2018-1599 - RESERVED +CVE-2018-1599 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker ...) + TODO: check CVE-2018-1598 RESERVED CVE-2018-1597 @@ -39664,14 +39741,12 @@ CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest us - qemu-kvm <removed> [wheezy] - qemu-kvm <postponed> (Can be fixed along in later update) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html -CVE-2018-1140 - RESERVED +CVE-2018-1140 (A missing input sanitization flaw was found in the implementation of ...) - samba 2:4.8.4+dfsg-1 [stretch] - samba <not-affected> (Only affects Samba 4.8.0 onwards) [jessie] - samba <not-affected> (Only affects Samba 4.8.0 onwards) NOTE: https://www.samba.org/samba/security/CVE-2018-1140.html -CVE-2018-1139 - RESERVED +CVE-2018-1139 (A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the ...) - samba 2:4.8.4+dfsg-1 [stretch] - samba <not-affected> (Issue introduced in 4.7.0) [jessie] - samba <not-affected> (Issue introduced in 4.7.0) @@ -72369,8 +72444,7 @@ CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnera - nginx 1.13.3-1 (bug #868109) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html NOTE: Fixed in 1.13.3, 1.12.1. -CVE-2017-7528 - RESERVED +CVE-2017-7528 (Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 ...) NOT-FOR-US: Ansible Tower CVE-2017-7527 RESERVED @@ -72458,8 +72532,7 @@ CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled . NOTE: Crash in CLI tool, no security implications CVE-2017-7514 (A cross-site scripting (XSS) flaw was found in how the failed action ...) NOT-FOR-US: Red Hat Satellite -CVE-2017-7513 - RESERVED +CVE-2017-7513 (It was found that Satellite 5 configured with SSL/TLS for the ...) NOT-FOR-US: Red Hat Satellite CVE-2017-7512 (Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before ...) NOT-FOR-US: Red Hat 3scale @@ -87541,8 +87614,7 @@ CVE-2017-2664 (CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before NOT-FOR-US: Red Hat CloudForms CVE-2017-2663 (It was found that subscription-manager's DBus interface before 1.19.4 ...) NOT-FOR-US: candlepin / subscription-manager -CVE-2017-2662 - RESERVED +CVE-2017-2662 (A flaw was found in Foreman's katello plugin version 3.4.5. After ...) - foreman <itp> (bug #663101) CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site ...) - pcs 0.9.155+dfsg-2 (bug #858379) @@ -87655,8 +87727,7 @@ CVE-2017-2629 (curl before 7.53.0 has an incorrect TLS Certificate Status Reques NOTE: https://curl.haxx.se/docs/adv_20170222.html CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version ...) - curl <not-affected> (Red Hat specific backport issue) -CVE-2017-2627 [openstack-tripleo-common: sudoers file is too permissive] - RESERVED +CVE-2017-2627 (A flaw was found in openstack-tripleo-common as shipped with Red Hat ...) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917 NOT-FOR-US: RHEL packaging flaw for openstack CVE-2017-2626 (It was discovered that libICE before 1.0.9-8 used a weak entropy to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd04f976f17eb98ddfdeac463d44c832774e7e0a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd04f976f17eb98ddfdeac463d44c832774e7e0a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits