Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0fa0064a by security tracker role at 2018-10-03T20:10:40Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,50 @@
-CVE-2018-17947
+CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote
...)
+ TODO: check
+CVE-2018-17968
+ RESERVED
+CVE-2018-17967 (ImageMagick 7.0.7-28 has a memory leak vulnerability in
ReadBGRImage in ...)
+ TODO: check
+CVE-2018-17966 (ImageMagick 7.0.7-28 has a memory leak vulnerability in
WritePDBImage ...)
+ TODO: check
+CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak vulnerability in
WriteSGIImage ...)
+ TODO: check
+CVE-2018-17964
+ RESERVED
+CVE-2018-17963
+ RESERVED
+CVE-2018-17962
+ RESERVED
+CVE-2018-17961
+ RESERVED
+CVE-2018-17960
+ RESERVED
+CVE-2018-17959
+ RESERVED
+CVE-2018-17958
+ RESERVED
+CVE-2018-17957
+ RESERVED
+CVE-2018-17956
+ RESERVED
+CVE-2018-17955
+ RESERVED
+CVE-2018-17954
+ RESERVED
+CVE-2018-17953
+ RESERVED
+CVE-2018-17952
+ RESERVED
+CVE-2018-17951
+ RESERVED
+CVE-2018-17950
+ RESERVED
+CVE-2018-17949
+ RESERVED
+CVE-2018-17948
+ RESERVED
+CVE-2018-17947 (The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via
the text ...)
NOT-FOR-US: WordPress plugin snazzy-maps
-CVE-2018-17946
+CVE-2018-17946 (The Tribulant Slideshow Gallery plugin before 1.6.6.1 for
WordPress has ...)
NOT-FOR-US: WordPress plugin slideshow-gallery
CVE-2018-17945
RESERVED
@@ -8,16 +52,16 @@ CVE-2018-17944
RESERVED
CVE-2018-17943
RESERVED
-CVE-2018-17942
- RESERVED
+CVE-2018-17942 (The convert_to_decimal function in vasnprintf.c in Gnulib
before ...)
+ TODO: check
CVE-2018-17941
RESERVED
CVE-2018-17940
RESERVED
CVE-2018-17939
RESERVED
-CVE-2018-17938
- RESERVED
+CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content
spoofing via ...)
+ TODO: check
CVE-2018-17937
RESERVED
CVE-2018-17936
@@ -1640,7 +1684,7 @@ CVE-2018-17185
CVE-2018-17184
RESERVED
CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8.
The ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.10-1
NOTE:
https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
NOTE:
https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
@@ -1968,10 +2012,10 @@ CVE-2018-17056 (Cross-site scripting (XSS)
vulnerability in ServiceStack in Prog
NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17055 (An arbitrary file upload vulnerability in Progress Sitefinity
CMS ...)
NOT-FOR-US: Progress Sitefinity CMS
-CVE-2018-17054
- RESERVED
-CVE-2018-17053
- RESERVED
+CVE-2018-17054 (Cross-site scripting (XSS) vulnerability in Identity Server in
...)
+ TODO: check
+CVE-2018-17053 (Cross-site scripting (XSS) vulnerability in Identity Server in
...)
+ TODO: check
CVE-2018-17052
RESERVED
CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS
via ...)
@@ -2651,6 +2695,7 @@ CVE-2018-16750 (In ImageMagick 7.0.7-29 and earlier, a
memory leak in the ...)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/33d1b9590c401d4aee666ffd10b16868a38cf705
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/359331c61193138ce2b85331df25235b81499cfc
CVE-2018-16749 (In ImageMagick 7.0.7-29 and earlier, a missing NULL check in
...)
+ {DLA-1530-1}
- imagemagick 8:6.9.10.2+dfsg-2
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1119
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4
@@ -2860,7 +2905,7 @@ CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before
5.1.4, a crafted SIP m
NOTE:
https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d
(5.1)
NOTE:
https://github.com/kamailio/kamailio/commit/f07dabffef98c7088cdbc2bd695a4ae7a241b159
(5.0)
CVE-2018-16658 (An issue was discovered in the Linux kernel before 4.18.6. An
...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 (4.19-rc2)
CVE-2018-16656
@@ -2893,10 +2938,12 @@ CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj()
function in Parser.cc ma
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
NOTE: Proposed fix:
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67
CVE-2018-16645 (There is an excessive memory allocation issue in the functions
...)
+ {DLA-1530-1}
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1268
CVE-2018-16644 (There is a missing check for length in the functions
ReadDCMImage of ...)
+ {DLA-1530-1}
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135
@@ -2904,11 +2951,13 @@ CVE-2018-16644 (There is a missing check for length in
the functions ReadDCMImag
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/01ca29604515fa4ddf3180870827df5c8ec93ada
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1269
CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in
...)
+ {DLA-1530-1}
- imagemagick 8:6.9.10.8+dfsg-1
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1199
CVE-2018-16642 (The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37
allows ...)
+ {DLA-1530-1}
- imagemagick 8:6.9.10.2+dfsg-2
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/97bb5dc5aad1584557057d5062601aa151bf9a13
@@ -3498,12 +3547,14 @@ CVE-2018-16415
CVE-2018-16414
RESERVED
CVE-2018-16413 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in
the ...)
+ {DLA-1530-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1249
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1251
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12
CVE-2018-16412 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in
the ...)
+ {DLA-1530-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250
NOTE: Fixed with same patch as for issue #1249, as per upstream
discussion at
@@ -3836,7 +3887,7 @@ CVE-2018-16277 (The Image Import function in XWiki
through 10.7 has XSS. ...)
CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
NOT-FOR-US: OPSWAT MetaDefender
CVE-2018-16276 (An issue was discovered in yurex_read in
drivers/usb/misc/yurex.c in ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.8-1
NOTE: Fixed by:
https://git.kernel.org/linus/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 (4.18-rc5)
CVE-2018-16274
@@ -4071,23 +4122,23 @@ CVE-2018-16160
RESERVED
CVE-2018-16159 (The Gift Vouchers plugin through 2.0.1 for WordPress allows
SQL ...)
NOT-FOR-US: Gift Vouchers plugin for WordPress
-CVE-2018-16048 [gitlab: Missing Authorization Control API Repository Storage]
+CVE-2018-16048 (An issue was discovered in GitLab Community and Enterprise
Edition ...)
- gitlab <not-affected> (Only affects Enterprise edition)
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49947
NOTE:
https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
-CVE-2018-16051 [gitlab: Orphaned Upload Files Exposure]
+CVE-2018-16051 (An issue was discovered in GitLab Community and Enterprise
Edition ...)
- gitlab <unfixed>
NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/6012
NOTE:
https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-XXXX [gitlab: Missing CSRF in System Hooks]
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
-CVE-2018-16049 [gitlab: Sensitive Data Disclosure in Sidekiq Logs]
+CVE-2018-16049 (An issue was discovered in GitLab Community and Enterprise
Edition ...)
- gitlab <unfixed>
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/46967
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49272
NOTE:
https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
-CVE-2018-16050 [gitlab: Persistent XSS in Merge Request Changes View]
+CVE-2018-16050 (An issue was discovered in GitLab Community and Enterprise
Edition ...)
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Only affects 11.1 and 11.2)
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49085
@@ -5658,12 +5709,12 @@ CVE-2018-15574 (** DISPUTED ** An issue was discovered
in the license editor in
CVE-2018-15573 (** DISPUTED ** An issue was discovered in Reprise License
Manager (RLM) ...)
NOT-FOR-US: Reprise License Manager
CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1
mishandles ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.15-1
NOTE: https://twitter.com/grsecurity/status/1029324426142199808
NOTE:
https://git.kernel.org/linus/5800dc5c19f34e6e03b5adab1282535cb102fafd
CVE-2018-15572 (The spectre_v2_select_mitigation function in
arch/x86/kernel/cpu/bugs.c ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.15-1
NOTE:
https://git.kernel.org/linus/fdf82a7856b32d905c39afc85e34364491e46346
CVE-2018-15571 (The Export Users to CSV plugin through 1.1.1 for WordPress
allows CSV ...)
@@ -7302,8 +7353,8 @@ CVE-2018-14802 (Fuji Electric FRENIC LOADER v3.3
v7.3.4.1a of FRENIC-Mini (C1),
TODO: check
CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70
Cardiographs, all ...)
NOT-FOR-US: Philips PageWriter
-CVE-2018-14800
- RESERVED
+CVE-2018-14800 (Delta Electronics ISPSoft version 3.0.5 and prior allow an
attacker, ...)
+ TODO: check
CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70
Cardiographs, all ...)
NOT-FOR-US: Philips PageWriter
CVE-2018-14798 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini
(C1), ...)
@@ -7527,7 +7578,7 @@ CVE-2018-14735 (An Information Exposure issue was
discovered in Hitachi Command
CVE-2018-14733
RESERVED
CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through
4.17.11 ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.14-1
NOTE:
https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1)
CVE-2018-14732 (An issue was discovered in lib/Server.js in webpack-dev-server
before ...)
@@ -7632,7 +7683,7 @@ CVE-2018-14684
CVE-2018-14683
RESERVED
CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11,
as used in ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.14-1
NOTE: https://xenbits.xen.org/xsa/advisory-274.html
NOTE:
https://git.kernel.org/linus/b3681dd548d06deb2e1573890829dff4b15abf46
@@ -7778,7 +7829,7 @@ CVE-2018-14634 (An integer overflow flaw was found in the
Linux kernel's ...)
[stretch] - linux 4.9.47-1
NOTE: https://www.openwall.com/lists/oss-security/2018/09/25/4
CVE-2018-14633 (A security flaw was found in the chap_server_compute_md5()
function in ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.10-1
NOTE: https://www.openwall.com/lists/oss-security/2018/09/24/2
CVE-2018-14632 (An out of bound write can occur when patching an Openshift
object ...)
@@ -7839,7 +7890,7 @@ CVE-2018-14618 (curl before version 7.61.1 is vulnerable
to a buffer overrun in
NOTE: https://github.com/curl/curl/issues/2756
NOTE:
https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243
CVE-2018-14617 (An issue was discovered in the Linux kernel through 4.17.10.
There is a ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.8-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200297
NOTE: https://www.spinics.net/lists/linux-fsdevel/msg130021.html
@@ -7870,7 +7921,7 @@ CVE-2018-14610 (An issue was discovered in the Linux
kernel through 4.17.10. The
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
NOTE: https://patchwork.kernel.org/patch/10503415/
CVE-2018-14609 (An issue was discovered in the Linux kernel through 4.17.10.
There is ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.8-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199833
NOTE: https://patchwork.kernel.org/patch/10500521/
@@ -11526,7 +11577,7 @@ CVE-2018-13100 (An issue was discovered in
fs/f2fs/super.c in the Linux kernel t
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200183
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d
CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux
kernel through ...)
- {DSA-4308-1}
+ {DSA-4308-1 DLA-1531-1}
- linux 4.18.10-1
[jessie] - linux-4.9 <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179
@@ -13543,11 +13594,13 @@ CVE-2018-12388
RESERVED
CVE-2018-12387
RESERVED
+ {DSA-4310-1}
- firefox 62.0.3-1
- firefox-esr 60.2.2esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387
CVE-2018-12386
RESERVED
+ {DSA-4310-1}
- firefox 62.0.3-1
- firefox-esr 60.2.2esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
@@ -14371,8 +14424,8 @@ CVE-2018-12088 (S3QL before 2.27 mishandles
checksumming, and consequently allow
[jessie] - s3ql <ignored> (Minor issue, backports would change the file
system revision rendering it unable to read older file systems)
NOTE: https://groups.google.com/forum/#!topic/s3ql/4TzCVIMkA4o
NOTE:
https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020
-CVE-2018-12087
- RESERVED
+CVE-2018-12087 (Failure to validate certificates in OPC Foundation UA Client
...)
+ TODO: check
CVE-2018-12086 (Buffer overflow in OPC UA applications allows remote attackers
to ...)
TODO: check
CVE-2018-12085 (Liblouis 3.6.0 has a stack-based Buffer Overflow in the
function ...)
@@ -17423,7 +17476,7 @@ CVE-2018-10940 (The cdrom_ioctl_media_changed function
in drivers/cdrom/cdrom.c
CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8
before ...)
NOT-FOR-US: Zimbra Web Client
CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1
and ...)
- {DSA-4308-1}
+ {DSA-4308-1 DLA-1531-1}
- linux 4.13.4-1 (unimportant)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
@@ -17589,7 +17642,7 @@ CVE-2018-10903 (A flaw was found in python-cryptography
versions between >=1.
NOTE: https://github.com//pyca/cryptography/pull/4342
NOTE:
https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
CVE-2018-10902 (It was found that the raw midi kernel driver does not protect
against ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.15-1
NOTE:
https://git.kernel.org/linus/39675f7a7c7e7702f7d5341f1e0d01db746543a0 (4.18-rc6)
CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization
subsystem. The ...)
@@ -21100,7 +21153,7 @@ CVE-2018-9517
NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
CVE-2018-9516
RESERVED
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.6-1
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=717adfdaf14704fd3ec7fa2c04520c0723247eac
NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
@@ -21481,7 +21534,7 @@ CVE-2018-9364
RESERVED
CVE-2018-9363 [HID: Bluetooth: hidp: buffer overflow in hidp_process_report]
RESERVED
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.15-1
CVE-2018-9362
RESERVED
@@ -24935,7 +24988,7 @@ CVE-2018-8019 (When using an OCSP responder Apache
Tomcat Native 1.2.0 to 1.2.16
- tomcat-native 1.2.17-1
[stretch] - tomcat-native <no-dsa> (Minor issue)
NOTE: https://svn.apache.org/r1832832
-CVE-2018-8018 (Apache Ignite 2.5 and earlier serialization mechanism does not
have a ...)
+CVE-2018-8018 (In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the
serialization ...)
NOT-FOR-US: Apache Ignite
CVE-2018-8017 (In Apache Tika 1.2 to 1.18, a carefully crafted file can
trigger an ...)
- tika <unfixed>
@@ -25605,7 +25658,7 @@ CVE-2017-18222 (In the Linux kernel before 4.12,
Hisilicon Network Subsystem (HN
CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit)
devices ...)
NOT-FOR-US: RunExeFile.exe in the installer for DEWESoft X3 SP1 devices
CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.10-1
[jessie] - linux-4.9 <unfixed>
NOTE: https://lkml.org/lkml/2018/5/29/495
@@ -29029,8 +29082,8 @@ CVE-2018-6691
RESERVED
CVE-2018-6690 (Accessing, modifying, or executing executable files
vulnerability in ...)
TODO: check
-CVE-2018-6689
- RESERVED
+CVE-2018-6689 (Authentication Bypass vulnerability in McAfee Data Loss
Prevention ...)
+ TODO: check
CVE-2018-6688
RESERVED
CVE-2018-6687
@@ -29576,11 +29629,11 @@ CVE-2018-6556 (lxc-user-nic when asked to delete a
network interface will ...)
NOTE: Prerequisite:
https://github.com/lxc/lxc/commit/f96f5f3c1341e73ee51c8b49bef4ba571c562d8c
NOTE: Fixed by:
https://github.com/lxc/lxc/commit/5eb45428b312e978fb9e294dde16efb14dd9fa4d
CVE-2018-6555 (The irda_setsockopt function in net/irda/af_irda.c and later in
...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.3-1
NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6554 (Memory leak in the irda_bind function in net/irda/af_irda.c and
later ...)
- {DSA-4308-1 DLA-1529-1}
+ {DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.3-1
NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd
backend due ...)
@@ -36927,12 +36980,12 @@ CVE-2018-3997
RESERVED
CVE-2018-3996
RESERVED
-CVE-2018-3995
- RESERVED
-CVE-2018-3994
- RESERVED
-CVE-2018-3993
- RESERVED
+CVE-2018-3995 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-3994 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-3993 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-3992
RESERVED
CVE-2018-3991
@@ -36983,14 +37036,14 @@ CVE-2018-3969
RESERVED
CVE-2018-3968
RESERVED
-CVE-2018-3967
- RESERVED
-CVE-2018-3966
- RESERVED
-CVE-2018-3965
- RESERVED
-CVE-2018-3964
- RESERVED
+CVE-2018-3967 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-3966 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-3965 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
+CVE-2018-3964 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-3963
RESERVED
CVE-2018-3962 (A use-after-free vulnerability exists in the JavaScript engine
of ...)
@@ -37025,8 +37078,8 @@ CVE-2018-3948
RESERVED
CVE-2018-3947
RESERVED
-CVE-2018-3946
- RESERVED
+CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-3945
RESERVED
CVE-2018-3944 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
@@ -43101,10 +43154,10 @@ CVE-2018-1796
RESERVED
CVE-2018-1795
RESERVED
-CVE-2018-1794
- RESERVED
-CVE-2018-1793
- RESERVED
+CVE-2018-1794 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using
OAuth ...)
+ TODO: check
+CVE-2018-1793 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using
SAML ear ...)
+ TODO: check
CVE-2018-1792
RESERVED
CVE-2018-1791 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External
Service ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fa0064abd5b2f0a4483992c05b16e6fcd4f5c5e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fa0064abd5b2f0a4483992c05b16e6fcd4f5c5e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
