Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cec20b7e by security tracker role at 2018-10-26T08:10:22Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,6 +1,10 @@ -CVE-2018-18655 [information disclosure] +CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI ...) + TODO: check +CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup Appliance ...) + TODO: check +CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a user's ...) - prayer <unfixed> (bug #911842) -CVE-2018-18654 [package build vulnerable to insecure use of /tmp] +CVE-2018-18654 (Crossroads 2.81 does not properly handle the /tmp directory during a ...) - crossroads <unfixed> (unimportant; bug #911877) NOTE: Issue exploitable only during build of package CVE-2018-18651 (An issue was discovered in Xpdf 4.00. catalog->getNumPages() in ...) @@ -1937,8 +1941,8 @@ CVE-2018-17906 RESERVED CVE-2018-17905 RESERVED -CVE-2018-17904 - RESERVED +CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This ...) + TODO: check CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...) NOT-FOR-US: SAGA1-L8B CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...) @@ -9682,8 +9686,8 @@ CVE-2018-14667 RESERVED CVE-2018-14666 RESERVED -CVE-2018-14665 [Privilege escalation and file overwrite in X.Org X server] - RESERVED +CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An incorrect ...) + {DSA-4328-1} - xorg-server 2:1.20.3-1 NOTE: Introduced by: https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7d04d47814a5b3a9fdd162249fea74c (1.19.0) NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e @@ -15614,7 +15618,7 @@ CVE-2018-12386 (A vulnerability in register allocation in JavaScript can lead to - firefox-esr 60.2.2esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386 CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used for SSL ...) - {DSA-4304-1} + {DSA-4327-1 DSA-4304-1} - firefox 62.0.2-1 - firefox-esr 60.2.1esr-1 - thunderbird 1:60.2.1-1 @@ -15631,7 +15635,7 @@ CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible Cli NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089 CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set a ...) - {DSA-4304-1} + {DSA-4327-1 DSA-4304-1} - firefox 62.0-1 - firefox-esr 60.2.1esr-1 - thunderbird 1:60.2.1-1 @@ -15649,6 +15653,7 @@ CVE-2018-12381 (Manually dragging and dropping an Outlook email message into the CVE-2018-12380 RESERVED CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains a very ...) + {DSA-4327-1} - firefox 62.0-1 (unimportant) - firefox-esr 60.2.0esr-1 (unimportant) [stretch] - firefox-esr 60.2.0esr-1~deb9u2 @@ -15657,7 +15662,7 @@ CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379 CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index is ...) - {DSA-4287-1} + {DSA-4327-1 DSA-4287-1} - firefox 62.0-1 - firefox-esr 60.2.0esr-1 - thunderbird 1:60.2.1-1 @@ -15665,7 +15670,7 @@ CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378 CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver timers ...) - {DSA-4287-1} + {DSA-4327-1 DSA-4287-1} - firefox 62.0-1 - firefox-esr 60.2.0esr-1 - thunderbird 1:60.2.1-1 @@ -15673,7 +15678,7 @@ CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver tim NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377 CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...) - {DSA-4287-1} + {DSA-4327-1 DSA-4287-1} - firefox 62.0-1 - firefox-esr 60.2.0esr-1 - thunderbird 1:60.2.1-1 @@ -41906,6 +41911,7 @@ CVE-2018-3216 CVE-2018-3215 (Vulnerability in the Oracle Endeca Information Discovery Integrator ...) NOT-FOR-US: Oracle CVE-2018-3214 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) + {DSA-4326-1} - openjdk-7 <removed> - openjdk-8 8u181-b13-2 CVE-2018-3213 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) @@ -41984,6 +41990,7 @@ CVE-2018-3185 (Vulnerability in the MySQL Server component of Oracle MySQL ...) CVE-2018-3184 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion ...) NOT-FOR-US: Oracle CVE-2018-3183 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) + {DSA-4326-1} - openjdk-8 8u181-b13-2 - openjdk-10 10.0.2+13-2 CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL ...) @@ -41993,6 +42000,7 @@ CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL ...) CVE-2018-3181 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...) NOT-FOR-US: Oracle CVE-2018-3180 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) + {DSA-4326-1} - openjdk-7 <removed> - openjdk-8 8u181-b13-2 - openjdk-10 10.0.2+13-2 @@ -42026,6 +42034,7 @@ CVE-2018-3170 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.5 <not-affected> (Only affects MySQL 8) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL CVE-2018-3169 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) + {DSA-4326-1} - openjdk-7 <removed> - openjdk-8 8u181-b13-2 - openjdk-10 10.0.2+13-2 @@ -42078,6 +42087,7 @@ CVE-2018-3150 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-10 10.0.2+13-2 - openjdk-11 11.0.1+13-1 CVE-2018-3149 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) + {DSA-4326-1} - openjdk-7 <removed> - openjdk-8 8u181-b13-2 - openjdk-10 10.0.2+13-2 @@ -42107,6 +42117,7 @@ CVE-2018-3141 (Vulnerability in the Hyperion Essbase Administration Services ... CVE-2018-3140 (Vulnerability in the Hyperion Essbase Administration Services ...) NOT-FOR-US: Oracle CVE-2018-3139 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) + {DSA-4326-1} - openjdk-7 <removed> - openjdk-8 8u181-b13-2 - openjdk-10 10.0.2+13-2 @@ -42118,6 +42129,7 @@ CVE-2018-3137 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.5 <not-affected> (Only affects MySQL 8) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL CVE-2018-3136 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) + {DSA-4326-1} - openjdk-7 <removed> - openjdk-8 8u181-b13-2 - openjdk-10 10.0.2+13-2 @@ -52836,6 +52848,7 @@ CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500 all CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500 allows ...) NOT-FOR-US: Zoho CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...) + {DSA-4327-1} - firefox 62.0-1 (unimportant) - firefox-esr 60.2.0esr-1 (unimportant) [stretch] - firefox-esr 60.2.0esr-1~deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec20b7eb7267f16b8aa1b3729412a6f5ab3a5c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec20b7eb7267f16b8aa1b3729412a6f5ab3a5c6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits