Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cec20b7e by security tracker role at 2018-10-26T08:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,10 @@
-CVE-2018-18655 [information disclosure]
+CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with
UEFI ...)
+ TODO: check
+CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup
Appliance ...)
+ TODO: check
+CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a
user's ...)
- prayer <unfixed> (bug #911842)
-CVE-2018-18654 [package build vulnerable to insecure use of /tmp]
+CVE-2018-18654 (Crossroads 2.81 does not properly handle the /tmp directory
during a ...)
- crossroads <unfixed> (unimportant; bug #911877)
NOTE: Issue exploitable only during build of package
CVE-2018-18651 (An issue was discovered in Xpdf 4.00.
catalog->getNumPages() in ...)
@@ -1937,8 +1941,8 @@ CVE-2018-17906
RESERVED
CVE-2018-17905
RESERVED
-CVE-2018-17904
- RESERVED
+CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This
...)
+ TODO: check
CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are
vulnerable to ...)
NOT-FOR-US: SAGA1-L8B
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500,
All ...)
@@ -9682,8 +9686,8 @@ CVE-2018-14667
RESERVED
CVE-2018-14666
RESERVED
-CVE-2018-14665 [Privilege escalation and file overwrite in X.Org X server]
- RESERVED
+CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An
incorrect ...)
+ {DSA-4328-1}
- xorg-server 2:1.20.3-1
NOTE: Introduced by:
https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7d04d47814a5b3a9fdd162249fea74c
(1.19.0)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
@@ -15614,7 +15618,7 @@ CVE-2018-12386 (A vulnerability in register allocation
in JavaScript can lead to
- firefox-esr 60.2.2esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used
for SSL ...)
- {DSA-4304-1}
+ {DSA-4327-1 DSA-4304-1}
- firefox 62.0.2-1
- firefox-esr 60.2.1esr-1
- thunderbird 1:60.2.1-1
@@ -15631,7 +15635,7 @@ CVE-2018-12384 [ServerHello.random is all zero when
handling a v2-compatible Cli
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set
a ...)
- {DSA-4304-1}
+ {DSA-4327-1 DSA-4304-1}
- firefox 62.0-1
- firefox-esr 60.2.1esr-1
- thunderbird 1:60.2.1-1
@@ -15649,6 +15653,7 @@ CVE-2018-12381 (Manually dragging and dropping an
Outlook email message into the
CVE-2018-12380
RESERVED
CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which
contains a very ...)
+ {DSA-4327-1}
- firefox 62.0-1 (unimportant)
- firefox-esr 60.2.0esr-1 (unimportant)
[stretch] - firefox-esr 60.2.0esr-1~deb9u2
@@ -15657,7 +15662,7 @@ CVE-2018-12379 (When the Mozilla Updater opens a MAR
format file which contains
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB
index is ...)
- {DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -15665,7 +15670,7 @@ CVE-2018-12378 (A use-after-free vulnerability can
occur when an IndexedDB index
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378
CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver
timers ...)
- {DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -15673,7 +15678,7 @@ CVE-2018-12377 (A use-after-free vulnerability can
occur when refresh driver tim
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377
CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1.
Some of ...)
- {DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -41906,6 +41911,7 @@ CVE-2018-3216
CVE-2018-3215 (Vulnerability in the Oracle Endeca Information Discovery
Integrator ...)
NOT-FOR-US: Oracle
CVE-2018-3214 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
CVE-2018-3213 (Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion ...)
@@ -41984,6 +41990,7 @@ CVE-2018-3185 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-3184 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion
...)
NOT-FOR-US: Oracle
CVE-2018-3183 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
+ {DSA-4326-1}
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
@@ -41993,6 +42000,7 @@ CVE-2018-3182 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-3181 (Vulnerability in the Oracle Hospitality Cruise Shipboard
Property ...)
NOT-FOR-US: Oracle
CVE-2018-3180 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -42026,6 +42034,7 @@ CVE-2018-3170 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3169 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -42078,6 +42087,7 @@ CVE-2018-3150 (Vulnerability in the Java SE component
of Oracle Java SE ...)
- openjdk-10 10.0.2+13-2
- openjdk-11 11.0.1+13-1
CVE-2018-3149 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -42107,6 +42117,7 @@ CVE-2018-3141 (Vulnerability in the Hyperion Essbase
Administration Services ...
CVE-2018-3140 (Vulnerability in the Hyperion Essbase Administration Services
...)
NOT-FOR-US: Oracle
CVE-2018-3139 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -42118,6 +42129,7 @@ CVE-2018-3137 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3136 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -52836,6 +52848,7 @@ CVE-2017-16543 (Zoho ManageEngine Applications Manager
13 before build 13500 all
CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500
allows ...)
NOT-FOR-US: Zoho
CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote
attackers to ...)
+ {DSA-4327-1}
- firefox 62.0-1 (unimportant)
- firefox-esr 60.2.0esr-1 (unimportant)
[stretch] - firefox-esr 60.2.0esr-1~deb9u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec20b7eb7267f16b8aa1b3729412a6f5ab3a5c6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec20b7eb7267f16b8aa1b3729412a6f5ab3a5c6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
