[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 03 Nov 2018 13:12:01 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
083199f1 by security tracker role at 2018-11-03T20:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12,8 +12,8 @@ CVE-2018-18911
        RESERVED
 CVE-2018-18910
        RESERVED
-CVE-2018-18909
-       RESERVED
+CVE-2018-18909 (xhEditor 1.2.2 allows XSS via JavaScript code in the SRC 
attribute of ...)
+       TODO: check
 CVE-2018-18908
        RESERVED
 CVE-2018-18907
@@ -6199,7 +6199,7 @@ CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin 
user can leverage a &quot;
        - limesurvey <itp> (bug #472802)
 CVE-2018-16396 [Tainted flags are not propagated in Array#pack and 
String#unpack with some directives]
        RESERVED
-       {DLA-1558-1}
+       {DSA-4332-1 DLA-1558-1}
        - ruby2.5 <unfixed> (bug #911920)
        - ruby2.3 <removed>
        - ruby2.1 <removed>
@@ -6207,7 +6207,7 @@ CVE-2018-16396 [Tainted flags are not propagated in 
Array#pack and String#unpack
        NOTE: 
https://github.com/ruby/ruby/commit/a2958f6743664006d21fc0bafd4ca6214df1d429
 CVE-2018-16395 [OpenSSL::X509::Name equality check does not work correctly]
        RESERVED
-       {DLA-1558-1}
+       {DSA-4332-1 DLA-1558-1}
        - ruby-openssl <unfixed> (bug #911918)
        - ruby2.5 <unfixed> (bug #911919)
        - ruby2.3 <removed>
@@ -10393,18 +10393,21 @@ CVE-2018-14663
 CVE-2018-14662
        RESERVED
 CVE-2018-14661 (It was found that usage of snprintf function in feature/locks 
...)
+       {DLA-1565-1}
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
        NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
        NOTE: 
http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
 CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 
and 3.1.2 ...)
+       {DLA-1565-1}
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
        NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/
        NOTE: 
http://git.gluster.org/cgit/glusterfs.git/commit/?id=9232f3937f81749120e2b1150116b09e7c575354
 CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is 
vulnerable ...)
+       {DLA-1565-1}
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
@@ -10422,12 +10425,14 @@ CVE-2018-14656 (A missing address check in the 
callers of the show_opcodes() in
 CVE-2018-14655
        RESERVED
 CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to 
abuse ...)
+       {DLA-1565-1}
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
        NOTE: https://review.gluster.org/#/c/glusterfs/+/21534/
        NOTE: 
http://git.gluster.org/cgit/glusterfs.git/commit/?id=923d0a56525111e1e24db19817419b4519a98090
 CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is 
vulnerable ...)
+       {DLA-1565-1}
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
@@ -10436,11 +10441,13 @@ CVE-2018-14653 (The Gluster file system through 
versions 4.1.4 and 3.12 is vulne
        NOTE: 
http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7
        NOTE: 
http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13
 CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is 
vulnerable ...)
+       {DLA-1565-1}
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
        NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
 CVE-2018-14651 (It was found that the fix for CVE-2018-10927, CVE-2018-10928, 
...)
+       {DLA-1565-1}
        - glusterfs <unfixed>
        [stretch] - glusterfs <not-affected> (Incomplete fixes for 
CVE-2018-109{26,27,28,29,30} not applied)
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/083199f1a747510ba6c85ab89b648d3f7523c76a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/083199f1a747510ba6c85ab89b648d3f7523c76a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to