Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 09c15896 by security tracker role at 2018-11-06T20:10:26Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,141 @@ +CVE-2018-19048 + RESERVED +CVE-2018-19047 + RESERVED +CVE-2018-19046 + RESERVED +CVE-2018-19045 + RESERVED +CVE-2018-19044 + RESERVED +CVE-2018-19043 + RESERVED +CVE-2018-19042 + RESERVED +CVE-2018-19041 + RESERVED +CVE-2018-19040 + RESERVED +CVE-2018-19039 + RESERVED +CVE-2018-19038 + RESERVED +CVE-2018-19037 + RESERVED +CVE-2018-19036 + RESERVED +CVE-2018-19035 + RESERVED +CVE-2018-19034 + RESERVED +CVE-2018-19033 + RESERVED +CVE-2018-19032 + RESERVED +CVE-2018-19031 + RESERVED +CVE-2018-19030 + RESERVED +CVE-2018-19029 + RESERVED +CVE-2018-19028 + RESERVED +CVE-2018-19027 + RESERVED +CVE-2018-19026 + RESERVED +CVE-2018-19025 + RESERVED +CVE-2018-19024 + RESERVED +CVE-2018-19023 + RESERVED +CVE-2018-19022 + RESERVED +CVE-2018-19021 + RESERVED +CVE-2018-19020 + RESERVED +CVE-2018-19019 + RESERVED +CVE-2018-19018 + RESERVED +CVE-2018-19017 + RESERVED +CVE-2018-19016 + RESERVED +CVE-2018-19015 + RESERVED +CVE-2018-19014 + RESERVED +CVE-2018-19013 + RESERVED +CVE-2018-19012 + RESERVED +CVE-2018-19011 + RESERVED +CVE-2018-19010 + RESERVED +CVE-2018-19009 + RESERVED +CVE-2018-19008 + RESERVED +CVE-2018-19007 + RESERVED +CVE-2018-19006 + RESERVED +CVE-2018-19005 + RESERVED +CVE-2018-19004 + RESERVED +CVE-2018-19003 + RESERVED +CVE-2018-19002 + RESERVED +CVE-2018-19001 + RESERVED +CVE-2018-19000 + RESERVED +CVE-2018-18999 + RESERVED +CVE-2018-18998 + RESERVED +CVE-2018-18997 + RESERVED +CVE-2018-18996 + RESERVED +CVE-2018-18995 + RESERVED +CVE-2018-18994 + RESERVED +CVE-2018-18993 + RESERVED +CVE-2018-18992 + RESERVED +CVE-2018-18991 + RESERVED +CVE-2018-18990 + RESERVED +CVE-2018-18989 + RESERVED +CVE-2018-18988 + RESERVED +CVE-2018-18987 + RESERVED +CVE-2018-18986 + RESERVED +CVE-2018-18985 + RESERVED +CVE-2018-18984 + RESERVED +CVE-2018-18983 + RESERVED +CVE-2018-18982 + RESERVED +CVE-2018-18981 + RESERVED +CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...) + TODO: check CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager CVE-2018-18979 @@ -3666,6 +3804,7 @@ CVE-2018-17473 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) CVE-2018-17472 RESERVED + {DSA-4330-1} - chromium-browser 70.0.3538.67-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) CVE-2018-17471 @@ -4371,8 +4510,8 @@ CVE-2018-17186 RESERVED CVE-2018-17185 RESERVED -CVE-2018-17184 - RESERVED +CVE-2018-17184 (A malicious user with enough administration entitlements can inject ...) + TODO: check CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The ...) {DSA-4308-1 DLA-1531-1 DLA-1529-1} - linux 4.18.10-1 @@ -4849,8 +4988,8 @@ CVE-2018-16988 RESERVED CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external ...) NOT-FOR-US: Squash TM -CVE-2018-16986 - RESERVED +CVE-2018-16986 (Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 ...) + TODO: check CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...) NOT-FOR-US: Lizard CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which ...) @@ -5160,7 +5299,7 @@ CVE-2018-16843 - nginx <unfixed> NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...) - {DSA-4331-1} + {DSA-4331-1 DLA-1568-1} - curl 7.62.0-1 NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211 @@ -5174,7 +5313,7 @@ CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59. NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3 CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...) - {DSA-4331-1} + {DSA-4331-1 DLA-1568-1} - curl 7.62.0-1 NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5 @@ -6101,14 +6240,14 @@ CVE-2018-16477 RESERVED CVE-2018-16476 RESERVED -CVE-2018-16475 - RESERVED -CVE-2018-16474 - RESERVED -CVE-2018-16473 - RESERVED -CVE-2018-16472 - RESERVED +CVE-2018-16475 (A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to ...) + TODO: check +CVE-2018-16474 (A stored xss in tianma-static module versions <=1.0.4 allows an ...) + TODO: check +CVE-2018-16473 (A path traversal in takeapeek module versions <=0.2.2 allows an ...) + TODO: check +CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions <=1.0.1 ...) + TODO: check CVE-2018-16471 [Possible XSS vulnerability in Rack] RESERVED - ruby-rack <unfixed> (bug #913005) @@ -24116,8 +24255,7 @@ CVE-2018-9517 [jessie] - linux 3.16.51-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f026bc29a8e093edfbb2a77700454b285c97e8ad NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01 -CVE-2018-9516 - RESERVED +CVE-2018-9516 (In hid_debug_events_read of drivers/hid/hid-debug.c, there is a ...) {DSA-4308-1 DLA-1531-1 DLA-1529-1} - linux 4.17.6-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=717adfdaf14704fd3ec7fa2c04520c0723247eac @@ -24174,10 +24312,9 @@ CVE-2018-9491 (In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a pos NOT-FOR-US: Android CVE-2018-9490 (In CollectValuesOrEntriesImpl of elements.cc, there is possible remote ...) NOT-FOR-US: Android -CVE-2018-9489 - RESERVED -CVE-2018-9488 - RESERVED +CVE-2018-9489 (When wifi is switched, function sendNetworkStateChangeBroadcast of ...) + TODO: check +CVE-2018-9488 (In the SELinux permissions of crash_dump.te, there is a permissions ...) NOT-FOR-US: Android CVE-2018-9487 RESERVED @@ -24242,8 +24379,7 @@ CVE-2018-9467 CVE-2018-9466 RESERVED NOT-FOR-US: Android -CVE-2018-9465 - RESERVED +CVE-2018-9465 (In task_get_unused_fd_flags of binder.c, there is a possible memory ...) - linux 4.14.12-1 (unimportant) NOTE: Android drivers from staging not enabled in any released suite NOTE: https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1 @@ -24257,49 +24393,38 @@ CVE-2018-9461 RESERVED CVE-2018-9460 RESERVED -CVE-2018-9459 - RESERVED +CVE-2018-9459 (In Attachment of Attachment.java and getFilePath of ...) NOT-FOR-US: Android -CVE-2018-9458 - RESERVED +CVE-2018-9458 (In computeFocusedWindow of RootWindowContainer.java, and related ...) NOT-FOR-US: Android CVE-2018-9457 RESERVED CVE-2018-9456 RESERVED NOT-FOR-US: Android -CVE-2018-9455 - RESERVED +CVE-2018-9455 (In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of ...) NOT-FOR-US: Android -CVE-2018-9454 - RESERVED +CVE-2018-9454 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...) NOT-FOR-US: Android -CVE-2018-9453 - RESERVED +CVE-2018-9453 (In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2018-9452 (In getOffsetForHorizontal of Layout.java, there is a possible ...) NOT-FOR-US: Android -CVE-2018-9451 - RESERVED +CVE-2018-9451 (In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out ...) NOT-FOR-US: Android -CVE-2018-9450 - RESERVED +CVE-2018-9450 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2018-9449 RESERVED -CVE-2018-9448 - RESERVED +CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2018-9447 RESERVED -CVE-2018-9446 - RESERVED +CVE-2018-9446 (In smp_br_state_machine_event of smp_br_main.cc, there is a possible ...) NOT-FOR-US: Android -CVE-2018-9445 - RESERVED +CVE-2018-9445 (In readMetadata of Utils.cpp, there is a possible path traversal bug ...) NOT-FOR-US: Android -CVE-2018-9444 - RESERVED +CVE-2018-9444 (In ih264d_video_decode of ih264d_api.c there is a possible resource ...) NOT-FOR-US: Android Media Framework CVE-2018-9443 RESERVED @@ -24312,14 +24437,11 @@ CVE-2018-9440 NOT-FOR-US: Android Media Framework CVE-2018-9439 RESERVED -CVE-2018-9438 - RESERVED +CVE-2018-9438 (When a device connects only over WiFi VPN, the device may not receive ...) NOT-FOR-US: Android -CVE-2018-9437 - RESERVED +CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read due to ...) NOT-FOR-US: Android Media Framework -CVE-2018-9436 - RESERVED +CVE-2018-9436 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2018-9435 RESERVED @@ -24344,8 +24466,7 @@ CVE-2018-9429 CVE-2018-9428 RESERVED NOT-FOR-US: Android Media Framework -CVE-2018-9427 - RESERVED +CVE-2018-9427 (In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds ...) NOT-FOR-US: Android Media Framework CVE-2018-9426 RESERVED @@ -24358,8 +24479,7 @@ CVE-2018-9424 CVE-2018-9423 RESERVED NOT-FOR-US: Android Media Framework -CVE-2018-9422 - RESERVED +CVE-2018-9422 (In get_futex_key of futex.c, there is a use-after-free due to improper ...) {DLA-1422-1} - linux 4.6.1-1 NOTE: https://git.kernel.org/linus/65d8fc777f6dcfee12785c057a6b57f679641c90 @@ -24381,8 +24501,7 @@ CVE-2018-9417 CVE-2018-9416 RESERVED NOT-FOR-US: Android kernel (no source release, so not from upstream kernel) -CVE-2018-9415 - RESERVED +CVE-2018-9415 (In driver_override_store and driver_override_show of bus.c, there is a ...) - linux 4.16.12-1 [stretch] - linux 4.9.107-1 [jessie] - linux <not-affected> (Vulnerable code not present) @@ -24451,8 +24570,7 @@ CVE-2018-9387 RESERVED CVE-2018-9386 RESERVED -CVE-2018-9385 [ARM: amba: Don't read past the end of sysfs "driver_override" buffer] - RESERVED +CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bounds ...) - linux 4.16.12-1 [stretch] - linux 4.9.107-1 [jessie] - linux <not-affected> (Vulnerable code not present) @@ -24502,26 +24620,25 @@ CVE-2018-9365 NOT-FOR-US: Android CVE-2018-9364 RESERVED -CVE-2018-9363 [HID: Bluetooth: hidp: buffer overflow in hidp_process_report] - RESERVED +CVE-2018-9363 (In the hidp_process_report in bluetooth, there is an integer overflow. ...) {DSA-4308-1 DLA-1531-1 DLA-1529-1} - linux 4.17.15-1 -CVE-2018-9362 - RESERVED -CVE-2018-9361 - RESERVED -CVE-2018-9360 - RESERVED -CVE-2018-9359 - RESERVED -CVE-2018-9358 - RESERVED -CVE-2018-9357 - RESERVED -CVE-2018-9356 - RESERVED -CVE-2018-9355 - RESERVED +CVE-2018-9362 (In processMessagePart of InboundSmsHandler.java, there is a possible ...) + TODO: check +CVE-2018-9361 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...) + TODO: check +CVE-2018-9360 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...) + TODO: check +CVE-2018-9359 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...) + TODO: check +CVE-2018-9358 (In gatts_process_attribute_req of gatt_sc.cc, there is a possible read ...) + TODO: check +CVE-2018-9357 (In BNEP_Write of bnep_api.cc, there is a possible out of bounds write ...) + TODO: check +CVE-2018-9356 (In bnep_data_ind of bnep_main.c, there is a possible remote code ...) + TODO: check +CVE-2018-9355 (In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of ...) + TODO: check CVE-2018-9354 RESERVED CVE-2018-9353 @@ -46450,8 +46567,8 @@ CVE-2018-1696 RESERVED CVE-2018-1695 (IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations ...) NOT-FOR-US: IBM -CVE-2018-1694 - RESERVED +CVE-2018-1694 (IBM Jazz applications (IBM Rational Collaborative Lifecycle Management ...) + TODO: check CVE-2018-1693 RESERVED CVE-2018-1692 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) @@ -46626,8 +46743,8 @@ CVE-2018-1608 RESERVED CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...) NOT-FOR-US: IBM -CVE-2018-1606 - RESERVED +CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle ...) + TODO: check CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) NOT-FOR-US: IBM CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) @@ -102217,7 +102334,7 @@ CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4) NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3 CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when ...) - {DLA-767-1} + {DLA-1568-1 DLA-767-1} - curl 7.52.1-1 (bug #848958) NOTE: https://curl.haxx.se/docs/adv_20161221A.html NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9 @@ -110065,7 +110182,7 @@ CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_uplo NOTE: Fixed in 4.6.1 release upstream NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38538 CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...) - {DLA-625-1} + {DLA-1568-1 DLA-625-1} - curl 7.51.0-1 (bug #837945) NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch @@ -110201,7 +110318,7 @@ CVE-2016-7136 (z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 al CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and ...) NOT-FOR-US: Plone CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...) - {DLA-616-1} + {DLA-1568-1 DLA-616-1} - curl 7.51.0-1 (bug #836918) NOTE: Only affects libcurl3-nss NOTE: http://seclists.org/oss-sec/2016/q3/419 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09c158966827c99c0f7dafc000f84ceb0657f49d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09c158966827c99c0f7dafc000f84ceb0657f49d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits