[Git][security-tracker-team/security-tracker][master] Add four new keepalived issues

Thu, 08 Nov 2018 23:45:59 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc54ac17 by Salvatore Bonaccorso at 2018-11-09T07:41:08Z
Add four new keepalived issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,6 +2,11 @@ CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock 
up host]
        - xen <unfixed>
        [stretch] - xen <postponed> (Hold back until next DSA)
        NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
+CVE-2018-19115 [heap-based buffer overflow when parsing HTTP status]
+       - keepalived <unfixed>
+       NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
+       NOTE: https://github.com/acassen/keepalived/pull/961
+       NOTE: 
https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9
 CVE-2018-19114 (An issue was discovered in MinDoc through v1.0.2. It allows 
attackers ...)
        NOT-FOR-US: MinDoc
 CVE-2018-19113
@@ -159,12 +164,24 @@ CVE-2018-19048
        RESERVED
 CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web 
application ...)
        NOT-FOR-US: mPDF
-CVE-2018-19046
-       RESERVED
-CVE-2018-19045
-       RESERVED
-CVE-2018-19044
-       RESERVED
+CVE-2018-19046 [unsafe handling of /tmp files]
+       RESERVED
+       - keepalived <unfixed>
+       NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
+       NOTE: https://github.com/acassen/keepalived/issues/1048
+CVE-2018-19045 [unsafe modes for temporary files]
+       RESERVED
+       - keepalived <unfixed>
+       NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
+       NOTE: 
https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
+       NOTE: 
https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
+       NOTE: ttps://github.com/acassen/keepalived/issues/1048
+CVE-2018-19044 [improper check for pathnames with symlinks]
+       RESERVED
+       - keepalived <unfixed>
+       NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
+       NOTE: 
https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
+       NOTE: https://github.com/acassen/keepalived/issues/1048
 CVE-2018-19043
        RESERVED
 CVE-2018-19042



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc54ac170841efa00fc7d132b3f20cfa81b505ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc54ac170841efa00fc7d132b3f20cfa81b505ae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to