[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Tue, 04 Dec 2018 07:47:16 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f342447a by Moritz Muehlenhoff at 2018-12-04T15:46:08Z
NFUs
tiff updates

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9730,7 +9730,8 @@ CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. 
There are two out-of-b
        NOTE: 
https://gitlab.com/libtiff/libtiff/commit/f1b94e8a3ba49febdd3361c0214a1d1149251577
 CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 
overflow in ...)
        {DLA-1557-1}
-       - tiff 4.0.9+git181026-1 (bug #909038)
+       - tiff 4.0.9+git181026-1 (low; bug #909038)
+       [stretch] - tiff <postponed> (Minor issue)
        - tiff3 <removed>
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
        NOTE: 
https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
@@ -9973,6 +9974,7 @@ CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML 
Injection and Stored XSS ..
        NOT-FOR-US: RICOH
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at 
tif_unix.c ...)
        - tiff <unfixed> (bug #908778)
+       [stretch] - tiff <postponed> (Minor issue)
        - tiff3 <removed>
        [jessie] - tiff <postponed> (Can be fixed along in future DLA)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2811
@@ -36203,15 +36205,15 @@ CVE-2018-7118
 CVE-2018-7117
        RESERVED
 CVE-2018-7116 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 
...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2018-7115 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 
...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2018-7114 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 
...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2018-7113 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) 
prior ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2018-7112 (The HPE-provided Windows firmware installer for certain Gen9, 
Gen8, ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2018-7111 (A remote unauthorized access vulnerability was identified in 
HPE UIoT ...)
        NOT-FOR-US: HPE
 CVE-2018-7110 (A remote unauthorized disclosure of information vulnerability 
was ...)
@@ -38296,9 +38298,9 @@ CVE-2018-6442 (A vulnerability in the Brocade Webtools 
firmware update section o
 CVE-2018-6441 (A vulnerability in Secure Shell implementation of Brocade 
Fabric OS ...)
        NOT-FOR-US: Brocade
 CVE-2018-6440 (A vulnerability in the proxy service of Brocade Fabric OS 
versions ...)
-       TODO: check
+       NOT-FOR-US: Brocade
 CVE-2018-6439 (A Vulnerability in the configdownload command of Brocade Fabric 
OS ...)
-       TODO: check
+       NOT-FOR-US: Brocade
 CVE-2018-6438 (A Vulnerability in the supportsave command of Brocade Fabric OS 
...)
        NOT-FOR-US: Brocade
 CVE-2018-6437 (A Vulnerability in the help command of Brocade Fabric OS 
command line ...)
@@ -45187,11 +45189,11 @@ CVE-2018-4022 (A use-after-free vulnerability exists 
in the way MKVToolNix MKVIN
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694
        NOTE: 
https://gitlab.com/mbunkus/mkvtoolnix/commit/43021d16c7bcd3f9f70214827755a5163782b633
 CVE-2018-4021 (An exploitable command injection vulnerability exists in the 
way ...)
-       TODO: check
+       NOT-FOR-US: pfSense
 CVE-2018-4020 (An exploitable command injection vulnerability exists in the 
way ...)
-       TODO: check
+       NOT-FOR-US: pfSense
 CVE-2018-4019 (An exploitable command injection vulnerability exists in the 
way ...)
-       TODO: check
+       NOT-FOR-US: pfSense
 CVE-2018-4018
        RESERVED
 CVE-2018-4017
@@ -45531,7 +45533,7 @@ CVE-2018-3856 (An exploitable vulnerability exists in 
the smart cameras RTSP ...
 CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
        NOT-FOR-US: Hyland Perceptive Document Filters
 CVE-2018-3854 (An exploitable information disclosure vulnerability exists in 
the ...)
-       TODO: check
+       NOT-FOR-US: Quicken
 CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
        NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3852 (An exploitable denial of service vulnerability exists in the 
Ocularis ...)
@@ -51465,7 +51467,7 @@ CVE-2018-1842 (IBM Cognos Analytics 11 Configuration 
tool, under certain ...)
 CVE-2018-1841 (IBM Cloud Private 2.1.0 could allow a local user to obtain the 
CA ...)
        NOT-FOR-US: IBM
 CVE-2018-1840 (IBM WebSphere Application Server 8.5 and 9.0 could allow a 
remote ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2018-1839
        RESERVED
 CVE-2018-1838 (IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could 
allow ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -30,9 +30,6 @@ libphp-phpmailer (carnil)
 --
 libspring-java
 --
-libxml2 (carnil)
-  Re-evaluate situation for unstable first, risky to expose some fixes directly
---
 linux
   Wait until more issues have piled up
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f342447ae67c68a4326e68ca71d9a1d53d86798f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f342447ae67c68a4326e68ca71d9a1d53d86798f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to