Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abad986a by security tracker role at 2019-02-28T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,515 @@
+CVE-2019-9481
+ RESERVED
+CVE-2019-9480
+ RESERVED
+CVE-2019-9479
+ RESERVED
+CVE-2019-9478
+ RESERVED
+CVE-2019-9477
+ RESERVED
+CVE-2019-9476
+ RESERVED
+CVE-2019-9475
+ RESERVED
+CVE-2019-9474
+ RESERVED
+CVE-2019-9473
+ RESERVED
+CVE-2019-9472
+ RESERVED
+CVE-2019-9471
+ RESERVED
+CVE-2019-9470
+ RESERVED
+CVE-2019-9469
+ RESERVED
+CVE-2019-9468
+ RESERVED
+CVE-2019-9467
+ RESERVED
+CVE-2019-9466
+ RESERVED
+CVE-2019-9465
+ RESERVED
+CVE-2019-9464
+ RESERVED
+CVE-2019-9463
+ RESERVED
+CVE-2019-9462
+ RESERVED
+CVE-2019-9461
+ RESERVED
+CVE-2019-9460
+ RESERVED
+CVE-2019-9459
+ RESERVED
+CVE-2019-9458
+ RESERVED
+CVE-2019-9457
+ RESERVED
+CVE-2019-9456
+ RESERVED
+CVE-2019-9455
+ RESERVED
+CVE-2019-9454
+ RESERVED
+CVE-2019-9453
+ RESERVED
+CVE-2019-9452
+ RESERVED
+CVE-2019-9451
+ RESERVED
+CVE-2019-9450
+ RESERVED
+CVE-2019-9449
+ RESERVED
+CVE-2019-9448
+ RESERVED
+CVE-2019-9447
+ RESERVED
+CVE-2019-9446
+ RESERVED
+CVE-2019-9445
+ RESERVED
+CVE-2019-9444
+ RESERVED
+CVE-2019-9443
+ RESERVED
+CVE-2019-9442
+ RESERVED
+CVE-2019-9441
+ RESERVED
+CVE-2019-9440
+ RESERVED
+CVE-2019-9439
+ RESERVED
+CVE-2019-9438
+ RESERVED
+CVE-2019-9437
+ RESERVED
+CVE-2019-9436
+ RESERVED
+CVE-2019-9435
+ RESERVED
+CVE-2019-9434
+ RESERVED
+CVE-2019-9433
+ RESERVED
+CVE-2019-9432
+ RESERVED
+CVE-2019-9431
+ RESERVED
+CVE-2019-9430
+ RESERVED
+CVE-2019-9429
+ RESERVED
+CVE-2019-9428
+ RESERVED
+CVE-2019-9427
+ RESERVED
+CVE-2019-9426
+ RESERVED
+CVE-2019-9425
+ RESERVED
+CVE-2019-9424
+ RESERVED
+CVE-2019-9423
+ RESERVED
+CVE-2019-9422
+ RESERVED
+CVE-2019-9421
+ RESERVED
+CVE-2019-9420
+ RESERVED
+CVE-2019-9419
+ RESERVED
+CVE-2019-9418
+ RESERVED
+CVE-2019-9417
+ RESERVED
+CVE-2019-9416
+ RESERVED
+CVE-2019-9415
+ RESERVED
+CVE-2019-9414
+ RESERVED
+CVE-2019-9413
+ RESERVED
+CVE-2019-9412
+ RESERVED
+CVE-2019-9411
+ RESERVED
+CVE-2019-9410
+ RESERVED
+CVE-2019-9409
+ RESERVED
+CVE-2019-9408
+ RESERVED
+CVE-2019-9407
+ RESERVED
+CVE-2019-9406
+ RESERVED
+CVE-2019-9405
+ RESERVED
+CVE-2019-9404
+ RESERVED
+CVE-2019-9403
+ RESERVED
+CVE-2019-9402
+ RESERVED
+CVE-2019-9401
+ RESERVED
+CVE-2019-9400
+ RESERVED
+CVE-2019-9399
+ RESERVED
+CVE-2019-9398
+ RESERVED
+CVE-2019-9397
+ RESERVED
+CVE-2019-9396
+ RESERVED
+CVE-2019-9395
+ RESERVED
+CVE-2019-9394
+ RESERVED
+CVE-2019-9393
+ RESERVED
+CVE-2019-9392
+ RESERVED
+CVE-2019-9391
+ RESERVED
+CVE-2019-9390
+ RESERVED
+CVE-2019-9389
+ RESERVED
+CVE-2019-9388
+ RESERVED
+CVE-2019-9387
+ RESERVED
+CVE-2019-9386
+ RESERVED
+CVE-2019-9385
+ RESERVED
+CVE-2019-9384
+ RESERVED
+CVE-2019-9383
+ RESERVED
+CVE-2019-9382
+ RESERVED
+CVE-2019-9381
+ RESERVED
+CVE-2019-9380
+ RESERVED
+CVE-2019-9379
+ RESERVED
+CVE-2019-9378
+ RESERVED
+CVE-2019-9377
+ RESERVED
+CVE-2019-9376
+ RESERVED
+CVE-2019-9375
+ RESERVED
+CVE-2019-9374
+ RESERVED
+CVE-2019-9373
+ RESERVED
+CVE-2019-9372
+ RESERVED
+CVE-2019-9371
+ RESERVED
+CVE-2019-9370
+ RESERVED
+CVE-2019-9369
+ RESERVED
+CVE-2019-9368
+ RESERVED
+CVE-2019-9367
+ RESERVED
+CVE-2019-9366
+ RESERVED
+CVE-2019-9365
+ RESERVED
+CVE-2019-9364
+ RESERVED
+CVE-2019-9363
+ RESERVED
+CVE-2019-9362
+ RESERVED
+CVE-2019-9361
+ RESERVED
+CVE-2019-9360
+ RESERVED
+CVE-2019-9359
+ RESERVED
+CVE-2019-9358
+ RESERVED
+CVE-2019-9357
+ RESERVED
+CVE-2019-9356
+ RESERVED
+CVE-2019-9355
+ RESERVED
+CVE-2019-9354
+ RESERVED
+CVE-2019-9353
+ RESERVED
+CVE-2019-9352
+ RESERVED
+CVE-2019-9351
+ RESERVED
+CVE-2019-9350
+ RESERVED
+CVE-2019-9349
+ RESERVED
+CVE-2019-9348
+ RESERVED
+CVE-2019-9347
+ RESERVED
+CVE-2019-9346
+ RESERVED
+CVE-2019-9345
+ RESERVED
+CVE-2019-9344
+ RESERVED
+CVE-2019-9343
+ RESERVED
+CVE-2019-9342
+ RESERVED
+CVE-2019-9341
+ RESERVED
+CVE-2019-9340
+ RESERVED
+CVE-2019-9339
+ RESERVED
+CVE-2019-9338
+ RESERVED
+CVE-2019-9337
+ RESERVED
+CVE-2019-9336
+ RESERVED
+CVE-2019-9335
+ RESERVED
+CVE-2019-9334
+ RESERVED
+CVE-2019-9333
+ RESERVED
+CVE-2019-9332
+ RESERVED
+CVE-2019-9331
+ RESERVED
+CVE-2019-9330
+ RESERVED
+CVE-2019-9329
+ RESERVED
+CVE-2019-9328
+ RESERVED
+CVE-2019-9327
+ RESERVED
+CVE-2019-9326
+ RESERVED
+CVE-2019-9325
+ RESERVED
+CVE-2019-9324
+ RESERVED
+CVE-2019-9323
+ RESERVED
+CVE-2019-9322
+ RESERVED
+CVE-2019-9321
+ RESERVED
+CVE-2019-9320
+ RESERVED
+CVE-2019-9319
+ RESERVED
+CVE-2019-9318
+ RESERVED
+CVE-2019-9317
+ RESERVED
+CVE-2019-9316
+ RESERVED
+CVE-2019-9315
+ RESERVED
+CVE-2019-9314
+ RESERVED
+CVE-2019-9313
+ RESERVED
+CVE-2019-9312
+ RESERVED
+CVE-2019-9311
+ RESERVED
+CVE-2019-9310
+ RESERVED
+CVE-2019-9309
+ RESERVED
+CVE-2019-9308
+ RESERVED
+CVE-2019-9307
+ RESERVED
+CVE-2019-9306
+ RESERVED
+CVE-2019-9305
+ RESERVED
+CVE-2019-9304
+ RESERVED
+CVE-2019-9303
+ RESERVED
+CVE-2019-9302
+ RESERVED
+CVE-2019-9301
+ RESERVED
+CVE-2019-9300
+ RESERVED
+CVE-2019-9299
+ RESERVED
+CVE-2019-9298
+ RESERVED
+CVE-2019-9297
+ RESERVED
+CVE-2019-9296
+ RESERVED
+CVE-2019-9295
+ RESERVED
+CVE-2019-9294
+ RESERVED
+CVE-2019-9293
+ RESERVED
+CVE-2019-9292
+ RESERVED
+CVE-2019-9291
+ RESERVED
+CVE-2019-9290
+ RESERVED
+CVE-2019-9289
+ RESERVED
+CVE-2019-9288
+ RESERVED
+CVE-2019-9287
+ RESERVED
+CVE-2019-9286
+ RESERVED
+CVE-2019-9285
+ RESERVED
+CVE-2019-9284
+ RESERVED
+CVE-2019-9283
+ RESERVED
+CVE-2019-9282
+ RESERVED
+CVE-2019-9281
+ RESERVED
+CVE-2019-9280
+ RESERVED
+CVE-2019-9279
+ RESERVED
+CVE-2019-9278
+ RESERVED
+CVE-2019-9277
+ RESERVED
+CVE-2019-9276
+ RESERVED
+CVE-2019-9275
+ RESERVED
+CVE-2019-9274
+ RESERVED
+CVE-2019-9273
+ RESERVED
+CVE-2019-9272
+ RESERVED
+CVE-2019-9271
+ RESERVED
+CVE-2019-9270
+ RESERVED
+CVE-2019-9269
+ RESERVED
+CVE-2019-9268
+ RESERVED
+CVE-2019-9267
+ RESERVED
+CVE-2019-9266
+ RESERVED
+CVE-2019-9265
+ RESERVED
+CVE-2019-9264
+ RESERVED
+CVE-2019-9263
+ RESERVED
+CVE-2019-9262
+ RESERVED
+CVE-2019-9261
+ RESERVED
+CVE-2019-9260
+ RESERVED
+CVE-2019-9259
+ RESERVED
+CVE-2019-9258
+ RESERVED
+CVE-2019-9257
+ RESERVED
+CVE-2019-9256
+ RESERVED
+CVE-2019-9255
+ RESERVED
+CVE-2019-9254
+ RESERVED
+CVE-2019-9253
+ RESERVED
+CVE-2019-9252
+ RESERVED
+CVE-2019-9251
+ RESERVED
+CVE-2019-9250
+ RESERVED
+CVE-2019-9249
+ RESERVED
+CVE-2019-9248
+ RESERVED
+CVE-2019-9247
+ RESERVED
+CVE-2019-9246
+ RESERVED
+CVE-2019-9245
+ RESERVED
+CVE-2019-9244
+ RESERVED
+CVE-2019-9243
+ RESERVED
+CVE-2019-9242
+ RESERVED
+CVE-2019-9241
+ RESERVED
+CVE-2019-9240
+ RESERVED
+CVE-2019-9239
+ RESERVED
+CVE-2019-9238
+ RESERVED
+CVE-2019-9237
+ RESERVED
+CVE-2019-9236
+ RESERVED
+CVE-2019-9235
+ RESERVED
+CVE-2019-9234
+ RESERVED
+CVE-2019-9233
+ RESERVED
+CVE-2019-9232
+ RESERVED
+CVE-2019-9231
+ RESERVED
+CVE-2019-9230
+ RESERVED
+CVE-2019-9229
+ RESERVED
+CVE-2019-9228
+ RESERVED
+CVE-2019-9227 (An issue was discovered in baigo CMS 2.1.1. There is a
vulnerability ...)
+ TODO: check
+CVE-2019-9226 (An issue was discovered in baigo CMS 2.1.1. There is a
persistent XSS ...)
+ TODO: check
CVE-2019-9225
RESERVED
CVE-2019-9224
@@ -5735,6 +6247,7 @@ CVE-2019-6779 (Cscms 4.1.8 allows admin.php/links/save
CSRF to add, modify, or d
NOT-FOR-US: Cscms
CVE-2019-6778 [slirp: heap buffer overflow in tcp_emu()]
RESERVED
+ {DLA-1694-1}
- qemu 1:3.1+dfsg-3 (bug #921525)
- qemu-kvm <removed>
- slirp4netns 0.2.1-1
@@ -12314,6 +12827,7 @@ CVE-2019-3825 (A vulnerability was discovered in gdm
before 3.31.4. When timed l
NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460
CVE-2019-3824 [Out of bound read in ldb_wildcard_compare]
RESERVED
+ {DSA-4397-1}
- ldb 2:1.5.1+really1.4.3-2
- samba <unfixed> (unimportant)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13773
@@ -12824,10 +13338,10 @@ CVE-2019-3601
RESERVED
CVE-2019-3600
RESERVED
-CVE-2019-3599
- RESERVED
-CVE-2019-3598
- RESERVED
+CVE-2019-3599 (Information Disclosure vulnerability in Remote logging (which
is ...)
+ TODO: check
+CVE-2019-3598 (Buffer Access with Incorrect Length Value in McAfee Agent (MA)
5.x ...)
+ TODO: check
CVE-2019-3597
RESERVED
CVE-2019-3596
@@ -12858,8 +13372,8 @@ CVE-2019-3584 (Exploitation of Authentication
vulnerability in MVision Endpoint
NOT-FOR-US: McAfee
CVE-2019-3583
RESERVED
-CVE-2019-3582
- RESERVED
+CVE-2019-3582 (Privilege Escalation vulnerability in Microsoft Windows client
in ...)
+ TODO: check
CVE-2019-3581 (Improper input validation in the proxy component of McAfee Web
Gateway ...)
NOT-FOR-US: McAfee
CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has
XXE via ...)
@@ -18104,51 +18618,37 @@ CVE-2019-2003
RESERVED
CVE-2019-2002
RESERVED
-CVE-2019-2001
- RESERVED
+CVE-2019-2001 (The permissions on /proc/iomem were world-readable. This could
lead to ...)
NOT-FOR-US: Android kernel (no source release, so apparently not in
mainline)
-CVE-2019-2000
- RESERVED
+CVE-2019-2000 (In several functions of binder.c, there is possible memory
corruption ...)
NOT-FOR-US: Android kernel (no source release, so apparently not in
mainline)
-CVE-2019-1999
- RESERVED
+CVE-2019-1999 (In binder_alloc_free_page of binder_alloc.c, there is a
possible ...)
NOT-FOR-US: Android kernel (no source release, so apparently not in
mainline)
-CVE-2019-1998
- RESERVED
+CVE-2019-1998 (In event_handler of keymaster_app.c, there is possible resource
...)
NOT-FOR-US: Android
-CVE-2019-1997
- RESERVED
+CVE-2019-1997 (In random_get_bytes of random.c, there is a possible
degradation of ...)
NOT-FOR-US: Android
-CVE-2019-1996
- RESERVED
+CVE-2019-1996 (In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible
out of ...)
NOT-FOR-US: Android
-CVE-2019-1995
- RESERVED
+CVE-2019-1995 (In ComposeActivityEmail of ComposeActivityEmail.java, there is
a ...)
NOT-FOR-US: Android
-CVE-2019-1994
- RESERVED
+CVE-2019-1994 (In refresh of DevelopmentTiles.java, there is the possibility
of ...)
NOT-FOR-US: Android
-CVE-2019-1993
- RESERVED
+CVE-2019-1993 (In register_app of btif_hd.cc, there is a possible memory
corruption ...)
NOT-FOR-US: Android
-CVE-2019-1992
- RESERVED
+CVE-2019-1992 (In bta_hl_sdp_query_results of bta_hl_main.cc, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2019-1991
- RESERVED
+CVE-2019-1991 (In btif_dm_data_copy of btif_core.cc, there is a possible out
of ...)
NOT-FOR-US: Android
CVE-2019-1990
RESERVED
CVE-2019-1989
RESERVED
-CVE-2019-1988
- RESERVED
+CVE-2019-1988 (In sample6 of SkSwizzler.cpp, there is a possible out of bounds
write ...)
NOT-FOR-US: Android
-CVE-2019-1987
- RESERVED
+CVE-2019-1987 (In onSetSampleX of SkSwizzler.cpp, there is a possible out of
bounds ...)
NOT-FOR-US: Android
-CVE-2019-1986
- RESERVED
+CVE-2019-1986 (In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a
possible out ...)
NOT-FOR-US: Android
CVE-2019-1985
RESERVED
@@ -19048,8 +19548,8 @@ CVE-2019-1676 (A vulnerability in the Session
Initiation Protocol (SIP) call ...
NOT-FOR-US: Cisco
CVE-2019-1675 (A vulnerability in the default configuration of the Cisco
Aironet ...)
NOT-FOR-US: Cisco
-CVE-2019-1674
- RESERVED
+CVE-2019-1674 (A vulnerability in the update service of Cisco Webex Meetings
Desktop ...)
+ TODO: check
CVE-2019-1673 (A vulnerability in the web-based management interface of Cisco
...)
NOT-FOR-US: Cisco
CVE-2019-1672 (A vulnerability in the Decryption Policy Default Action
functionality ...)
@@ -19070,8 +19570,8 @@ CVE-2019-1665 (A vulnerability in the web-based
management interface of Cisco ..
NOT-FOR-US: Cisco
CVE-2019-1664 (A vulnerability in the hxterm service of Cisco HyperFlex
Software ...)
NOT-FOR-US: Cisco
-CVE-2019-1663
- RESERVED
+CVE-2019-1663 (A vulnerability in the web-based management interface of the
Cisco ...)
+ TODO: check
CVE-2019-1662 (A vulnerability in the Quality of Voice Reporting (QOVR)
service of ...)
NOT-FOR-US: Cisco
CVE-2019-1661 (A vulnerability in the web-based management interface of Cisco
...)
@@ -20194,7 +20694,7 @@ CVE-2018-19617
RESERVED
CVE-2018-19616 (An issue was discovered in Rockwell Automation Allen-Bradley
...)
NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
-CVE-2018-19615 (An issue was discovered in Rockwell Automation Allen-Bradley
...)
+CVE-2018-19615 (Rockwell Automation Allen-Bradley PowerMonitor 1000 all
versions. A remote attacker could inject arbitrary code into a targeted
user’s web browser to gain access to the affected device. ...)
NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
CVE-2018-19614
RESERVED
@@ -25966,10 +26466,9 @@ CVE-2018-18500 (A use-after-free vulnerability can
occur while parsing an HTML5
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18500
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18500
-CVE-2018-18499
- RESERVED
-CVE-2018-18498
- RESERVED
+CVE-2018-18499 (A same-origin policy violation allowing the theft of
cross-origin URL ...)
+ TODO: check
+CVE-2018-18498 (A potential vulnerability leading to an integer overflow can
occur ...)
{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
- firefox 64.0-1
- firefox-esr 60.4.0esr-1
@@ -25977,20 +26476,16 @@ CVE-2018-18498
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18498
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18498
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18498
-CVE-2018-18497
- RESERVED
+CVE-2018-18497 (Limitations on the URIs allowed to WebExtensions by the ...)
- firefox 64.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18497
-CVE-2018-18496
- RESERVED
+CVE-2018-18496 (When the RSS Feed preview about:feeds page is framed within
another ...)
- firefox <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18496
-CVE-2018-18495
- RESERVED
+CVE-2018-18495 (WebExtension content scripts can be loaded into about: pages
in some ...)
- firefox 64.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18495
-CVE-2018-18494
- RESERVED
+CVE-2018-18494 (A same-origin policy violation allowing the theft of
cross-origin URL ...)
{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
- firefox 64.0-1
- firefox-esr 60.4.0esr-1
@@ -25998,8 +26493,7 @@ CVE-2018-18494
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18494
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18494
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18494
-CVE-2018-18493
- RESERVED
+CVE-2018-18493 (A buffer overflow can occur in the Skia library during buffer
offset ...)
{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
- firefox 64.0-1
- firefox-esr 60.4.0esr-1
@@ -26007,8 +26501,7 @@ CVE-2018-18493
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18493
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18493
-CVE-2018-18492
- RESERVED
+CVE-2018-18492 (A use-after-free vulnerability can occur after deleting a
selection ...)
{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
- firefox 64.0-1
- firefox-esr 60.4.0esr-1
@@ -30204,6 +30697,7 @@ CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before
1.11.3, the "go get&q
NOTE:
https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be
(1.10.6)
TODO: check other versions
CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The
code ...)
+ {DLA-1694-1}
- qemu 1:3.1+dfsg-2 (bug #916397)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html
@@ -30341,6 +30835,7 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was
found in the NVM Express
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce
CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated
ceph ...)
+ {DLA-1696-1}
- ceph 12.2.11+dfsg1-1 (bug #921947)
NOTE: http://tracker.ceph.com/issues/35994
NOTE:
https://github.com/ceph/ceph/commit/4337e6a7d9f92c8549ebee20d0dd67a01e49857f
@@ -35833,6 +36328,7 @@ CVE-2018-14663 (An issue has been found in PowerDNS
DNSDist before 1.3.3 allowin
[stretch] - dnsdist <no-dsa> (Minor issue)
NOTE:
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated
ceph users ...)
+ {DLA-1696-1}
- ceph 12.2.11+dfsg1-1 (bug #921948)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
NOTE:
https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
@@ -41113,6 +41609,7 @@ CVE-2018-12619
CVE-2018-12618
RESERVED
CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and
qga/commands-win32.c in ...)
+ {DLA-1694-1}
- qemu 1:3.1+dfsg-1 (low; bug #902725)
[stretch] - qemu <postponed> (Minor issue, wait until more severe
issues are around)
NOTE:
https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
@@ -41792,16 +42289,13 @@ CVE-2018-12409 (The SOAP Admin API component of TIBCO
Software Inc.'s TIBCO Silv
NOT-FOR-US: TIBCO
CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s
TIBCO ...)
NOT-FOR-US: TIBCO
-CVE-2018-12407
- RESERVED
+CVE-2018-12407 (A buffer overflow occurs when drawing and validating elements
with the ...)
- firefox 64.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12407
-CVE-2018-12406
- RESERVED
+CVE-2018-12406 (Mozilla developers and community members reported memory
safety bugs ...)
- firefox 64.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12406
-CVE-2018-12405
- RESERVED
+CVE-2018-12405 (Mozilla developers and community members reported memory
safety bugs ...)
{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
- firefox 64.0-1
- firefox-esr 60.4.0esr-1
@@ -41816,46 +42310,37 @@ CVE-2018-12404 [Cache side-channel variant of the
Bleichenbacher attack]
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public)
NOTE:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes
NOTE: Fixed in 3.36.6, 3.40.1
-CVE-2018-12403
- RESERVED
+CVE-2018-12403 (If a site is loaded over a HTTPS connection but loads a
favicon ...)
- firefox 63.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12403
-CVE-2018-12402
- RESERVED
+CVE-2018-12402 (The internal WebBrowserPersist code does not use correct
origin ...)
- firefox 63.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12402
-CVE-2018-12401
- RESERVED
+CVE-2018-12401 (Some special resource URIs will cause a non-exploitable crash
if ...)
- firefox 63.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12401
-CVE-2018-12400
- RESERVED
+CVE-2018-12400 (In private browsing mode on Firefox for Android, favicons are
cached ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12400
-CVE-2018-12399
- RESERVED
+CVE-2018-12399 (When a new protocol handler is registered, the API accepts a
title ...)
- firefox 63.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12399
-CVE-2018-12398
- RESERVED
+CVE-2018-12398 (By using the reflected URL in some special resource URIs, such
as ...)
- firefox 63.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12398
-CVE-2018-12397
- RESERVED
+CVE-2018-12397 (A WebExtension can request access to local files without the
warning ...)
{DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12397
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12397
-CVE-2018-12396
- RESERVED
+CVE-2018-12396 (A vulnerability where a WebExtension can run content scripts
in ...)
{DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12396
-CVE-2018-12395
- RESERVED
+CVE-2018-12395 (By rewriting the Host: request headers using the webRequest
API, a ...)
{DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
@@ -41863,8 +42348,7 @@ CVE-2018-12395
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12395
CVE-2018-12394
RESERVED
-CVE-2018-12393
- RESERVED
+CVE-2018-12393 (A potential vulnerability was found in 32-bit builds where an
integer ...)
{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
@@ -41872,8 +42356,7 @@ CVE-2018-12393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393
-CVE-2018-12392
- RESERVED
+CVE-2018-12392 (When manipulating user events in nested loops while opening a
document ...)
{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
@@ -41881,16 +42364,14 @@ CVE-2018-12392
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12392
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12392
-CVE-2018-12391
- RESERVED
+CVE-2018-12391 (During HTTP Live Stream playback on Firefox for Android, audio
data ...)
- firefox-esr <not-affected> (Android-specific)
- firefox <not-affected> (Android-specific)
- thunderbird <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12391
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12391
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391
-CVE-2018-12390
- RESERVED
+CVE-2018-12390 (Mozilla developers and community members reported memory
safety bugs ...)
{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
@@ -41898,15 +42379,13 @@ CVE-2018-12390
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
-CVE-2018-12389
- RESERVED
+CVE-2018-12389 (Mozilla developers and community members reported memory
safety bugs ...)
{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- thunderbird 1:60.3.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12389
-CVE-2018-12388
- RESERVED
+CVE-2018-12388 (Mozilla developers and community members reported memory
safety bugs ...)
- firefox 63.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12388
CVE-2018-12387 (A vulnerability where the JavaScript JIT compiler inlines ...)
@@ -56609,7 +57088,7 @@ CVE-2018-7050 (An issue was discovered in Irssi before
1.0.7 and 1.1.x before 1.
NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
NOTE: Fixed by:
https://github.com/irssi/irssi/commit/e91da9e4098e449dc36eaa15354aff67650e7703
CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX)
through ...)
- {DLA-1197-1}
+ {DLA-1695-1 DLA-1197-1}
- sox 14.4.2-2 (bug #881121)
[stretch] - sox <no-dsa> (Minor issue)
NOTE:
https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53
@@ -82032,7 +82511,7 @@ CVE-2017-15650 (musl libc before 1.1.17 has a buffer
overflow via crafted DNS re
[jessie] - musl <no-dsa> (Minor issue)
NOTE:
https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2,
there is ...)
- {DLA-1197-1}
+ {DLA-1695-1 DLA-1197-1}
- sox 14.4.2-2 (bug #882144)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/sox/bugs/298/
@@ -82806,7 +83285,7 @@ CVE-2017-15374 (Shopware v5.2.5 - v5.3 is vulnerable to
cross site scripting in
CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to ...)
NOT-FOR-US: E-Sic
CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
- {DLA-1197-1}
+ {DLA-1695-1 DLA-1197-1}
- sox 14.4.2-2 (bug #878808)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
@@ -82817,7 +83296,7 @@ CVE-2017-15371 (There is a reachable assertion abort in
the function ...)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS
function of ...)
- {DLA-1197-1}
+ {DLA-1695-1 DLA-1197-1}
- sox 14.4.2-2 (bug #878810)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/abad986aa7e7fa1f652138f5a7325a12d2620600
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/abad986aa7e7fa1f652138f5a7325a12d2620600
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
