Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a2f1c85 by Moritz Muehlenhoff at 2019-04-26T18:22:24Z
mark binutils as unimportant following recent debian-security-support upload
this updates issues which are unfixed in sid, help welcome to also update
older entries for stretch/jessie
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6755,53 +6755,45 @@ CVE-2018-20786 (libvterm through 0+bzr726, as used in
Vim and other products, mi
NOTE: MISC:https://github.com/vim/vim/issues/3711
NOTE: No security impact
CVE-2019-9077 (An issue was discovered in GNU Binutils 2.32. It is a
heap-based buffe ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24243
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7fc0c668f2aceb8582d74db1ad2528e2bba8a921
+ NOTE: binutils not covered by security support
CVE-2019-9076 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24238
+ NOTE: binutils not covered by security support
CVE-2019-9075 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24236
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8abac8031ed369a2734b1cdb7df28a39a54b4b49
+ NOTE: binutils not covered by security support
CVE-2019-9074 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24235
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=179f2db0d9c397d7dd8a59907b84208b79f7f48c
+ NOTE: binutils not covered by security support
CVE-2019-9073 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24233
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7d272a55caebfc26ab2e15d1e9439bac978b9bb7
+ NOTE: binutils not covered by security support
CVE-2019-9072 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89396
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24232
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24237
+ NOTE: binutils not covered by security support
CVE-2019-9071 (An issue was discovered in GNU libiberty, as distributed in GNU
Binuti ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24227
+ NOTE: binutils not covered by security support
CVE-2019-9070 (An issue was discovered in GNU libiberty, as distributed in GNU
Binuti ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24229
+ NOTE: binutils not covered by security support
CVE-2019-9069
RESERVED
CVE-2019-9068
@@ -13606,11 +13598,10 @@ CVE-2019-6280
CVE-2019-6279 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with
firmware W ...)
NOT-FOR-US: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices
CVE-2018-20712 (A heap-based buffer over-read exists in the function
d_expression_1 in ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
+ NOTE: binutils not covered by security support
CVE-2018-20711
RESERVED
CVE-2018-20710
@@ -16601,18 +16592,16 @@ CVE-2019-5010 [NULL pointer dereference using a
specially crafted X509 certifica
CVE-2019-5009 (Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the
extens ...)
NOT-FOR-US: Vtiger CRM
CVE-2018-20673 (The demangle_template function in cplus-dem.c in GNU
libiberty, as dis ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24039
+ NOTE: binutils not covered by security support
CVE-2018-20672
RESERVED
CVE-2018-20671 (load_specific_debug_section in objdump.c in GNU Binutils
through 2.31. ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24005
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca
+ NOTE: binutils not covered by security support
CVE-2018-20670
RESERVED
CVE-2019-5008 (hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL
pointer dere ...)
@@ -19894,10 +19883,9 @@ CVE-2018-20659 (An issue was discovered in Bento4
1.5.1-627. The AP4_StcoAtom cl
CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms
allows remote ...)
NOT-FOR-US: Core FTP
CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU
libiberty, as dis ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539
+ NOTE: binutils not covered by security support
CVE-2018-20656
RESERVED
CVE-2018-20655
@@ -19932,11 +19920,10 @@ CVE-2018-20653
CVE-2018-20652 (An attempted excessive memory allocation was discovered in the
functio ...)
NOT-FOR-US: tinyexr
CVE-2018-20651 (A NULL pointer dereference was discovered in
elf_link_add_object_symbo ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24041
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
+ NOTE: binutils not covered by security support
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0
allows atta ...)
- poppler <unfixed> (low; bug #917974)
[buster] - poppler <no-dsa> (Minor issue)
@@ -20177,10 +20164,9 @@ CVE-2019-3410
CVE-2019-3409
RESERVED
CVE-2018-20623 (In GNU Binutils 2.31.1, there is a use-after-free in the error
functio ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24049
+ NOTE: binutils not covered by security support
CVE-2018-20622 (JasPer 2.0.14 has a memory leak in base/jas_malloc.c in
libjasper.a wh ...)
{DLA-1628-1}
- jasper <removed>
@@ -20804,7 +20790,7 @@ CVE-2018-20436 (** DISPUTED ** The "secret chat"
feature in Telegram 4.9.1 for A
CVE-2018-20435
RESERVED
CVE-2018-20434 (LibreNMS 1.46 allows remote attackers to execute arbitrary OS
commands ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in
com/mcha ...)
{DLA-1621-1}
- c3p0 0.9.1.2-10 (bug #917257)
@@ -21183,11 +21169,10 @@ CVE-2018-1000877 (libarchive version commit
416694915449219d505531b1096384f3237d
NOTE: Introduced after:
https://github.com/libarchive/libarchive/commit/416694915449219d505531b1096384f3237dd6cc
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/021efa522ad729ff0f5806c4ce53e4a6cc1daa31
CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer
Overflow vulnerab ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23994
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
+ NOTE: binutils not covered by security support
CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC
Server and We ...)
NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2018-1000874 (PHP cebe markdown parser version 1.2.0 and earlier contains
a Cross Si ...)
@@ -25166,11 +25151,10 @@ CVE-2018-20004 (An issue has been found in Mini-XML
(aka mxml) 2.12. It is a sta
CVE-2018-20003
RESERVED
CVE-2018-20002 (The _bfd_generic_read_minisymbols function in syms.c in the
Binary Fil ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23952
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9
+ NOTE: binutils not covered by security support
CVE-2018-20001 (In Libav 12.3, there is a floating point exception in the
range_decode ...)
- libav <removed>
[jessie] - libav <no-dsa> (floating point exception cannot be observed
on Jessie)
@@ -26172,18 +26156,16 @@ CVE-2018-19935 (ext/imap/php_imap.c in PHP 5.x and
7.x before 7.3.0 allows remot
NOTE:
https://git.php.net/?p=php-src.git;a=commit;h=648fc1e369fc05fb9200a42c7938912236b2a318
CVE-2018-19932 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
[experimental] - binutils 2.31.51.20181204-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23932
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7
+ NOTE: binutils not covered by security support
CVE-2018-19931 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
[experimental] - binutils 2.31.51.20181204-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23942
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07
+ NOTE: binutils not covered by security support
CVE-2018-19930
RESERVED
CVE-2018-19929
@@ -32451,17 +32433,15 @@ CVE-2018-18703 (PhpTpoint Mailing Server Using File
Handling 1.0 suffers from mu
CVE-2018-18702 (spider.admincp.php in iCMS v7.0.11 allows SQL injection via
admincp.ph ...)
NOT-FOR-US: iCMS
CVE-2018-18701 (An issue was discovered in cp-demangle.c in GNU libiberty, as
distribu ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-18700 (An issue was discovered in cp-demangle.c in GNU libiberty, as
distribu ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-18699 (An issue was discovered in GoPro gpmf-parser 1.2.1. There is
an out-of ...)
NOT-FOR-US: GoPro gpmf-parser
CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1
tissot_sprout:8.1.0/OPM1.17101 ...)
@@ -32695,25 +32675,22 @@ CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the
function named GetPageList de
NOT-FOR-US: DedeCMS
CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in
the Bina ...)
[experimental] - binutils 2.31.51.20181204-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23805
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a
+ NOTE: binutils not covered by security support
CVE-2018-18606 (An issue was discovered in the merge_strings function in
merge.c in th ...)
[experimental] - binutils 2.31.51.20181204-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23806
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc
+ NOTE: binutils not covered by security support
CVE-2018-18605 (A heap-based buffer over-read issue was discovered in the
function sec ...)
[experimental] - binutils 2.31.51.20181204-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23804
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61
+ NOTE: binutils not covered by security support
CVE-2018-18604
RESERVED
CVE-2018-18603 (** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox
Escape v ...)
@@ -33074,19 +33051,17 @@ CVE-2018-18486 (An issue was discovered in PHPSHE
1.7. SQL injection exists via
CVE-2018-18485 (An issue was discovered in PHPSHE 1.7.
admin.php?mod=db&act=del al ...)
NOT-FOR-US: PHPSHE
CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as
distribu ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as
distributed ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23767
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83472
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79111
+ NOTE: binutils not covered by security support
CVE-2018-18482 (An issue was discovered in libpg_query 10-1.0.2. There is a
memory lea ...)
NOT-FOR-US: libpg_query
CVE-2018-18481 (A heap-based buffer over-read exists in libopencad 0.2.0 in
the ReadCH ...)
@@ -33571,11 +33546,10 @@ CVE-2018-18310 (An invalid memory address dereference
was discovered in dwfl_seg
NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
[experimental] - binutils 2.31.51.20181022-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23770
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f
+ NOTE: binutils not covered by security support
CVE-2018-18308 (In the 4.2.23 version of BigTree, a Stored XSS vulnerability
has been ...)
NOT-FOR-US: BigTree CMS
CVE-2018-18307 (A Stored XSS vulnerability has been discovered in version
4.1.0 of Alc ...)
@@ -34518,11 +34492,10 @@ CVE-2018-17987 (The determineWinner function of a
smart contract implementation
CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the
password ...)
NOT-FOR-US: razorCMS
CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as
distribu ...)
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig
before 3.1.13 ...)
NOT-FOR-US: ISPConfig
CVE-2018-17982
@@ -35023,11 +34996,10 @@ CVE-2018-17795 (The function t2p_write_pdf in
tiff2pdf.c in LibTIFF 4.0.9 allows
NOTE: with same commit.
NOTE:
https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
CVE-2018-17794 (An issue was discovered in cplus-dem.c in GNU libiberty, as
distribute ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2015-9268 (Nullsoft Scriptable Install System (NSIS) before 2.49 has
unsafe impli ...)
{DLA-1602-1}
- nsis 2.50-1
@@ -36037,25 +36009,22 @@ CVE-2018-17361 (Multiple XSS vulnerabilities in
WeaselCMS v0.3.6 allow remote at
NOT-FOR-US: WeaselCMS
CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
[experimental] - binutils 2.31.51.20181022-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23685
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf93e9c2cf8f8b2566f8fc86e961592b51b5980d
+ NOTE: binutils not covered by security support
CVE-2018-17359 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
[experimental] - binutils 2.31.51.20181022-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
+ NOTE: binutils not covered by security support
CVE-2018-17358 (An issue was discovered in the Binary File Descriptor (BFD)
library (a ...)
[experimental] - binutils 2.31.51.20181022-1
- - binutils <unfixed>
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
+ NOTE: binutils not covered by security support
CVE-2018-17357
RESERVED
CVE-2018-17356
@@ -47084,10 +47053,9 @@ CVE-2018-13035
CVE-2018-13034 (Directory traversal in Jester web framework 0.2.0 allows
remote attack ...)
NOT-FOR-US: Jester web framework
CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
- - binutils 2.30.90.20180627-1 (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils 2.30.90.20180627-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23361
+ NOTE: binutils not covered by security support
CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add
superuser a ...)
NOT-FOR-US: ECESSA ShieldLink
CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add
an admi ...)
@@ -47301,12 +47269,11 @@ CVE-2018-12936
CVE-2018-12935
RESERVED
CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed
in GNU ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23059
+ NOTE: binutils not covered by security support
CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows
attackers to ...)
- wine 4.0~rc1-1 (low)
[stretch] - wine <no-dsa> (Minor issue)
@@ -47873,33 +47840,29 @@ CVE-2018-12702 (The approveAndCallcode function of a
smart contract implementati
CVE-2018-12701
RESERVED
CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in
debug.c ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers
to cause ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as
distributed in G ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address
0x000000000000 ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
NOTE: Fixed by:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
+ NOTE: binutils not covered by security support
CVE-2018-12696 (mao10cms 6 allows XSS via the article page. ...)
NOT-FOR-US: mao10cms
CVE-2018-12695 (mao10cms 6 allows XSS via the m=bbs&a=index page. ...)
@@ -55702,11 +55665,9 @@ CVE-2018-9998 (Open-Xchange OX App Suite before
7.6.3-rev37, 7.8.x before 7.8.2-
CVE-2018-9997 (Cross-site scripting (XSS) vulnerability in mail compose in
Open-Xchan ...)
NOT-FOR-US: Open-Xchange
CVE-2018-9996 (An issue was discovered in cplus-dem.c in GNU libiberty, as
distribute ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
- [wheezy] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
+ NOTE: binutils not covered by security support
CVE-2018-9995 (TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee,
Pulnix ...)
NOT-FOR-US: TBK DVR4104 and DVR4216 devices
CVE-2018-9994
@@ -57863,11 +57824,9 @@ CVE-2018-9140 (On Samsung mobile devices with M(6.0)
software, the Email applica
CVE-2018-9139 (On Samsung mobile devices with N(7.x) software, a buffer
overflow in t ...)
NOT-FOR-US: Samsung
CVE-2018-9138 (An issue was discovered in cplus-dem.c in GNU libiberty, as
distribute ...)
- - binutils <unfixed> (low)
- [stretch] - binutils <ignored> (Minor issue)
- [jessie] - binutils <ignored> (Minor issue)
- [wheezy] - binutils <ignored> (Minor issue)
+ - binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23008
+ NOTE: binutils not covered by security support
CVE-2018-9137 (Open-AudIT before 2.2 has CSV Injection. ...)
NOT-FOR-US: Open-AudIT
CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows
attacker ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a2f1c85af8354dbd46998e0960e05680d1c6443
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a2f1c85af8354dbd46998e0960e05680d1c6443
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
