Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9947e6c by security tracker role at 2019-06-27T20:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -246,8 +246,8 @@ CVE-2019-12889
RESERVED
CVE-2019-12888
REJECTED
-CVE-2019-12887
- RESERVED
+CVE-2019-12887 (KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access
Control (issue ...)
+ TODO: check
CVE-2019-12886
RESERVED
CVE-2019-12885
@@ -967,12 +967,12 @@ CVE-2019-12585 (Apcupsd 0.3.91_5, as used in pfSense
through 2.4.4-RELEASE-p3 an
- apcupsd <not-affected> (Vulnerable code in pfSense-specific status
page)
CVE-2019-12584 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3
and othe ...)
- apcupsd <not-affected> (Vulnerable code in pfSense-specific status
page)
-CVE-2019-12583
- RESERVED
+CVE-2019-12583 (Missing Access Control in the "Free Time" component of several
Zyxel U ...)
+ TODO: check
CVE-2019-12582
REJECTED
-CVE-2019-12581
- RESERVED
+CVE-2019-12581 (A reflective Cross-site scripting (XSS) vulnerability in the
free_time ...)
+ TODO: check
CVE-2019-12580
RESERVED
CVE-2019-12579
@@ -15408,14 +15408,14 @@ CVE-2019-7230 (The ABB IDAL FTP server mishandles
format strings in a username d
NOT-FOR-US: ABB IDAL FTP server
CVE-2019-7229 (The ABB CP635 HMI uses two different transmission methods to
upgrade i ...)
NOT-FOR-US: ABB CP635 HMI
-CVE-2019-7228
- RESERVED
-CVE-2019-7227
- RESERVED
-CVE-2019-7226
- RESERVED
-CVE-2019-7225
- RESERVED
+CVE-2019-7228 (The ABB IDAL HTTP server mishandles format strings in a
username or co ...)
+ TODO: check
+CVE-2019-7227 (In the ABB IDAL FTP server, an authenticated attacker can
traverse to ...)
+ TODO: check
+CVE-2019-7226 (The ABB IDAL HTTP server CGI interface contains a URL that
allows an u ...)
+ TODO: check
+CVE-2019-7225 (The ABB HMI components implement hidden administrative accounts
that a ...)
+ TODO: check
CVE-2019-7224
RESERVED
CVE-2019-7223 (InvoicePlane 1.5 has stored XSS via the
index.php/invoices/ajax/save i ...)
@@ -18776,47 +18776,33 @@ CVE-2019-5842
- chromium 75.0.3770.90-1
CVE-2019-5841
RESERVED
-CVE-2019-5840
- RESERVED
+CVE-2019-5840 (Incorrect security UI in popup blocker in Google Chrome on iOS
prior t ...)
- chromium 75.0.3770.80-1
-CVE-2019-5839
- RESERVED
+CVE-2019-5839 (Excessive data validation in URL parser in Google Chrome prior
to 75.0 ...)
- chromium 75.0.3770.80-1
-CVE-2019-5838
- RESERVED
+CVE-2019-5838 (Insufficient policy enforcement in extensions API in Google
Chrome pri ...)
- chromium 75.0.3770.80-1
-CVE-2019-5837
- RESERVED
+CVE-2019-5837 (Resource size information leakage in Blink in Google Chrome
prior to 7 ...)
- chromium 75.0.3770.80-1
-CVE-2019-5836
- RESERVED
+CVE-2019-5836 (Heap buffer overflow in ANGLE in Google Chrome prior to
75.0.3770.80 a ...)
- chromium 75.0.3770.80-1
-CVE-2019-5835
- RESERVED
+CVE-2019-5835 (Object lifecycle issue in SwiftShader in Google Chrome prior to
75.0.3 ...)
- chromium 75.0.3770.80-1
-CVE-2019-5834
- RESERVED
+CVE-2019-5834 (Insufficient data validation in Blink in Google Chrome prior to
75.0.3 ...)
- chromium <not-affected> (iOS-specific)
-CVE-2019-5833
- RESERVED
+CVE-2019-5833 (Incorrect dialog box scoping in browser in Google Chrome on
Android pr ...)
- chromium 75.0.3770.80-1
-CVE-2019-5832
- RESERVED
+CVE-2019-5832 (Insufficient policy enforcement in XMLHttpRequest in Google
Chrome pri ...)
- chromium 75.0.3770.80-1
-CVE-2019-5831
- RESERVED
+CVE-2019-5831 (Object lifecycle issue in V8 in Google Chrome prior to
75.0.3770.80 al ...)
- chromium 75.0.3770.80-1
-CVE-2019-5830
- RESERVED
+CVE-2019-5830 (Insufficient policy enforcement in CORS in Google Chrome prior
to 75.0 ...)
- chromium 75.0.3770.80-1
-CVE-2019-5829
- RESERVED
+CVE-2019-5829 (Integer overflow in download manager in Google Chrome prior to
75.0.37 ...)
- chromium 75.0.3770.80-1
-CVE-2019-5828
- RESERVED
+CVE-2019-5828 (Object lifecycle issue in ServiceWorker in Google Chrome prior
to 75.0 ...)
- chromium 75.0.3770.80-1
-CVE-2019-5827
- RESERVED
+CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to
74.0.3 ...)
- chromium 75.0.3770.80-1
- sqlite3 3.27.2-3
NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
@@ -18827,65 +18813,46 @@ CVE-2019-5826
CVE-2019-5825
RESERVED
- chromium 75.0.3770.80-1
-CVE-2019-5824
- RESERVED
+CVE-2019-5824 (Parameter passing error in media in Google Chrome prior to
74.0.3729.1 ...)
- chromium 75.0.3770.80-1
-CVE-2019-5823
- RESERVED
+CVE-2019-5823 (Insufficient policy enforcement in service workers in Google
Chrome pr ...)
- chromium 74.0.3729.108-1
-CVE-2019-5822
- RESERVED
+CVE-2019-5822 (Inappropriate implementation in Blink in Google Chrome prior to
74.0.3 ...)
- chromium 74.0.3729.108-1
-CVE-2019-5821
- RESERVED
+CVE-2019-5821 (Integer overflow in PDFium in Google Chrome prior to
74.0.3729.108 all ...)
- chromium 74.0.3729.108-1
-CVE-2019-5820
- RESERVED
+CVE-2019-5820 (Integer overflow in PDFium in Google Chrome prior to
74.0.3729.108 all ...)
- chromium 74.0.3729.108-1
-CVE-2019-5819
- RESERVED
+CVE-2019-5819 (Insufficient data validation in developer tools in Google
Chrome on OS ...)
- chromium 74.0.3729.108-1
-CVE-2019-5818
- RESERVED
+CVE-2019-5818 (Uninitialized data in media in Google Chrome prior to
74.0.3729.108 al ...)
- chromium 74.0.3729.108-1
-CVE-2019-5817
- RESERVED
+CVE-2019-5817 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior
to 74. ...)
- chromium <not-affected> (Windows-specific)
-CVE-2019-5816
- RESERVED
+CVE-2019-5816 (Process lifetime issue in Chrome in Google Chrome on Android
prior to ...)
- chromium <not-affected> (Android-specific issue)
CVE-2019-5815
RESERVED
- chromium 74.0.3729.108-1
-CVE-2019-5814
- RESERVED
+CVE-2019-5814 (Insufficient policy enforcement in Blink in Google Chrome prior
to 74. ...)
- chromium 74.0.3729.108-1
-CVE-2019-5813
- RESERVED
+CVE-2019-5813 (Use after free in V8 in Google Chrome prior to 74.0.3729.108
allowed a ...)
- chromium 74.0.3729.108-1
-CVE-2019-5812
- RESERVED
+CVE-2019-5812 (Inadequate security UI in iOS UI in Google Chrome prior to
74.0.3729.1 ...)
- chromium <not-affected> (iOS specific)
-CVE-2019-5811
- RESERVED
+CVE-2019-5811 (Incorrect handling of CORS in ServiceWorker in Google Chrome
prior to ...)
- chromium 74.0.3729.108-1
-CVE-2019-5810
- RESERVED
+CVE-2019-5810 (Information leak in autofill in Google Chrome prior to
74.0.3729.108 a ...)
- chromium 74.0.3729.108-1
-CVE-2019-5809
- RESERVED
+CVE-2019-5809 (Use after free in file chooser in Google Chrome prior to
74.0.3729.108 ...)
- chromium 74.0.3729.108-1
-CVE-2019-5808
- RESERVED
+CVE-2019-5808 (Use after free in Blink in Google Chrome prior to 74.0.3729.108
allowe ...)
- chromium 74.0.3729.108-1
-CVE-2019-5807
- RESERVED
+CVE-2019-5807 (Object lifetime issue in V8 in Google Chrome prior to
74.0.3729.108 al ...)
- chromium 74.0.3729.108-1
-CVE-2019-5806
- RESERVED
+CVE-2019-5806 (Integer overflow in ANGLE in Google Chrome on Windows prior to
74.0.37 ...)
- chromium 74.0.3729.108-1
-CVE-2019-5805
- RESERVED
+CVE-2019-5805 (Use-after-free in PDFium in Google Chrome prior to
74.0.3729.108 allow ...)
- chromium 74.0.3729.108-1
CVE-2019-5804 (Incorrect command line processing in Chrome in Google Chrome
prior to ...)
- chromium <not-affected> (Windows-specific)
@@ -18944,12 +18911,10 @@ CVE-2019-5788 (An integer overflow that leads to a
use-after-free in Blink Stora
CVE-2019-5787 (Use-after-garbage-collection in Blink in Google Chrome prior to
73.0.3 ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
-CVE-2019-5786
- RESERVED
+CVE-2019-5786 (Object lifetime issue in Blink in Google Chrome prior to
72.0.3626.121 ...)
{DSA-4404-1}
- chromium 72.0.3626.121-1
-CVE-2019-5785
- RESERVED
+CVE-2019-5785 (Incorrect convexity calculations in Skia in Google Chrome prior
to 72. ...)
{DSA-4392-1 DSA-4391-1 DLA-1678-1 DLA-1677-1}
- firefox 65.0.1-1
- firefox-esr 60.5.1esr-1
@@ -18958,8 +18923,7 @@ CVE-2019-5785
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2019-5785
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2019-5785
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2019-5785
-CVE-2019-5784
- RESERVED
+CVE-2019-5784 (Incorrect handling of deferred code in V8 in Google Chrome
prior to 72 ...)
{DSA-4395-1}
- chromium 72.0.3626.109-1
CVE-2019-5783 (Missing URI encoding of untrusted input in DevTools in Google
Chrome p ...)
@@ -22302,14 +22266,14 @@ CVE-2019-4254
RESERVED
CVE-2019-4253
RESERVED
-CVE-2019-4252
- RESERVED
+CVE-2019-4252 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 co ...)
+ TODO: check
CVE-2019-4251
RESERVED
-CVE-2019-4250
- RESERVED
-CVE-2019-4249
- RESERVED
+CVE-2019-4250 (IBM Jazz Foundation products (IBM Rational Collaborative
Lifecycle Man ...)
+ TODO: check
+CVE-2019-4249 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 is ...)
+ TODO: check
CVE-2019-4248
RESERVED
CVE-2019-4247
@@ -22638,10 +22602,10 @@ CVE-2019-4086
RESERVED
CVE-2019-4085
RESERVED
-CVE-2019-4084
- RESERVED
-CVE-2019-4083
- RESERVED
+CVE-2019-4084 (IBM Jazz Foundation products (IBM Rational Collaborative
Lifecycle Man ...)
+ TODO: check
+CVE-2019-4083 (IBM Jazz Foundation products (IBM Rational Collaborative
Lifecycle Man ...)
+ TODO: check
CVE-2019-4082
RESERVED
CVE-2019-4081
@@ -23825,8 +23789,8 @@ CVE-2019-3630
RESERVED
CVE-2019-3629
RESERVED
-CVE-2019-3628
- RESERVED
+CVE-2019-3628 (Privilege escalation in McAfee Enterprise Security Manager
(ESM) 11.x ...)
+ TODO: check
CVE-2019-3627
RESERVED
CVE-2019-3626
@@ -28329,8 +28293,7 @@ CVE-2018-20075
RESERVED
CVE-2018-20074
RESERVED
-CVE-2018-20073 [chromium stores download meta data in extended attributes]
- RESERVED
+CVE-2018-20073 (Use of extended attributes in downloads in Google Chrome prior
to 72.0 ...)
- chromium <unfixed> (low)
[buster] - chromium <postponed> (Wait until fixed upstream)
[stretch] - chromium <postponed> (Wait until fixed upstream)
@@ -39973,13 +39936,11 @@ CVE-2018-17481 (Incorrect object lifecycle handling
in PDFium in Google Chrome p
CVE-2018-17480 (Execution of user supplied Javascript during array
deserialization lea ...)
{DSA-4352-1}
- chromium 71.0.3578.80-1
-CVE-2018-17479
- RESERVED
+CVE-2018-17479 (Incorrect object lifetime calculations in GPU code in Google
Chrome pr ...)
{DSA-4342-1}
- chromium-browser 70.0.3538.110-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-17478
- RESERVED
+CVE-2018-17478 (Incorrect array position calculations in V8 in Google Chrome
prior to ...)
{DSA-4340-1}
- chromium-browser 70.0.3538.102-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -40057,8 +40018,8 @@ CVE-2018-17461 (An out of bounds read in PDFium in
Google Chrome prior to 68.0.3
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-17460
- RESERVED
+CVE-2018-17460 (Insufficient data validation in filesystem URIs in Google
Chrome prior ...)
+ TODO: check
CVE-2018-17457 (An object lifecycle issue in Blink could lead to a use after
free in W ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
@@ -43711,8 +43672,7 @@ CVE-2018-16087 (Lack of proper state tracking in
Permissions in Google Chrome pr
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16086
- RESERVED
+CVE-2018-16086 (Insufficient policy enforcement in extensions API in Google
Chrome pri ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -43748,8 +43708,7 @@ CVE-2018-16078 (Unsafe handling of credit card details
in Autofill in Google Chr
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16077
- RESERVED
+CVE-2018-16077 (Object lifecycle issue in Blink in Google Chrome prior to
69.0.3497.81 ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -43757,18 +43716,15 @@ CVE-2018-16076 (Missing bounds check in PDFium in
Google Chrome prior to 69.0.34
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16075
- RESERVED
+CVE-2018-16075 (Insufficient file type enforcement in Blink in Google Chrome
prior to ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16074
- RESERVED
+CVE-2018-16074 (Insufficient policy enforcement in site isolation in Google
Chrome pri ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16073
- RESERVED
+CVE-2018-16073 (Insufficient policy enforcement in site isolation in Google
Chrome pri ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -43778,13 +43734,11 @@ CVE-2018-16071 (A use after free in WebRTC in Google
Chrome prior to 69.0.3497.8
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16070
- RESERVED
+CVE-2018-16070 (Integer overflows in Skia in Google Chrome prior to
69.0.3497.81 allow ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16069
- RESERVED
+CVE-2018-16069 (Unintended floating-point error accumulation in SwiftShader in
Google ...)
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -43804,8 +43758,8 @@ CVE-2018-16065 (A Javascript reentrancy issues that
caused a use-after-free in V
{DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-16064
- RESERVED
+CVE-2018-16064 (Insufficient data validation in Extensions API in Google
Chrome prior ...)
+ TODO: check
CVE-2018-16063
RESERVED
CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils
before 201 ...)
@@ -45183,10 +45137,10 @@ CVE-2018-15559 (The editor in Xiuno BBS 4.0.4 allows
stored XSS. ...)
NOT-FOR-US: Xiuno BBS
CVE-2018-15558
RESERVED
-CVE-2018-15557
- RESERVED
-CVE-2018-15556
- RESERVED
+CVE-2018-15557 (An issue was discovered in the Quantenna WiFi Controller on
Telus Acti ...)
+ TODO: check
+CVE-2018-15556 (The Quantenna WiFi Controller on Telus Actiontec WEB6000Q
v1.1.02.22 a ...)
+ TODO: check
CVE-2018-15555
RESERVED
CVE-2018-15554
@@ -55397,9 +55351,9 @@ CVE-2017-18285 (The Gentoo app-backup/burp package
before 2.1.32 has incorrect g
- burp <not-affected> (/etc/burp is owned by root:root in Debian)
CVE-2017-18284 (The Gentoo app-backup/burp package before 2.1.32 sets the
ownership of ...)
- burp <not-affected> (Debian package uses /var/run for the PID file)
-CVE-2018-11682 (Default and unremovable support credentials allow attackers to
gain to ...)
+CVE-2018-11682 (** DISPUTED ** Default and unremovable support credentials
allow attac ...)
NOT-FOR-US: products using the Stanza Lutron integration protocol
-CVE-2018-11681 (Default and unremovable support credentials (user:nwk
password:nwk2) a ...)
+CVE-2018-11681 (** DISPUTED ** Default and unremovable support credentials
(user:nwk p ...)
NOT-FOR-US: products using the RadioRA 2 Lutron integration protocol
CVE-2018-11680 (An issue was discovered in CmsEasy 6.1_20180508. There is a
CSRF vulne ...)
NOT-FOR-US: CmsEasy
@@ -55519,7 +55473,7 @@ CVE-2018-11631 (Rondaful M1 Wristband Smart Band 1
devices allow remote attacker
NOT-FOR-US: Rondaful M1 Wristband Smart Band 1 devices
CVE-2018-11630
RESERVED
-CVE-2018-11629 (Default and unremovable support credentials (user:lutron
password:inte ...)
+CVE-2018-11629 (** DISPUTED ** Default and unremovable support credentials
(user:lutro ...)
NOT-FOR-US: products using the HomeWorks QS Lutron integration protocol
CVE-2018-11628 (Data input into EMS Master Calendar before 8.0.0.201805210 via
URL par ...)
NOT-FOR-US: EMS Master Calendar
@@ -70849,13 +70803,11 @@ CVE-2018-6178 (Eliding from the wrong side in an
infobar in DevTools in Google C
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6177
- RESERVED
+CVE-2018-6177 (Information leak in media engine in Google Chrome prior to
68.0.3440.7 ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6176
- RESERVED
+CVE-2018-6176 (Insufficient file type enforcement in Extensions API in Google
Chrome ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -70875,8 +70827,7 @@ CVE-2018-6172 (Incorrect handling of confusable
characters in URL Formatter in G
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6171
- RESERVED
+CVE-2018-6171 (Use after free in Bluetooth in Google Chrome prior to
68.0.3440.75 all ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -70888,8 +70839,7 @@ CVE-2018-6169 (Lack of timeout on extension install
prompt in Extensions in Goog
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6168
- RESERVED
+CVE-2018-6168 (Information leak in media engine in Google Chrome prior to
68.0.3440.7 ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -70917,15 +70867,13 @@ CVE-2018-6162 (Improper deserialization in WebGL in
Google Chrome on Mac prior t
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6161
- RESERVED
+CVE-2018-6161 (Insufficient policy enforcement in Blink in Google Chrome prior
to 68. ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6160 (JavaScript alert handling in Prompts in Google Chrome prior to
68.0.34 ...)
- chromium-browser <not-affected> (Only affects Chrome on iOS)
-CVE-2018-6159
- RESERVED
+CVE-2018-6159 (Insufficient policy enforcement in ServiceWorker in Google
Chrome prio ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -70933,23 +70881,19 @@ CVE-2018-6158 (A race condition in Oilpan in Google
Chrome prior to 68.0.3440.75
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6157
- RESERVED
+CVE-2018-6157 (Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75
allowe ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6156
- RESERVED
+CVE-2018-6156 (Incorect derivation of a packet length in WebRTC in Google
Chrome prio ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6155
- RESERVED
+CVE-2018-6155 (Incorrect handling of frames in the VP8 parser in Google Chrome
prior ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6154
- RESERVED
+CVE-2018-6154 (Insufficient data validation in WebGL in Google Chrome prior to
68.0.3 ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -70965,18 +70909,15 @@ CVE-2018-6151 (Bad cast in DevTools in Google Chrome
on Win, Linux, Mac, Chrome
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6150
- RESERVED
+CVE-2018-6150 (Incorrect handling of CORS in ServiceWorker in Google Chrome
prior to ...)
{DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6149
- RESERVED
+CVE-2018-6149 (Type confusion in JavaScript in Google Chrome prior to
67.0.3396.87 al ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.87-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6148
- RESERVED
+CVE-2018-6148 (Incorrect implementation in Content Security Policy in Google
Chrome p ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.79-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -70987,8 +70928,7 @@ CVE-2018-6147 (Lack of secure text entry mode in
Browser UI in Google Chrome on
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6146
RESERVED
-CVE-2018-6145
- RESERVED
+CVE-2018-6145 (Insufficient data validation in HTML parser in Google Chrome
prior to ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -71003,8 +70943,7 @@ CVE-2018-6143 (Insufficient validation in V8 in Google
Chrome prior to 67.0.3396
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6142
- RESERVED
+CVE-2018-6142 (Array bounds check failure in V8 in Google Chrome prior to
67.0.3396.6 ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -71024,8 +70963,7 @@ CVE-2018-6139 (Insufficient target checks on the
chrome.debugger API in DevTools
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6138
- RESERVED
+CVE-2018-6138 (Insufficient policy enforcement in Extensions API in Google
Chrome pri ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -71035,8 +70973,7 @@ CVE-2018-6137 (CSS Paint API in Blink in Google Chrome
prior to 67.0.3396.62 all
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6136
- RESERVED
+CVE-2018-6136 (Missing type check in V8 in Google Chrome prior to 67.0.3396.62
allowe ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -71046,8 +70983,7 @@ CVE-2018-6135 (Lack of clearing the previous site
before loading alerts from a n
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6134
- RESERVED
+CVE-2018-6134 (Information leak in Blink in Google Chrome prior to
67.0.3396.62 allow ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -71057,32 +70993,27 @@ CVE-2018-6133 (Incorrect handling of confusable
characters in URL Formatter in G
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6132
- RESERVED
+CVE-2018-6132 (Uninitialized data in WebRTC in Google Chrome prior to
67.0.3396.62 al ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6131
- RESERVED
+CVE-2018-6131 (Object lifecycle issue in WebAssembly in Google Chrome prior to
67.0.3 ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6130
- RESERVED
+CVE-2018-6130 (Incorrect handling of object lifetimes in WebRTC in Google
Chrome prio ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6129
- RESERVED
+CVE-2018-6129 (Out of bounds array access in WebRTC in Google Chrome prior to
67.0.33 ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6128
- RESERVED
+CVE-2018-6128 (Incorrect URL parsing in WebKit in Google Chrome on iOS prior
to 67.0. ...)
- chromium-browser <not-affected> (ios specific)
CVE-2018-6127 (Early free of object in use in IndexDB in Google Chrome prior
to 67.0. ...)
{DSA-4237-1}
@@ -71120,8 +71051,7 @@ CVE-2018-6122
- chromium-browser 66.0.3359.181-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6121
- RESERVED
+CVE-2018-6121 (Insufficient validation of input in Blink in Google Chrome
prior to 66 ...)
{DSA-4237-1}
- chromium-browser 66.0.3359.181-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -71135,8 +71065,7 @@ CVE-2018-6119 (Incorrect security UI in Omnibox in
Google Chrome prior to 64.0.3
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6118
- RESERVED
+CVE-2018-6118 (A double-eviction in the Incognito mode cache that lead to a
user-afte ...)
{DSA-4237-1}
- chromium-browser 66.0.3359.139-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -83095,10 +83024,10 @@ CVE-2018-1895 (IBM InfoSphere Information Server
11.3, 11.5, and 11.7 is vulnera
NOT-FOR-US: IBM
CVE-2018-1894
RESERVED
-CVE-2018-1893
- RESERVED
-CVE-2018-1892
- RESERVED
+CVE-2018-1893 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 is ...)
+ TODO: check
+CVE-2018-1892 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 is ...)
+ TODO: check
CVE-2018-1891 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site
scriptin ...)
NOT-FOR-US: IBM
CVE-2018-1890 (IBM SDK, Java Technology Edition Version 8 on the AIX platform
uses ab ...)
@@ -83225,12 +83154,12 @@ CVE-2018-1830
RESERVED
CVE-2018-1829 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to
cross- ...)
NOT-FOR-US: IBM
-CVE-2018-1828
- RESERVED
-CVE-2018-1827
- RESERVED
-CVE-2018-1826
- RESERVED
+CVE-2018-1828 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 is ...)
+ TODO: check
+CVE-2018-1827 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 is ...)
+ TODO: check
+CVE-2018-1826 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 is ...)
+ TODO: check
CVE-2018-1825 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to
cross- ...)
NOT-FOR-US: IBM
CVE-2018-1824 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to
cross- ...)
@@ -83361,12 +83290,12 @@ CVE-2018-1762 (IBM Rational Collaborative Lifecycle
Management 5.0 through 5.0.2
NOT-FOR-US: IBM
CVE-2018-1761 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to
cross-sit ...)
NOT-FOR-US: IBM
-CVE-2018-1760
- RESERVED
+CVE-2018-1760 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 is ...)
+ TODO: check
CVE-2018-1759 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to
cross- ...)
NOT-FOR-US: IBM
-CVE-2018-1758
- RESERVED
+CVE-2018-1758 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 is ...)
+ TODO: check
CVE-2018-1757 (IBM Security Identity Governance and Intelligence 5.2.3.2 and
5.2.4 co ...)
NOT-FOR-US: IBM
CVE-2018-1756 (IBM Security Identity Governance and Intelligence 5.2.3.2 and
5.2.4 is ...)
@@ -83413,8 +83342,8 @@ CVE-2018-1736 (IBM WebSphere Portal 7.0, 8.0, 8.5, and
9.0 could allow a remote
NOT-FOR-US: IBM
CVE-2018-1735
RESERVED
-CVE-2018-1734
- RESERVED
+CVE-2018-1734 (IBM Rational Collaborative Lifecycle Management 6.0 through
6.0.6.1 di ...)
+ TODO: check
CVE-2018-1733 (IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter
user-controlled ...)
NOT-FOR-US: IBM
CVE-2018-1732 (IBM QRadar SIEM 1.14.0 discloses sensitive information to
unauthorized ...)
@@ -94076,7 +94005,7 @@ CVE-2017-15432
REJECTED
CVE-2017-15431
RESERVED
-CVE-2017-15430 (Unsafe navigation in Chromecast in Google Chrome prior to
63.0.3239.84 ...)
+CVE-2017-15430 (Insufficient data validation in Chromecast plugin in Google
Chrome pri ...)
- chromium-browser <not-affected> (Plugin specific to Chrome)
CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in
Google C ...)
{DSA-4103-1}
@@ -127097,8 +127026,8 @@ CVE-2017-5029 (The xsltAddTextString function in
transform.c in libxslt 1.1.29,
- libxslt 1.1.29-2.1 (bug #858546)
[jessie] - libxslt 1.1.28-2+deb8u3
NOTE: Upstream fix in libxslt:
https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
-CVE-2017-5028
- RESERVED
+CVE-2017-5028 (Insufficient data validation in V8 in Google Chrome prior to
56.0.2924 ...)
+ TODO: check
CVE-2017-5027 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows
and Ma ...)
{DSA-3776-1}
- chromium-browser 56.0.2924.76-3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d9947e6c60e7a738be69307ba9e6e7b56e00aede
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d9947e6c60e7a738be69307ba9e6e7b56e00aede
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
