[Git][security-tracker-team/security-tracker][master] Reference report for CVE-2018-1108/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fe82cdd by Salvatore Bonaccorso at 2018-05-03T08:43:40+02:00 Reference report for CVE-2018-1108/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -25973,6 +25973,7 @@ CVE-2018-1108 [random: fix crng_ready() test] [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559 CVE-2018-1107 RESERVED NOT-FOR-US: is-my-json-valid package for Node.js View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8fe82cdd0fad6686efe2dcd43f592fe1ad953917 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8fe82cdd0fad6686efe2dcd43f592fe1ad953917 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1cf94bee by Salvatore Bonaccorso at 2018-05-03T08:10:09+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -25987,13 +25987,13 @@ CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before CVE-2018-1105 RESERVED CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows ...) - TODO: check + NOT-FOR-US: Ansible Tower CVE-2018-1103 RESERVED CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Openshift ...) NOT-FOR-US: source-to-image in OpenShift CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of ...) - TODO: check + NOT-FOR-US: Ansible Tower CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...) - zsh 5.5-1 (bug #895225) [stretch] - zsh (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1cf94beef8d2d10075efd9f1a7aebc5e3ad11c95 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1cf94beef8d2d10075efd9f1a7aebc5e3ad11c95 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] quassel DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4dd44f2 by Moritz Muehlenhoff at 2018-05-02T23:04:45+02:00
quassel DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[02 May 2018] DSA-4189-1 quassel - security update
+ {CVE-2018-1000178 CVE-2018-1000179}
+ [jessie] - quassel 1:0.10.0-2.3+deb8u4
+ [stretch] - quassel 1:0.12.4-2+deb9u1
[01 May 2018] DSA-4188-1 linux - security update
{CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193
CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224 CVE-2017-18241
CVE-2017-18257 CVE-2018-1065 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092
CVE-2018-1093 CVE-2018-1108 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566
CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781
CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199}
[stretch] - linux 4.9.88-1
=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -71,8 +71,6 @@ php-horde-image
phpmyadmin/oldstable (abhijith)
https://mentors.debian.net/debian/pool/main/p/phpmyadmin/phpmyadmin_4.2.12-2+deb8u3.dsc
--
-quassel (jmm)
---
qemu/oldstable
--
redmine (seb)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4dd44f2c37e5028da8af2feb526150aca498611
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4dd44f2c37e5028da8af2feb526150aca498611
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 294c9d8e by Salvatore Bonaccorso at 2018-05-02T22:56:56+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2018-10681 RESERVED CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting ...) - TODO: check + NOT-FOR-US: Z-BlogPHP CVE-2018-10679 RESERVED CVE-2018-10678 @@ -9,7 +9,7 @@ CVE-2018-10678 CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks ...) TODO: check CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR ...) - TODO: check + NOT-FOR-US: CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices CVE-2018-10674 RESERVED CVE-2018-10673 @@ -29,7 +29,7 @@ CVE-2018-10667 CVE-2018-10666 RESERVED CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...) - TODO: check + NOT-FOR-US: ILIAS CVE-2018-10664 RESERVED CVE-2018-10663 @@ -3426,7 +3426,7 @@ CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. I CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for ...) NOT-FOR-US: Sophos CVE-2018-9232 (Due to the lack of firmware authentication in the upgrade process of ...) - TODO: check + NOT-FOR-US: T&W WIFI Repeater BE126 devices CVE-2018-9231 RESERVED CVE-2018-9230 (** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are ...) @@ -4160,7 +4160,7 @@ CVE-2018-8940 CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold ...) NOT-FOR-US: Ipswitch CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in ...) - TODO: check + NOT-FOR-US: Ipswitch CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...) NOT-FOR-US: Open-AudIT Professional CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...) @@ -13975,23 +13975,23 @@ CVE-2018-5522 CVE-2018-5521 RESERVED CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2018-5513 RESERVED CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated ...) NOT-FOR-US: F5 BIG-IP CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel ...) @@ -24169,7 +24169,7 @@ CVE-2018-1504 CVE-2018-1503 RESERVED CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1501 RESERVED CVE-2018-1500 @@ -24237,7 +24237,7 @@ CVE-2018-1470 CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow ...) NOT-FOR-US: IBM API Connect Developer Portal CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access ...) - TODO: check + NOT-FOR-US: IBM API Connect CVE-2018-1467 RESERVED CVE-2018-1466 @@ -24313,7 +24313,7 @@ CVE-2018-1432 CVE-2018-1431 RESERVED CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM API Connect CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to ...) NOT-FOR-US: IBM CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...) @@ -24395,7 +24395,7 @@ CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Service CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for ...) NOT-FOR-US: IBM CVE-2018-1389 (IBM API Connect 5.0.0.0 throug
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 961ba277 by security tracker role at 2018-05-02T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,10 +1,56 @@ -CVE-2018-10675 [mm/mempolicy: fix use after free when calling get_mempolicy] +CVE-2018-10681 + RESERVED +CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting ...) + TODO: check +CVE-2018-10679 + RESERVED +CVE-2018-10678 + RESERVED +CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks ...) + TODO: check +CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR ...) + TODO: check +CVE-2018-10674 + RESERVED +CVE-2018-10673 + RESERVED +CVE-2018-10672 + RESERVED +CVE-2018-10671 + RESERVED +CVE-2018-10670 + RESERVED +CVE-2018-10669 + RESERVED +CVE-2018-10668 + RESERVED +CVE-2018-10667 + RESERVED +CVE-2018-10666 + RESERVED +CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...) + TODO: check +CVE-2018-10664 + RESERVED +CVE-2018-10663 + RESERVED +CVE-2018-10662 + RESERVED +CVE-2018-10661 + RESERVED +CVE-2018-10660 + RESERVED +CVE-2018-10659 + RESERVED +CVE-2018-10658 + RESERVED +CVE-2018-10675 (The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel ...) - linux 4.12.12-1 [stretch] - linux 4.9.47-1 [jessie] - linux 3.16.51-1 [wheezy] - linux 3.2.96-1 NOTE: https://git.kernel.org/linus/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (4.13-rc6) -CVE-2018-10657 [matrix-synapse: federation DoS] +CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a denial of service flaw where ...) - matrix-synapse 0.28.1+dfsg-1 NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/ @@ -3106,7 +3152,7 @@ CVE-2018-1000152 (An improper authorization vulnerability exists in Jenkins vSph NOT-FOR-US: Jenkins plugin CVE-2018-1000153 (A cross-site request forgery vulnerability exists in Jenkins vSphere ...) NOT-FOR-US: Jenkins plugin -CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H81 if setuid ...) +CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H82 if setuid ...) NOT-FOR-US: MagniComp SysInfo CVE-2018-9309 (An issue was discovered in zzcms 8.2. It allows SQL injection via the ...) NOT-FOR-US: zzcms @@ -3126,8 +3172,8 @@ CVE-2018-9304 (In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in ...) CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in ...) - exiv2 (Vulnerable code introduced after 0.26) NOTE: https://github.com/Exiv2/exiv2/issues/262 -CVE-2018-9302 - RESERVED +CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in ...) + TODO: check CVE-2018-9301 RESERVED CVE-2018-9300 @@ -5968,8 +6014,8 @@ CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft . NOT-FOR-US: Microsoft CVE-2018-8116 (A denial of service vulnerability exists in the way that Windows ...) NOT-FOR-US: Microsoft -CVE-2018-8115 - RESERVED +CVE-2018-8115 (A remote code execution vulnerability exists when the Windows Host ...) + TODO: check CVE-2018-8114 RESERVED CVE-2018-8113 @@ -13928,24 +13974,24 @@ CVE-2018-5522 RESERVED CVE-2018-5521 RESERVED -CVE-2018-5520 - RESERVED -CVE-2018-5519 - RESERVED -CVE-2018-5518 - RESERVED -CVE-2018-5517 - RESERVED -CVE-2018-5516 - RESERVED -CVE-2018-5515 - RESERVED -CVE-2018-5514 - RESERVED +CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 ...) + TODO: check +CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, ...) + TODO: check +CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users ...) + TODO: check +CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP ...) + TODO: check +CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, ...) + TODO: check +CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses ...) + TODO: check +CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request ...) + TODO: check CVE-2018-5513 RESERVED -CVE-2018-5512 - RESERVED +CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN ...) +
[Git][security-tracker-team/security-tracker][master] Record proposed update for ghostscript via jessie-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76c3bc7b by Salvatore Bonaccorso at 2018-05-02T20:54:23+02:00 Record proposed update for ghostscript via jessie-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -123,3 +123,7 @@ CVE-2017-9256 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9257 [jessie] - faad2 2.7-8+deb8u1 +CVE-2018-10194 + [jessie] - ghostscript 9.06~dfsg-2+deb8u7 +CVE-2016-10317 + [jessie] - ghostscript 9.06~dfsg-2+deb8u7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76c3bc7b22db6279c8a960b35375a615d17fa146 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76c3bc7b22db6279c8a960b35375a615d17fa146 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10675/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31020a68 by Salvatore Bonaccorso at 2018-05-02T20:45:04+02:00 Add CVE-2018-10675/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2018-10675 [mm/mempolicy: fix use after free when calling get_mempolicy] + - linux 4.12.12-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux 3.16.51-1 + [wheezy] - linux 3.2.96-1 + NOTE: https://git.kernel.org/linus/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (4.13-rc6) CVE-2018-10657 [matrix-synapse: federation DoS] - matrix-synapse 0.28.1+dfsg-1 NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31020a68031a4dc54401b04f3cc7050fed4b5d69 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31020a68031a4dc54401b04f3cc7050fed4b5d69 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-10657/matrix-synapse assigned
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 619892f0 by Salvatore Bonaccorso at 2018-05-02T20:28:32+02:00 CVE-2018-10657/matrix-synapse assigned - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,4 @@ -CVE-2018- [matrix-synapse: federation DoS] +CVE-2018-10657 [matrix-synapse: federation DoS] - matrix-synapse 0.28.1+dfsg-1 NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/619892f0fb7bf28b99d15f506e5aee48d6f28172 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/619892f0fb7bf28b99d15f506e5aee48d6f28172 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] faad2 spu/ospu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ae93e3cf by Moritz Muehlenhoff at 2018-05-02T19:34:03+02:00 faad2 spu/ospu - - - - - 2 changed files: - data/next-oldstable-point-update.txt - data/next-point-update.txt Changes: = data/next-oldstable-point-update.txt = --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -103,3 +103,23 @@ CVE-2017-12627 [jessie] - xerces-c 3.1.1-5.1+deb8u4 CVE-2014-10073 [jessie] - psensor 1.1.3-2+deb8u1 +CVE-2017-9218 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9219 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9220 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9221 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9222 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9223 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9253 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9254 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9256 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9257 + [jessie] - faad2 2.7-8+deb8u1 = data/next-point-update.txt = --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -67,3 +67,25 @@ CVE-2016-10317 [stretch] - ghostscript 9.20~dfsg-3.2+deb9u2 CVE-2018-10194 [stretch] - ghostscript 9.20~dfsg-3.2+deb9u2 +CVE-2017-9218 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9219 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9220 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9221 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9222 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9223 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9253 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9254 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9255 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9256 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2017-9257 + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae93e3cf3c7f516a04fa766aa1e165f94168287e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae93e3cf3c7f516a04fa766aa1e165f94168287e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update status for libreoffice
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f7ce7578 by Moritz Muehlenhoff at 2018-05-02T15:33:22+02:00 update status for libreoffice - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -149,9 +149,13 @@ CVE-2018-10585 CVE-2018-10584 RESERVED CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...) - - libreoffice + - libreoffice (unimportant) NOTE: http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/ - TODO: check + NOTE: This is the generic behaviour of accessing remote SMB shares and not limited to + NOTE: Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections + NOTE: from the local network + NOTE: The following commit adds this class of access to the list of trusted locations: + NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e CVE-2018-10582 RESERVED CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7ce75786a9a18f433e166a8cf4df83ecdde562f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7ce75786a9a18f433e166a8cf4df83ecdde562f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference blog article for matrix-synapse issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 21a06e43 by Salvatore Bonaccorso at 2018-05-02T15:25:43+02:00 Reference blog article for matrix-synapse issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,6 +1,7 @@ CVE-2018- [matrix-synapse: federation DoS] - matrix-synapse 0.28.1+dfsg-1 NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb + NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/ CVE-2018-10656 RESERVED CVE-2018-10655 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21a06e43a3b5bfba97d3b0a29cf0389aed0e3ace --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21a06e43a3b5bfba97d3b0a29cf0389aed0e3ace You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 5 commits: readd xen
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a468868 by Thorsten Alteholz at 2018-05-02T15:03:18+02:00
readd xen
- - - - -
d9711f95 by Thorsten Alteholz at 2018-05-02T15:04:00+02:00
mark CVE-2017-6888 as no-dsa for Wheezy
- - - - -
57e86382 by Thorsten Alteholz at 2018-05-02T15:05:13+02:00
mark CVE-2018-10528 and CVE-2018-10529 as no-dsa for Wheezy
- - - - -
e4123547 by Thorsten Alteholz at 2018-05-02T15:05:57+02:00
mark CVE-2018-10195 as no-dsa for Wheezy
- - - - -
9e4d29fe by Thorsten Alteholz at 2018-05-02T15:06:30+02:00
mark CVE-2017-15691 as no-dsa for Wheezy
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -322,12 +322,14 @@ CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9.
There is an out-of-bou
- libraw (low; bug #897186)
[stretch] - libraw (Minor issue)
[jessie] - libraw (Minor issue)
+ [wheezy] - libraw (Minor issue)
NOTE:
https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a
stack-based buffer ...)
- libraw (low; bug #897185)
[stretch] - libraw (Minor issue)
[jessie] - libraw (Minor issue)
+ [wheezy] - libraw (Minor issue)
NOTE:
https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article;
four fields ...)
@@ -1065,6 +1067,7 @@ CVE-2018-10195 [rzsz: sz can leak data to receiving side]
- lrzsz 0.12.21-10 (low; bug #897010)
[stretch] - lrzsz (Minor issue)
[jessie] - lrzsz (Minor issue)
+ [wheezy] - lrzsz (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1090051
NOTE: Fedora patch:
https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch
CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in
the ...)
@@ -33314,6 +33317,7 @@ CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache
uimaj 3.0.0-xxx prior to
- uimaj (bug #897009)
[stretch] - uimaj (Minor issue)
[jessie] - uimaj (Minor issue)
+ [wheezy] - uimaj (Minor issue)
NOTE: https://uima.apache.org/security_report#CVE-2017-15691
CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0,
improper parsing ...)
{DSA-4009-1}
@@ -60530,6 +60534,7 @@ CVE-2017-6888 (An error in the
"read_metadata_vorbiscomment_()" functi
- flac 1.3.2-2 (low; bug #897015)
[stretch] - flac (Minor issue)
[jessie] - flac (Minor issue)
+ [wheezy] - flac (Minor issue)
NOTE:
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/
NOTE:
https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()"
function ...)
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -75,3 +75,5 @@ tiff3 (Hugo Lefeuvre)
--
wireshark (Thorsten Alteholz)
--
+xen
+--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ff96e073d84a857b96b66e73d7db6b2233909ea5...9e4d29feb59e5b2ed9b6f817c33205f02b691fbc
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ff96e073d84a857b96b66e73d7db6b2233909ea5...9e4d29feb59e5b2ed9b6f817c33205f02b691fbc
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop note for CVE-2016-6811
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff96e073 by Salvatore Bonaccorso at 2018-05-02T14:12:44+02:00 Drop note for CVE-2016-6811 The CNA decided to keep this 2016 CVE for the issue. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -88349,7 +88349,6 @@ CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn ...) - hadoop (bug #793644) NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2 - NOTE: CVE ID will be moved to something CVE-2018- CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site ...) - activemq 5.14.2+dfsg-1 (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff96e073d84a857b96b66e73d7db6b2233909ea5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff96e073d84a857b96b66e73d7db6b2233909ea5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add commit reference for matrix-synapse
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2857dc24 by Salvatore Bonaccorso at 2018-05-02T13:24:21+02:00 Add commit reference for matrix-synapse - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,6 @@ CVE-2018- [matrix-synapse: federation DoS] - matrix-synapse 0.28.1+dfsg-1 + NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb CVE-2018-10656 RESERVED CVE-2018-10655 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2857dc2468758d9af8ab167b83f312d8d4f19f53 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2857dc2468758d9af8ab167b83f312d8d4f19f53 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new matrix-synapse issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d35b1254 by Moritz Muehlenhoff at 2018-05-02T13:05:25+02:00 new matrix-synapse issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,5 @@ +CVE-2018- [matrix-synapse: federation DoS] + - matrix-synapse 0.28.1+dfsg-1 CVE-2018-10656 RESERVED CVE-2018-10655 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d35b1254c6fdf7de1c2d8458902f857395d08db1 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d35b1254c6fdf7de1c2d8458902f857395d08db1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] another wireshark issue fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 382b3743 by Moritz Muehlenhoff at 2018-05-02T11:28:24+02:00 another wireshark issue fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3265,7 +3265,7 @@ CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissect NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66bc372716e04d6a8afdf6712583c9b5d11fee55 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-18.html CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 ...) - - wirehsark + - wireshark 2.4.6-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-17.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/382b37433abaad6e0ead71dfa7e8d1393a2dd7c8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/382b37433abaad6e0ead71dfa7e8d1393a2dd7c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] note on hadoop CVE ID
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2484d811 by Moritz Muehlenhoff at 2018-05-02T10:28:37+02:00 note on hadoop CVE ID NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -17,17 +17,17 @@ CVE-2018-10649 CVE-2018-10648 RESERVED CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation ...) - TODO: check + NOT-FOR-US: SaferVPN CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege ...) - TODO: check + NOT-FOR-US: CyberGhost CVE-2018-10645 (Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM ...) - TODO: check + NOT-FOR-US: Golden Frog VyprVPN CVE-2018-10644 RESERVED CVE-2018-10643 RESERVED CVE-2018-10642 (Command injection vulnerability in Combodo iTop 2.4.1 allows remote ...) - TODO: check + NOT-FOR-US: Combodo iTop CVE-2018-10641 RESERVED CVE-2018-10640 @@ -167,7 +167,7 @@ CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200 de CVE-2018-10574 (site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows ...) NOT-FOR-US: BigTree CMS CVE-2018-1000172 (Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross ...) - TODO: check + NOT-FOR-US: Imagely NextGEN Gallery CVE-2018-10573 (interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote ...) NOT-FOR-US: OpenEMR CVE-2018-10572 (interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote ...) @@ -252,7 +252,7 @@ CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.2 NOTE: Fixed in 5.6.35, 7.0.29, 7.1.16, 7.2.4 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75605 CVE-2018-10544 (Meross MSS110 devices through 1.1.24 contain an unauthenticated ...) - TODO: check + NOT-FOR-US: Meross MSS110 CVE-2018-10543 RESERVED CVE-2018-10542 @@ -522,7 +522,7 @@ CVE-2018-10434 CVE-2018-10433 RESERVED CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has allowed ...) - TODO: check + NOT-FOR-US: Blackboard Learn CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...) - xen NOTE: https://xenbits.xen.org/xsa/advisory-259.html @@ -914,17 +914,17 @@ CVE-2018-10262 CVE-2018-10261 RESERVED CVE-2018-10260 (A Local File Inclusion vulnerability was found in HRSALE The Ultimate ...) - TODO: check + NOT-FOR-US: HRSALE CVE-2018-10259 (An Authenticated Stored XSS vulnerability was found in HRSALE The ...) - TODO: check + NOT-FOR-US: HRSALE CVE-2018-10258 (A CSV Injection vulnerability was discovered in Shopy Point of Sale ...) - TODO: check + NOT-FOR-US: Shopy CVE-2018-10257 (A CSV Injection vulnerability was discovered in HRSALE The Ultimate ...) - TODO: check + NOT-FOR-US: HRSALE CVE-2018-10256 (A SQL Injection vulnerability was discovered in HRSALE The Ultimate ...) - TODO: check + NOT-FOR-US: HRSALE CVE-2018-10255 (A CSV Injection vulnerability was discovered in clustercoding Blog ...) - TODO: check + NOT-FOR-US: clustercoding CVE-2018-10254 (Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the ...) - nasm (bug #896523) [stretch] - nasm (Minor issue) @@ -4095,7 +4095,7 @@ CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmwar CVE-2018-8940 RESERVED CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold ...) - TODO: check + NOT-FOR-US: Ipswitch CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in ...) TODO: check CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...) @@ -6521,7 +6521,7 @@ CVE-2018-7903 CVE-2018-7902 RESERVED CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ...) - TODO: check + NOT-FOR-US: Huawei CVE-2018-7900 RESERVED CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones ...) @@ -88346,6 +88346,7 @@ CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn ...) - hadoop (bug #793644) NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2 + NOTE: CVE ID will be moved to something CVE-2018- CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site ...) - activemq 5.14.2+dfsg-1 (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670 View it on GitLab: https://salsa.debian
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4db381b by security tracker role at 2018-05-02T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,41 @@ +CVE-2018-10656 + RESERVED +CVE-2018-10655 + RESERVED +CVE-2018-10654 + RESERVED +CVE-2018-10653 + RESERVED +CVE-2018-10652 + RESERVED +CVE-2018-10651 + RESERVED +CVE-2018-10650 + RESERVED +CVE-2018-10649 + RESERVED +CVE-2018-10648 + RESERVED +CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation ...) + TODO: check +CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege ...) + TODO: check +CVE-2018-10645 (Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM ...) + TODO: check +CVE-2018-10644 + RESERVED +CVE-2018-10643 + RESERVED +CVE-2018-10642 (Command injection vulnerability in Combodo iTop 2.4.1 allows remote ...) + TODO: check +CVE-2018-10641 + RESERVED +CVE-2018-10640 + RESERVED +CVE-2018-10639 + RESERVED +CVE-2018-10638 + RESERVED CVE-2018-10637 RESERVED CVE-2018-10636 @@ -213,8 +251,8 @@ CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.2 - php5 NOTE: Fixed in 5.6.35, 7.0.29, 7.1.16, 7.2.4 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75605 -CVE-2018-10544 - RESERVED +CVE-2018-10544 (Meross MSS110 devices through 1.1.24 contain an unauthenticated ...) + TODO: check CVE-2018-10543 RESERVED CVE-2018-10542 @@ -11196,8 +11234,8 @@ CVE-2018-6403 RESERVED CVE-2018-6402 RESERVED -CVE-2018-6401 - RESERVED +CVE-2018-6401 (Meross MSS110 devices before 1.1.24 contain a TELNET listener providing ...) + TODO: check CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain ...) NOT-FOR-US: Kingsoft WPS Office Free CVE-2018-6399 @@ -11678,8 +11716,8 @@ CVE-2018-6244 RESERVED CVE-2018-6243 RESERVED -CVE-2018-6242 - RESERVED +CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contain a ...) + TODO: check CVE-2018-6241 RESERVED CVE-2018-6240 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4db381b855655ee7cdb01271b661440df3b0f76 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4db381b855655ee7cdb01271b661440df3b0f76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take jackson-databind in dsa-needed
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker Commits: 21daddeb by Sébastien Delafond at 2018-05-02T09:07:11+02:00 Take jackson-databind in dsa-needed - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -34,7 +34,7 @@ graphicsmagick imagemagick Wait until more issues have piled up -- -jackson-databind +jackson-databind (seb) Markus Koschany proposed debdiff -- knot-resolver View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21daddeb0434c1873492bf2597c85c4577f78d3c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21daddeb0434c1873492bf2597c85c4577f78d3c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Record fixes for icinga2 via experimental
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 501c45c2 by Salvatore Bonaccorso at 2018-05-02T09:02:07+02:00 Record fixes for icinga2 via experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -10767,11 +10767,13 @@ CVE-2018-6538 CVE-2018-6537 (A buffer overflow vulnerability in the control protocol of Flexense ...) NOT-FOR-US: Flexense SyncBreeze Enterprise CVE-2018-6536 (An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates ...) + [experimental] - icinga2 2.8.4-1~exp1 - icinga2 [stretch] - icinga2 (Minor issue) [jessie] - icinga2 (Minor issue) NOTE: https://github.com/Icinga/icinga2/issues/5991 CVE-2018-6535 (An issue was discovered in Icinga 2.x through 2.8.1. The lack of a ...) + [experimental] - icinga2 2.8.4-1~exp1 - icinga2 (low; bug #897301) [stretch] - icinga2 (Minor issue) [jessie] - icinga2 (Minor issue) @@ -10779,12 +10781,14 @@ CVE-2018-6535 (An issue was discovered in Icinga 2.x through 2.8.1. The lack of NOTE: https://github.com/Icinga/icinga2/pull/5715 NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3 CVE-2018-6534 (An issue was discovered in Icinga 2.x through 2.8.1. By sending ...) + [experimental] - icinga2 2.8.4-1~exp1 - icinga2 (low; bug #897301) [stretch] - icinga2 (Minor issue) [jessie] - icinga2 (Minor issue) NOTE: https://github.com/Icinga/icinga2/pull/6104 NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3 CVE-2018-6533 (An issue was discovered in Icinga 2.x through 2.8.1. By editing the ...) + [experimental] - icinga2 2.8.4-1~exp1 - icinga2 (low; bug #897301) [stretch] - icinga2 (Minor issue) [jessie] - icinga2 (Minor issue) @@ -10793,6 +10797,7 @@ CVE-2018-6533 (An issue was discovered in Icinga 2.x through 2.8.1. By editing t NOTE: init.conf to support run-time reconfiguration of an account is NOTE: design flaw". CVE-2018-6533 larger issue than CVE-2017-16933. CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending ...) + [experimental] - icinga2 2.8.4-1~exp1 - icinga2 (low) [stretch] - icinga2 (Minor issue) [jessie] - icinga2 (Minor issue) @@ -29246,6 +29251,7 @@ CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs contai CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execute ...) NOT-FOR-US: DBL DBLTek devices CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown ...) + [experimental] - icinga2 2.8.4-1~exp1 - icinga2 (low; bug #883247) [stretch] - icinga2 (Minor issue) [jessie] - icinga2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/501c45c21d0c722fb2df77aed4f4f53fd5c39539 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/501c45c21d0c722fb2df77aed4f4f53fd5c39539 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixing version for CVE-2018-1308 of unstable upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac75cf3c by Salvatore Bonaccorso at 2018-05-02T09:00:23+02:00
Add fixing version for CVE-2018-1308 of unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -25115,7 +25115,7 @@ CVE-2018-1309
RESERVED
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to
7.2.1 ...)
{DLA-1360-1}
- - lucene-solr (bug #896604)
+ - lucene-solr 3.6.2+dfsg-12 (bug #896604)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/3
NOTE: https://issues.apache.org/jira/browse/SOLR-11971
NOTE: master:
http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/02c693f3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac75cf3cabfc4a9963894cb026d231cfd17f2ea7
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac75cf3cabfc4a9963894cb026d231cfd17f2ea7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2017-6888/flac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b6550f4 by Salvatore Bonaccorso at 2018-05-02T08:59:09+02:00 Add fixed version for CVE-2017-6888/flac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -60480,7 +60480,7 @@ CVE-2017-6890 (A boundary error within the "foveon_load_camf()" functi CVE-2017-6889 (An integer overflow error within the "foveon_load_camf()" function ...) NOT-FOR-US: libraw demosaic extension (not packaged in Debian) CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()" function ...) - - flac (low; bug #897015) + - flac 1.3.2-2 (low; bug #897015) [stretch] - flac (Minor issue) [jessie] - flac (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b6550f4235621e488af2af5aceeddfbfad8b927 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b6550f4235621e488af2af5aceeddfbfad8b927 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
