[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aee4b384 by Salvatore Bonaccorso at 2018-05-06T00:15:02+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action ...) - TODO: check + NOT-FOR-US: Datenstrom Yellow CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant ...) - TODO: check + NOT-FOR-US: CSP MySQL User Manager CVE-2018-10756 RESERVED CVE-2018-10755 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee4b384c9b37d77c97d003058498006ea7c4d69 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee4b384c9b37d77c97d003058498006ea7c4d69 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark CVE-2018-10753 as no-dsa for Wheezy
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: c898e2ea by Thorsten Alteholz at 2018-05-05T22:53:53+02:00 mark CVE-2018-10753 as no-dsa for Wheezy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -14,6 +14,7 @@ CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in mu - abcm2ps (bug #897966) [stretch] - abcm2ps (Minor issue) [jessie] - abcm2ps (Minor issue) + [wheezy] - abcm2ps (Minor issue) NOTE: https://github.com/leesavide/abcm2ps/issues/16 NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c898e2ea0d1f3aa1648e8fbb79e12153a5d738ba --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c898e2ea0d1f3aa1648e8fbb79e12153a5d738ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Prepare DSA release for wordpress
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f11cf7e by Salvatore Bonaccorso at 2018-05-05T22:41:50+02:00 Prepare DSA release for wordpress - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -98,7 +98,7 @@ vlc (jmm) -- wavpack (jmm) -- -wordpress +wordpress (carnil) Craig Small prepared update for stretch-security Craig Small and Markus Koschany working on jessie-security update, needs debdiff review -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f11cf7e995cd44400facbf4088a77e11c789789 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f11cf7e995cd44400facbf4088a77e11c789789 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aea68a32 by security tracker role at 2018-05-05T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,11 @@ +CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action ...) + TODO: check +CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant ...) + TODO: check +CVE-2018-10756 + RESERVED +CVE-2018-10755 + RESERVED CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...) - ncurses NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aea68a3215f8d113cdc8c367c728812097179161 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aea68a3215f8d113cdc8c367c728812097179161 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note for packagekit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea18a527 by Salvatore Bonaccorso at 2018-05-05T21:30:43+02:00 Add note for packagekit - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -62,6 +62,7 @@ openjdk-7/oldstable (jmm) openjpeg2 (luciano) -- packagekit + Matthias Klumpp (mak) proposed debdiff for CVE-2018-1106 -- passenger/stable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea18a527c02f4bff40ed55cb86a67a73b9a5823d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea18a527c02f4bff40ed55cb86a67a73b9a5823d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2006-721{6,7}/derby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 34cd2e0c by Salvatore Bonaccorso at 2018-05-05T21:24:08+02:00 Update information on CVE-2006-721{6,7}/derby - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -265372,9 +265372,11 @@ CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...) - ezpublish (Debian's version is too old) CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...) - - derby + - derby (Fixed before initial upload to Debian) + NOTE: http://issues.apache.org/jira/browse/DERBY-1858 CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...) - - derby + - derby (Fixed before initial upload to Debian) + NOTE: http://issues.apache.org/jira/browse/DERBY-1708 CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...) NOT-FOR-US: Intel processor CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34cd2e0cdf00abfd28b9e456d550566651ca7633 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34cd2e0cdf00abfd28b9e456d550566651ca7633 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add information on CVE-2009-4269/derby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0539c0da by Salvatore Bonaccorso at 2018-05-05T21:22:40+02:00 Add information on CVE-2009-4269/derby - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -227827,7 +227827,8 @@ CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsm {DSA-2080-1} - ghostscript 8.70~dfsg-2.1 (medium; bug #562643) CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...) - - derby + - derby (Fixed before initial upload to Debian) + NOTE: https://issues.apache.org/jira/browse/DERBY-4483 CVE-2009-4268 REJECTED CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line feeds, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0539c0dafeff103ef9378db58735de5238a99abb --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0539c0dafeff103ef9378db58735de5238a99abb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update some older NFUs in Apache Derby to track the derby source package
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8abb2dc0 by Salvatore Bonaccorso at 2018-05-05T17:11:56+02:00 Update some older NFUs in Apache Derby to track the derby source package - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -130750,7 +130750,7 @@ CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit befo - jackrabbit 2.10.1-1 (bug #787316) NOTE: https://issues.apache.org/jira/browse/JCR-3883 CVE-2015-1832 (XML external entity (XXE) vulnerability in the SqlXmlUtil code in ...) - NOT-FOR-US: Apache Derby + - derby CVE-2015-1831 (The default exclude patterns (excludeParams) in Apache Struts 2.3.20 ...) - libstruts1.2-java (Affects only 2.3.20) NOTE: https://struts.apache.org/docs/s2-024.html @@ -220387,7 +220387,7 @@ CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as - tiff3 (fixed prior to initial upload) [lenny] - tiff (Only affects 3.9.x) CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export ...) - NOT-FOR-US: Apache Derby + - derby CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...) {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) @@ -227822,7 +227822,7 @@ CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsm {DSA-2080-1} - ghostscript 8.70~dfsg-2.1 (medium; bug #562643) CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...) - NOT-FOR-US: Apache Derby + - derby CVE-2009-4268 REJECTED CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line feeds, ...) @@ -265366,9 +265366,9 @@ CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...) - ezpublish (Debian's version is too old) CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...) - NOT-FOR-US: Apache Derby + - derby CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...) - NOT-FOR-US: Apache Derby + - derby CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...) NOT-FOR-US: Intel processor CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...) @@ -265392,7 +265392,7 @@ CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...) CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...) - ezpublish (bug #424790) CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...) - NOT-FOR-US: Apache Derby + - derby CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...) - matrixssl 1.1-1 CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8abb2dc0a3f9c2e7078f83c9c2102f8b682c8f4f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8abb2dc0a3f9c2e7078f83c9c2102f8b682c8f4f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10017 as proposed for stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b59c990 by Salvatore Bonaccorso at 2018-05-05T14:31:33+02:00 Add CVE-2018-10017 as proposed for stretch-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -89,3 +89,5 @@ CVE-2017-9256 [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 CVE-2017-9257 [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2018-10017 + [stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b59c990e3574b38abfa2ee5f16b0fb913415537 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b59c990e3574b38abfa2ee5f16b0fb913415537 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 976a90ed by Salvatore Bonaccorso at 2018-05-05T13:21:07+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3364,7 +3364,7 @@ CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in - exiv2 (Vulnerable code introduced after 0.26) NOTE: https://github.com/Exiv2/exiv2/issues/262 CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in ...) - TODO: check + NOT-FOR-US: Cockpit CMS (different from src:cockpit) CVE-2018-9301 RESERVED CVE-2018-9300 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/976a90edb099a2e00c84cfec0149a108c717c2c0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/976a90edb099a2e00c84cfec0149a108c717c2c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10753/abcm2ps
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d89756fc by Salvatore Bonaccorso at 2018-05-05T10:51:35+02:00 Add CVE-2018-10753/abcm2ps - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3,7 +3,9 @@ CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Derefere NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575 NOTE: https://invisible-island.net/ncurses/NEWS.html#t20180414 CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...) - TODO: check + - abcm2ps + NOTE: https://github.com/leesavide/abcm2ps/issues/16 + NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...) NOT-FOR-US: Tagregator plugin for WordPress CVE-2018-10751 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d89756fcc2b89eefda2051e42d62490fbf56b4b0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d89756fcc2b89eefda2051e42d62490fbf56b4b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1372-1 for libdatetime-timezone-perl
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: b8306b69 by Emilio Pozuelo Monfort at 2018-05-05T10:32:28+02:00 Reserve DLA-1372-1 for libdatetime-timezone-perl - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,5 @@ +[05 May 2018] DLA-1372-1 libdatetime-timezone-perl - new upstream version + [wheezy] - libdatetime-timezone-perl 1:1.58-1+2018e [05 May 2018] DLA-1371-1 tzdata - new upstream version [wheezy] - tzdata 2018e-0+deb7u1 [04 May 2018] DLA-1370-1 quassel - security update = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -48,8 +48,6 @@ libav (Hugo Lefeuvre) -- libmad (Kurt Roeckx) -- -libdatetime-timezone-perl (Emilio Pozuelo) --- linux -- ming (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8306b6914db28c4528d75f51abd02b7a9fab403 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8306b6914db28c4528d75f51abd02b7a9fab403 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1371-1 for tzdata
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 034b9cf2 by Emilio Pozuelo Monfort at 2018-05-05T10:31:51+02:00 Reserve DLA-1371-1 for tzdata - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,5 @@ +[05 May 2018] DLA-1371-1 tzdata - new upstream version + [wheezy] - tzdata 2018e-0+deb7u1 [04 May 2018] DLA-1370-1 quassel - security update {CVE-2018-1000178} [wheezy] - quassel 0.8.0-1+deb7u4 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -68,7 +68,5 @@ tiff (Hugo Lefeuvre) -- tiff3 (Hugo Lefeuvre) -- -tzdata (Emilio Pozuelo) --- wireshark (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/034b9cf20e9f590841578ff2479410259f83b220 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/034b9cf20e9f590841578ff2479410259f83b220 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10754/ncurses
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 87d2ee77 by Salvatore Bonaccorso at 2018-05-05T10:22:22+02:00 Add CVE-2018-10754/ncurses - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,7 @@ CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...) - TODO: check + - ncurses + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575 + NOTE: https://invisible-island.net/ncurses/NEWS.html#t20180414 CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...) TODO: check CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/87d2ee77b6310f1c10780117cee5758d4d40b651 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/87d2ee77b6310f1c10780117cee5758d4d40b651 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ac58c53 by security tracker role at 2018-05-05T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,11 @@ +CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...) + TODO: check +CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...) + TODO: check +CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...) + TODO: check +CVE-2018-10751 + RESERVED CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...) NOT-FOR-US: D-Link CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...) @@ -1162,8 +1170,8 @@ CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles sta NOT-FOR-US: Paessler PRTG Network Monitor CVE-2018-10252 RESERVED -CVE-2018-10251 - RESERVED +CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and ...) + TODO: check CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a ...) NOT-FOR-US: iCMS CVE-2018-10249 (baijiacms V3 has CSRF via ...) @@ -1212,8 +1220,8 @@ CVE-2018-10231 RESERVED CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. ...) NOT-FOR-US: Zend Server -CVE-2018-10229 - RESERVED +CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to ...) + TODO: check CVE-2018-10228 RESERVED CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...) @@ -3760,8 +3768,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) NOT-FOR-US: AXIS CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT Professional ...) NOT-FOR-US: Open-AudIT Professional -CVE-2018-9154 - RESERVED +CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in ...) + TODO: check CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...) NOT-FOR-US: Z-BlogPHP CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...) @@ -35581,8 +35589,8 @@ CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-15044 (The default installation of DocuWare Fulltext Search server through ...) NOT-FOR-US: DocuWare Fulltext Search server -CVE-2017-15043 - RESERVED +CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and ...) + TODO: check CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x ...) - golang-1.9 1.9.1-1 - golang-1.8 1.8.4-1 @@ -55572,17 +55580,20 @@ CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that CVE-2017-8375 RESERVED CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b ...) + {DSA-4192-1} - libmad 0.15.1b-9 NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/ NOTE: The patch from #508133 fixed things related to this, but did not fix this. NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...) + {DSA-4192-1} - libmad 0.15.1b-9 (bug #287519) NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/ NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it NOTE: "Duplicate with"/basically same as CVE-2017-8372 NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...) + {DSA-4192-1} - libmad 0.15.1b-9 (bug #287519) NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/ NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it @@ -174952,8 +174963,7 @@ CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush funct {DSA-2766-1 DSA-2745-1} - linux-2.6 - linux 3.10.1-1 -CVE-2013-2233 [not caching SSH host keys] - RESERVED +CVE-2013-2233 (Ansible before 1.2.1 makes it easier for remote attackers to conduct ...) - ansible 1.3.4+dfsg-1 (bug #714822) NOTE: https://github.com/ansible/ansible/issues/857