[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aee4b384 by Salvatore Bonaccorso at 2018-05-06T00:15:02+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action ...) - TODO: check + NOT-FOR-US: Datenstrom Yellow CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant ...) - TODO: check + NOT-FOR-US: CSP MySQL User Manager CVE-2018-10756 RESERVED CVE-2018-10755 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee4b384c9b37d77c97d003058498006ea7c4d69 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee4b384c9b37d77c97d003058498006ea7c4d69 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark CVE-2018-10753 as no-dsa for Wheezy
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: c898e2ea by Thorsten Alteholz at 2018-05-05T22:53:53+02:00 mark CVE-2018-10753 as no-dsa for Wheezy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -14,6 +14,7 @@ CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in mu - abcm2ps (bug #897966) [stretch] - abcm2ps (Minor issue) [jessie] - abcm2ps (Minor issue) + [wheezy] - abcm2ps (Minor issue) NOTE: https://github.com/leesavide/abcm2ps/issues/16 NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c898e2ea0d1f3aa1648e8fbb79e12153a5d738ba --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c898e2ea0d1f3aa1648e8fbb79e12153a5d738ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Prepare DSA release for wordpress
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f11cf7e by Salvatore Bonaccorso at 2018-05-05T22:41:50+02:00 Prepare DSA release for wordpress - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -98,7 +98,7 @@ vlc (jmm) -- wavpack (jmm) -- -wordpress +wordpress (carnil) Craig Small prepared update for stretch-security Craig Small and Markus Koschany working on jessie-security update, needs debdiff review -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f11cf7e995cd44400facbf4088a77e11c789789 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f11cf7e995cd44400facbf4088a77e11c789789 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aea68a32 by security tracker role at 2018-05-05T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,11 @@ +CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action ...) + TODO: check +CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant ...) + TODO: check +CVE-2018-10756 + RESERVED +CVE-2018-10755 + RESERVED CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...) - ncurses NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aea68a3215f8d113cdc8c367c728812097179161 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aea68a3215f8d113cdc8c367c728812097179161 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note for packagekit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea18a527 by Salvatore Bonaccorso at 2018-05-05T21:30:43+02:00 Add note for packagekit - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -62,6 +62,7 @@ openjdk-7/oldstable (jmm) openjpeg2 (luciano) -- packagekit + Matthias Klumpp (mak) proposed debdiff for CVE-2018-1106 -- passenger/stable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea18a527c02f4bff40ed55cb86a67a73b9a5823d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea18a527c02f4bff40ed55cb86a67a73b9a5823d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2006-721{6,7}/derby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34cd2e0c by Salvatore Bonaccorso at 2018-05-05T21:24:08+02:00
Update information on CVE-2006-721{6,7}/derby
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -265372,9 +265372,11 @@ CVE-2006-7219 (eZ publish before 3.8.5 does not
properly enforce permissions for
CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions
for ...)
- ezpublish (Debian's version is too old)
CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema
privilege ...)
- - derby
+ - derby (Fixed before initial upload to Debian)
+ NOTE: http://issues.apache.org/jira/browse/DERBY-1858
CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege
requirements ...)
- - derby
+ - derby (Fixed before initial upload to Debian)
+ NOTE: http://issues.apache.org/jira/browse/DERBY-1708
CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop
...)
NOT-FOR-US: Intel processor
CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive
information ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34cd2e0cdf00abfd28b9e456d550566651ca7633
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34cd2e0cdf00abfd28b9e456d550566651ca7633
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add information on CVE-2009-4269/derby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0539c0da by Salvatore Bonaccorso at 2018-05-05T21:22:40+02:00
Add information on CVE-2009-4269/derby
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -227827,7 +227827,8 @@ CVE-2009-4270 (Stack-based buffer overflow in the
errprintf function in base/gsm
{DSA-2080-1}
- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
CVE-2009-4269 (The password hash generation algorithm in the BUILTIN
authentication ...)
- - derby
+ - derby (Fixed before initial upload to Debian)
+ NOTE: https://issues.apache.org/jira/browse/DERBY-4483
CVE-2009-4268
REJECTED
CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line
feeds, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0539c0dafeff103ef9378db58735de5238a99abb
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0539c0dafeff103ef9378db58735de5238a99abb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update some older NFUs in Apache Derby to track the derby source package
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8abb2dc0 by Salvatore Bonaccorso at 2018-05-05T17:11:56+02:00
Update some older NFUs in Apache Derby to track the derby source package
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -130750,7 +130750,7 @@ CVE-2015-1833 (XML external entity (XXE)
vulnerability in Apache Jackrabbit befo
- jackrabbit 2.10.1-1 (bug #787316)
NOTE: https://issues.apache.org/jira/browse/JCR-3883
CVE-2015-1832 (XML external entity (XXE) vulnerability in the SqlXmlUtil code
in ...)
- NOT-FOR-US: Apache Derby
+ - derby
CVE-2015-1831 (The default exclude patterns (excludeParams) in Apache Struts
2.3.20 ...)
- libstruts1.2-java (Affects only 2.3.20)
NOTE: https://struts.apache.org/docs/s2-024.html
@@ -220387,7 +220387,7 @@ CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and
3.9.2 on 64-bit platforms, as
- tiff3 (fixed prior to initial upload)
[lenny] - tiff (Only affects 3.9.x)
CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3,
Export ...)
- NOT-FOR-US: Apache Derby
+ - derby
CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...)
{DSA-2115-1}
- moodle 1.9.9-1 (bug #586280)
@@ -227822,7 +227822,7 @@ CVE-2009-4270 (Stack-based buffer overflow in the
errprintf function in base/gsm
{DSA-2080-1}
- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
CVE-2009-4269 (The password hash generation algorithm in the BUILTIN
authentication ...)
- NOT-FOR-US: Apache Derby
+ - derby
CVE-2009-4268
REJECTED
CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line
feeds, ...)
@@ -265366,9 +265366,9 @@ CVE-2006-7219 (eZ publish before 3.8.5 does not
properly enforce permissions for
CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions
for ...)
- ezpublish (Debian's version is too old)
CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema
privilege ...)
- NOT-FOR-US: Apache Derby
+ - derby
CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege
requirements ...)
- NOT-FOR-US: Apache Derby
+ - derby
CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop
...)
NOT-FOR-US: Intel processor
CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive
information ...)
@@ -265392,7 +265392,7 @@ CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before
20050722 applies certain ...)
CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit
and ...)
- ezpublish (bug #424790)
CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2)
password ...)
- NOT-FOR-US: Apache Derby
+ - derby
CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding,
which ...)
- matrixssl 1.1-1
CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an
indefinitely ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8abb2dc0a3f9c2e7078f83c9c2102f8b682c8f4f
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8abb2dc0a3f9c2e7078f83c9c2102f8b682c8f4f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10017 as proposed for stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b59c990 by Salvatore Bonaccorso at 2018-05-05T14:31:33+02:00 Add CVE-2018-10017 as proposed for stretch-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -89,3 +89,5 @@ CVE-2017-9256 [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 CVE-2017-9257 [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 +CVE-2018-10017 + [stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b59c990e3574b38abfa2ee5f16b0fb913415537 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b59c990e3574b38abfa2ee5f16b0fb913415537 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 976a90ed by Salvatore Bonaccorso at 2018-05-05T13:21:07+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3364,7 +3364,7 @@ CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in - exiv2 (Vulnerable code introduced after 0.26) NOTE: https://github.com/Exiv2/exiv2/issues/262 CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in ...) - TODO: check + NOT-FOR-US: Cockpit CMS (different from src:cockpit) CVE-2018-9301 RESERVED CVE-2018-9300 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/976a90edb099a2e00c84cfec0149a108c717c2c0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/976a90edb099a2e00c84cfec0149a108c717c2c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10753/abcm2ps
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d89756fc by Salvatore Bonaccorso at 2018-05-05T10:51:35+02:00 Add CVE-2018-10753/abcm2ps - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3,7 +3,9 @@ CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Derefere NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575 NOTE: https://invisible-island.net/ncurses/NEWS.html#t20180414 CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...) - TODO: check + - abcm2ps + NOTE: https://github.com/leesavide/abcm2ps/issues/16 + NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...) NOT-FOR-US: Tagregator plugin for WordPress CVE-2018-10751 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d89756fcc2b89eefda2051e42d62490fbf56b4b0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d89756fcc2b89eefda2051e42d62490fbf56b4b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1372-1 for libdatetime-timezone-perl
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: b8306b69 by Emilio Pozuelo Monfort at 2018-05-05T10:32:28+02:00 Reserve DLA-1372-1 for libdatetime-timezone-perl - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,5 @@ +[05 May 2018] DLA-1372-1 libdatetime-timezone-perl - new upstream version + [wheezy] - libdatetime-timezone-perl 1:1.58-1+2018e [05 May 2018] DLA-1371-1 tzdata - new upstream version [wheezy] - tzdata 2018e-0+deb7u1 [04 May 2018] DLA-1370-1 quassel - security update = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -48,8 +48,6 @@ libav (Hugo Lefeuvre) -- libmad (Kurt Roeckx) -- -libdatetime-timezone-perl (Emilio Pozuelo) --- linux -- ming (Hugo Lefeuvre) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8306b6914db28c4528d75f51abd02b7a9fab403 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8306b6914db28c4528d75f51abd02b7a9fab403 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1371-1 for tzdata
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
034b9cf2 by Emilio Pozuelo Monfort at 2018-05-05T10:31:51+02:00
Reserve DLA-1371-1 for tzdata
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,5 @@
+[05 May 2018] DLA-1371-1 tzdata - new upstream version
+ [wheezy] - tzdata 2018e-0+deb7u1
[04 May 2018] DLA-1370-1 quassel - security update
{CVE-2018-1000178}
[wheezy] - quassel 0.8.0-1+deb7u4
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -68,7 +68,5 @@ tiff (Hugo Lefeuvre)
--
tiff3 (Hugo Lefeuvre)
--
-tzdata (Emilio Pozuelo)
---
wireshark (Thorsten Alteholz)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/034b9cf20e9f590841578ff2479410259f83b220
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/034b9cf20e9f590841578ff2479410259f83b220
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10754/ncurses
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 87d2ee77 by Salvatore Bonaccorso at 2018-05-05T10:22:22+02:00 Add CVE-2018-10754/ncurses - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,7 @@ CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...) - TODO: check + - ncurses + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575 + NOTE: https://invisible-island.net/ncurses/NEWS.html#t20180414 CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...) TODO: check CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/87d2ee77b6310f1c10780117cee5758d4d40b651 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/87d2ee77b6310f1c10780117cee5758d4d40b651 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ac58c53 by security tracker role at 2018-05-05T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in ...)
+ TODO: check
+CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in
music.c ...)
+ TODO: check
+CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the
title ...)
+ TODO: check
+CVE-2018-10751
+ RESERVED
CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An
...)
NOT-FOR-US: D-Link
CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An
...)
@@ -1162,8 +1170,8 @@ CVE-2018-10253 (Paessler PRTG Network Monitor before
18.1.39.1648 mishandles sta
NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2018-10252
RESERVED
-CVE-2018-10251
- RESERVED
+CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440,
ES440, and ...)
+ TODO: check
CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in
a ...)
NOT-FOR-US: iCMS
CVE-2018-10249 (baijiacms V3 has CSRF via ...)
@@ -1212,8 +1220,8 @@ CVE-2018-10231
RESERVED
CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka
ZSR-2455. ...)
NOT-FOR-US: Zend Server
-CVE-2018-10229
- RESERVED
+CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows
attackers to ...)
+ TODO: check
CVE-2018-10228
RESERVED
CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link
parameter. ...)
@@ -3760,8 +3768,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered on
AXIS P1354 (IP camera)
NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT
Professional ...)
NOT-FOR-US: Open-AudIT Professional
-CVE-2018-9154
- RESERVED
+CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot
in ...)
+ TODO: check
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote
attackers ...)
NOT-FOR-US: Z-BlogPHP
CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in
kernel/events/core.c ...)
@@ -35581,8 +35589,8 @@ CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer
over-read in fill_buffer in
NOTE: severity:unimportant for stretch onwards, but we don't have
suite-specific severity annotations
CVE-2017-15044 (The default installation of DocuWare Fulltext Search server
through ...)
NOT-FOR-US: DocuWare Fulltext Search server
-CVE-2017-15043
- RESERVED
+CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440,
ES440, and ...)
+ TODO: check
CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and
1.9.x ...)
- golang-1.9 1.9.1-1
- golang-1.8 1.8.4-1
@@ -55572,17 +55580,20 @@ CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an
authenticated comment that
CVE-2017-8375
RESERVED
CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad
0.15.1b ...)
+ {DSA-4192-1}
- libmad 0.15.1b-9
NOTE:
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
NOTE: The patch from #508133 fixed things related to this, but did not
fix this.
NOTE: Patch in 0.15.1b-9:
libmad-0.15.1b/debian/patches/length-check.patch
CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad
0.15.1b ...)
+ {DSA-4192-1}
- libmad 0.15.1b-9 (bug #287519)
NOTE:
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed
it
NOTE: "Duplicate with"/basically same as CVE-2017-8372
NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad
0.15.1b, ...)
+ {DSA-4192-1}
- libmad 0.15.1b-9 (bug #287519)
NOTE:
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed
it
@@ -174952,8 +174963,7 @@ CVE-2013-2234 (The (1) key_notify_sa_flush and (2)
key_notify_policy_flush funct
{DSA-2766-1 DSA-2745-1}
- linux-2.6
- linux 3.10.1-1
-CVE-2013-2233 [not caching SSH host keys]
- RESERVED
+CVE-2013-2233 (Ansible before 1.2.1 makes it easier for remote attackers to
conduct ...)
- ansible 1.3.4+dfsg-1 (bug #714822)
NOTE: https://github.com/ansible/ansible/issues/857
