date:20180522

[Git][security-tracker-team/security-tracker][master] Add new wireshark issues, all need to be closer checked

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fe61f23f by Salvatore Bonaccorso at 2018-05-23T08:57:00+02:00
Add new wireshark issues, all need to be closer checked

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -81,22 +81,62 @@ CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 
2018-04-09 has a heap-bas
NOT-FOR-US: PDFGen
 CVE-2018-11362
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-25.html
+   TODO: check, only 2.6.0 affected?
 CVE-2018-11361
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b52f9929238ce3948ec924ae4f9456b5e9df558
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-32.html
+   TODO: check, only 2.6.0 affected?
 CVE-2018-11360
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-30.html
 CVE-2018-11359
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-33.html
 CVE-2018-11358
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ccb1ac3c8cec47fbbbf2e80ced80644005c65252
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-31.html
 CVE-2018-11357
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ab8a33ef083b9732c89117747a83a905a676faf6
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-28.html
 CVE-2018-11356
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4425716ddba99374749bd033d9bc0f4add2fb973
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-29.html
 CVE-2018-11355
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99d27a5fd2c540f837154aca3b3647f5ccfa0c33
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-27.html
+   TODO: check, only 2.6.0 affected?
 CVE-2018-11354
RESERVED
+   - wireshark 
+   NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647
+   NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb517a4a434387e74a2f75ebb106ee3c3893251c
+   NOTE: https://www.wireshark.org/security/wnpa-sec-2018-26.html
+   TODO: check, only 2.6.0 affected?
 CVE-2018-11353
RESERVED
 CVE-2018-11352



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe61f23f95662b0451a4b56733846b7fe5023eca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe61f23f95662b0451a4b56733846b7fe5023eca
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt : santiago will prepare a libidn update

2018-05-22 Thread Santiago R.R.

Santiago R.R. pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b1ce1b68 by Santiago R.R at 2018-05-23T07:04:41+02:00
data/dsa-needed.txt : santiago will prepare a libidn update

Signed-off-by: Santiago R.R 

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -36,6 +36,7 @@ libav/oldstable
   We can ship the next libav 11.x point release when available
 --
 libidn
+  santiago will prepare update
 --
 linux
   Wait until more issues have piled up



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1ce1b681d6108338afbe1d11df8d0a1bae11876

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1ce1b681d6108338afbe1d11df8d0a1bae11876
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1136{4,5}/r-cran-haven

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
20dc99af by Salvatore Bonaccorso at 2018-05-23T06:34:38+02:00
Add bug reference for CVE-2018-1136{4,5}/r-cran-haven

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -74,9 +74,9 @@ CVE-2018-11367 (An issue was discovered in CppCMS before 
1.2.1. There is a denia
 CVE-2018-11366 (init.php in the Loginizer plugin 1.3.8 through 1.3.9 for 
WordPress has ...)
NOT-FOR-US: Wordpress plugin
 CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 
0.1.1 has an ...)
-   - r-cran-haven  (low)
+   - r-cran-haven  (low; bug #899335)
 CVE-2018-11364 (sav_parse_machine_integer_info_record in 
spss/readstat_sav_read.c in ...)
-   - r-cran-haven  (low)
+   - r-cran-haven  (low; bug #899335)
 CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a 
heap-based ...)
NOT-FOR-US: PDFGen
 CVE-2018-11362



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/20dc99af8eb8ea395c52bcf1082b5ebf1151db1e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/20dc99af8eb8ea395c52bcf1082b5ebf1151db1e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-5698

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9e279f95 by Salvatore Bonaccorso at 2018-05-23T06:26:59+02:00
Add references for CVE-2018-5698

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15412,6 +15412,8 @@ CVE-2017-18031
RESERVED
 CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based 
buffer ...)
- r-cran-haven 1.1.1-1
+   NOTE: https://github.com/WizardMac/ReadStat/issues/108
+   NOTE: 
https://github.com/WizardMac/ReadStat/commit/79793dba3b665ff037ca60140441a6679a8971cf
 CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove 
request to ...)
NOT-FOR-US: Icy Phoenix
 CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL 
injection ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e279f95a0156e341ed6a6cba1cbf211caa86b1c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e279f95a0156e341ed6a6cba1cbf211caa86b1c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed.txt: xdg-utils (luciano)

2018-05-22 Thread Luciano Bello

Luciano Bello pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8e281ab3 by Luciano Bello at 2018-05-22T22:07:51-04:00
dsa-needed.txt: xdg-utils (luciano)

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -83,7 +83,9 @@ tomcat7/oldstable
 tomcat8 (seb)
   2018-04-11: Emmanuel Bourg submitted a debdiff
 --
-zendframework/oldstable
+xdg-utils (luciano)
 --
 xen
 --
+zendframework/oldstable
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e281ab3b77f5ca2b9cec5da4ee77c871d0b47cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e281ab3b77f5ca2b9cec5da4ee77c871d0b47cf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] older r-cran-haven issue fixed

2018-05-22 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d56c0872 by Moritz Muehlenhoff at 2018-05-22T23:36:23+02:00
older r-cran-haven issue fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15411,7 +15411,7 @@ CVE-2018-5699
 CVE-2017-18031
RESERVED
 CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based 
buffer ...)
-   - r-cran-haven 
+   - r-cran-haven 1.1.1-1
 CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove 
request to ...)
NOT-FOR-US: Icy Phoenix
 CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL 
injection ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d56c087270b72bb942689123befb204ece09ef7a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d56c087270b72bb942689123befb204ece09ef7a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Claim zookeeper in dla-needed.txt

2018-05-22 Thread Markus Koschany

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
88e56251 by Markus Koschany at 2018-05-22T23:35:03+02:00
Claim zookeeper in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -59,3 +59,5 @@ xdg-utils (Abhijith PA)
 --
 xen (Emilio Pozuelo)
 --
+zookeeper (Markus Koschany)
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e562511be7e995ba8755a8960b3a0c06f38fa7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e562511be7e995ba8755a8960b3a0c06f38fa7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-8012,zookeeper: Add bug reference and more information.

2018-05-22 Thread Markus Koschany

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84552e45 by Markus Koschany at 2018-05-22T23:33:25+02:00
CVE-2018-8012,zookeeper: Add bug reference and more information.

- - - - -
b066d9b7 by Markus Koschany at 2018-05-22T23:34:08+02:00
Merge branch 'master' of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8130,9 +8130,11 @@ CVE-2018-8014 (The defaults settings for the CORS filter 
provided in Apache Tomc
 CVE-2018-8013
RESERVED
 CVE-2018-8012 (No authentication/authorization is enforced when a server 
attempts to ...)
-   - zookeeper 3.4.10-2
+   - zookeeper 3.4.10-2 (bug #899332)
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
NOTE: http://www.openwall.com/lists/oss-security/2018/05/21/6
+   NOTE: 
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
+   NOTE: 
https://issues.apache.org/jira/secure/attachment/12840904/ZOOKEEPER-1045-br-3-4.patch
 CVE-2018-8011
RESERVED
 CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 
7.3.0 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/eedb3a77cd8658f7228bb79a1951bd3f5f390ecf...b066d9b7967e0a1c13995005665fa4071eb7c756

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/eedb3a77cd8658f7228bb79a1951bd3f5f390ecf...b066d9b7967e0a1c13995005665fa4071eb7c756
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] remove TODO for "efail", all clients mentioned in advisory covered

2018-05-22 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eedb3a77 by Moritz Muehlenhoff at 2018-05-22T23:31:00+02:00
remove TODO for "efail", all clients mentioned in advisory covered

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -24467,12 +24467,10 @@ CVE-2017-17689 (The S/MIME specification allows a 
Cipher Block Chaining (CBC) ..
NOTE: https://efail.de
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796135 
NOTE: https://dot.kde.org/2018/05/15/efail-and-kmail
-   TODO: check all clients
 CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher 
Feedback Mode ...)
- enigmail  (bug #898630)
NOTE: vulnerability is in the clients handling, not in OpenPGP
NOTE: https://efail.de
-   TODO: check all clients
 CVE-2017-17687
RESERVED
 CVE-2017-17686



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eedb3a77cd8658f7228bb79a1951bd3f5f390ecf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eedb3a77cd8658f7228bb79a1951bd3f5f390ecf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

2018-05-22 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f93bff7f by Moritz Muehlenhoff at 2018-05-22T23:30:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -58,21 +58,21 @@ CVE-2018-11375 (The _inst__lds() function in radare2 2.5.0 
allows remote attacke
 CVE-2018-11374
RESERVED
 CVE-2018-11373 (iScripts eSwap v2.4 has SQL injection via the 
"salelistdetailed.php" ...)
-   TODO: check
+   NOT-FOR-US: iScripts eSwap
 CVE-2018-11372 (iScripts eSwap v2.4 has SQL injection via the 
wishlistdetailed.php User ...)
-   TODO: check
+   NOT-FOR-US: iScripts eSwap
 CVE-2018-11371 (SkyCaiji 1.2 allows CSRF to add an Administrator user. ...)
-   TODO: check
+   NOT-FOR-US: SkyCaiji
 CVE-2018-11370
RESERVED
 CVE-2018-11369 (An issue was discovered in PbootCMS v1.0.9. There is a SQL 
Injection ...)
-   TODO: check
+   NOT-FOR-US: PbootCMS
 CVE-2018-11368
RESERVED
 CVE-2018-11367 (An issue was discovered in CppCMS before 1.2.1. There is a 
denial of ...)
-   TODO: check
+   NOT-FOR-US: CppCMS
 CVE-2018-11366 (init.php in the Loginizer plugin 1.3.8 through 1.3.9 for 
WordPress has ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 
0.1.1 has an ...)
- r-cran-haven  (low)
 CVE-2018-11364 (sav_parse_machine_integer_info_record in 
spss/readstat_sav_read.c in ...)
@@ -146,23 +146,23 @@ CVE-2018-11331 (An issue was discovered in Pluck before 
4.7.6. Remote PHP code .
 CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is 
authenticated ...)
NOT-FOR-US: Pluck CMS
 CVE-2018-11329 (The DrugDealer function of a smart contract implementation for 
Ether ...)
-   TODO: check
+   NOT-FOR-US: DrugDealer smart contractz
 CVE-2018-11328 (An issue was discovered in Joomla! Core before 3.8.8. Under 
specific ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-11327 (An issue was discovered in Joomla! Core before 3.8.8. 
Inadequate checks ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-11326 (An issue was discovered in Joomla! Core before 3.8.8. 
Inadequate input ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-11325 (An issue was discovered in Joomla! Core before 3.8.8. The web 
install ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-11324 (An issue was discovered in Joomla! Core before 3.8.8. A long 
running ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-11323 (An issue was discovered in Joomla! Core before 3.8.8. 
Inadequate checks ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-11322 (An issue was discovered in Joomla! Core before 3.8.8. 
Depending on the ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-11321 (An issue was discovered in com_fields in Joomla! Core before 
3.8.8. ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables 
that are ...)
NOT-FOR-US: Octopus Deploy
 CVE-2018-1000181
@@ -718,7 +718,7 @@ CVE-2018-11095 (The decompileJUMP function in decompile.c 
in libming through 0.4
 CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. 
...)
NOT-FOR-US: Intelbras NCLOUD
 CVE-2018-11093 (Cross-site scripting (XSS) vulnerability in the Link package 
for ...)
-   TODO: check
+   NOT-FOR-US: CKeditor addon
 CVE-2018-11092 (An issue was discovered in the Admin Notes plugin 1.1 for 
MyBB. CSRF ...)
NOT-FOR-US: Admin Notes plugin for MyBB
 CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A 
malicious file ...)
@@ -11334,9 +11334,9 @@ CVE-2018-6965
 CVE-2018-6964
RESERVED
 CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 
...)
-   TODO: check
+   NOT-FOR-US: VMware
 CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass 
...)
-   TODO: check
+   NOT-FOR-US: VMware
 CVE-2018-6961
RESERVED
 CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...)
@@ -12808,11 +12808,11 @@ CVE-2018-6496
 CVE-2018-6495
RESERVED
 CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software 
Web Tier, ...)
-   TODO: check
+   NOT-FOR-US: HP
 CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate, 
version ...)
-   TODO: check
+   NOT-FOR-US: HP
 CVE-2018-6492 (Persistent Cross-Site Scripting, and non-persistent HTML 
Injection in ...)
-   TODO: check
+   NOT-FOR-US: HP
 CVE-2018-6491 (Local Escalation of Privilege vulnerability to Micro Focus 
Universal ...)
NOT-FOR-US: Micro Focus Universal CMDB
 CVE-2018-6490 (Denial of Service vulnerability in M

[Git][security-tracker-team/security-tracker][master] new radare issues

2018-05-22 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a1c1a04c by Moritz Muehlenhoff at 2018-05-22T23:25:59+02:00
new radare issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,60 @@
 CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers 
to cause ...)
-   TODO: check
+   - radare2  (low)
+   [stretch] - radare2  (Minor issue)
+   [jessie] - radare2  (Minor issue)
+   NOTE: 
https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add
+   NOTE: https://github.com/radare/radare2/issues/9903
 CVE-2018-11383 (The r_strbuf_fini() function in radare2 2.5.0 allows remote 
attackers ...)
-   TODO: check
+   - radare2  (low)
+   [stretch] - radare2  (Minor issue)
+   [jessie] - radare2  (Minor issue)
+   NOTE: 
https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a
+   NOTE: https://github.com/radare/radare2/issues/9943
 CVE-2018-11382 (The _inst__sts() function in radare2 2.5.0 allows remote 
attackers to ...)
-   TODO: check
+   - radare2  (Vulnerable code not yet present)
+   NOTE: 
https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff
+   NOTE: https://github.com/radare/radare2/issues/10091
 CVE-2018-11381 (The string_scan_range() function in radare2 2.5.0 allows 
remote ...)
-   TODO: check
+   - radare2  (low)
+   [stretch] - radare2  (Minor issue)
+   [jessie] - radare2  (Minor issue)
+   NOTE: 
https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3
+   NOTE: https://github.com/radare/radare2/issues/9902
 CVE-2018-11380 (The parse_import_ptr() function in radare2 2.5.0 allows remote 
...)
-   TODO: check
+   - radare2  (low)
+   [stretch] - radare2  (Minor issue)
+   [jessie] - radare2  (Minor issue)
+   NOTE: 
https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134
+   NOTE: https://github.com/radare/radare2/issues/9970
 CVE-2018-11379 (The get_debug_info() function in radare2 2.5.0 allows remote 
attackers ...)
-   TODO: check
+   - radare2  (low)
+   [stretch] - radare2  (Minor issue)
+   [jessie] - radare2  (Minor issue)
+   NOTE: 
https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c
+   NOTE: https://github.com/radare/radare2/issues/9926
 CVE-2018-11378 (The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or 
possibly ...)
-   TODO: check
+   - radare2  (low)
+   [stretch] - radare2  (Vulnerable code not present)
+   [jessie] - radare2  (Vulnerable code not present)
+   NOTE: 
https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7
+   NOTE: https://github.com/radare/radare2/issues/9969
 CVE-2018-11377 (The avr_op_analyze() function in radare2 2.5.0 allows remote 
attackers ...)
-   TODO: check
+   - radare2  (low)
+   [stretch] - radare2  (Minor issue)
+   [jessie] - radare2  (Minor issue)
+   NOTE: 
https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4
+   NOTE: 
https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422
+   NOTE: https://github.com/radare/radare2/issues/9901
 CVE-2018-11376 (The r_read_le32() function in radare2 2.5.0 allows remote 
attackers to ...)
-   TODO: check
+   - radare2  (low)
+   [stretch] - radare2  (Minor issue)
+   [jessie] - radare2  (Minor issue)
+   NOTE: 
https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf
+   NOTE: https://github.com/radare/radare2/issues/9904
 CVE-2018-11375 (The _inst__lds() function in radare2 2.5.0 allows remote 
attackers to ...)
-   TODO: check
+   - radare2  (Vulnerable code not yet present)
+   NOTE: 
https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68
+   NOTE: https://github.com/radare/radare2/issues/9928
 CVE-2018-11374
RESERVED
 CVE-2018-11373 (iScripts eSwap v2.4 has SQL injection via the 
"salelistdetailed.php" ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1c1a04c1ed786c0ef42f03bc09a618879ab24bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1c1a04c1ed786c0ef42f03bc09a618879ab24bc
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] drop wavpack, already released

2018-05-22 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a174d5c by Moritz Muehlenhoff at 2018-05-22T23:12:58+02:00
drop wavpack, already released

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -83,8 +83,6 @@ tomcat7/oldstable
 tomcat8 (seb)
   2018-04-11: Emmanuel Bourg submitted a debdiff
 --
-wavpack (jmm)
---
 zendframework/oldstable
 --
 xen



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a174d5cb7fc50104bae37f6ac1b76d20a379cda

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a174d5cb7fc50104bae37f6ac1b76d20a379cda
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8961a379 by security tracker role at 2018-05-22T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers 
to cause ...)
+   TODO: check
+CVE-2018-11383 (The r_strbuf_fini() function in radare2 2.5.0 allows remote 
attackers ...)
+   TODO: check
+CVE-2018-11382 (The _inst__sts() function in radare2 2.5.0 allows remote 
attackers to ...)
+   TODO: check
+CVE-2018-11381 (The string_scan_range() function in radare2 2.5.0 allows 
remote ...)
+   TODO: check
+CVE-2018-11380 (The parse_import_ptr() function in radare2 2.5.0 allows remote 
...)
+   TODO: check
+CVE-2018-11379 (The get_debug_info() function in radare2 2.5.0 allows remote 
attackers ...)
+   TODO: check
+CVE-2018-11378 (The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or 
possibly ...)
+   TODO: check
+CVE-2018-11377 (The avr_op_analyze() function in radare2 2.5.0 allows remote 
attackers ...)
+   TODO: check
+CVE-2018-11376 (The r_read_le32() function in radare2 2.5.0 allows remote 
attackers to ...)
+   TODO: check
+CVE-2018-11375 (The _inst__lds() function in radare2 2.5.0 allows remote 
attackers to ...)
+   TODO: check
+CVE-2018-11374
+   RESERVED
+CVE-2018-11373 (iScripts eSwap v2.4 has SQL injection via the 
"salelistdetailed.php" ...)
+   TODO: check
+CVE-2018-11372 (iScripts eSwap v2.4 has SQL injection via the 
wishlistdetailed.php User ...)
+   TODO: check
+CVE-2018-11371 (SkyCaiji 1.2 allows CSRF to add an Administrator user. ...)
+   TODO: check
+CVE-2018-11370
+   RESERVED
+CVE-2018-11369 (An issue was discovered in PbootCMS v1.0.9. There is a SQL 
Injection ...)
+   TODO: check
+CVE-2018-11368
+   RESERVED
+CVE-2018-11367 (An issue was discovered in CppCMS before 1.2.1. There is a 
denial of ...)
+   TODO: check
+CVE-2018-11366 (init.php in the Loginizer plugin 1.3.8 through 1.3.9 for 
WordPress has ...)
+   TODO: check
 CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 
0.1.1 has an ...)
- r-cran-haven  (low)
 CVE-2018-11364 (sav_parse_machine_integer_info_record in 
spss/readstat_sav_read.c in ...)
@@ -72,22 +110,22 @@ CVE-2018-11330 (An issue was discovered in Pluck before 
4.7.6. There is authenti
NOT-FOR-US: Pluck CMS
 CVE-2018-11329 (The DrugDealer function of a smart contract implementation for 
Ether ...)
TODO: check
-CVE-2018-11328
-   RESERVED
-CVE-2018-11327
-   RESERVED
-CVE-2018-11326
-   RESERVED
-CVE-2018-11325
-   RESERVED
-CVE-2018-11324
-   RESERVED
-CVE-2018-11323
-   RESERVED
-CVE-2018-11322
-   RESERVED
-CVE-2018-11321
-   RESERVED
+CVE-2018-11328 (An issue was discovered in Joomla! Core before 3.8.8. Under 
specific ...)
+   TODO: check
+CVE-2018-11327 (An issue was discovered in Joomla! Core before 3.8.8. 
Inadequate checks ...)
+   TODO: check
+CVE-2018-11326 (An issue was discovered in Joomla! Core before 3.8.8. 
Inadequate input ...)
+   TODO: check
+CVE-2018-11325 (An issue was discovered in Joomla! Core before 3.8.8. The web 
install ...)
+   TODO: check
+CVE-2018-11324 (An issue was discovered in Joomla! Core before 3.8.8. A long 
running ...)
+   TODO: check
+CVE-2018-11323 (An issue was discovered in Joomla! Core before 3.8.8. 
Inadequate checks ...)
+   TODO: check
+CVE-2018-11322 (An issue was discovered in Joomla! Core before 3.8.8. 
Depending on the ...)
+   TODO: check
+CVE-2018-11321 (An issue was discovered in com_fields in Joomla! Core before 
3.8.8. ...)
+   TODO: check
 CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables 
that are ...)
NOT-FOR-US: Octopus Deploy
 CVE-2018-1000181
@@ -642,8 +680,8 @@ CVE-2018-11095 (The decompileJUMP function in decompile.c 
in libming through 0.4
NOTE: https://github.com/libming/libming/issues/141
 CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. 
...)
NOT-FOR-US: Intelbras NCLOUD
-CVE-2018-11093
-   RESERVED
+CVE-2018-11093 (Cross-site scripting (XSS) vulnerability in the Link package 
for ...)
+   TODO: check
 CVE-2018-11092 (An issue was discovered in the Admin Notes plugin 1.1 for 
MyBB. CSRF ...)
NOT-FOR-US: Admin Notes plugin for MyBB
 CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A 
malicious file ...)
@@ -11258,10 +11296,10 @@ CVE-2018-6965
RESERVED
 CVE-2018-6964
RESERVED
-CVE-2018-6963
-   RESERVED
-CVE-2018-6962
-   RESERVED
+CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 
...)
+   TODO: check
+CVE-2018-6962 (VMware Fusion (10.x

[Git][security-tracker-team/security-tracker][master] Add imagemagick to dla-needed.txt and claim it.

2018-05-22 Thread Markus Koschany

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd86cc1c by Markus Koschany at 2018-05-22T20:36:28+02:00
Add imagemagick to dla-needed.txt and claim it.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -17,6 +17,8 @@ cups (Thorsten Alteholz)
 --
 enigmail (Abhijith PA)
 --
+imagemagick (Markus Koschany)
+--
 krb5 (Thorsten Alteholz)
   NOTE: 20180131: lts-do-not-call
   NOTE: 20180411: Details not public yet. Security team in contact with  
upstream. (anarcat)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd86cc1cc860c3006e6e226987168ab9028d65ab

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd86cc1cc860c3006e6e226987168ab9028d65ab
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove tomcat7 from dla-needed.txt

2018-05-22 Thread Markus Koschany

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
357222a8 by Markus Koschany at 2018-05-22T20:12:19+02:00
Remove tomcat7 from dla-needed.txt

Asked the security team for a Jessie update instead.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -50,8 +50,6 @@ tiff
 --
 tiff3
 --
-tomcat7 (Markus Koschany)
---
 wireshark (Thorsten Alteholz)
 --
 xdg-utils (Abhijith PA)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/357222a899d725c2acd077443f175ddbd4a904cf

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/357222a899d725c2acd077443f175ddbd4a904cf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2018-8014,tomcat7: Wheezy is not affected

2018-05-22 Thread Markus Koschany

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6af9e6e1 by Markus Koschany at 2018-05-22T20:11:28+02:00
CVE-2018-8014,tomcat7: Wheezy is not affected

The vulnerable code (CORS)-filter is not present.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8044,6 +8044,7 @@ CVE-2018-8014 (The defaults settings for the CORS filter 
provided in Apache Tomc
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7 7.0.72-3
[jessie] - tomcat7  (Minor issue; user expected to configure 
filters appropriately)
+   [wheezy] - tomcat7  (vulnerable code not present)
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
NOTE: https://svn.apache.org/r1831728 (8.5.x)
NOTE: https://svn.apache.org/r1831729 (8.0.x)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6af9e6e1772870a2acace4076fe06ce7b2af5aee

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6af9e6e1772870a2acace4076fe06ce7b2af5aee
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add xen to dsa-needed list

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
89e54555 by Salvatore Bonaccorso at 2018-05-22T19:24:20+02:00
Add xen to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -87,3 +87,5 @@ wavpack (jmm)
 --
 zendframework/oldstable
 --
+xen
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/89e54322cdf123f63252385f2b1e659b09a0

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/89e54322cdf123f63252385f2b1e659b09a0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for procps update

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
56d505c7 by Salvatore Bonaccorso at 2018-05-22T17:32:06+02:00
Reserve DSA number for procps update

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[22 May 2018] DSA-4208-1 procps - security update
+   {CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126}
+   [jessie] - procps 2:3.3.9-9+deb8u1
+   [stretch] - procps 2:3.3.12-3+deb9u1
 [22 May 2018] DSA-4207-1 packagekit - security update
{CVE-2018-1106}
[stretch] - packagekit 1.1.5-2+deb9u1


=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -64,8 +64,6 @@ php-horde-image
 phpmyadmin/oldstable (abhijith)
   
https://mentors.debian.net/debian/pool/main/p/phpmyadmin/phpmyadmin_4.2.12-2+deb8u3.dsc
 --
-procps (carnil)
---
 qemu/oldstable
 --
 ruby2.1/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/56d505c76c17dfa92ca021ec67b6365944dc9242

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/56d505c76c17dfa92ca021ec67b6365944dc9242
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reference directly qualys report for CVE-2018-112{0..6}

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2671c701 by Salvatore Bonaccorso at 2018-05-22T17:08:41+02:00
Reference directly qualys report for CVE-2018-112{0..6}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -27882,40 +27882,47 @@ CVE-2018-1126 
[0035-proc-alloc.-Use-size_t-not-unsigned-int.patch]
RESERVED
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+   NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
NOTE: 
https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
 CVE-2018-1125 [0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch]
RESERVED
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+   NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 
0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
NOTE: 
https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
 CVE-2018-1124 [Local Privilege Escalation in libprocps]
RESERVED
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+   NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 
0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
NOTE: 
https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
 CVE-2018-1123 [Denial of Service in ps]
RESERVED
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+   NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
NOTE: 
https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
 CVE-2018-1122 [Local Privilege Escalation in top]
RESERVED
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+   NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
NOTE: 
https://gitlab.com/procps-ng/procps/commit/b45c4803dd176f4e3f9d3d47421ddec9bbbe66cd
 CVE-2018-1121 [Unprivileged process hiding]
RESERVED
- linux  (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+   NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 CVE-2018-1120 [FUSE-backed /proc/PID/cmdline]
RESERVED
- linux 
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+   NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Fixed by: 
https://git.kernel.org/linus/7f7ccc2ccc2e70c6054685f5e3522efa81556830
 CVE-2018-1119
REJECTED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2671c701e95d6d52b1dd70c9acfa3c430e2408ee

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2671c701e95d6d52b1dd70c9acfa3c430e2408ee
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] add note dla-needed.txt

2018-05-22 Thread Abhijith PA

Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b236a1d7 by Abhijith PA at 2018-05-22T19:45:52+05:30
add note dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -55,6 +55,7 @@ tomcat7 (Markus Koschany)
 wireshark (Thorsten Alteholz)
 --
 xdg-utils (Abhijith PA)
+  NOTE: 20180522: Upstream patch doesn't apply cleanily in wheezy.
 --
 xen (Emilio Pozuelo)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b236a1d7e73962ff02e699bdbb03043097e0db92

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b236a1d7e73962ff02e699bdbb03043097e0db92
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for packagekit

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7131fd24 by Salvatore Bonaccorso at 2018-05-22T14:47:07+02:00
Reserve DSA number for packagekit

- - - - -


2 changed files:

- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[22 May 2018] DSA-4207-1 packagekit - security update
+   {CVE-2018-1106}
+   [stretch] - packagekit 1.1.5-2+deb9u1
 [21 May 2018] DSA-4206-1 gitlab - security update
{CVE-2017-0920 CVE-2018-8971}
[stretch] - gitlab 8.13.11+dfsg1-8+deb9u2


=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -53,9 +53,6 @@ openjdk-7/oldstable (jmm)
 --
 openjpeg2 (luciano)
 --
-packagekit (carnil)
-  Matthias Klumpp (mak) uploaded package but needs release
---
 passenger/stable
 --
 php5/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7131fd24dc3188f38543cc0b700122904767607b

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7131fd24dc3188f38543cc0b700122904767607b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Take packagekit from dsa-needed list

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8bec7a37 by Salvatore Bonaccorso at 2018-05-22T14:19:07+02:00
Take packagekit from dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -53,7 +53,7 @@ openjdk-7/oldstable (jmm)
 --
 openjpeg2 (luciano)
 --
-packagekit
+packagekit (carnil)
   Matthias Klumpp (mak) uploaded package but needs release
 --
 passenger/stable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bec7a3792f4af56ad07cbab67eb58848e601ad2

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bec7a3792f4af56ad07cbab67eb58848e601ad2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process two NFUs

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d53ee67f by Salvatore Bonaccorso at 2018-05-22T13:14:05+02:00
Process two NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a 
in ReadStat 0.1.1 
 CVE-2018-11364 (sav_parse_machine_integer_info_record in 
spss/readstat_sav_read.c in ...)
- r-cran-haven  (low)
 CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a 
heap-based ...)
-   TODO: check
+   NOT-FOR-US: PDFGen
 CVE-2018-11362
RESERVED
 CVE-2018-11361
@@ -51,7 +51,7 @@ CVE-2018-11341 (Directory traversal in importuser.cgi in 
ASUSTOR AS6202T ADM 3.1
 CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in 
ASUSTOR ...)
NOT-FOR-US: ASUSTOR
 CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop 
b1036e5 ...)
-   TODO: check
+   NOT-FOR-US: Frappe ERPNext
 CVE-2018-11338
RESERVED
 CVE-2018-11337



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d53ee67f947b8211cfc5751bc71a4de5bd2b78d3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d53ee67f947b8211cfc5751bc71a4de5bd2b78d3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new r-cran-haven issues (via embedded ReadStat copy)

2018-05-22 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6aa0af90 by Moritz Muehlenhoff at 2018-05-22T11:18:48+02:00
new r-cran-haven issues (via embedded ReadStat copy)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 
0.1.1 has an ...)
-   TODO: check
+   - r-cran-haven  (low)
 CVE-2018-11364 (sav_parse_machine_integer_info_record in 
spss/readstat_sav_read.c in ...)
-   TODO: check
+   - r-cran-haven  (low)
 CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a 
heap-based ...)
TODO: check
 CVE-2018-11362
@@ -15333,7 +15333,7 @@ CVE-2018-5699
 CVE-2017-18031
RESERVED
 CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based 
buffer ...)
-   NOT-FOR-US: WizardMac ReadStat
+   - r-cran-haven 
 CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove 
request to ...)
NOT-FOR-US: Icy Phoenix
 CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL 
injection ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6aa0af9028c79f9ee1e95d223fe301b34d952a3a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6aa0af9028c79f9ee1e95d223fe301b34d952a3a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Adjust source package name to amd64-microcode

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0a383973 by Salvatore Bonaccorso at 2018-05-22T11:00:28+02:00
Adjust source package name to amd64-microcode

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20572,14 +20572,14 @@ CVE-2018-3641 (Escalation of privilege in all 
versions of the Intel Remote Keybo
 CVE-2018-3640 [Spectre V3a]
RESERVED
- intel-microcode 
-   - amd-microcode 
+   - amd64-microcode 
NOTE: 
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
NOTE: No software mitigations planned to be implemented in src:linux
NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
 CVE-2018-3639 [Speculative Store Bypass]
RESERVED
- intel-microcode 
-   - amd-microcode 
+   - amd64-microcode 
- linux 
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-263.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a3839737050d5d6887e61319deb68c990ec0fba

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a3839737050d5d6887e61319deb68c990ec0fba
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dsa-needed list: Update thunderbird entry

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f1d2bcf by Salvatore Bonaccorso at 2018-05-22T10:59:28+02:00
dsa-needed list: Update thunderbird entry

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -81,7 +81,7 @@ ruby2.3/stable
 --
 sssd/stable
 --
-thunderbird
+thunderbird (jmm)
 --
 tomcat7/oldstable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f1d2bcfeeaf85fe6539b4c2b64141ec53ad395b

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f1d2bcfeeaf85fe6539b4c2b64141ec53ad395b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add microcode packages for tracking to spectre v3a and v4

2018-05-22 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fbab80ac by Moritz Muehlenhoff at 2018-05-22T10:49:05+02:00
Add microcode packages for tracking to spectre v3a and v4

v3s will entirely be fixed by microcode changes and the fix for v4 will
equally require updated microcode.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20571,14 +20571,20 @@ CVE-2018-3641 (Escalation of privilege in all 
versions of the Intel Remote Keybo
NOT-FOR-US: Intel
 CVE-2018-3640 [Spectre V3a]
RESERVED
+   - intel-microcode 
+   - amd-microcode 
NOTE: 
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
NOTE: No software mitigations planned to be implemented in src:linux
+   NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
 CVE-2018-3639 [Speculative Store Bypass]
RESERVED
+   - intel-microcode 
+   - amd-microcode 
- linux 
- xen 
NOTE: https://xenbits.xen.org/xsa/advisory-263.html
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
+   NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
 CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote 
Keyboard ...)
NOT-FOR-US: Intel
 CVE-2018-3637



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbab80ac365471ea37b9b48642c04d1ffcf93696

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbab80ac365471ea37b9b48642c04d1ffcf93696
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4bbb4ce by Salvatore Bonaccorso at 2018-05-22T10:26:22+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -37,19 +37,19 @@ CVE-2018-11348
 CVE-2018-11347
RESERVED
 CVE-2018-11346 (An insecure direct object reference vulnerability in 
download.cgi in ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in 
ASUSTOR ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11344 (A path traversal vulnerability in download.cgi in ASUSTOR 
AS6202T ADM ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11343 (A persistent cross site scripting vulnerability in 
playlistmanger.cgi ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11342 (A path traversal vulnerability in fileExplorer.cgi in ASUSTOR 
AS6202T ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11341 (Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 
3.1.0.RFQ3 ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in 
ASUSTOR ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop 
b1036e5 ...)
TODO: check
 CVE-2018-11338
@@ -67,9 +67,9 @@ CVE-2018-11333
 CVE-2018-11332
RESERVED
 CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code 
...)
-   TODO: check
+   NOT-FOR-US: Pluck CMS
 CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is 
authenticated ...)
-   TODO: check
+   NOT-FOR-US: Pluck CMS
 CVE-2018-11329 (The DrugDealer function of a smart contract implementation for 
Ether ...)
TODO: check
 CVE-2018-11328
@@ -8906,7 +8906,7 @@ CVE-2018-7689
 CVE-2018-7688
RESERVED
 CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a 
...)
-   TODO: check
+   NOT-FOR-US: Micro Focus Client for OES
 CVE-2018-7686
RESERVED
 CVE-2018-7685



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4bbb4cec8f32d876ba8ca8ebcdb881ce0a536a9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4bbb4cec8f32d876ba8ca8ebcdb881ce0a536a9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2018-05-22 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b477b51 by security tracker role at 2018-05-22T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,77 @@
-CVE-2018-11329
+CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 
0.1.1 has an ...)
+   TODO: check
+CVE-2018-11364 (sav_parse_machine_integer_info_record in 
spss/readstat_sav_read.c in ...)
+   TODO: check
+CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a 
heap-based ...)
+   TODO: check
+CVE-2018-11362
+   RESERVED
+CVE-2018-11361
+   RESERVED
+CVE-2018-11360
+   RESERVED
+CVE-2018-11359
+   RESERVED
+CVE-2018-11358
+   RESERVED
+CVE-2018-11357
+   RESERVED
+CVE-2018-11356
+   RESERVED
+CVE-2018-11355
+   RESERVED
+CVE-2018-11354
+   RESERVED
+CVE-2018-11353
+   RESERVED
+CVE-2018-11352
+   RESERVED
+CVE-2018-11351
+   RESERVED
+CVE-2018-11350
+   RESERVED
+CVE-2018-11349
+   RESERVED
+CVE-2018-11348
+   RESERVED
+CVE-2018-11347
+   RESERVED
+CVE-2018-11346 (An insecure direct object reference vulnerability in 
download.cgi in ...)
+   TODO: check
+CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in 
ASUSTOR ...)
+   TODO: check
+CVE-2018-11344 (A path traversal vulnerability in download.cgi in ASUSTOR 
AS6202T ADM ...)
+   TODO: check
+CVE-2018-11343 (A persistent cross site scripting vulnerability in 
playlistmanger.cgi ...)
+   TODO: check
+CVE-2018-11342 (A path traversal vulnerability in fileExplorer.cgi in ASUSTOR 
AS6202T ...)
+   TODO: check
+CVE-2018-11341 (Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 
3.1.0.RFQ3 ...)
+   TODO: check
+CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in 
ASUSTOR ...)
+   TODO: check
+CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop 
b1036e5 ...)
+   TODO: check
+CVE-2018-11338
+   RESERVED
+CVE-2018-11337
+   RESERVED
+CVE-2018-11336
+   RESERVED
+CVE-2018-11335
+   RESERVED
+CVE-2018-11334
+   RESERVED
+CVE-2018-11333
RESERVED
+CVE-2018-11332
+   RESERVED
+CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code 
...)
+   TODO: check
+CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is 
authenticated ...)
+   TODO: check
+CVE-2018-11329 (The DrugDealer function of a smart contract implementation for 
Ether ...)
+   TODO: check
 CVE-2018-11328
RESERVED
 CVE-2018-11327
@@ -7981,15 +8053,13 @@ CVE-2018-8014 (The defaults settings for the CORS 
filter provided in Apache Tomc
NOTE: for their einvironment rather than using it in the default 
configuration
 CVE-2018-8013
RESERVED
-CVE-2018-8012 [Quorum Peer mutual authentication]
-   RESERVED
+CVE-2018-8012 (No authentication/authorization is enforced when a server 
attempts to ...)
- zookeeper 3.4.10-2
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
NOTE: http://www.openwall.com/lists/oss-security/2018/05/21/6
 CVE-2018-8011
RESERVED
-CVE-2018-8010 [XXE vulnerability due to Apache Solr configset upload]
-   RESERVED
+CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 
7.3.0 ...)
- lucene-solr  (Do not allow to upload configsets via the 
API)
NOTE: Versions 5.x and earlier are not affected by the vulnerability, 
since
NOTE: those versions do not allow to upload configsets via the API.
@@ -8835,8 +8905,8 @@ CVE-2018-7689
RESERVED
 CVE-2018-7688
RESERVED
-CVE-2018-7687
-   RESERVED
+CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a 
...)
+   TODO: check
 CVE-2018-7686
RESERVED
 CVE-2018-7685
@@ -27889,8 +27959,7 @@ CVE-2018-1109
NOTE: https://snyk.io/vuln/npm:braces:20180219
NOTE: 
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
NOTE: nodejs not covered by security support
-CVE-2018-1108 [random: fix crng_ready() test]
-   RESERVED
+CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a 
weakness in ...)
- linux 4.16.5-1
[jessie] - linux  (Vulnerable code not present)
[wheezy] - linux  (Vulnerable code not present)
@@ -75850,8 +75919,7 @@ CVE-2017-2609
 CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote 
code ...)
- jenkins 
NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2607
-   RESERVED
+CVE-2017-2607 (jenkins before versions 2.44, 2.32.2 is vulnerable to a 
persisted ...)
- jenkins 
NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE

[Git][security-tracker-team/security-tracker][master] Add new wireshark issues, all need to be closer checked

[Git][security-tracker-team/security-tracker][master] data/dsa-needed.txt : santiago will prepare a libidn update

[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1136{4,5}/r-cran-haven

[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-5698

[Git][security-tracker-team/security-tracker][master] dsa-needed.txt: xdg-utils (luciano)

[Git][security-tracker-team/security-tracker][master] older r-cran-haven issue fixed

[Git][security-tracker-team/security-tracker][master] Claim zookeeper in dla-needed.txt

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-8012,zookeeper: Add bug reference and more information.

[Git][security-tracker-team/security-tracker][master] remove TODO for "efail", all clients mentioned in advisory covered

[Git][security-tracker-team/security-tracker][master] NFUs

[Git][security-tracker-team/security-tracker][master] new radare issues

[Git][security-tracker-team/security-tracker][master] drop wavpack, already released

[Git][security-tracker-team/security-tracker][master] automatic update

[Git][security-tracker-team/security-tracker][master] Add imagemagick to dla-needed.txt and claim it.

[Git][security-tracker-team/security-tracker][master] Remove tomcat7 from dla-needed.txt

[Git][security-tracker-team/security-tracker][master] CVE-2018-8014,tomcat7: Wheezy is not affected

[Git][security-tracker-team/security-tracker][master] Add xen to dsa-needed list

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for procps update

[Git][security-tracker-team/security-tracker][master] Reference directly qualys report for CVE-2018-112{0..6}

[Git][security-tracker-team/security-tracker][master] add note dla-needed.txt

[Git][security-tracker-team/security-tracker][master] Reserve DSA number for packagekit

[Git][security-tracker-team/security-tracker][master] Take packagekit from dsa-needed list

[Git][security-tracker-team/security-tracker][master] Process two NFUs

[Git][security-tracker-team/security-tracker][master] new r-cran-haven issues (via embedded ReadStat copy)

[Git][security-tracker-team/security-tracker][master] Adjust source package name to amd64-microcode

[Git][security-tracker-team/security-tracker][master] dsa-needed list: Update thunderbird entry

[Git][security-tracker-team/security-tracker][master] Add microcode packages for tracking to spectre v3a and v4

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Git][security-tracker-team/security-tracker][master] automatic update

29 matches

Site Navigation

Mail list logo

Footer information