[Git][security-tracker-team/security-tracker][master] ffmpeg fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 68c45d00 by Moritz Muehlenhoff at 2018-07-30T06:21:31Z ffmpeg fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -423,30 +423,30 @@ CVE-2018-1999017 (Pydio version 8.2.0 and earlier contains a Server-Side Request CVE-2018-1999016 (Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) ...) - ajaxplorer (bug #668381) CVE-2018-1999015 (FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains ...) - - ffmpeg + - ffmpeg 7:4.0.2-1 [stretch] - ffmpeg (Vulnerable code not present) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32 CVE-2018-1999014 (FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains ...) - - ffmpeg + - ffmpeg 7:4.0.2-1 [stretch] - ffmpeg (Vulnerable code not present) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e7 CVE-2018-1999013 (FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains ...) - - ffmpeg + - ffmpeg 7:4.0.2-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f CVE-2018-1999012 (FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ...) - - ffmpeg + - ffmpeg 7:4.0.2-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ...) - - ffmpeg + - ffmpeg 7:4.0.2-1 [stretch] - ffmpeg (Minor issue, wait for next 3.2 release) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a58286 CVE-2018-1999010 (FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...) - - ffmpeg + - ffmpeg 7:4.0.2-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e CVE-2018-1999009 (October CMS version prior to Build 437 contains a Local File Inclusion ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/68c45d0017b62605934eed302956dc47dd55f58a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/68c45d0017b62605934eed302956dc47dd55f58a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim wine in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 5dd27fa0 by Markus Koschany at 2018-07-30T06:16:55Z Claim wine in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -119,7 +119,7 @@ twitter-bootstrap -- twitter-bootstrap3 -- -wine +wine (Markus Koschany) NOTE: 20180711: Consider either fixing wine-development too or marking it as NOTE: 20180711: end-of-life. The stable version is actually only src:wine and is used NOTE: 20180711: by sponsors. The other one is more experimental and contains the latest View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5dd27fa06a3246a7ffaed66340954001476ed656 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5dd27fa06a3246a7ffaed66340954001476ed656 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Another ffmpeg issue fixed in stretch
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a8a7a30 by Moritz Muehlenhoff at 2018-07-30T05:55:22Z Another ffmpeg issue fixed in stretch - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -883,10 +883,8 @@ CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to NOTE: https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582 CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...) - ffmpeg 7:4.0.2-1 - [stretch] - ffmpeg (Minor issue, wait for next 3.2.x release) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/3a2d21bc5f97aa0161db3ae731fc2732be6108b8 - NOTE: Needed for 3.2.12 CVE-2018-14393 RESERVED CVE-2018-14392 (The New Threads plugin before 1.2 for MyBB has XSS. ...) = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -26,7 +26,7 @@ {CVE-2018-12895} [stretch] - wordpress 4.7.5+dfsg-2+deb9u4 [17 Jul 2018] DSA-4249-1 ffmpeg - security update - {CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001 CVE-2018-12458 CVE-2018-13300 CVE-2018-13302 CVE-2018-1999013 CVE-2018-1999012 CVE-2018-1999010} + {CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001 CVE-2018-12458 CVE-2018-13300 CVE-2018-13302 CVE-2018-1999013 CVE-2018-1999012 CVE-2018-1999010 CVE-2018-14394} [stretch] - ffmpeg 7:3.2.11-1~deb9u1 [17 Jul 2018] DSA-4248-1 blender - security update {CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902 CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906 CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 CVE-2017-12081 CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100 CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104 CVE-2017-12105} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a8a7a30485a430b7c8ddff77e3ee0af60b75884 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a8a7a30485a430b7c8ddff77e3ee0af60b75884 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1453-1 for tomcat7
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 341bd4ba by Markus Koschany at 2018-07-30T00:43:49Z Reserve DLA-1453-1 for tomcat7 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[30 Jul 2018] DLA-1453-1 tomcat7 - security update + {CVE-2018-8034} + [jessie] - tomcat7 7.0.56-3+really7.0.90-1 [30 Jul 2018] DLA-1452-1 wordpress - security update {CVE-2016-5836 CVE-2018-12895} [jessie] - wordpress 4.1+dfsg-1+deb8u18 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -113,8 +113,6 @@ tiff -- tiff3 (Holger Levsen) -- -tomcat7 (Markus Koschany) --- twig (Abhijith PA) -- twitter-bootstrap View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/341bd4ba3ee93eaa3966d318b3975354f7c87264 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/341bd4ba3ee93eaa3966d318b3975354f7c87264 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim tomcat7 in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 14af9c97 by Markus Koschany at 2018-07-29T23:50:24Z Claim tomcat7 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -113,7 +113,7 @@ tiff -- tiff3 (Holger Levsen) -- -tomcat7 +tomcat7 (Markus Koschany) -- twig (Abhijith PA) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14af9c9730149507387d276d0084ab8dd2ba604c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14af9c9730149507387d276d0084ab8dd2ba604c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1452-1 for wordpress
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 1df297ca by Markus Koschany at 2018-07-29T23:45:28Z Reserve DLA-1452-1 for wordpress - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[30 Jul 2018] DLA-1452-1 wordpress - security update + {CVE-2016-5836 CVE-2018-12895} + [jessie] - wordpress 4.1+dfsg-1+deb8u18 [29 Jul 2018] DLA-1451-1 wireshark - security update {CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14368 CVE-2018-14369} [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u15 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -130,8 +130,5 @@ wine wine-development NOTE: 20180711: See remarks for wine -- -wordpress (Markus Koschany) - NOTE: 20180716: Update is ready and will be released at the end of the month. --- xen (Emilio Pozuelo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1df297ca1b193683e0780d85fb3a5501f811755e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1df297ca1b193683e0780d85fb3a5501f811755e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] More ffmpeg triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 090d81f0 by Moritz Muehlenhoff at 2018-07-29T21:37:24Z More ffmpeg triage - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -442,6 +442,7 @@ CVE-2018-1999012 (FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ...) - ffmpeg + [stretch] - ffmpeg (Minor issue, wait for next 3.2 release) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a58286 CVE-2018-1999010 (FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...) = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -26,7 +26,7 @@ {CVE-2018-12895} [stretch] - wordpress 4.7.5+dfsg-2+deb9u4 [17 Jul 2018] DSA-4249-1 ffmpeg - security update - {CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001 CVE-2018-12458 CVE-2018-13300 CVE-2018-13302 CVE-2018-1999013} + {CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001 CVE-2018-12458 CVE-2018-13300 CVE-2018-13302 CVE-2018-1999013 CVE-2018-1999012 CVE-2018-1999010} [stretch] - ffmpeg 7:3.2.11-1~deb9u1 [17 Jul 2018] DSA-4248-1 blender - security update {CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902 CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906 CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 CVE-2017-12081 CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100 CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104 CVE-2017-12105} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/090d81f0575273baeaf4beac3f8b00b8a27f0442 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/090d81f0575273baeaf4beac3f8b00b8a27f0442 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] two ffmpeg issues n/a in stretch
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fc293fc0 by Moritz Muehlenhoff at 2018-07-29T21:19:03Z two ffmpeg issues n/a in stretch one ffmpeg issue already fixed in 3.2.11 - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -424,10 +424,12 @@ CVE-2018-1999016 (Pydio version 8.2.0 and earlier contains a Cross Site Scriptin - ajaxplorer (bug #668381) CVE-2018-1999015 (FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains ...) - ffmpeg + [stretch] - ffmpeg (Vulnerable code not present) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32 CVE-2018-1999014 (FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains ...) - ffmpeg + [stretch] - ffmpeg (Vulnerable code not present) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e7 CVE-2018-1999013 (FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains ...) = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -26,7 +26,7 @@ {CVE-2018-12895} [stretch] - wordpress 4.7.5+dfsg-2+deb9u4 [17 Jul 2018] DSA-4249-1 ffmpeg - security update - {CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001 CVE-2018-12458 CVE-2018-13300 CVE-2018-13302} + {CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001 CVE-2018-12458 CVE-2018-13300 CVE-2018-13302 CVE-2018-1999013} [stretch] - ffmpeg 7:3.2.11-1~deb9u1 [17 Jul 2018] DSA-4248-1 blender - security update {CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902 CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906 CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 CVE-2017-12081 CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100 CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104 CVE-2017-12105} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc293fc0af48873147a89514d2d6781b0a29ee74 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc293fc0af48873147a89514d2d6781b0a29ee74 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ffmpeg DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b3daf1da by Moritz Muehlenhoff at 2018-07-29T21:06:01Z ffmpeg DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -876,10 +876,8 @@ CVE-2018-14396 RESERVED CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...) - ffmpeg 7:4.0.2-1 - [stretch] - ffmpeg (Minor issue, wait for next 3.2.x release) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582 - NOTE: Pending for 3.2.12 CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...) - ffmpeg 7:4.0.2-1 [stretch] - ffmpeg (Minor issue, wait for next 3.2.x release) = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[29 Jul 2018] DSA-4258-1 ffmpeg - security update + {CVE-2018-14395} + [stretch] - ffmpeg 7:3.2.12-1~deb9u1 [28 Jul 2018] DSA-4257-1 fuse - security update {CVE-2018-10906} [stretch] - fuse 2.9.7-1+deb9u1 = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -20,9 +20,6 @@ asterisk -- enigmail -- -ffmpeg (jmm) - Maintainer is proposing an update to 3.2.12 based version --- gitlab -- glusterfs View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3daf1dadc78d1ebdfd09f372c240ef5e5cbb015 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3daf1dadc78d1ebdfd09f372c240ef5e5cbb015 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bd61fe9f by Moritz Muehlenhoff at 2018-07-29T20:55:05Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,23 +1,23 @@ CVE-2018-14745 RESERVED CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14742 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14741 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14740 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14739 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14738 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14737 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) - TODO: check + NOT-FOR-US: cloudwu PBC CVE-2018-14735 RESERVED CVE-2018-14733 @@ -745,7 +745,7 @@ CVE-2018-14446 (MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allow CVE-2018-14445 (In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows ...) NOT-FOR-US: Bento4 CVE-2018-1 (libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 ...) - TODO: check + NOT-FOR-US: libdxfrw CVE-2018-14443 (get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote ...) - libredwg (bug #595191) CVE-2018-14442 (Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free ...) @@ -813,7 +813,7 @@ CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx componen CVE-2018-14424 RESERVED CVE-2018-14423 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, ...) - - openjpeg2 (bug #904873) + - openjpeg2 (low; bug #904873) NOTE: https://github.com/uclouvain/openjpeg/issues/1123 CVE-2018-14422 (blog/index.php in SansCMS 0.7 has XSS via the q parameter. ...) NOT-FOR-US: SansCMS @@ -25223,13 +25223,13 @@ CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet l NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html CVE-2018-5387 (Wizkunde SAMLBase may incorrectly utilize the results of XML DOM ...) - TODO: check + NOT-FOR-US: Wizkunde SAMLBase CVE-2018-5386 (Some Navarino Infinity functions, up to version 2.2, placed in the URL ...) - TODO: check + NOT-FOR-US: Navarino Infinity CVE-2018-5385 (Navarino Infinity is prone to session fixation attacks. The server ...) - TODO: check + NOT-FOR-US: Navarino Infinity CVE-2018-5384 (Navarino Infinity web interface up to version 2.2 exposes an ...) - TODO: check + NOT-FOR-US: Navarino Infinity CVE-2018-5383 RESERVED CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that ...) @@ -39283,7 +39283,7 @@ CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILIT CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software versions ...) NOT-FOR-US: LOGICOOL CVE-2018-0619 (Untrusted search path vulnerability in the installer of Glarysoft ...) - TODO: check + NOT-FOR-US: Glarysoft CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier ...) {DSA-4246-1 DLA-1442-1} - mailman 1:2.1.27-1 @@ -39294,15 +39294,15 @@ CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785 CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to ...) - TODO: check + NOT-FOR-US: ChamaNet MemoCGI CVE-2018-0616 RESERVED CVE-2018-0615 RESERVED CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and ...) - TODO: check + NOT-FOR-US: NEC CVE-2018-0613 (NEC Platforms Calsos CS
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54fd245a by security tracker role at 2018-07-29T20:10:23Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,28 @@ -CVE-2018-14734 [infiniband: fix a possible use-after-free bug] +CVE-2018-14745 + RESERVED +CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14742 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14741 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14740 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14739 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14738 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14737 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) + TODO: check +CVE-2018-14735 + RESERVED +CVE-2018-14733 + RESERVED +CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 ...) - linux NOTE: https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1) CVE-2018-14732 @@ -942,11 +966,13 @@ CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1446124eebc3ea5591d18e719c2a5cff3630638 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-43.html CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) + {DLA-1451-1} - wireshark 2.6.2-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e NOTE: https://www.wireshark.org/security/wnpa-sec-2018-41.html CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) + {DLA-1451-1} - wireshark 2.6.2-1 [stretch] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841 @@ -1067,28 +1093,33 @@ CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f7153685b39a164aea09ba7f96ebb648b8328ae NOTE: https://www.wireshark.org/security/wnpa-sec-2018-35.html CVE-2018-14343 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) + {DLA-1451-1} - wireshark 2.6.2-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14682 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9402f2f80c6bc7d25178a0875c5a1f5ee36361db NOTE: https://www.wireshark.org/security/wnpa-sec-2018-37.html CVE-2018-14342 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) + {DLA-1451-1} - wireshark 2.6.2-1 [stretch] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13741 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=36af43dbb7673495948cd65d0346e8b9812b941c NOTE: https://www.wireshark.org/security/wnpa-sec-2018-34.html CVE-2018-14341 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) + {DLA-1451-1} - wireshark 2.6.2-1 [stretch] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-39.html CVE-2018-14340 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, ...) + {DLA-1451-1} - wireshark 2.6.2-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14675 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=672d882a53f96730e4ef1e5b1639c585823b0df8 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-36.html CVE-2018-14339 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) + {DLA-1451-1} - wireshark 2.6.2-1 [stretch] - wireshark (Minor issue) NOTE: https://bugs.wire
[Git][security-tracker-team/security-tracker][master] Reference individual commits from the pull request for twitter-bootstrap
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5c79f2f by Salvatore Bonaccorso at 2018-07-29T18:44:36Z Reference individual commits from the pull request for twitter-bootstrap - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1740,6 +1740,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container NOTE: https://github.com/twbs/bootstrap/issues/26423 NOTE: https://github.com/twbs/bootstrap/issues/26628 NOTE: https://github.com/twbs/bootstrap/pull/26630 + NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92 CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...) - twitter-bootstrap - twitter-bootstrap3 @@ -1747,6 +1748,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target pr NOTE: https://github.com/twbs/bootstrap/issues/26423 NOTE: https://github.com/twbs/bootstrap/issues/26627 NOTE: https://github.com/twbs/bootstrap/pull/26630 + NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628 CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...) - twitter-bootstrap - twitter-bootstrap3 @@ -1754,6 +1756,7 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data- NOTE: https://github.com/twbs/bootstrap/issues/26423 NOTE: https://github.com/twbs/bootstrap/issues/26625 NOTE: https://github.com/twbs/bootstrap/pull/26630 + NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621 CVE-2018-14039 RESERVED CVE-2018-14038 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5c79f2f51125e50146195046511c3e68ccb5521 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5c79f2f51125e50146195046511c3e68ccb5521 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14734/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dc8b2ff by Salvatore Bonaccorso at 2018-07-29T18:29:42Z Add CVE-2018-14734/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,6 @@ +CVE-2018-14734 [infiniband: fix a possible use-after-free bug] + - linux + NOTE: https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1) CVE-2018-14732 RESERVED CVE-2018-14731 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dc8b2cc9eb7a19086f8ef77710a3b6cff8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dc8b2cc9eb7a19086f8ef77710a3b6cff8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for libmspack issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c22a2ac by Salvatore Bonaccorso at 2018-07-29T18:24:31Z Add fixed version for libmspack issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -122,19 +122,19 @@ CVE-2018-14669 CVE-2018-14668 RESERVED CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - - libmspack (bug #904802) + - libmspack 0.7-1 (bug #904802) NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - - libmspack (bug #904801) + - libmspack 0.7-1 (bug #904801) NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - - libmspack (bug #904800) + - libmspack 0.7-1 (bug #904800) NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in ...) - - libmspack (bug #904799) + - libmspack 0.7-1 (bug #904799) NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14667 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c22a2ac8271c8ac66d3d75149d85ff331395217 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c22a2ac8271c8ac66d3d75149d85ff331395217 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-13988/poppler
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc78b4e2 by Salvatore Bonaccorso at 2018-07-29T14:55:51Z Add bug reference for CVE-2018-13988/poppler - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1896,7 +1896,7 @@ CVE-2018-13990 CVE-2018-13989 (Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST ...) NOT-FOR-US: Grundig Smart Inter@ctive TV 3.0 devices CVE-2018-13988 (Poppler through 0.62 contains a Buffer Overflow vulnerability due to ...) - - poppler + - poppler (bug #904922) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602838 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee (poppler-0.67.0) CVE-2018-13987 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc78b4e2d88940e26cf115356026cf83ed41ada8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc78b4e2d88940e26cf115356026cf83ed41ada8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference reported upstream issue for CVE-2018-1404{4,5}/soundtouch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67a0b297 by Salvatore Bonaccorso at 2018-07-29T14:54:44Z Reference reported upstream issue for CVE-2018-1404{4,5}/soundtouch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1720,11 +1720,13 @@ CVE-2018-14045 (The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in - soundtouch (low) [stretch] - soundtouch (Minor issue) [jessie] - soundtouch (Minor issue) + NOTE: https://gitlab.com/soundtouch/soundtouch/issues/7 NOTE: https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md CVE-2018-14044 (The RateTransposer::setChannels function in RateTransposer.cpp in ...) - soundtouch (low) [stretch] - soundtouch (Minor issue) [jessie] - soundtouch (Minor issue) + NOTE: https://gitlab.com/soundtouch/soundtouch/issues/7 NOTE: https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file ...) NOT-FOR-US: mstdlib View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67a0b297428cf5d6f192f62c9a5d0339dea633bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67a0b297428cf5d6f192f62c9a5d0339dea633bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Information public for CVE-2018-13988/poppler, update information
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b88a346 by Salvatore Bonaccorso at 2018-07-29T14:50:38Z Information public for CVE-2018-13988/poppler, update information - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1894,9 +1894,9 @@ CVE-2018-13990 CVE-2018-13989 (Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST ...) NOT-FOR-US: Grundig Smart Inter@ctive TV 3.0 devices CVE-2018-13988 (Poppler through 0.62 contains a Buffer Overflow vulnerability due to ...) - - poppler + - poppler NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602838 - TODO: check, no actionable information available + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee (poppler-0.67.0) CVE-2018-13987 RESERVED CVE-2018-13986 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b88a346f03c7eabdf4cea29615e791a20dc02b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b88a346f03c7eabdf4cea29615e791a20dc02b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim fuse
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: ec5b6db1 by Thorsten Alteholz at 2018-07-29T14:10:06Z claim fuse - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -33,7 +33,7 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- -fuse +fuse (Thorsten Alteholz) -- git-annex NOTE: 20180710: See #903037 for more information and a fix for Stretch. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec5b6db1bd342f5459f564198c09b545a336e09c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec5b6db1bd342f5459f564198c09b545a336e09c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1451-1 for wireshark
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 88d48c5d by Thorsten Alteholz at 2018-07-29T13:51:45Z Reserve DLA-1451-1 for wireshark - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[29 Jul 2018] DLA-1451-1 wireshark - security update + {CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14368 CVE-2018-14369} + [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u15 [29 Jul 2018] DLA-1450-1 tomcat8 - security update {CVE-2018-1304 CVE-2018-1305} [jessie] - tomcat8 8.0.14-1+deb8u12 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -130,8 +130,6 @@ wine wine-development NOTE: 20180711: See remarks for wine -- -wireshark (Thorsten Alteholz) --- wordpress (Markus Koschany) NOTE: 20180716: Update is ready and will be released at the end of the month. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88d48c5d4bc470fb390af5a2bc144f20e8a294c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88d48c5d4bc470fb390af5a2bc144f20e8a294c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1450-1 for tomcat8
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: a31760bc by Roberto C. Sánchez at 2018-07-29T11:54:16Z Reserve DLA-1450-1 for tomcat8 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[29 Jul 2018] DLA-1450-1 tomcat8 - security update + {CVE-2018-1304 CVE-2018-1305} + [jessie] - tomcat8 8.0.14-1+deb8u12 [28 Jul 2018] DLA-1449-1 openssl - security update {CVE-2018-0732 CVE-2018-0737} [jessie] - openssl 1.0.1t-1+deb8u9 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -115,10 +115,6 @@ tiff3 (Holger Levsen) -- tomcat7 -- -tomcat8 (Roberto C. Sánchez) - NOTE: 20180728: Patches are ready; Tony Mancill will build/upload package from my sources - NOTE: 20180728: I will publish advisory once the package is accepted in the archive --- twig (Abhijith PA) -- twitter-bootstrap View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a31760bc401b9b53de189d2b5a1aeef6d7b6fc01 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a31760bc401b9b53de189d2b5a1aeef6d7b6fc01 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14521/aubio: #904908
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a9f3bbc by Salvatore Bonaccorso at 2018-07-29T11:27:35Z Add bug reference for CVE-2018-14521/aubio: #904908 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -536,7 +536,7 @@ CVE-2018-14522 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur [jessie] - aubio (Minor issue) NOTE: https://github.com/aubio/aubio/issues/188 CVE-2018-14521 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur in ...) - - aubio + - aubio (bug #904908) [stretch] - aubio (Minor issue) [jessie] - aubio (Minor issue) NOTE: https://github.com/aubio/aubio/issues/187 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a9f3bbcfb66f909e339f155347518eeaac1c4ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a9f3bbcfb66f909e339f155347518eeaac1c4ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14522/aubio: #904907
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2be97f9e by Salvatore Bonaccorso at 2018-07-29T11:26:50Z Add bug reference for CVE-2018-14522/aubio: #904907 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -531,7 +531,7 @@ CVE-2018-14523 (An issue was discovered in aubio 0.4.6. A buffer over-read can o [jessie] - aubio (Minor issue) NOTE: https://github.com/aubio/aubio/issues/189 CVE-2018-14522 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur in ...) - - aubio + - aubio (bug #904907) [stretch] - aubio (Minor issue) [jessie] - aubio (Minor issue) NOTE: https://github.com/aubio/aubio/issues/188 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2be97f9ec1fd2cbf1eff6fc485fe85fa856f8cc4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2be97f9ec1fd2cbf1eff6fc485fe85fa856f8cc4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14523/aubio: #904906
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8abfed6e by Salvatore Bonaccorso at 2018-07-29T11:26:19Z Add bug reference for CVE-2018-14523/aubio: #904906 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -526,7 +526,7 @@ CVE-2018-14525 CVE-2018-14524 (dwg_decode_eed in decode.c in GNU LibreDWG 0.5.1048 leads to a double ...) - libredwg (bug #595191) CVE-2018-14523 (An issue was discovered in aubio 0.4.6. A buffer over-read can occur in ...) - - aubio + - aubio (bug #904906) [stretch] - aubio (Minor issue) [jessie] - aubio (Minor issue) NOTE: https://github.com/aubio/aubio/issues/189 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8abfed6ebab0229e57d651da54cab0efcd209263 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8abfed6ebab0229e57d651da54cab0efcd209263 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14347/libextractor: #904905
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d41bdce8 by Salvatore Bonaccorso at 2018-07-29T11:09:57Z Add bug reference for CVE-2018-14347/libextractor: #904905 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1044,7 +1044,7 @@ CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before CVE-2018-14348 RESERVED CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerability in ...) - - libextractor + - libextractor (bug #904905) NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg0.html NOTE: https://gnunet.org/bugs/view.php?id=5399 NOTE: https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d41bdce85299e8267a80884004c8008ce1dea989 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d41bdce85299e8267a80884004c8008ce1dea989 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14346/libextractor: #904903
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6bb12b6 by Salvatore Bonaccorso at 2018-07-29T11:06:38Z Add bug reference for CVE-2018-14346/libextractor: #904903 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1049,7 +1049,7 @@ CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerabil NOTE: https://gnunet.org/bugs/view.php?id=5399 NOTE: https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394 CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow in ...) - - libextractor + - libextractor (bug #904903) NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg1.html NOTE: https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured with ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6bb12b6ecf14451e3694070db3dc4b659fce7bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6bb12b6ecf14451e3694070db3dc4b659fce7bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-14345/sddm fixed via upload to unstable for 0.18.0-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd02fcd7 by Salvatore Bonaccorso at 2018-07-29T10:33:33Z CVE-2018-14345/sddm fixed via upload to unstable for 0.18.0-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1053,7 +1053,7 @@ CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow in NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg1.html NOTE: https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured with ...) - - sddm + - sddm 0.18.0-1 [stretch] - sddm (Re-use session feature introduced in 0.16.0) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1101450 NOTE: https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd02fcd74c886f6865eb057a389c09b5fd0dc454 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd02fcd74c886f6865eb057a389c09b5fd0dc454 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add bug reference for CVE-2018-14326
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7339e375 by Salvatore Bonaccorso at 2018-07-29T10:29:47Z Add bug reference for CVE-2018-14326 - - - - - 95bc42d3 by Salvatore Bonaccorso at 2018-07-29T10:30:19Z Add bug reference for CVE-2018-14325 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1296,12 +1296,12 @@ CVE-2018-14242 CVE-2018-14241 RESERVED CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant memory ...) - - mp4v2 + - mp4v2 (bug #904900) [stretch] - mp4v2 (Minor issue) [jessie] - mp4v2 (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1 CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant memory ...) - - mp4v2 + - mp4v2 (bug #904901) [stretch] - mp4v2 (Minor issue) [jessie] - mp4v2 (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/968e6a80545b5e19dc40210f875b9f805bab5198...95bc42d30e26d7367dea4b2bd2ecd50efc8b672d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/968e6a80545b5e19dc40210f875b9f805bab5198...95bc42d30e26d7367dea4b2bd2ecd50efc8b672d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-1000622/rustc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 968e6a80 by Salvatore Bonaccorso at 2018-07-29T10:27:21Z Add fixed version for CVE-2018-1000622/rustc Note: Although the package version suffixes a exp1 the upload went to unstable, beeing the first 1.27.1 based version landing in unstable. Marking this as the fixed version even later uploads of 1.27.1 based first went to experimental. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -2364,7 +2364,7 @@ CVE-2018-1000613 (Legion of the Bouncy Castle Legion of the Bouncy Castle Java . CVE-2018-1000611 (SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross ...) NOT-FOR-US: SURFnet OpenConext EngineBlock CVE-2018-1000622 (The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 ...) - - rustc + - rustc 1.27.1+dfsg1-1~exp1 [stretch] - rustc (Minor issue, can be fixed along in future rustc update for ESR69) NOTE: https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM CVE-2018-13787 (Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/968e6a80545b5e19dc40210f875b9f805bab5198 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/968e6a80545b5e19dc40210f875b9f805bab5198 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14379
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd5ae722 by Salvatore Bonaccorso at 2018-07-29T10:20:05Z Add bug reference for CVE-2018-14379 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -902,7 +902,7 @@ CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect CVE-2018-14380 (In Graylog before 2.4.6, XSS was possible in typeahead components, ...) - graylog2 (bug #652273) CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the ...) - - mp4v2 + - mp4v2 (bug #904898) [stretch] - mp4v2 (Minor issue) [jessie] - mp4v2 (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd5ae722bfa4d9bb4c0a4a7ae272ed7420117d7a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd5ae722bfa4d9bb4c0a4a7ae272ed7420117d7a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14403
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b148edad by Salvatore Bonaccorso at 2018-07-29T10:19:26Z Add bug reference for CVE-2018-14403 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -829,7 +829,7 @@ CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the ...) [stretch] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10 CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings ...) - - mp4v2 + - mp4v2 (bug #904897) [stretch] - mp4v2 (Minor issue) [jessie] - mp4v2 (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b148edada95d45e5e74a4b8d613e91ee9df9557b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b148edada95d45e5e74a4b8d613e91ee9df9557b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14446
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 262711d7 by Salvatore Bonaccorso at 2018-07-29T10:18:37Z Add bug reference for CVE-2018-14446 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -713,7 +713,7 @@ CVE-2018-14447 (trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bo - confuse (bug #904159) NOTE: https://github.com/martinh/libconfuse/issues/109 CVE-2018-14446 (MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows ...) - - mp4v2 + - mp4v2 (bug #904896) NOTE: https://github.com/TechSmith/mp4v2/issues/20 CVE-2018-14445 (In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows ...) NOT-FOR-US: Bento4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/262711d7cbefc3d386ad64360056210e1b8d116a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/262711d7cbefc3d386ad64360056210e1b8d116a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track 1.9-1 upload to experimental for hstlib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 167247c1 by Salvatore Bonaccorso at 2018-07-29T09:53:07Z Track 1.9-1 upload to experimental for hstlib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -2194,16 +2194,19 @@ CVE-2018-13847 (An issue has been found in Bento4 1.5.1-624. It is a SEGV in ... CVE-2018-13846 (An issue has been found in Bento4 1.5.1-624. ...) NOT-FOR-US: Bento4 CVE-2018-13845 (An issue has been found in HTSlib 1.8. It is a buffer over-read in ...) + [experimental] - htslib 1.9-1 - htslib (low) [stretch] - htslib (Minor issue) [jessie] - htslib (Minor issue) NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403681105 CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fai_read ...) + [experimental] - htslib 1.9-1 - htslib (low) [stretch] - htslib (Minor issue) [jessie] - htslib (Minor issue) NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403675330 CVE-2018-13843 (An issue has been found in HTSlib 1.8. It is a memory leak in ...) + [experimental] - htslib 1.9-1 - htslib (low) [stretch] - htslib (Minor issue) [jessie] - htslib (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/167247c1bebbe844517e05840c969ca02d3c4264 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/167247c1bebbe844517e05840c969ca02d3c4264 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2bf553b by Salvatore Bonaccorso at 2018-07-29T08:40:23Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -91,9 +91,9 @@ CVE-2018-14688 CVE-2018-14687 RESERVED CVE-2018-14686 (system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted ...) - TODO: check + NOT-FOR-US: XYCMS CVE-2018-14685 (The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in ...) - TODO: check + NOT-FOR-US: Gxlcms CVE-2018-14684 RESERVED CVE-2018-14683 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2bf553b8ad47625a33b3ff09b80969bc54fb8fe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2bf553b8ad47625a33b3ff09b80969bc54fb8fe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: db50babe by security tracker role at 2018-07-29T08:10:15Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,103 @@ +CVE-2018-14732 + RESERVED +CVE-2018-14731 + RESERVED +CVE-2018-14730 + RESERVED +CVE-2018-14729 + RESERVED +CVE-2018-14728 + RESERVED +CVE-2018-14727 + RESERVED +CVE-2018-14726 + RESERVED +CVE-2018-14725 + RESERVED +CVE-2018-14724 + RESERVED +CVE-2018-14723 + RESERVED +CVE-2018-14722 + RESERVED +CVE-2018-14721 + RESERVED +CVE-2018-14720 + RESERVED +CVE-2018-14719 + RESERVED +CVE-2018-14718 + RESERVED +CVE-2018-14717 + RESERVED +CVE-2018-14716 + RESERVED +CVE-2018-14715 + RESERVED +CVE-2018-14714 + RESERVED +CVE-2018-14713 + RESERVED +CVE-2018-14712 + RESERVED +CVE-2018-14711 + RESERVED +CVE-2018-14710 + RESERVED +CVE-2018-14709 + RESERVED +CVE-2018-14708 + RESERVED +CVE-2018-14707 + RESERVED +CVE-2018-14706 + RESERVED +CVE-2018-14705 + RESERVED +CVE-2018-14704 + RESERVED +CVE-2018-14703 + RESERVED +CVE-2018-14702 + RESERVED +CVE-2018-14701 + RESERVED +CVE-2018-14700 + RESERVED +CVE-2018-14699 + RESERVED +CVE-2018-14698 + RESERVED +CVE-2018-14697 + RESERVED +CVE-2018-14696 + RESERVED +CVE-2018-14695 + RESERVED +CVE-2018-14694 + RESERVED +CVE-2018-14693 + RESERVED +CVE-2018-14692 + RESERVED +CVE-2018-14691 + RESERVED +CVE-2018-14690 + RESERVED +CVE-2018-14689 + RESERVED +CVE-2018-14688 + RESERVED +CVE-2018-14687 + RESERVED +CVE-2018-14686 (system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted ...) + TODO: check +CVE-2018-14685 (The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in ...) + TODO: check +CVE-2018-14684 + RESERVED +CVE-2018-14683 + RESERVED CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11, as used in ...) - linux NOTE: https://xenbits.xen.org/xsa/advisory-274.html @@ -21,23 +121,19 @@ CVE-2018-14669 RESERVED CVE-2018-14668 RESERVED -CVE-2018-14679 [off-by-one error in CHM PMGI/PMGL chunk number validity checks] - RESERVED +CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - libmspack (bug #904802) NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 -CVE-2018-14680 [libmspack now rejects blank CHM filenames] - RESERVED +CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - libmspack (bug #904801) NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 -CVE-2018-14682 [Fix off-by-one error in chmd TOLOWER() fallback] - RESERVED +CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - libmspack (bug #904800) NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 -CVE-2018-14681 [kwaj_read_headers(): fix handling of non-terminated strings] - RESERVED +CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in ...) - libmspack (bug #904799) NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db50babe60afdfed1d722c89f22a8dc3ccd3f992 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db50babe60afdfed1d722c89f22a8dc3ccd3f992 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits