[Git][security-tracker-team/security-tracker][master] Remove no-dsa/postponed entry for CVE-2017-12794/python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b8c1426f by Salvatore Bonaccorso at 2018-08-03T06:51:37Z Remove no-dsa/postponed entry for CVE-2017-12794/python-django - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -54168,7 +54168,6 @@ CVE-2017-12795 RESERVED CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML ...) - python-django 1:1.11.5-1 (low; bug #874415) - [stretch] - python-django (Only affects debug mode) [jessie] - python-django (Vulnerable code do not exist) [wheezy] - python-django (Vulnerable code do not exist) NOTE: https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8c1426f05afefff382d28b5ad01bc1a534e7172 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8c1426f05afefff382d28b5ad01bc1a534e7172 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1445-3 for busybox
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: a89bffc1 by Markus Koschany at 2018-08-03T04:42:37Z Reserve DLA-1445-3 for busybox - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,5 @@ +[03 Aug 2018] DLA-1445-3 busybox - regression update + [jessie] - busybox 1:1.22.0-9+deb8u4 [02 Aug 2018] DLA-1456-1 graphicsmagick - security update {CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997 CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16547 CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018} [jessie] - graphicsmagick 1.3.20-3+deb8u4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a89bffc182f981ea2e7475a8f61b0f655c8a7ab5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a89bffc182f981ea2e7475a8f61b0f655c8a7ab5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark CVE-2018-10874 as not-affected for jessie
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: fbe66023 by Abhijith PA at 2018-08-03T04:36:55Z mark CVE-2018-10874 as not-affected for jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -10096,6 +10096,7 @@ CVE-2018-10875 (A flaw was found in ansible. ansible.cfg is read from the curren NOTE: https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981 CVE-2018-10874 (In ansible it was found that inventory variables are loaded from ...) - ansible 2.6.1+dfsg-1 + [jessie] - ansible (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596528 NOTE: https://github.com/ansible/ansible/pull/42067 NOTE: https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbe6602318c42fa9f4de9b6d5fe10b2b7324f407 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbe6602318c42fa9f4de9b6d5fe10b2b7324f407 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove CVE-2017-16545 entry, which was already fixed in 1.3.20-3+deb8u3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b976b5b by Salvatore Bonaccorso at 2018-08-03T02:46:14Z Remove CVE-2017-16545 entry, which was already fixed in 1.3.20-3+deb8u3 - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,5 +1,5 @@ [02 Aug 2018] DLA-1456-1 graphicsmagick - security update - {CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997 CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16545 CVE-2017-16547 CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018} + {CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997 CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16547 CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018} [jessie] - graphicsmagick 1.3.20-3+deb8u4 [02 Aug 2018] DLA-1455-1 mutt - security update {CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b976b5bf1850662c35a4eb5d40078f521318aa1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b976b5bf1850662c35a4eb5d40078f521318aa1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/Add and claim php5
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 2bbbf850 by Roberto C. Sánchez at 2018-08-03T02:33:06Z LTS/Add and claim php5 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -86,6 +86,8 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 NOTE: 20180719: there is no patch available for the remaining CVEs -- +php5 (Roberto C. Sánchez) +-- phpldapadmin NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bbbf850a381d012f09b70b8e6a229043fb0b286 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bbbf850a381d012f09b70b8e6a229043fb0b286 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/Add and claim tomcat8
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: da19c8a1 by Roberto C. Sánchez at 2018-08-03T01:12:41Z LTS/Add and claim tomcat8 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -108,6 +108,8 @@ tiff -- tiff3 (Holger Levsen) -- +tomcat8 (Roberto C. Sánchez) +-- twig (Abhijith PA) -- twitter-bootstrap View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da19c8a19f773496acb8d36d57f33be5cc6b9c89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da19c8a19f773496acb8d36d57f33be5cc6b9c89 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1456-1 for graphicsmagick
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a28becd by Roberto C. Sánchez at 2018-08-03T00:59:00Z Reserve DLA-1456-1 for graphicsmagick - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[02 Aug 2018] DLA-1456-1 graphicsmagick - security update + {CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997 CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16545 CVE-2017-16547 CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018} + [jessie] - graphicsmagick 1.3.20-3+deb8u4 [02 Aug 2018] DLA-1455-1 mutt - security update {CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363} [jessie] - mutt 1.5.23-3+deb8u1 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -38,8 +38,6 @@ fuse (Thorsten Alteholz) git-annex NOTE: 20180710: See #903037 for more information and a fix for Stretch. -- -graphicsmagick (Roberto C. Sánchez) --- jetty (Hugo Lefeuvre) NOTE: 20180702: jetty8 almost never marked as affected whereas jetty and jetty9 are. Reason ? NOTE: 20180702: CVE-2018-12536 fixed in latest upstream release. Looks like upstream View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a28becd752697b0e2d2e6a2843b7e2a8bee4fc6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a28becd752697b0e2d2e6a2843b7e2a8bee4fc6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for libmspack
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d2db724 by Salvatore Bonaccorso at 2018-08-02T21:00:41Z Reserve DSA number for libmspack - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[02 Aug 2018] DSA-4260-1 libmspack - security update + {CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682} + [stretch] - libmspack 0.5-1+deb9u2 [31 Jul 2018] DSA-4259-1 ruby2.3 - security update {CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-173 CVE-2018-174 CVE-2018-175 CVE-2018-176 CVE-2018-177 CVE-2018-178 CVE-2018-179} [stretch] - ruby2.3 2.3.3-1+deb9u3 = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -45,8 +45,6 @@ libarchive-zip-perl (carnil) libidn santiago proposed debdiffs for jessie and stretch -- -libmspack (carnil) --- libspring-java -- linux View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d2db72464a1e379f2bd5cb8a0bf84274237b4d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d2db72464a1e379f2bd5cb8a0bf84274237b4d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2017-9120/php*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc2d1251 by Salvatore Bonaccorso at 2018-08-02T20:49:16Z Add CVE-2017-9120/php* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -65178,7 +65178,11 @@ CVE-2017-9122 (The quicktime_read_moov function in moov.c in libquicktime 1.2.4 CVE-2017-9121 RESERVED CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ...) - TODO: check + - php7.2 + - php7.1 + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544 CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...) - php7.1 (unimportant) - php7.0 (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc2d125108027616d3eba2b8020b66753107d6a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc2d125108027616d3eba2b8020b66753107d6a4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2017-9118/php*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c2bd3c5 by Salvatore Bonaccorso at 2018-08-02T20:45:47Z Add CVE-2017-9118/php* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -65186,7 +65186,11 @@ CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1. NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593 NOTE: Only triggerable by malicious script CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a ...) - TODO: check + - php7.2 + - php7.1 + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604 CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...) - tiff (unimportant) - tiff3 (Does not ship libtiff-tools) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c2bd3c59426f578a950180dd167896c462efbc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c2bd3c59426f578a950180dd167896c462efbc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add four missing CVEs which were ommited while copy-pasting the original list…
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0898a65 by Salvatore Bonaccorso at 2018-08-02T20:23:02Z Add four missing CVEs which were ommited while copy-pasting the original list from jmm (Closes: #905304) - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,5 +1,5 @@ [31 Jul 2018] DSA-4259-1 ruby2.3 - security update - {CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-173 CVE-2018-174 CVE-2018-175 CVE-2018-176 CVE-2018-177 CVE-2018-178 CVE-2018-179} + {CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-173 CVE-2018-174 CVE-2018-175 CVE-2018-176 CVE-2018-177 CVE-2018-178 CVE-2018-179} [stretch] - ruby2.3 2.3.3-1+deb9u3 [29 Jul 2018] DSA-4258-1 ffmpeg - security update {CVE-2018-14395} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0898a650efc7161309a50120c98ab93b116 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0898a650efc7161309a50120c98ab93b116 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14851/php
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d043909c by Salvatore Bonaccorso at 2018-08-02T20:15:36Z Add CVE-2018-14851/php - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,10 @@ CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...) - TODO: check + - php7.2 7.2.8-1 + - php7.1 + - php7.0 + - php5 + NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76557 CVE-2018-14850 RESERVED CVE-2018-14849 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d043909c2e45e801cf8b8765fa0659d7c2abd675 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d043909c2e45e801cf8b8765fa0659d7c2abd675 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d5dfb79e by security tracker role at 2018-08-02T20:10:18Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...) + TODO: check +CVE-2018-14850 + RESERVED +CVE-2018-14849 + RESERVED CVE-2018-14848 RESERVED CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote attackers to ...) @@ -1279,79 +1285,94 @@ CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x be - gitlab (bug #904026) NOTE: https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/ CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.9.1-1 NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset NOTE: previous versions ship a neomutt patchset. CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.10.1-1 (bug #904051) NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e NOTE: https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576 CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.9.1-1 NOTE: https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585 NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset NOTE: previous versions ship a neomutt patchset. CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.9.1-1 NOTE: https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3 NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset NOTE: previous versions ship a neomutt patchset. CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.10.1-1 (bug #904051) NOTE: https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85 NOTE: https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.10.1-1 (bug #904051) NOTE: https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485 NOTE: https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870 CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.10.1-1 (bug #904051) NOTE: https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725 NOTE: https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.10.1-1 (bug #904051) NOTE: https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82 NOTE: https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6 CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.10.1-1 (bug #904051) NOTE: https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d NOTE: https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + {DLA-1455-1} - neomutt 20180716+dfsg.1-1 (bug #904021) - mutt 1.10.1-1 (bug #904051) NOTE: https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb NOTE: https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d CVE-201
[Git][security-tracker-team/security-tracker][master] Update reference for CVE-2015-8985/glibc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d618514 by Salvatore Bonaccorso at 2018-08-02T19:53:52Z Update reference for CVE-2015-8985/glibc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -141454,6 +141454,7 @@ CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Fo CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...) - glibc (unimportant; bug #779392) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21163 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672 (2.28) NOTE: DoS via crafted regexps are not considered security issues by glibc upstream CVE-2015-8984 (The fnmatch function in the GNU C Library (aka glibc or libc6) before ...) {DLA-316-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d618514c26514d6ca32e38db7e3695fa36bd507 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d618514c26514d6ca32e38db7e3695fa36bd507 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take libmspack from dsa-needed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1254d35e by Salvatore Bonaccorso at 2018-08-02T18:56:26Z Take libmspack from dsa-needed - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -45,7 +45,7 @@ libarchive-zip-perl (carnil) libidn santiago proposed debdiffs for jessie and stretch -- -libmspack (jmm) +libmspack (carnil) -- libspring-java -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1254d35e86fa1f8b4fe35b43be3c4ca7857a377e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1254d35e86fa1f8b4fe35b43be3c4ca7857a377e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2015-5243 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 59656381 by Salvatore Bonaccorso at 2018-08-02T18:50:56Z Add CVE-2015-5243 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -132043,6 +132043,7 @@ CVE-2015-5244 (The NSSCipherSuite option with ciphersuites enabled in mod_nss be NOTE: Fixed by https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 (1.0.12) CVE-2015-5243 RESERVED + NOT-FOR-US: phpWhois CVE-2015-5242 (OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict ...) NOT-FOR-US: swiftonfile CVE-2015-5241 (After logging into the portal, the logout jsp page redirects the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59656381ee2191889035e6f826da895a1041ee37 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59656381ee2191889035e6f826da895a1041ee37 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-14404
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98017cf7 by Salvatore Bonaccorso at 2018-08-02T18:42:43Z Add references for CVE-2018-14404 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1140,7 +1140,9 @@ CVE-2018-14405 CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the ...) - libxml2 (bug #901817) [stretch] - libxml2 (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5 NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594 CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings ...) - mp4v2 (bug #904897) [stretch] - mp4v2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98017cf74ac8c171ae2d897591a759637906592c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98017cf74ac8c171ae2d897591a759637906592c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] graphicsmagick/CVE-2018-6799 add links to upstream bugs
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a59cc59 by Roberto C. Sánchez at 2018-08-02T11:51:33Z graphicsmagick/CVE-2018-6799 add links to upstream bugs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -20973,6 +20973,8 @@ CVE-2018-6800 CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...) {DLA-1282-1} - graphicsmagick 1.3.28-1 + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/531/ + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/532/ NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d30ed06e9b87 CVE-2018-6798 (An issue was discovered in Perl 5.22 through 5.26. Matching a crafted ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a59cc59b868d58d5b819cf07448c88dd97d6865 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a59cc59b868d58d5b819cf07448c88dd97d6865 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1455-1 for mutt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: b5399a6b by Roberto C. Sánchez at 2018-08-02T10:55:57Z Reserve DLA-1455-1 for mutt - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[02 Aug 2018] DLA-1455-1 mutt - security update + {CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363} + [jessie] - mutt 1.5.23-3+deb8u1 [02 Aug 2018] DLA-1445-2 busybox - regression update [jessie] - busybox 1:1.22.0-9+deb8u3 [31 Jul 2018] DLA-1454-1 network-manager-vpnc - security update = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -81,8 +81,6 @@ linux-4.9 (Ben Hutchings) mosquitto NOTE: 20180629: there are still two CVEs open, their upstream bugs show no progress -- -mutt (Roberto C. Sánchez) --- mysql-5.5 (Emilio Pozuelo) -- openjdk-7 (Emilio Pozuelo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b5399a6b8af125d10b082b65bcd27a77e2e43908 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b5399a6b8af125d10b082b65bcd27a77e2e43908 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1477{3,4}/symfony
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bb0dc906 by Salvatore Bonaccorso at 2018-08-02T09:04:28Z Add CVE-2018-1477{3,4}/symfony - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -166,10 +166,14 @@ CVE-2018-14776 (Click Studios Passwordstate before 8.3 Build 8397 allows XSS by NOT-FOR-US: Click Studios Passwordstate CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a ...) TODO: check -CVE-2018-14774 +CVE-2018-14774 [Possible host header injection when using HttpCache] RESERVED -CVE-2018-14773 + - symfony + NOTE: https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache +CVE-2018-14773 [Remove support for legacy and risky HTTP headers] RESERVED + - symfony + NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers CVE-2018-14772 RESERVED CVE-2018-14771 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb0dc90683e17e909ded71fa76dfcc97c013ec44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb0dc90683e17e909ded71fa76dfcc97c013ec44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1304340 by Salvatore Bonaccorso at 2018-08-02T08:29:33Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2018-14848 RESERVED CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Winbox for MikroTik RouterOS CVE-2018-14846 RESERVED CVE-2018-14845 @@ -15,17 +15,17 @@ CVE-2018-14842 CVE-2018-14841 RESERVED CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not ...) - TODO: check + NOT-FOR-US: Subrion CMS CVE-2018-14839 RESERVED CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...) - TODO: check + NOT-FOR-US: rejucms CVE-2018-14837 RESERVED CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user ...) - TODO: check + NOT-FOR-US: Subrion CMS CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping ...) - TODO: check + NOT-FOR-US: Subrion CMS CVE-2018-14834 RESERVED CVE-2018-14833 @@ -5801,7 +5801,7 @@ CVE-2018-12470 CVE-2018-12469 RESERVED CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could delete ...) - open-build-service NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217 @@ -35499,7 +35499,7 @@ CVE-2018-1597 CVE-2018-1596 RESERVED CVE-2018-1595 (IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1594 RESERVED CVE-2018-1593 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f130434004fd2ca0b6fa04580a7819e6f053787d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f130434004fd2ca0b6fa04580a7819e6f053787d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-9262/libxcursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ea5b170 by Salvatore Bonaccorso at 2018-08-02T08:13:26Z Add CVE-2018-9262/libxcursor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -141,7 +141,9 @@ CVE-2018-14779 CVE-2018-14778 RESERVED CVE-2015-9262 (_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows ...) - TODO: check + - libxcursor 1:1.1.15-1 + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90857 + NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05 CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. An ...) TODO: check CVE-2018-1000631 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ea5b170cef1039d9b0a31841b3e63d31363 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ea5b170cef1039d9b0a31841b3e63d31363 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a912bc7 by security tracker role at 2018-08-02T08:10:13Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,147 @@ +CVE-2018-14848 + RESERVED +CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote attackers to ...) + TODO: check +CVE-2018-14846 + RESERVED +CVE-2018-14845 + RESERVED +CVE-2018-14844 + RESERVED +CVE-2018-14843 + RESERVED +CVE-2018-14842 + RESERVED +CVE-2018-14841 + RESERVED +CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not ...) + TODO: check +CVE-2018-14839 + RESERVED +CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...) + TODO: check +CVE-2018-14837 + RESERVED +CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user ...) + TODO: check +CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping ...) + TODO: check +CVE-2018-14834 + RESERVED +CVE-2018-14833 + RESERVED +CVE-2018-14832 + RESERVED +CVE-2018-14831 + RESERVED +CVE-2018-14830 + RESERVED +CVE-2018-14829 + RESERVED +CVE-2018-14828 + RESERVED +CVE-2018-14827 + RESERVED +CVE-2018-14826 + RESERVED +CVE-2018-14825 + RESERVED +CVE-2018-14824 + RESERVED +CVE-2018-14823 + RESERVED +CVE-2018-14822 + RESERVED +CVE-2018-14821 + RESERVED +CVE-2018-14820 + RESERVED +CVE-2018-14819 + RESERVED +CVE-2018-14818 + RESERVED +CVE-2018-14817 + RESERVED +CVE-2018-14816 + RESERVED +CVE-2018-14815 + RESERVED +CVE-2018-14814 + RESERVED +CVE-2018-14813 + RESERVED +CVE-2018-14812 + RESERVED +CVE-2018-14811 + RESERVED +CVE-2018-14810 + RESERVED +CVE-2018-14809 + RESERVED +CVE-2018-14808 + RESERVED +CVE-2018-14807 + RESERVED +CVE-2018-14806 + RESERVED +CVE-2018-14805 + RESERVED +CVE-2018-14804 + RESERVED +CVE-2018-14803 + RESERVED +CVE-2018-14802 + RESERVED +CVE-2018-14801 + RESERVED +CVE-2018-14800 + RESERVED +CVE-2018-14799 + RESERVED +CVE-2018-14798 + RESERVED +CVE-2018-14797 + RESERVED +CVE-2018-14796 + RESERVED +CVE-2018-14795 + RESERVED +CVE-2018-14794 + RESERVED +CVE-2018-14793 + RESERVED +CVE-2018-14792 + RESERVED +CVE-2018-14791 + RESERVED +CVE-2018-14790 + RESERVED +CVE-2018-14789 + RESERVED +CVE-2018-14788 + RESERVED +CVE-2018-14787 + RESERVED +CVE-2018-14786 + RESERVED +CVE-2018-14785 + RESERVED +CVE-2018-14784 + RESERVED +CVE-2018-14783 + RESERVED +CVE-2018-14782 + RESERVED +CVE-2018-14781 + RESERVED +CVE-2018-14780 + RESERVED +CVE-2018-14779 + RESERVED +CVE-2018-14778 + RESERVED +CVE-2015-9262 (_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows ...) + TODO: check CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. An ...) TODO: check CVE-2018-1000631 @@ -5654,8 +5798,8 @@ CVE-2018-12470 RESERVED CVE-2018-12469 RESERVED -CVE-2018-12468 - RESERVED +CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...) + TODO: check CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could delete ...) - open-build-service NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217 @@ -10584,8 +10728,8 @@ CVE-2018-10626 RESERVED CVE-2018-10625 RESERVED -CVE-2018-10624 - RESERVED +CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BCPro ...) + TODO: check CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...) NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft CVE-2018-10622 @@ -28955,8 +29099,8 @@ CVE-2018-3941 RESERVED CVE-2018-3940 RESERVED -CVE-2018-3939 - RESERVED +CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the JavaScript ...) + TODO: check CVE-2018-3938 RESERVED CVE-2018-3937 @@ -28985,8 +29129,8 @@ CVE-2018-3926 RESERVED CVE-2018-3925 RESERVED -CVE-2018-3924 - RESERVED +CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...) + TODO: check CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...) TODO: check CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...) @@ -29071,8 +29215,8 @@ CVE-2018-3883 RESERVED CVE-2018-3882 RESERVED -CVE-2018-3881 - RESE