[Git][security-tracker-team/security-tracker][master] Remove no-dsa/postponed entry for CVE-2017-12794/python-django
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b8c1426f by Salvatore Bonaccorso at 2018-08-03T06:51:37Z Remove no-dsa/postponed entry for CVE-2017-12794/python-django - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -54168,7 +54168,6 @@ CVE-2017-12795 RESERVED CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML ...) - python-django 1:1.11.5-1 (low; bug #874415) - [stretch] - python-django (Only affects debug mode) [jessie] - python-django (Vulnerable code do not exist) [wheezy] - python-django (Vulnerable code do not exist) NOTE: https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8c1426f05afefff382d28b5ad01bc1a534e7172 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8c1426f05afefff382d28b5ad01bc1a534e7172 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1445-3 for busybox
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a89bffc1 by Markus Koschany at 2018-08-03T04:42:37Z
Reserve DLA-1445-3 for busybox
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,5 @@
+[03 Aug 2018] DLA-1445-3 busybox - regression update
+ [jessie] - busybox 1:1.22.0-9+deb8u4
[02 Aug 2018] DLA-1456-1 graphicsmagick - security update
{CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102
CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641
CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775
CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997
CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16547 CVE-2017-18219
CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 CVE-2018-5685
CVE-2018-6799 CVE-2018-9018}
[jessie] - graphicsmagick 1.3.20-3+deb8u4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a89bffc182f981ea2e7475a8f61b0f655c8a7ab5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a89bffc182f981ea2e7475a8f61b0f655c8a7ab5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark CVE-2018-10874 as not-affected for jessie
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: fbe66023 by Abhijith PA at 2018-08-03T04:36:55Z mark CVE-2018-10874 as not-affected for jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -10096,6 +10096,7 @@ CVE-2018-10875 (A flaw was found in ansible. ansible.cfg is read from the curren NOTE: https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981 CVE-2018-10874 (In ansible it was found that inventory variables are loaded from ...) - ansible 2.6.1+dfsg-1 + [jessie] - ansible (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596528 NOTE: https://github.com/ansible/ansible/pull/42067 NOTE: https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbe6602318c42fa9f4de9b6d5fe10b2b7324f407 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbe6602318c42fa9f4de9b6d5fe10b2b7324f407 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove CVE-2017-16545 entry, which was already fixed in 1.3.20-3+deb8u3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b976b5b by Salvatore Bonaccorso at 2018-08-03T02:46:14Z
Remove CVE-2017-16545 entry, which was already fixed in 1.3.20-3+deb8u3
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,5 +1,5 @@
[02 Aug 2018] DLA-1456-1 graphicsmagick - security update
- {CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102
CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641
CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775
CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997
CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16545 CVE-2017-16547
CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231
CVE-2018-5685 CVE-2018-6799 CVE-2018-9018}
+ {CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102
CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641
CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775
CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997
CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16547 CVE-2017-18219
CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 CVE-2018-5685
CVE-2018-6799 CVE-2018-9018}
[jessie] - graphicsmagick 1.3.20-3+deb8u4
[02 Aug 2018] DLA-1455-1 mutt - security update
{CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352
CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357
CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362
CVE-2018-14363}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b976b5bf1850662c35a4eb5d40078f521318aa1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b976b5bf1850662c35a4eb5d40078f521318aa1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/Add and claim php5
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 2bbbf850 by Roberto C. Sánchez at 2018-08-03T02:33:06Z LTS/Add and claim php5 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -86,6 +86,8 @@ openjdk-7 (Emilio Pozuelo) openjpeg2 NOTE: 20180719: there is no patch available for the remaining CVEs -- +php5 (Roberto C. Sánchez) +-- phpldapadmin NOTE: 20180731: See https://lists.debian.org/debian-lts/2018/07/msg00123.html for research already done -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bbbf850a381d012f09b70b8e6a229043fb0b286 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bbbf850a381d012f09b70b8e6a229043fb0b286 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/Add and claim tomcat8
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: da19c8a1 by Roberto C. Sánchez at 2018-08-03T01:12:41Z LTS/Add and claim tomcat8 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -108,6 +108,8 @@ tiff -- tiff3 (Holger Levsen) -- +tomcat8 (Roberto C. Sánchez) +-- twig (Abhijith PA) -- twitter-bootstrap View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da19c8a19f773496acb8d36d57f33be5cc6b9c89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da19c8a19f773496acb8d36d57f33be5cc6b9c89 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1456-1 for graphicsmagick
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a28becd by Roberto C. Sánchez at 2018-08-03T00:59:00Z
Reserve DLA-1456-1 for graphicsmagick
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[02 Aug 2018] DLA-1456-1 graphicsmagick - security update
+ {CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102
CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641
CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775
CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997
CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16545 CVE-2017-16547
CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231
CVE-2018-5685 CVE-2018-6799 CVE-2018-9018}
+ [jessie] - graphicsmagick 1.3.20-3+deb8u4
[02 Aug 2018] DLA-1455-1 mutt - security update
{CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352
CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357
CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362
CVE-2018-14363}
[jessie] - mutt 1.5.23-3+deb8u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -38,8 +38,6 @@ fuse (Thorsten Alteholz)
git-annex
NOTE: 20180710: See #903037 for more information and a fix for Stretch.
--
-graphicsmagick (Roberto C. Sánchez)
---
jetty (Hugo Lefeuvre)
NOTE: 20180702: jetty8 almost never marked as affected whereas jetty and
jetty9 are. Reason ?
NOTE: 20180702: CVE-2018-12536 fixed in latest upstream release. Looks like
upstream
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a28becd752697b0e2d2e6a2843b7e2a8bee4fc6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a28becd752697b0e2d2e6a2843b7e2a8bee4fc6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for libmspack
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d2db724 by Salvatore Bonaccorso at 2018-08-02T21:00:41Z
Reserve DSA number for libmspack
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[02 Aug 2018] DSA-4260-1 libmspack - security update
+ {CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682}
+ [stretch] - libmspack 0.5-1+deb9u2
[31 Jul 2018] DSA-4259-1 ruby2.3 - security update
{CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914
CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-173
CVE-2018-174 CVE-2018-175 CVE-2018-176 CVE-2018-177
CVE-2018-178 CVE-2018-179}
[stretch] - ruby2.3 2.3.3-1+deb9u3
=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -45,8 +45,6 @@ libarchive-zip-perl (carnil)
libidn
santiago proposed debdiffs for jessie and stretch
--
-libmspack (carnil)
---
libspring-java
--
linux
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d2db72464a1e379f2bd5cb8a0bf84274237b4d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d2db72464a1e379f2bd5cb8a0bf84274237b4d9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2017-9120/php*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc2d1251 by Salvatore Bonaccorso at 2018-08-02T20:49:16Z Add CVE-2017-9120/php* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -65178,7 +65178,11 @@ CVE-2017-9122 (The quicktime_read_moov function in moov.c in libquicktime 1.2.4 CVE-2017-9121 RESERVED CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ...) - TODO: check + - php7.2 + - php7.1 + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544 CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...) - php7.1 (unimportant) - php7.0 (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc2d125108027616d3eba2b8020b66753107d6a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc2d125108027616d3eba2b8020b66753107d6a4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2017-9118/php*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c2bd3c5 by Salvatore Bonaccorso at 2018-08-02T20:45:47Z Add CVE-2017-9118/php* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -65186,7 +65186,11 @@ CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1. NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593 NOTE: Only triggerable by malicious script CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a ...) - TODO: check + - php7.2 + - php7.1 + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604 CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...) - tiff (unimportant) - tiff3 (Does not ship libtiff-tools) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c2bd3c59426f578a950180dd167896c462efbc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c2bd3c59426f578a950180dd167896c462efbc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add four missing CVEs which were ommited while copy-pasting the original list…
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0898a65 by Salvatore Bonaccorso at 2018-08-02T20:23:02Z
Add four missing CVEs which were ommited while copy-pasting the original list
from jmm (Closes: #905304)
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,5 +1,5 @@
[31 Jul 2018] DSA-4259-1 ruby2.3 - security update
- {CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
CVE-2018-173 CVE-2018-174 CVE-2018-175 CVE-2018-176
CVE-2018-177 CVE-2018-178 CVE-2018-179}
+ {CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914
CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-173
CVE-2018-174 CVE-2018-175 CVE-2018-176 CVE-2018-177
CVE-2018-178 CVE-2018-179}
[stretch] - ruby2.3 2.3.3-1+deb9u3
[29 Jul 2018] DSA-4258-1 ffmpeg - security update
{CVE-2018-14395}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0898a650efc7161309a50120c98ab93b116
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0898a650efc7161309a50120c98ab93b116
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14851/php
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d043909c by Salvatore Bonaccorso at 2018-08-02T20:15:36Z Add CVE-2018-14851/php - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,10 @@ CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...) - TODO: check + - php7.2 7.2.8-1 + - php7.1 + - php7.0 + - php5 + NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76557 CVE-2018-14850 RESERVED CVE-2018-14849 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d043909c2e45e801cf8b8765fa0659d7c2abd675 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d043909c2e45e801cf8b8765fa0659d7c2abd675 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5dfb79e by security tracker role at 2018-08-02T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before
5.6.37, ...)
+ TODO: check
+CVE-2018-14850
+ RESERVED
+CVE-2018-14849
+ RESERVED
CVE-2018-14848
RESERVED
CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote
attackers to ...)
@@ -1279,79 +1285,94 @@ CVE-2018-14364 (GitLab Community and Enterprise Edition
before 10.7.7, 10.8.x be
- gitlab (bug #904026)
NOTE:
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c
does not ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
NOTE:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c
proceeds ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16.
nntp_add_group in ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.9.1-1
NOTE:
https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3
NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code
without neomutt patchset
NOTE: previous versions ship a neomutt patchset.
CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85
NOTE:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725
NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82
NOTE:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d
NOTE:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
+ {DLA-1455-1}
- neomutt 20180716+dfsg.1-1 (bug #904021)
- mutt 1.10.1-1 (bug #904051)
NOTE:
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb
NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-201
[Git][security-tracker-team/security-tracker][master] Update reference for CVE-2015-8985/glibc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d618514 by Salvatore Bonaccorso at 2018-08-02T19:53:52Z
Update reference for CVE-2015-8985/glibc
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -141454,6 +141454,7 @@ CVE-2014-9685 (Multiple cross-site scripting (XSS)
vulnerabilities in Vanilla Fo
CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or
libc6) ...)
- glibc (unimportant; bug #779392)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21163
+ NOTE:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672
(2.28)
NOTE: DoS via crafted regexps are not considered security issues by
glibc upstream
CVE-2015-8984 (The fnmatch function in the GNU C Library (aka glibc or libc6)
before ...)
{DLA-316-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d618514c26514d6ca32e38db7e3695fa36bd507
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d618514c26514d6ca32e38db7e3695fa36bd507
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take libmspack from dsa-needed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1254d35e by Salvatore Bonaccorso at 2018-08-02T18:56:26Z Take libmspack from dsa-needed - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -45,7 +45,7 @@ libarchive-zip-perl (carnil) libidn santiago proposed debdiffs for jessie and stretch -- -libmspack (jmm) +libmspack (carnil) -- libspring-java -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1254d35e86fa1f8b4fe35b43be3c4ca7857a377e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1254d35e86fa1f8b4fe35b43be3c4ca7857a377e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2015-5243 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 59656381 by Salvatore Bonaccorso at 2018-08-02T18:50:56Z Add CVE-2015-5243 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -132043,6 +132043,7 @@ CVE-2015-5244 (The NSSCipherSuite option with ciphersuites enabled in mod_nss be NOTE: Fixed by https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 (1.0.12) CVE-2015-5243 RESERVED + NOT-FOR-US: phpWhois CVE-2015-5242 (OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict ...) NOT-FOR-US: swiftonfile CVE-2015-5241 (After logging into the portal, the logout jsp page redirects the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59656381ee2191889035e6f826da895a1041ee37 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59656381ee2191889035e6f826da895a1041ee37 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-14404
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98017cf7 by Salvatore Bonaccorso at 2018-08-02T18:42:43Z Add references for CVE-2018-14404 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1140,7 +1140,9 @@ CVE-2018-14405 CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the ...) - libxml2 (bug #901817) [stretch] - libxml2 (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5 NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594 CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings ...) - mp4v2 (bug #904897) [stretch] - mp4v2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98017cf74ac8c171ae2d897591a759637906592c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98017cf74ac8c171ae2d897591a759637906592c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] graphicsmagick/CVE-2018-6799 add links to upstream bugs
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a59cc59 by Roberto C. Sánchez at 2018-08-02T11:51:33Z
graphicsmagick/CVE-2018-6799 add links to upstream bugs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20973,6 +20973,8 @@ CVE-2018-6800
CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
{DLA-1282-1}
- graphicsmagick 1.3.28-1
+ NOTE: https://sourceforge.net/p/graphicsmagick/bugs/531/
+ NOTE: https://sourceforge.net/p/graphicsmagick/bugs/532/
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d30ed06e9b87
CVE-2018-6798 (An issue was discovered in Perl 5.22 through 5.26. Matching a
crafted ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a59cc59b868d58d5b819cf07448c88dd97d6865
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a59cc59b868d58d5b819cf07448c88dd97d6865
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1455-1 for mutt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b5399a6b by Roberto C. Sánchez at 2018-08-02T10:55:57Z
Reserve DLA-1455-1 for mutt
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[02 Aug 2018] DLA-1455-1 mutt - security update
+ {CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352
CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357
CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362
CVE-2018-14363}
+ [jessie] - mutt 1.5.23-3+deb8u1
[02 Aug 2018] DLA-1445-2 busybox - regression update
[jessie] - busybox 1:1.22.0-9+deb8u3
[31 Jul 2018] DLA-1454-1 network-manager-vpnc - security update
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -81,8 +81,6 @@ linux-4.9 (Ben Hutchings)
mosquitto
NOTE: 20180629: there are still two CVEs open, their upstream bugs show no
progress
--
-mutt (Roberto C. Sánchez)
---
mysql-5.5 (Emilio Pozuelo)
--
openjdk-7 (Emilio Pozuelo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b5399a6b8af125d10b082b65bcd27a77e2e43908
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b5399a6b8af125d10b082b65bcd27a77e2e43908
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1477{3,4}/symfony
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb0dc906 by Salvatore Bonaccorso at 2018-08-02T09:04:28Z
Add CVE-2018-1477{3,4}/symfony
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -166,10 +166,14 @@ CVE-2018-14776 (Click Studios Passwordstate before 8.3
Build 8397 allows XSS by
NOT-FOR-US: Click Studios Passwordstate
CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3
has a ...)
TODO: check
-CVE-2018-14774
+CVE-2018-14774 [Possible host header injection when using HttpCache]
RESERVED
-CVE-2018-14773
+ - symfony
+ NOTE:
https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
+CVE-2018-14773 [Remove support for legacy and risky HTTP headers]
RESERVED
+ - symfony
+ NOTE:
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
CVE-2018-14772
RESERVED
CVE-2018-14771
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb0dc90683e17e909ded71fa76dfcc97c013ec44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb0dc90683e17e909ded71fa76dfcc97c013ec44
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1304340 by Salvatore Bonaccorso at 2018-08-02T08:29:33Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2018-14848 RESERVED CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Winbox for MikroTik RouterOS CVE-2018-14846 RESERVED CVE-2018-14845 @@ -15,17 +15,17 @@ CVE-2018-14842 CVE-2018-14841 RESERVED CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not ...) - TODO: check + NOT-FOR-US: Subrion CMS CVE-2018-14839 RESERVED CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...) - TODO: check + NOT-FOR-US: rejucms CVE-2018-14837 RESERVED CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user ...) - TODO: check + NOT-FOR-US: Subrion CMS CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping ...) - TODO: check + NOT-FOR-US: Subrion CMS CVE-2018-14834 RESERVED CVE-2018-14833 @@ -5801,7 +5801,7 @@ CVE-2018-12470 CVE-2018-12469 RESERVED CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could delete ...) - open-build-service NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217 @@ -35499,7 +35499,7 @@ CVE-2018-1597 CVE-2018-1596 RESERVED CVE-2018-1595 (IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1594 RESERVED CVE-2018-1593 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f130434004fd2ca0b6fa04580a7819e6f053787d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f130434004fd2ca0b6fa04580a7819e6f053787d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-9262/libxcursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ea5b170 by Salvatore Bonaccorso at 2018-08-02T08:13:26Z Add CVE-2018-9262/libxcursor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -141,7 +141,9 @@ CVE-2018-14779 CVE-2018-14778 RESERVED CVE-2015-9262 (_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows ...) - TODO: check + - libxcursor 1:1.1.15-1 + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90857 + NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05 CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. An ...) TODO: check CVE-2018-1000631 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ea5b170cef1039d9b0a31841b3e63d31363 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ea5b170cef1039d9b0a31841b3e63d31363 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a912bc7 by security tracker role at 2018-08-02T08:10:13Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,147 @@ +CVE-2018-14848 + RESERVED +CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote attackers to ...) + TODO: check +CVE-2018-14846 + RESERVED +CVE-2018-14845 + RESERVED +CVE-2018-14844 + RESERVED +CVE-2018-14843 + RESERVED +CVE-2018-14842 + RESERVED +CVE-2018-14841 + RESERVED +CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not ...) + TODO: check +CVE-2018-14839 + RESERVED +CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...) + TODO: check +CVE-2018-14837 + RESERVED +CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user ...) + TODO: check +CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping ...) + TODO: check +CVE-2018-14834 + RESERVED +CVE-2018-14833 + RESERVED +CVE-2018-14832 + RESERVED +CVE-2018-14831 + RESERVED +CVE-2018-14830 + RESERVED +CVE-2018-14829 + RESERVED +CVE-2018-14828 + RESERVED +CVE-2018-14827 + RESERVED +CVE-2018-14826 + RESERVED +CVE-2018-14825 + RESERVED +CVE-2018-14824 + RESERVED +CVE-2018-14823 + RESERVED +CVE-2018-14822 + RESERVED +CVE-2018-14821 + RESERVED +CVE-2018-14820 + RESERVED +CVE-2018-14819 + RESERVED +CVE-2018-14818 + RESERVED +CVE-2018-14817 + RESERVED +CVE-2018-14816 + RESERVED +CVE-2018-14815 + RESERVED +CVE-2018-14814 + RESERVED +CVE-2018-14813 + RESERVED +CVE-2018-14812 + RESERVED +CVE-2018-14811 + RESERVED +CVE-2018-14810 + RESERVED +CVE-2018-14809 + RESERVED +CVE-2018-14808 + RESERVED +CVE-2018-14807 + RESERVED +CVE-2018-14806 + RESERVED +CVE-2018-14805 + RESERVED +CVE-2018-14804 + RESERVED +CVE-2018-14803 + RESERVED +CVE-2018-14802 + RESERVED +CVE-2018-14801 + RESERVED +CVE-2018-14800 + RESERVED +CVE-2018-14799 + RESERVED +CVE-2018-14798 + RESERVED +CVE-2018-14797 + RESERVED +CVE-2018-14796 + RESERVED +CVE-2018-14795 + RESERVED +CVE-2018-14794 + RESERVED +CVE-2018-14793 + RESERVED +CVE-2018-14792 + RESERVED +CVE-2018-14791 + RESERVED +CVE-2018-14790 + RESERVED +CVE-2018-14789 + RESERVED +CVE-2018-14788 + RESERVED +CVE-2018-14787 + RESERVED +CVE-2018-14786 + RESERVED +CVE-2018-14785 + RESERVED +CVE-2018-14784 + RESERVED +CVE-2018-14783 + RESERVED +CVE-2018-14782 + RESERVED +CVE-2018-14781 + RESERVED +CVE-2018-14780 + RESERVED +CVE-2018-14779 + RESERVED +CVE-2018-14778 + RESERVED +CVE-2015-9262 (_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows ...) + TODO: check CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. An ...) TODO: check CVE-2018-1000631 @@ -5654,8 +5798,8 @@ CVE-2018-12470 RESERVED CVE-2018-12469 RESERVED -CVE-2018-12468 - RESERVED +CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...) + TODO: check CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could delete ...) - open-build-service NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217 @@ -10584,8 +10728,8 @@ CVE-2018-10626 RESERVED CVE-2018-10625 RESERVED -CVE-2018-10624 - RESERVED +CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BCPro ...) + TODO: check CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...) NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft CVE-2018-10622 @@ -28955,8 +29099,8 @@ CVE-2018-3941 RESERVED CVE-2018-3940 RESERVED -CVE-2018-3939 - RESERVED +CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the JavaScript ...) + TODO: check CVE-2018-3938 RESERVED CVE-2018-3937 @@ -28985,8 +29129,8 @@ CVE-2018-3926 RESERVED CVE-2018-3925 RESERVED -CVE-2018-3924 - RESERVED +CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...) + TODO: check CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...) TODO: check CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...) @@ -29071,8 +29215,8 @@ CVE-2018-3883 RESERVED CVE-2018-3882 RESERVED -CVE-2018-3881 - RESE
