[Git][security-tracker-team/security-tracker][master] Adjust CVE identifier
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 99424ef5 by Salvatore Bonaccorso at 2018-08-07T04:27:39Z Adjust CVE identifier - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -25029,8 +25029,8 @@ CVE-2018-5817 CVE-2018-5816 [Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service] RESERVED - libraw 0.18.13-1 (low) - [stretch] - libraw (Fix for CVE-5804 not released in stretch) - [jessie] - libraw (Fix for CVE-5804 not in jessie LTS) + [stretch] - libraw (Fix for CVE-2018-5804 not released in stretch) + [jessie] - libraw (Fix for CVE-2018-5804 not in jessie LTS) NOTE: http://seclists.org/bugtraq/2018/Jul/58 NOTE: Issue caused by an incomplete fix for CVE-2018-5804 CVE-2018-5815 [Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99424ef546df86fc8bc7fd6aef5268eb6018a620 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99424ef546df86fc8bc7fd6aef5268eb6018a620 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2018-5816 (libraw) for jessie.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: f06f6030 by Chris Lamb at 2018-08-07T00:16:35Z Triage CVE-2018-5816 (libraw) for jessie. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -25030,6 +25030,7 @@ CVE-2018-5816 [Integer overflow in internal/dcraw_common.cpp:identify() allows f RESERVED - libraw 0.18.13-1 (low) [stretch] - libraw (Fix for CVE-5804 not released in stretch) + [jessie] - libraw (Fix for CVE-5804 not in jessie LTS) NOTE: http://seclists.org/bugtraq/2018/Jul/58 NOTE: Issue caused by an incomplete fix for CVE-2018-5804 CVE-2018-5815 [Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f06f6030adc1d4ababd24f6cf02587177d01e234 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f06f6030adc1d4ababd24f6cf02587177d01e234 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 682ca3f3 by Salvatore Bonaccorso at 2018-08-06T20:19:08Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -297,43 +297,43 @@ CVE-2018-14980 CVE-2018-14979 RESERVED CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the ...) - TODO: check + NOT-FOR-US: QCMS CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. ...) - TODO: check + NOT-FOR-US: QCMS CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. ...) TODO: check CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. ...) - TODO: check + NOT-FOR-US: QCMSQCMS CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. ...) - TODO: check + NOT-FOR-US: QCMS CVE-2018-14973 (An issue was discovered in QCMS 3.0.1. ...) - TODO: check + NOT-FOR-US: QCMS CVE-2018-14972 (An issue was discovered in QCMS 3.0.1. ...) - TODO: check + NOT-FOR-US: QCMS CVE-2018-14971 (An issue was discovered in QCMS 3.0.1. ...) - TODO: check + NOT-FOR-US: QCMS CVE-2018-14970 (An issue was discovered in QCMS 3.0.1. ...) - TODO: check + NOT-FOR-US: QCMS CVE-2018-14969 (An issue was discovered in QCMS 3.0.1. ...) - TODO: check + NOT-FOR-US: QCMS CVE-2018-14968 (An issue was discovered in EMLsoft 5.4.5. ...) - TODO: check + NOT-FOR-US: EMLsoft CVE-2018-14967 (An issue was discovered in EMLsoft 5.4.5. ...) - TODO: check + NOT-FOR-US: EMLsoft CVE-2018-14966 (An issue was discovered in EMLsoft 5.4.5. The ...) - TODO: check + NOT-FOR-US: EMLsoft CVE-2018-14965 (An issue was discovered in EMLsoft 5.4.5. The ...) - TODO: check + NOT-FOR-US: EMLsoft CVE-2018-14964 (An issue was discovered in EMLsoft 5.4.5. XSS exists via the ...) - TODO: check + NOT-FOR-US: EMLsoft CVE-2018-14963 (zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. ...) - TODO: check + NOT-FOR-US: zzcms CVE-2018-14962 (zzcms 8.3 has stored XSS related to the content variable in ...) - TODO: check + NOT-FOR-US: zzcms CVE-2018-14961 (dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql ...) - TODO: check + NOT-FOR-US: zzcms CVE-2018-14960 (Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. ...) - TODO: check + NOT-FOR-US: Xiao5uCompany CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages ...) NOT-FOR-US: WeaselCMS CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update the ...) @@ -36308,7 +36308,7 @@ CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could CVE-2018-1552 RESERVED CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1550 RESERVED CVE-2018-1549 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 ...) @@ -36354,7 +36354,7 @@ CVE-2018-1530 CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through ...) NOT-FOR-US: IBM Rational DOORS Next Generation CVE-2018-1528 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1527 RESERVED CVE-2018-1526 @@ -36566,7 +36566,7 @@ CVE-2018-1424 CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive information to ...) NOT-FOR-US: IBM CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and ...) NOT-FOR-US: IBM WebSphere DataPower Appliances CVE-2018-1420 @@ -88048,7 +88048,7 @@ CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remo CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...) NOT-FOR-US: IBM CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1754 RESERVED CVE-2017-1753 @@ -88734,13 +88734,13 @@ CVE-2017-1414 CVE-2017-1413 RESERVED CVE-2017-1412 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1411 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1410 RESERVED CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1408 RESERVED CVE-2017-1407 (IBM Security Identity Man
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 10c2b474 by security tracker role at 2018-08-06T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,19 @@ +CVE-2018-15127 + RESERVED +CVE-2018-15126 + RESERVED +CVE-2018-15125 + RESERVED +CVE-2018-15124 + RESERVED +CVE-2018-15123 + RESERVED +CVE-2018-15122 + RESERVED +CVE-2018-15121 + RESERVED +CVE-2018-15120 + RESERVED CVE-2018-15119 RESERVED CVE-2018-15118 @@ -280,44 +296,44 @@ CVE-2018-14980 RESERVED CVE-2018-14979 RESERVED -CVE-2018-14978 - RESERVED -CVE-2018-14977 - RESERVED -CVE-2018-14976 - RESERVED -CVE-2018-14975 - RESERVED -CVE-2018-14974 - RESERVED -CVE-2018-14973 - RESERVED -CVE-2018-14972 - RESERVED -CVE-2018-14971 - RESERVED -CVE-2018-14970 - RESERVED -CVE-2018-14969 - RESERVED -CVE-2018-14968 - RESERVED -CVE-2018-14967 - RESERVED -CVE-2018-14966 - RESERVED -CVE-2018-14965 - RESERVED -CVE-2018-14964 - RESERVED -CVE-2018-14963 - RESERVED -CVE-2018-14962 - RESERVED -CVE-2018-14961 - RESERVED -CVE-2018-14960 - RESERVED +CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the ...) + TODO: check +CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14973 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14972 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14971 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14970 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14969 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14968 (An issue was discovered in EMLsoft 5.4.5. ...) + TODO: check +CVE-2018-14967 (An issue was discovered in EMLsoft 5.4.5. ...) + TODO: check +CVE-2018-14966 (An issue was discovered in EMLsoft 5.4.5. The ...) + TODO: check +CVE-2018-14965 (An issue was discovered in EMLsoft 5.4.5. The ...) + TODO: check +CVE-2018-14964 (An issue was discovered in EMLsoft 5.4.5. XSS exists via the ...) + TODO: check +CVE-2018-14963 (zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. ...) + TODO: check +CVE-2018-14962 (zzcms 8.3 has stored XSS related to the content variable in ...) + TODO: check +CVE-2018-14961 (dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql ...) + TODO: check +CVE-2018-14960 (Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. ...) + TODO: check CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages ...) NOT-FOR-US: WeaselCMS CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update the ...) @@ -1006,22 +1022,22 @@ CVE-2018-14669 CVE-2018-14668 RESERVED CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - {DSA-4260-1} + {DSA-4260-1 DLA-1460-1} - libmspack 0.7-1 (bug #904802) NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - {DSA-4260-1} + {DSA-4260-1 DLA-1460-1} - libmspack 0.7-1 (bug #904801) NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - {DSA-4260-1} + {DSA-4260-1 DLA-1460-1} - libmspack 0.7-1 (bug #904800) NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in ...) - {DSA-4260-1} + {DSA-4260-1 DLA-1460-1} - libmspack 0.7-1 (bug #904799) NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 @@ -4107,6 +4123,7 @@ CVE-2018-13406 (An integer overflow in the uvesafb_setcmap function in ...) - linux 4.17.6-1 NOTE: https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713 CVE-20
[Git][security-tracker-team/security-tracker][master] Update status for kamailio
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ba20952 by Salvatore Bonaccorso at 2018-08-06T19:52:36Z Update status for kamailio - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -32,7 +32,7 @@ intel-microcode jetty9 (jmm) -- kamailio - Maintainer (Victor Seva) will prepare an update + Maintainer (Victor Seva) proposed update, acked upload -- keystone Maintainer is proposing an update for CVE-2018-14432 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ba2095254d0a0a11d560be6781c27aef3a2d334 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ba2095254d0a0a11d560be6781c27aef3a2d334 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-14767/kamailio
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e088baa8 by Salvatore Bonaccorso at 2018-08-06T19:51:46Z Add references for CVE-2018-14767/kamailio - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -792,6 +792,8 @@ CVE-2018-1999035 (A man in the middle vulnerability exists in Jenkins Inedo Buil CVE-2018-14767 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...) - kamailio 5.1.4-1 NOTE: https://skalatan.de/blog/advisory-hw-2018-05 + NOTE: https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamailio-core/ + NOTE: https://github.com/kamailio/kamailio/commit/281a6c6b6eaaf30058b603325e8ded20b99e1456 CVE-2018-14766 RESERVED CVE-2018-14765 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e088baa8be265c27da2ffdeaceea9ca287d03757 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e088baa8be265c27da2ffdeaceea9ca287d03757 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2017-7893
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2aa1c94 by Salvatore Bonaccorso at 2018-08-06T18:28:50Z Update notes for CVE-2017-7893 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -69345,10 +69345,9 @@ CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can . - salt NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html NOTE: https://github.com/saltstack/salt/issues/48939 - NOTE: The first version in Debian unstable containing the fix is likely - NOTE: 2016.11.5+ds-1 which is the first merging changes from 2016.3.6 - NOTE: that is the "previous branch". - TODO: check, pinpoint fixing version, check with maintainers on issue, upstream asked + NOTE: https://github.com/saltstack/salt/commit/0a0f46fb1478be5eb2f90882a90390cb35ec43cb + NOTE: The behaviour though was back off by default in a later commit again + NOTE: cf. https://github.com/saltstack/salt/pull/40206 CVE-2017-7892 (Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a ...) - capnproto 0.6.1-1 (unimportant; bug #860960) NOTE: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2aa1c94016addb69c0ed64d09220ec18caaec9e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2aa1c94016addb69c0ed64d09220ec18caaec9e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-5390/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c972364 by Salvatore Bonaccorso at 2018-08-06T18:21:11Z Update status for CVE-2018-5390/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -26193,6 +26193,7 @@ CVE-2018-5391 CVE-2018-5390 [Linux Kernel TCP implementation vulnerable to Denial of Service] RESERVED - linux + [jessie] - linux (Vulnerable code introduced later) NOTE: https://www.kb.cert.org/vuls/id/962459 CVE-2018-5389 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c97236462940b199f0b3f3a7e8a457efeda72a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c97236462940b199f0b3f3a7e8a457efeda72a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for linux update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 69be94dd by Salvatore Bonaccorso at 2018-08-06T18:01:20Z Reserve DSA number for linux update - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[06 Aug 2018] DSA-4266-1 linux - security update + {CVE-2018-5390 CVE-2018-13405} + [stretch] - linux 4.9.110-3+deb9u1 [05 Aug 2018] DSA-4265-1 xml-security-c - security update [stretch] - xml-security-c 1.7.3-4+deb9u1 [05 Aug 2018] DSA-4264-1 python-django - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69be94dd66b9fc7ad01e9711dea41278d73fbaca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69be94dd66b9fc7ad01e9711dea41278d73fbaca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-5390/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c7e64ff by Salvatore Bonaccorso at 2018-08-06T17:21:55Z Add CVE-2018-5390/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -26190,8 +26190,10 @@ CVE-2018-5392 [mingw-w64 by default produces executables that opt in to ASLR, bu NOTE: https://www.kb.cert.org/vuls/id/307144 (describes workaround) CVE-2018-5391 RESERVED -CVE-2018-5390 +CVE-2018-5390 [Linux Kernel TCP implementation vulnerable to Denial of Service] RESERVED + - linux + NOTE: https://www.kb.cert.org/vuls/id/962459 CVE-2018-5389 RESERVED CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet length ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c7e64ff4f5f8190c6f32e2c3fc1f4ffef256f4c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c7e64ff4f5f8190c6f32e2c3fc1f4ffef256f4c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-6556
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 420d241d by Salvatore Bonaccorso at 2018-08-06T17:20:17Z Add bug reference for CVE-2018-6556 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -22425,7 +22425,7 @@ CVE-2018-6557 RESERVED CVE-2018-6556 [lxc-user-nic allows unprivileged users to open arbitrary files] RESERVED - - lxc + - lxc (bug #905586) [stretch] - lxc (Vulnerable code introduced later) [jessie] - lxc (Vulnerable code introduced later) NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/420d241d07655fd01bcaaa2d6ee7a9eec31bad83 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/420d241d07655fd01bcaaa2d6ee7a9eec31bad83 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references to commit for CVE-2018-6556/lxc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83455ad5 by Salvatore Bonaccorso at 2018-08-06T17:05:31Z Add references to commit for CVE-2018-6556/lxc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -22429,6 +22429,8 @@ CVE-2018-6556 [lxc-user-nic allows unprivileged users to open arbitrary files] [stretch] - lxc (Vulnerable code introduced later) [jessie] - lxc (Vulnerable code introduced later) NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591 + NOTE: Prerequisite: https://github.com/lxc/lxc/commit/f96f5f3c1341e73ee51c8b49bef4ba571c562d8c + NOTE: Fixed by: https://github.com/lxc/lxc/commit/5eb45428b312e978fb9e294dde16efb14dd9fa4d CVE-2018-6555 RESERVED CVE-2018-6554 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83455ad5dce8900515ef51cc4b51acaeee5ddec4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83455ad5dce8900515ef51cc4b51acaeee5ddec4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-6556/lxc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62e93d2c by Salvatore Bonaccorso at 2018-08-06T16:58:59Z Add CVE-2018-6556/lxc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -22423,8 +22423,12 @@ CVE-2018-6558 RESERVED CVE-2018-6557 RESERVED -CVE-2018-6556 +CVE-2018-6556 [lxc-user-nic allows unprivileged users to open arbitrary files] RESERVED + - lxc + [stretch] - lxc (Vulnerable code introduced later) + [jessie] - lxc (Vulnerable code introduced later) + NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591 CVE-2018-6555 RESERVED CVE-2018-6554 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62e93d2c461011dc8cf10875094d685ce61213da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62e93d2c461011dc8cf10875094d685ce61213da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new CVEs for webkit2gtk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 13e5225e by Salvatore Bonaccorso at 2018-08-06T14:54:22Z Add new CVEs for webkit2gtk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -28992,6 +28992,8 @@ CVE-2018-4285 RESERVED CVE-2018-4284 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4283 RESERVED CVE-2018-4282 @@ -29004,6 +29006,8 @@ CVE-2018-4279 RESERVED CVE-2018-4278 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4277 RESERVED CVE-2018-4276 @@ -29014,30 +29018,50 @@ CVE-2018-4274 RESERVED CVE-2018-4273 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4272 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4271 RESERVED CVE-2018-4270 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4269 RESERVED CVE-2018-4268 RESERVED CVE-2018-4267 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4266 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4265 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4264 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4263 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4262 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4261 RESERVED + - webkit2gtk 2.20.4-1 (unimportant) + NOTE: Not covered by security support CVE-2018-4260 RESERVED CVE-2018-4259 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13e5225e1c2e42068a5c41e02582f8751f332160 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13e5225e1c2e42068a5c41e02582f8751f332160 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference fixes for CVE-2017-1755{4,5}/aubio
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 772ba825 by Salvatore Bonaccorso at 2018-08-06T14:09:20Z Reference fixes for CVE-2017-1755{4,5}/aubio - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -36946,6 +36946,7 @@ CVE-2017-17555 (The swri_audio_convert function in audioconvert.c in FFmpeg ...) [stretch] - aubio (Minor issue) [jessie] - aubio (Minor issue) [wheezy] - aubio (Minor issue) + NOTE: Fixed by: https://github.com/aubio/aubio/commit/265fe9a2ca606f8b9ae4a110390f26c139c01ad7 NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md NOTE: aubio initializes libswresample with 2 channels and then passes data NOTE: that contains just one channel. Not an issue in src:ffmpeg. @@ -36955,6 +36956,7 @@ CVE-2017-17554 (A NULL pointer dereference (DoS) Vulnerability was found in the [stretch] - aubio (Minor issue) [jessie] - aubio (Minor issue) [wheezy] - aubio (Minor issue) + NOTE: Fixed by: https://github.com/aubio/aubio/commit/a81b12a3b4174953b3bc7ef4c37103f4d5636740 NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md NOTE: https://github.com/aubio/aubio/issues/137 CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/772ba825eb559732c749ec26b38b08d65b3581d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/772ba825eb559732c749ec26b38b08d65b3581d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-12614 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 067a72ea by Salvatore Bonaccorso at 2018-08-06T11:42:58Z Mark CVE-2017-12614 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -55356,6 +55356,7 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP - tomcat7 (Windows-specific) CVE-2017-12614 RESERVED + NOT-FOR-US: Apache Airflow CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...) {DLA-1162-1} - apr 1.6.3-1 (low; bug #879708) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/067a72eaf54d82e020a57f2d0cc5de4961f2ca5c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/067a72eaf54d82e020a57f2d0cc5de4961f2ca5c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1460-1 for libmspack
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c04138f by Chris Lamb at 2018-08-06T09:08:29Z Reserve DLA-1460-1 for libmspack - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[06 Aug 2018] DLA-1460-1 libmspack - security update + {CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682} + [jessie] - libmspack 0.5-1+deb8u2 [06 Aug 2018] DLA-1459-1 cgit - security update {CVE-2018-14912} [jessie] - cgit 0.10.2.git2.0.1-3+deb8u2 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -63,8 +63,6 @@ libav (Hugo Lefeuvre) -- libgit2 (Thorsten Alteholz) -- -libmspack (Chris Lamb) --- libspring-java (Abhijith PA) -- libspring-security-2.0-java View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c04138f8515251417f46e3a04af3f8173ab2058 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c04138f8515251417f46e3a04af3f8173ab2058 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cecbc845 by security tracker role at 2018-08-06T08:10:15Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,323 @@ +CVE-2018-15119 + RESERVED +CVE-2018-15118 + RESERVED +CVE-2018-15117 + RESERVED +CVE-2018-15116 + RESERVED +CVE-2018-15115 + RESERVED +CVE-2018-15114 + RESERVED +CVE-2018-15113 + RESERVED +CVE-2018-15112 + RESERVED +CVE-2018-15111 + RESERVED +CVE-2018-15110 + RESERVED +CVE-2018-15109 + RESERVED +CVE-2018-15108 + RESERVED +CVE-2018-15107 + RESERVED +CVE-2018-15106 + RESERVED +CVE-2018-15105 + RESERVED +CVE-2018-15104 + RESERVED +CVE-2018-15103 + RESERVED +CVE-2018-15102 + RESERVED +CVE-2018-15101 + RESERVED +CVE-2018-15100 + RESERVED +CVE-2018-15099 + RESERVED +CVE-2018-15098 + RESERVED +CVE-2018-15097 + RESERVED +CVE-2018-15096 + RESERVED +CVE-2018-15095 + RESERVED +CVE-2018-15094 + RESERVED +CVE-2018-15093 + RESERVED +CVE-2018-15092 + RESERVED +CVE-2018-15091 + RESERVED +CVE-2018-15090 + RESERVED +CVE-2018-15089 + RESERVED +CVE-2018-15088 + RESERVED +CVE-2018-15087 + RESERVED +CVE-2018-15086 + RESERVED +CVE-2018-15085 + RESERVED +CVE-2018-15084 + RESERVED +CVE-2018-15083 + RESERVED +CVE-2018-15082 + RESERVED +CVE-2018-15081 + RESERVED +CVE-2018-15080 + RESERVED +CVE-2018-15079 + RESERVED +CVE-2018-15078 + RESERVED +CVE-2018-15077 + RESERVED +CVE-2018-15076 + RESERVED +CVE-2018-15075 + RESERVED +CVE-2018-15074 + RESERVED +CVE-2018-15073 + RESERVED +CVE-2018-15072 + RESERVED +CVE-2018-15071 + RESERVED +CVE-2018-15070 + RESERVED +CVE-2018-15069 + RESERVED +CVE-2018-15068 + RESERVED +CVE-2018-15067 + RESERVED +CVE-2018-15066 + RESERVED +CVE-2018-15065 + RESERVED +CVE-2018-15064 + RESERVED +CVE-2018-15063 + RESERVED +CVE-2018-15062 + RESERVED +CVE-2018-15061 + RESERVED +CVE-2018-15060 + RESERVED +CVE-2018-15059 + RESERVED +CVE-2018-15058 + RESERVED +CVE-2018-15057 + RESERVED +CVE-2018-15056 + RESERVED +CVE-2018-15055 + RESERVED +CVE-2018-15054 + RESERVED +CVE-2018-15053 + RESERVED +CVE-2018-15052 + RESERVED +CVE-2018-15051 + RESERVED +CVE-2018-15050 + RESERVED +CVE-2018-15049 + RESERVED +CVE-2018-15048 + RESERVED +CVE-2018-15047 + RESERVED +CVE-2018-15046 + RESERVED +CVE-2018-15045 + RESERVED +CVE-2018-15044 + RESERVED +CVE-2018-15043 + RESERVED +CVE-2018-15042 + RESERVED +CVE-2018-15041 + RESERVED +CVE-2018-15040 + RESERVED +CVE-2018-15039 + RESERVED +CVE-2018-15038 + RESERVED +CVE-2018-15037 + RESERVED +CVE-2018-15036 + RESERVED +CVE-2018-15035 + RESERVED +CVE-2018-15034 + RESERVED +CVE-2018-15033 + RESERVED +CVE-2018-15032 + RESERVED +CVE-2018-15031 + RESERVED +CVE-2018-15030 + RESERVED +CVE-2018-15029 + RESERVED +CVE-2018-15028 + RESERVED +CVE-2018-15027 + RESERVED +CVE-2018-15026 + RESERVED +CVE-2018-15025 + RESERVED +CVE-2018-15024 + RESERVED +CVE-2018-15023 + RESERVED +CVE-2018-15022 + RESERVED +CVE-2018-15021 + RESERVED +CVE-2018-15020 + RESERVED +CVE-2018-15019 + RESERVED +CVE-2018-15018 + RESERVED +CVE-2018-15017 + RESERVED +CVE-2018-15016 + RESERVED +CVE-2018-15015 + RESERVED +CVE-2018-15014 + RESERVED +CVE-2018-15013 + RESERVED +CVE-2018-15012 + RESERVED +CVE-2018-15011 + RESERVED +CVE-2018-15010 + RESERVED +CVE-2018-15009 + RESERVED +CVE-2018-15008 + RESERVED +CVE-2018-15007 + RESERVED +CVE-2018-15006 + RESERVED +CVE-2018-15005 + RESERVED +CVE-2018-15004 + RESERVED +CVE-2018-15003 + RESERVED +CVE-2018-15002 + RESERVED +CVE-2018-15001 + RESERVED +CVE-2018-15000 + RESERVED +CVE-2018-14999 + RESERVED +CVE-2018-14998 + RESERVED +CVE-2018-14997 + RESERVED +CVE-2018-14996 + RESERVED +CVE-2018-14995 + RESERVED +CVE-2018-14994 + RESERVED +CVE-2018-14993 + RESERVED +CVE-2018-14992 + RESERVED +CVE-2018-14991 + RESERVED +CVE-2018-14990 + RESERVED +CVE-2018-14989 + RESERVED +CVE-2018-14988 + RESERVED +CVE-2018-14987 + RESERVED +CVE-2018-14986 + RESERVED +CVE-2018-14985 + RESERVED +CVE-2018-14984 + RESERVED +CVE-2018-14983 + RESERVED +CVE-2018-14982 + RESERVED +CVE-2018-14981 + RESERVED +CVE-2018-14980 + RESE
[Git][security-tracker-team/security-tracker][master] Add explicity entry for jessie until CVE assigned for xml-security-c issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d24460e by Salvatore Bonaccorso at 2018-08-06T07:04:08Z Add explicity entry for jessie until CVE assigned for xml-security-c issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -178,6 +178,7 @@ CVE-2018- [Default KeyInfo resolver doesn't check for empty element content. [experimental] - xml-security-c 2.0.1-1 - xml-security-c (bug #905332) [stretch] - xml-security-c 1.7.3-4+deb9u1 + [jessie] - xml-security-c 1.7.2-3+deb8u1 NOTE: https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491 NOTE: https://shibboleth.net/community/advisories/secadv_20180803.txt CVE-2018-14878 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d24460e28f79c3b472d9ab612f0700be15d3e23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d24460e28f79c3b472d9ab612f0700be15d3e23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits