[Git][security-tracker-team/security-tracker][master] 2 commits: Cleanup trailing whitespaces
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6add56cf by Salvatore Bonaccorso at 2018-10-05T03:39:19Z Cleanup trailing whitespaces - - - - - 39d4aadc by Salvatore Bonaccorso at 2018-10-05T03:50:09Z Add CVE-2018-17942/gnulib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -82,7 +82,10 @@ CVE-2018-17944 CVE-2018-17943 RESERVED CVE-2018-17942 (The convert_to_decimal function in vasnprintf.c in Gnulib before ...) - TODO: check + - gnulib + NOTE: pspp affecting bug: https://savannah.gnu.org/bugs/?func=detailitem_id=54686 + NOTE: https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html + NOTE: https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35 CVE-2018-17941 RESERVED CVE-2018-17940 @@ -31183,7 +31186,7 @@ CVE-2018-6120 CVE-2018-6119 (Incorrect security UI in Omnibox in Google Chrome prior to ...) {DSA-4103-1} - chromium-browser 64.0.3282.119-1 - [jessie] - chromium-browser (End of life, see DSA 4020) + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-6118 RESERVED {DSA-4237-1} @@ -31562,7 +31565,7 @@ CVE-2018-6056 CVE-2018-6055 (Insufficient policy enforcement in Catalog Service in Google Chrome ...) {DSA-4103-1} - chromium-browser 64.0.3282.119-1 - [jessie] - chromium-browser (End of life, see DSA 4020) + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-6054 (Use after free in WebUI in Google Chrome prior to 64.0.3282.119 ...) {DSA-4103-1} - chromium-browser 64.0.3282.119-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d60357fb1ea0f14014a77e1d55034ddaaf28902c...39d4aadcb0f332a955959c7aadb1245122683dff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d60357fb1ea0f14014a77e1d55034ddaaf28902c...39d4aadcb0f332a955959c7aadb1245122683dff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-11778, NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d60357fb by Salvatore Bonaccorso at 2018-10-05T03:38:33Z Add CVE-2018-11778, NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15228,6 +15228,7 @@ CVE-2018-11779 RESERVED CVE-2018-11778 RESERVED + NOT-FOR-US: Apache Ranger CVE-2018-11777 RESERVED CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d60357fb1ea0f14014a77e1d55034ddaaf28902c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d60357fb1ea0f14014a77e1d55034ddaaf28902c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b60ffb0 by Henri Salo at 2018-10-05T02:02:32Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -262,6 +262,8 @@ CVE-2018-17856 RESERVED CVE-2018-17855 RESERVED +CVE-2015-9271 + NOT-FOR-US: WordPress plugin videowhisper-video-conference-integration CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for ...) NOT-FOR-US: the-holiday-calendar plugin for WordPress CVE-2015-9269 (The export/content.php exportarticle feature in the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b60ffb084fabeb38b8b79d6de1da385efff01c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b60ffb084fabeb38b8b79d6de1da385efff01c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-17983/mercurial
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b483fb18 by Henri Salo at 2018-10-05T02:01:40Z CVE-2018-17983/mercurial - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,4 @@ -CVE-2018- [manifest: fix out-of-bounds read of corrupted manifest entry] +CVE-2018-17983 [manifest: fix out-of-bounds read of corrupted manifest entry] - mercurial 4.7.2-1 NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901 CVE-2018-17979 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b483fb186358dad21ae17e9672357515aed41297 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b483fb186358dad21ae17e9672357515aed41297 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-16548/zziplib (#910335)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4716f001 by Salvatore Bonaccorso at 2018-10-04T21:19:15Z Add bug reference for CVE-2018-16548/zziplib (#910335) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3252,7 +3252,7 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass t CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...) NOT-FOR-US: HScripts PHP File Browser Script CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...) - - zziplib (low) + - zziplib (low; bug #910335) [stretch] - zziplib (Minor issue) [jessie] - zziplib (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/58 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4716f001d68cd347b30cab946f4168ef05760c59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4716f001d68cd347b30cab946f4168ef05760c59 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-5658 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84ca64fd by Salvatore Bonaccorso at 2018-10-04T20:59:18Z Mark CVE-2017-5658 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -84317,7 +84317,7 @@ CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when ther NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153 CVE-2017-5658 (The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to ...) - TODO: check + NOT-FOR-US: Apache Pony Mail CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected ...) NOT-FOR-US: Apache Archiva CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84ca64fdc3f4efe97093e5396b22d117cb044ff5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84ca64fdc3f4efe97093e5396b22d117cb044ff5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e38ad89 by Moritz Muehlenhoff at 2018-10-04T20:56:29Z stretch triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -328,6 +328,7 @@ CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html NOT-FOR-US: HisiPHP CVE-2018-17825 (An issue was discovered in AdPlug 2.3.1. There are several double-free ...) - adplug + [stretch] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/67 NOTE: https://github.com/adplug/adplug/commit/19ebb61bf92262dc1868de10ba5a211db249ce76 CVE-2018-17824 @@ -3251,7 +3252,8 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass t CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...) NOT-FOR-US: HScripts PHP File Browser Script CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...) - - zziplib + - zziplib (low) + [stretch] - zziplib (Minor issue) [jessie] - zziplib (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/58 CVE-2018-16547 @@ -15230,7 +15232,8 @@ CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer fr - libstruts1.2-java (Specific to 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057 CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client before ...) - - activemq 5.15.6-1 (bug #908950) + - activemq 5.15.6-1 (low; bug #908950) + [stretch] - activemq (Minor issue) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb @@ -76769,6 +76772,7 @@ CVE-2017-7894 (WinDjView 2.1 might allow user-assisted attackers to execute code NOT-FOR-US: WinDjView CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can ...) - salt 2016.11.5+ds-1 + [stretch] - salt (Minor issue) NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html NOTE: https://github.com/saltstack/salt/issues/48939 NOTE: https://github.com/saltstack/salt/commit/0a0f46fb1478be5eb2f90882a90390cb35ec43cb View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e38ad8905c952471a74d7f5573641591656e5e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e38ad8905c952471a74d7f5573641591656e5e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-12473 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ab102a53 by Salvatore Bonaccorso at 2018-10-04T20:45:14Z Mark CVE-2018-12473 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13310,7 +13310,7 @@ CVE-2018-12475 CVE-2018-12474 RESERVED CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of ...) - TODO: check + NOT-FOR-US: obs-service-tar_scm of Open Build Service CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux SMT ...) TODO: check CVE-2018-12471 (A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab102a538a605a6bbfed5243ec72207021221b56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab102a538a605a6bbfed5243ec72207021221b56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ca001a0b by security tracker role at 2018-10-04T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -218,18 +218,18 @@ CVE-2018-17878 RESERVED CVE-2018-17877 RESERVED -CVE-2018-17876 - RESERVED +CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version ...) + TODO: check CVE-2018-17875 RESERVED CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...) NOT-FOR-US: ExpressionEngine CVE-2018-17873 RESERVED -CVE-2018-17872 - RESERVED -CVE-2018-17871 - RESERVED +CVE-2018-17872 (Verba Collaboration Compliance and Quality Management Platform before ...) + TODO: check +CVE-2018-17871 (Verba Collaboration Compliance and Quality Management Platform before ...) + TODO: check CVE-2018-17870 (An issue was discovered in BTITeam XBTIT 2.5.4. The returnto ...) NOT-FOR-US: BTITeam XBTIT CVE-2018-17869 (DASAN H660GW devices do not implement any CSRF protection mechanism. ...) @@ -13311,12 +13311,12 @@ CVE-2018-12474 RESERVED CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of ...) TODO: check -CVE-2018-12472 - RESERVED -CVE-2018-12471 - RESERVED -CVE-2018-12470 - RESERVED +CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux SMT ...) + TODO: check +CVE-2018-12471 (A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT ...) + TODO: check +CVE-2018-12470 (A SQL Injection in the RegistrationSharing module of SUSE Linux SMT ...) + TODO: check CVE-2018-12469 RESERVED CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...) @@ -15208,8 +15208,8 @@ CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in K - apache-karaf (bug #881297) CVE-2018-11785 RESERVED -CVE-2018-11784 - RESERVED +CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...) + TODO: check CVE-2018-11783 RESERVED CVE-2018-11782 @@ -33202,8 +33202,8 @@ CVE-2018-5494 RESERVED CVE-2018-5493 RESERVED -CVE-2018-5492 - RESERVED +CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and later ...) + TODO: check CVE-2018-5491 RESERVED CVE-2018-5490 (Read-Only export policy rules are not correctly enforced in Clustered ...) @@ -43144,8 +43144,8 @@ CVE-2018-1821 RESERVED CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM -CVE-2018-1819 - RESERVED +CVE-2018-1819 (IBM Financial Transaction Manager for Digital Payments for ...) + TODO: check CVE-2018-1818 RESERVED CVE-2018-1817 @@ -43442,8 +43442,8 @@ CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the . NOT-FOR-US: IBM CVE-2018-1671 RESERVED -CVE-2018-1670 - RESERVED +CVE-2018-1670 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) + TODO: check CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...) NOT-FOR-US: IBM CVE-2018-1668 @@ -43574,12 +43574,12 @@ CVE-2018-1606 RESERVED CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) NOT-FOR-US: IBM -CVE-2018-1604 - RESERVED -CVE-2018-1603 - RESERVED -CVE-2018-1602 - RESERVED +CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) + TODO: check +CVE-2018-1603 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) + TODO: check +CVE-2018-1602 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) + TODO: check CVE-2018-1601 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) NOT-FOR-US: IBM CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...) @@ -84312,8 +84312,8 @@ CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when ther NOTE: reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe of above) NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153 -CVE-2017-5658 - RESERVED +CVE-2017-5658 (The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to ...) + TODO: check CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected ...) NOT-FOR-US: Apache Archiva CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses
[Git][security-tracker-team/security-tracker][master] record mercurial fix
Julien Cristau pushed to branch master at Debian Security Tracker / security-tracker Commits: 446d792f by Julien Cristau at 2018-10-04T13:42:30Z record mercurial fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2018- [manifest: fix out-of-bounds read of corrupted manifest entry] - - mercurial + - mercurial 4.7.2-1 NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901 CVE-2018-17979 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/446d792f5d3068fd4791299bfdbe96f8d460 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/446d792f5d3068fd4791299bfdbe96f8d460 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add temporary entry for mercurial entry; CVE was requested
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7432d633 by Salvatore Bonaccorso at 2018-10-04T13:36:31Z Add temporary entry for mercurial entry; CVE was requested - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2018- [manifest: fix out-of-bounds read of corrupted manifest entry] + - mercurial + NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901 CVE-2018-17979 RESERVED CVE-2018-17978 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7432d6331b6a630abd13e40855e96cbc716e707b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7432d6331b6a630abd13e40855e96cbc716e707b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-15105,CVE-2017-15107: add note about issue description
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: d4d23ec8 by Santiago Ruano Rincón at 2018-10-04T09:26:56Z CVE-2017-15105,CVE-2017-15107: add note about issue description Signed-off-by: Santiago Ruano Rincón santiag...@riseup.net - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55015,6 +55015,7 @@ CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dns NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404 + NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be CVE-2017-15106 RESERVED CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...) @@ -55024,6 +55025,7 @@ CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...) [jessie] - unbound (Minor issue, can be fixed via point release) NOTE: https://unbound.net/downloads/CVE-2017-15105.txt NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff + NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be CVE-2017-15104 (An access flaw was found in Heketi 5, where the heketi.json ...) NOT-FOR-US: Heketi CVE-2017-15103 (A security-check flaw was found in the way the Heketi 5 server API ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4d23ec8a9243b14c769a5f0bdda438680fbf4d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4d23ec8a9243b14c769a5f0bdda438680fbf4d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1532-1 for dnsmasq
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: 18023344 by Santiago Ruano Rincón at 2018-10-04T08:35:06Z Reserve DLA-1532-1 for dnsmasq Signed-off-by: Santiago Ruano Rincón santiag...@riseup.net - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[04 Oct 2018] DLA-1532-1 dnsmasq - update + [jessie] - dnsmasq 2.72-3+deb8u4 [03 Oct 2018] DLA-1531-1 linux-4.9 - security update {CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182} [jessie] - linux-4.9 4.9.110-3+deb9u5~deb8u1 = data/dla-needed.txt = @@ -15,9 +15,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- activemq (Abhijith PA) -- -dnsmasq (Santiago) - NOTE: 2010920: main reason for a DLA is to update dns trust anchors (Santiago) --- enigmail NOTE: 20180926: see 871s9fps8e@curie.anarc.at before working on this (anarcat) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18023344858324510e351edad482334f13400034 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18023344858324510e351edad482334f13400034 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Start track three tcpreplay CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c8050fb by Salvatore Bonaccorso at 2018-10-04T08:13:37Z Start track three tcpreplay CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,6 +9,8 @@ CVE-2018-17976 CVE-2018-17975 RESERVED CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer ...) + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/486 TODO: check CVE-2018-17973 RESERVED @@ -825,12 +827,16 @@ CVE-2018-17584 CVE-2018-17583 RESERVED CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The ...) + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/484 TODO: check CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has ...) - exiv2 (low; bug #910060) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/460 CVE-2018-17580 (A heap-based buffer over-read exists in the function fast_edit_packet() ...) + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/485 TODO: check CVE-2018-17579 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c8050fb67b3839602b27019dec0c016c4e07001 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c8050fb67b3839602b27019dec0c016c4e07001 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e868201 by security tracker role at 2018-10-04T08:10:23Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,22 @@ -CVE-2018-17972 [Information leak via /proc/$pid/stack] +CVE-2018-17979 + RESERVED +CVE-2018-17978 + RESERVED +CVE-2018-17977 + RESERVED +CVE-2018-17976 + RESERVED +CVE-2018-17975 + RESERVED +CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer ...) + TODO: check +CVE-2018-17973 + RESERVED +CVE-2018-17971 + RESERVED +CVE-2018-17970 + RESERVED +CVE-2018-17972 (An issue was discovered in the proc_pid_stack function in ...) - linux NOTE: https://marc.info/?l=linux-fsdevel=153806242024956=2 CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote ...) @@ -185,10 +203,10 @@ CVE-2018-17884 (XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestb NOT-FOR-US: WordPress plugin gwolle-gb CVE-2018-17882 RESERVED -CVE-2018-17881 - RESERVED -CVE-2018-17880 - RESERVED +CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration ...) + TODO: check +CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration ...) + TODO: check CVE-2018-17879 RESERVED CVE-2018-17878 @@ -806,7 +824,7 @@ CVE-2018-17584 RESERVED CVE-2018-17583 RESERVED -CVE-2018-17582 (tcpreplay v4.3.0 contains a heap-based buffer over-read. The ...) +CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The ...) TODO: check CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has ...) - exiv2 (low; bug #910060) @@ -850,8 +868,8 @@ CVE-2018-17564 RESERVED CVE-2018-17563 RESERVED -CVE-2018-17562 - RESERVED +CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a ...) + TODO: check CVE-2018-17561 RESERVED CVE-2018-17560 @@ -868,10 +886,10 @@ CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows rem NOT-FOR-US: ARRIS TG2492LG-NA 061213 devices CVE-2018-17554 RESERVED -CVE-2018-17553 - RESERVED -CVE-2018-17552 - RESERVED +CVE-2018-17553 (An Unrestricted Upload of File with Dangerous Type issue with ...) + TODO: check +CVE-2018-17552 (SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote ...) + TODO: check CVE-2018-17551 RESERVED CVE-2018-17550 @@ -894,8 +912,7 @@ CVE-2018-17542 RESERVED CVE-2018-17541 RESERVED -CVE-2018-17540 [denial-of-service vulnerability in the gmp plugin] - RESERVED +CVE-2018-17540 (The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a ...) {DSA-4309-1 DLA-1528-1} - strongswan 5.7.1-1 NOTE: https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html @@ -1150,8 +1167,8 @@ CVE-2018-17430 RESERVED CVE-2018-17429 RESERVED -CVE-2018-17428 - RESERVED +CVE-2018-17428 (An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL ...) + TODO: check CVE-2018-17427 (SIMDComp before 0.1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: SIMDComp CVE-2018-17426 @@ -1190,8 +1207,8 @@ CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request to NOT-FOR-US: Horus CMS CVE-2018-17409 RESERVED -CVE-2018-17408 - RESERVED +CVE-2018-17408 (Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 ...) + TODO: check CVE-2018-17406 RESERVED CVE-2018-17405 @@ -11559,7 +11576,7 @@ CVE-2018-13114 RESERVED CVE-2018-13113 (The transfer and transferFrom functions of a smart contract ...) NOT-FOR-US: smart contract implementation for Easy Trading Token and Ethereum token -CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remote ...) +CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote ...) - tcpreplay (low; bug #902952) [stretch] - tcpreplay (Minor issue) [jessie] - tcpreplay (Minor issue) @@ -29084,8 +29101,8 @@ CVE-2018-6697 RESERVED CVE-2018-6696 RESERVED -CVE-2018-6695 - RESERVED +CVE-2018-6695 (SSH host keys generation vulnerability in the server in McAfee Threat ...) + TODO: check CVE-2018-6694 RESERVED CVE-2018-6693 (An unprivileged user can delete arbitrary files on a Linux system ...) @@ -31986,8 +32003,8 @@ CVE-2018-5923 RESERVED CVE-2018-5922 RESERVED -CVE-2018-5921 - RESERVED +CVE-2018-5921 (A potential security vulnerability has been identified with certain HP ...) +
[Git][security-tracker-team/security-tracker][master] Update iformation for CVE-2018-14656
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d551e8f9 by Salvatore Bonaccorso at 2018-10-04T06:13:43Z Update iformation for CVE-2018-14656 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7760,6 +7760,8 @@ CVE-2018-14657 CVE-2018-14656 [Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler] RESERVED - linux 4.18.6-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4 CVE-2018-14655 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d551e8f95b2cce3ae55b9b88ce8be55fc6526459 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d551e8f95b2cce3ae55b9b88ce8be55fc6526459 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14656/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01ab157f by Salvatore Bonaccorso at 2018-10-04T06:11:55Z Add CVE-2018-14656/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7757,8 +7757,10 @@ CVE-2018-14658 RESERVED CVE-2018-14657 RESERVED -CVE-2018-14656 +CVE-2018-14656 [Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler] RESERVED + - linux 4.18.6-1 + NOTE: Fixed by: https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4 CVE-2018-14655 RESERVED CVE-2018-14654 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01ab157f31955c4fa74afac92a8cfd67522a7d14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01ab157f31955c4fa74afac92a8cfd67522a7d14 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits