[Git][security-tracker-team/security-tracker][master] 2 commits: Cleanup trailing whitespaces
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6add56cf by Salvatore Bonaccorso at 2018-10-05T03:39:19Z
Cleanup trailing whitespaces
- - - - -
39d4aadc by Salvatore Bonaccorso at 2018-10-05T03:50:09Z
Add CVE-2018-17942/gnulib
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -82,7 +82,10 @@ CVE-2018-17944
CVE-2018-17943
RESERVED
CVE-2018-17942 (The convert_to_decimal function in vasnprintf.c in Gnulib
before ...)
- TODO: check
+ - gnulib
+ NOTE: pspp affecting bug:
https://savannah.gnu.org/bugs/?func=detailitem_id=54686
+ NOTE:
https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html
+ NOTE:
https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35
CVE-2018-17941
RESERVED
CVE-2018-17940
@@ -31183,7 +31186,7 @@ CVE-2018-6120
CVE-2018-6119 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
- [jessie] - chromium-browser (End of life, see DSA 4020)
+ [jessie] - chromium-browser (End of life, see DSA 4020)
CVE-2018-6118
RESERVED
{DSA-4237-1}
@@ -31562,7 +31565,7 @@ CVE-2018-6056
CVE-2018-6055 (Insufficient policy enforcement in Catalog Service in Google
Chrome ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
- [jessie] - chromium-browser (End of life, see DSA 4020)
+ [jessie] - chromium-browser (End of life, see DSA 4020)
CVE-2018-6054 (Use after free in WebUI in Google Chrome prior to 64.0.3282.119
...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d60357fb1ea0f14014a77e1d55034ddaaf28902c...39d4aadcb0f332a955959c7aadb1245122683dff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d60357fb1ea0f14014a77e1d55034ddaaf28902c...39d4aadcb0f332a955959c7aadb1245122683dff
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-11778, NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d60357fb by Salvatore Bonaccorso at 2018-10-05T03:38:33Z Add CVE-2018-11778, NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15228,6 +15228,7 @@ CVE-2018-11779 RESERVED CVE-2018-11778 RESERVED + NOT-FOR-US: Apache Ranger CVE-2018-11777 RESERVED CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d60357fb1ea0f14014a77e1d55034ddaaf28902c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d60357fb1ea0f14014a77e1d55034ddaaf28902c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b60ffb0 by Henri Salo at 2018-10-05T02:02:32Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -262,6 +262,8 @@ CVE-2018-17856 RESERVED CVE-2018-17855 RESERVED +CVE-2015-9271 + NOT-FOR-US: WordPress plugin videowhisper-video-conference-integration CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for ...) NOT-FOR-US: the-holiday-calendar plugin for WordPress CVE-2015-9269 (The export/content.php exportarticle feature in the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b60ffb084fabeb38b8b79d6de1da385efff01c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b60ffb084fabeb38b8b79d6de1da385efff01c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-17983/mercurial
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: b483fb18 by Henri Salo at 2018-10-05T02:01:40Z CVE-2018-17983/mercurial - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,4 @@ -CVE-2018- [manifest: fix out-of-bounds read of corrupted manifest entry] +CVE-2018-17983 [manifest: fix out-of-bounds read of corrupted manifest entry] - mercurial 4.7.2-1 NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901 CVE-2018-17979 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b483fb186358dad21ae17e9672357515aed41297 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b483fb186358dad21ae17e9672357515aed41297 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-16548/zziplib (#910335)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4716f001 by Salvatore Bonaccorso at 2018-10-04T21:19:15Z Add bug reference for CVE-2018-16548/zziplib (#910335) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3252,7 +3252,7 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass t CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...) NOT-FOR-US: HScripts PHP File Browser Script CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...) - - zziplib (low) + - zziplib (low; bug #910335) [stretch] - zziplib (Minor issue) [jessie] - zziplib (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/58 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4716f001d68cd347b30cab946f4168ef05760c59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4716f001d68cd347b30cab946f4168ef05760c59 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-5658 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84ca64fd by Salvatore Bonaccorso at 2018-10-04T20:59:18Z Mark CVE-2017-5658 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -84317,7 +84317,7 @@ CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when ther NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153 CVE-2017-5658 (The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to ...) - TODO: check + NOT-FOR-US: Apache Pony Mail CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected ...) NOT-FOR-US: Apache Archiva CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84ca64fdc3f4efe97093e5396b22d117cb044ff5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84ca64fdc3f4efe97093e5396b22d117cb044ff5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e38ad89 by Moritz Muehlenhoff at 2018-10-04T20:56:29Z stretch triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -328,6 +328,7 @@ CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html NOT-FOR-US: HisiPHP CVE-2018-17825 (An issue was discovered in AdPlug 2.3.1. There are several double-free ...) - adplug + [stretch] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/67 NOTE: https://github.com/adplug/adplug/commit/19ebb61bf92262dc1868de10ba5a211db249ce76 CVE-2018-17824 @@ -3251,7 +3252,8 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass t CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...) NOT-FOR-US: HScripts PHP File Browser Script CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...) - - zziplib + - zziplib (low) + [stretch] - zziplib (Minor issue) [jessie] - zziplib (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/58 CVE-2018-16547 @@ -15230,7 +15232,8 @@ CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer fr - libstruts1.2-java (Specific to 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057 CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client before ...) - - activemq 5.15.6-1 (bug #908950) + - activemq 5.15.6-1 (low; bug #908950) + [stretch] - activemq (Minor issue) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb @@ -76769,6 +76772,7 @@ CVE-2017-7894 (WinDjView 2.1 might allow user-assisted attackers to execute code NOT-FOR-US: WinDjView CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can ...) - salt 2016.11.5+ds-1 + [stretch] - salt (Minor issue) NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html NOTE: https://github.com/saltstack/salt/issues/48939 NOTE: https://github.com/saltstack/salt/commit/0a0f46fb1478be5eb2f90882a90390cb35ec43cb View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e38ad8905c952471a74d7f5573641591656e5e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e38ad8905c952471a74d7f5573641591656e5e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-12473 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab102a53 by Salvatore Bonaccorso at 2018-10-04T20:45:14Z
Mark CVE-2018-12473 as NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -13310,7 +13310,7 @@ CVE-2018-12475
CVE-2018-12474
RESERVED
CVE-2018-12473 (A path traversal traversal vulnerability in
obs-service-tar_scm of ...)
- TODO: check
+ NOT-FOR-US: obs-service-tar_scm of Open Build Service
CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux
SMT ...)
TODO: check
CVE-2018-12471 (A External Entity Reference ('XXE') vulnerability in SUSE
Linux SMT ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab102a538a605a6bbfed5243ec72207021221b56
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab102a538a605a6bbfed5243ec72207021221b56
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca001a0b by security tracker role at 2018-10-04T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -218,18 +218,18 @@ CVE-2018-17878
RESERVED
CVE-2018-17877
RESERVED
-CVE-2018-17876
- RESERVED
+CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0
version ...)
+ TODO: check
CVE-2018-17875
RESERVED
CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
NOT-FOR-US: ExpressionEngine
CVE-2018-17873
RESERVED
-CVE-2018-17872
- RESERVED
-CVE-2018-17871
- RESERVED
+CVE-2018-17872 (Verba Collaboration Compliance and Quality Management Platform
before ...)
+ TODO: check
+CVE-2018-17871 (Verba Collaboration Compliance and Quality Management Platform
before ...)
+ TODO: check
CVE-2018-17870 (An issue was discovered in BTITeam XBTIT 2.5.4. The
returnto ...)
NOT-FOR-US: BTITeam XBTIT
CVE-2018-17869 (DASAN H660GW devices do not implement any CSRF protection
mechanism. ...)
@@ -13311,12 +13311,12 @@ CVE-2018-12474
RESERVED
CVE-2018-12473 (A path traversal traversal vulnerability in
obs-service-tar_scm of ...)
TODO: check
-CVE-2018-12472
- RESERVED
-CVE-2018-12471
- RESERVED
-CVE-2018-12470
- RESERVED
+CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux
SMT ...)
+ TODO: check
+CVE-2018-12471 (A External Entity Reference ('XXE') vulnerability in SUSE
Linux SMT ...)
+ TODO: check
+CVE-2018-12470 (A SQL Injection in the RegistrationSharing module of SUSE
Linux SMT ...)
+ TODO: check
CVE-2018-12469
RESERVED
CVE-2018-12468 (A vulnerability in the administration console of Micro Focus
GroupWise ...)
@@ -15208,8 +15208,8 @@ CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release,
if the sshd service in K
- apache-karaf (bug #881297)
CVE-2018-11785
RESERVED
-CVE-2018-11784
- RESERVED
+CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to
9.0.11, ...)
+ TODO: check
CVE-2018-11783
RESERVED
CVE-2018-11782
@@ -33202,8 +33202,8 @@ CVE-2018-5494
RESERVED
CVE-2018-5493
RESERVED
-CVE-2018-5492
- RESERVED
+CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and
later ...)
+ TODO: check
CVE-2018-5491
RESERVED
CVE-2018-5490 (Read-Only export policy rules are not correctly enforced in
Clustered ...)
@@ -43144,8 +43144,8 @@ CVE-2018-1821
RESERVED
CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
-CVE-2018-1819
- RESERVED
+CVE-2018-1819 (IBM Financial Transaction Manager for Digital Payments for ...)
+ TODO: check
CVE-2018-1818
RESERVED
CVE-2018-1817
@@ -43442,8 +43442,8 @@ CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and
9.0 may fail to set the .
NOT-FOR-US: IBM
CVE-2018-1671
RESERVED
-CVE-2018-1670
- RESERVED
+CVE-2018-1670 (IBM Financial Transaction Manager for ACH Services for
Multi-Platform ...)
+ TODO: check
CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21,
7.5.0.0 ...)
NOT-FOR-US: IBM
CVE-2018-1668
@@ -43574,12 +43574,12 @@ CVE-2018-1606
RESERVED
CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0
through ...)
NOT-FOR-US: IBM
-CVE-2018-1604
- RESERVED
-CVE-2018-1603
- RESERVED
-CVE-2018-1602
- RESERVED
+CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0
through ...)
+ TODO: check
+CVE-2018-1603 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0
through ...)
+ TODO: check
+CVE-2018-1602 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0
through ...)
+ TODO: check
CVE-2018-1601 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0
through ...)
NOT-FOR-US: IBM
CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...)
@@ -84312,8 +84312,8 @@ CVE-2017-5659 (Apache Traffic Server before 6.2.1
generates a coredump when ther
NOTE: reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe
of above)
NOTE:
https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb
NOTE: evaluate related backport to 6.2:
https://github.com/apache/trafficserver/pull/1153
-CVE-2017-5658
- RESERVED
+CVE-2017-5658 (The statistics generator in Apache Pony Mail 0.7 to 0.9 was
found to ...)
+ TODO: check
CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not
protected ...)
NOT-FOR-US: Apache Archiva
CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses
[Git][security-tracker-team/security-tracker][master] record mercurial fix
Julien Cristau pushed to branch master at Debian Security Tracker / security-tracker Commits: 446d792f by Julien Cristau at 2018-10-04T13:42:30Z record mercurial fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2018- [manifest: fix out-of-bounds read of corrupted manifest entry] - - mercurial + - mercurial 4.7.2-1 NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901 CVE-2018-17979 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/446d792f5d3068fd4791299bfdbe96f8d460 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/446d792f5d3068fd4791299bfdbe96f8d460 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add temporary entry for mercurial entry; CVE was requested
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7432d633 by Salvatore Bonaccorso at 2018-10-04T13:36:31Z Add temporary entry for mercurial entry; CVE was requested - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2018- [manifest: fix out-of-bounds read of corrupted manifest entry] + - mercurial + NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901 CVE-2018-17979 RESERVED CVE-2018-17978 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7432d6331b6a630abd13e40855e96cbc716e707b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7432d6331b6a630abd13e40855e96cbc716e707b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2017-15105,CVE-2017-15107: add note about issue description
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: d4d23ec8 by Santiago Ruano Rincón at 2018-10-04T09:26:56Z CVE-2017-15105,CVE-2017-15107: add note about issue description Signed-off-by: Santiago Ruano Rincón santiag...@riseup.net - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55015,6 +55015,7 @@ CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dns NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404 + NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be CVE-2017-15106 RESERVED CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...) @@ -55024,6 +55025,7 @@ CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...) [jessie] - unbound (Minor issue, can be fixed via point release) NOTE: https://unbound.net/downloads/CVE-2017-15105.txt NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff + NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be CVE-2017-15104 (An access flaw was found in Heketi 5, where the heketi.json ...) NOT-FOR-US: Heketi CVE-2017-15103 (A security-check flaw was found in the way the Heketi 5 server API ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4d23ec8a9243b14c769a5f0bdda438680fbf4d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4d23ec8a9243b14c769a5f0bdda438680fbf4d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1532-1 for dnsmasq
Santiago R.R. pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18023344 by Santiago Ruano Rincón at 2018-10-04T08:35:06Z
Reserve DLA-1532-1 for dnsmasq
Signed-off-by: Santiago Ruano Rincón santiag...@riseup.net
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[04 Oct 2018] DLA-1532-1 dnsmasq - update
+ [jessie] - dnsmasq 2.72-3+deb8u4
[03 Oct 2018] DLA-1531-1 linux-4.9 - security update
{CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 CVE-2018-9516
CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 CVE-2018-14609 CVE-2018-14617
CVE-2018-14633 CVE-2018-14678 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594
CVE-2018-16276 CVE-2018-16658 CVE-2018-17182}
[jessie] - linux-4.9 4.9.110-3+deb9u5~deb8u1
=
data/dla-needed.txt
=
@@ -15,9 +15,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
activemq (Abhijith PA)
--
-dnsmasq (Santiago)
- NOTE: 2010920: main reason for a DLA is to update dns trust anchors
(Santiago)
---
enigmail
NOTE: 20180926: see 871s9fps8e@curie.anarc.at before working on this
(anarcat)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18023344858324510e351edad482334f13400034
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18023344858324510e351edad482334f13400034
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Start track three tcpreplay CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c8050fb by Salvatore Bonaccorso at 2018-10-04T08:13:37Z Start track three tcpreplay CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,6 +9,8 @@ CVE-2018-17976 CVE-2018-17975 RESERVED CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer ...) + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/486 TODO: check CVE-2018-17973 RESERVED @@ -825,12 +827,16 @@ CVE-2018-17584 CVE-2018-17583 RESERVED CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The ...) + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/484 TODO: check CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has ...) - exiv2 (low; bug #910060) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/460 CVE-2018-17580 (A heap-based buffer over-read exists in the function fast_edit_packet() ...) + - tcpreplay + NOTE: https://github.com/appneta/tcpreplay/issues/485 TODO: check CVE-2018-17579 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c8050fb67b3839602b27019dec0c016c4e07001 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c8050fb67b3839602b27019dec0c016c4e07001 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e868201 by security tracker role at 2018-10-04T08:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,22 @@
-CVE-2018-17972 [Information leak via /proc/$pid/stack]
+CVE-2018-17979
+ RESERVED
+CVE-2018-17978
+ RESERVED
+CVE-2018-17977
+ RESERVED
+CVE-2018-17976
+ RESERVED
+CVE-2018-17975
+ RESERVED
+CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based
buffer ...)
+ TODO: check
+CVE-2018-17973
+ RESERVED
+CVE-2018-17971
+ RESERVED
+CVE-2018-17970
+ RESERVED
+CVE-2018-17972 (An issue was discovered in the proc_pid_stack function in ...)
- linux
NOTE: https://marc.info/?l=linux-fsdevel=153806242024956=2
CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote
...)
@@ -185,10 +203,10 @@ CVE-2018-17884 (XSS exists in
admin/gb-dashboard-widget.php in the Gwolle Guestb
NOT-FOR-US: WordPress plugin gwolle-gb
CVE-2018-17882
RESERVED
-CVE-2018-17881
- RESERVED
-CVE-2018-17880
- RESERVED
+CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead
configuration ...)
+ TODO: check
+CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead
configuration ...)
+ TODO: check
CVE-2018-17879
RESERVED
CVE-2018-17878
@@ -806,7 +824,7 @@ CVE-2018-17584
RESERVED
CVE-2018-17583
RESERVED
-CVE-2018-17582 (tcpreplay v4.3.0 contains a heap-based buffer over-read. The
...)
+CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read.
The ...)
TODO: check
CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2
0.26 has ...)
- exiv2 (low; bug #910060)
@@ -850,8 +868,8 @@ CVE-2018-17564
RESERVED
CVE-2018-17563
RESERVED
-CVE-2018-17562
- RESERVED
+CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a ...)
+ TODO: check
CVE-2018-17561
RESERVED
CVE-2018-17560
@@ -868,10 +886,10 @@ CVE-2018-17555 (The web component on ARRIS TG2492LG-NA
061213 devices allows rem
NOT-FOR-US: ARRIS TG2492LG-NA 061213 devices
CVE-2018-17554
RESERVED
-CVE-2018-17553
- RESERVED
-CVE-2018-17552
- RESERVED
+CVE-2018-17553 (An Unrestricted Upload of File with Dangerous Type
issue with ...)
+ TODO: check
+CVE-2018-17552 (SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows
remote ...)
+ TODO: check
CVE-2018-17551
RESERVED
CVE-2018-17550
@@ -894,8 +912,7 @@ CVE-2018-17542
RESERVED
CVE-2018-17541
RESERVED
-CVE-2018-17540 [denial-of-service vulnerability in the gmp plugin]
- RESERVED
+CVE-2018-17540 (The gmp plugin in strongSwan before 5.7.1 has a Buffer
Overflow via a ...)
{DSA-4309-1 DLA-1528-1}
- strongswan 5.7.1-1
NOTE:
https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
@@ -1150,8 +1167,8 @@ CVE-2018-17430
RESERVED
CVE-2018-17429
RESERVED
-CVE-2018-17428
- RESERVED
+CVE-2018-17428 (An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL
...)
+ TODO: check
CVE-2018-17427 (SIMDComp before 0.1.0 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: SIMDComp
CVE-2018-17426
@@ -1190,8 +1207,8 @@ CVE-2018-17410 (Horus CMS allows SQL Injection, as
demonstrated by a request to
NOT-FOR-US: Horus CMS
CVE-2018-17409
RESERVED
-CVE-2018-17408
- RESERVED
+CVE-2018-17408 (Stack-based buffer overflows in Zahir Accounting Enterprise
Plus 6 ...)
+ TODO: check
CVE-2018-17406
RESERVED
CVE-2018-17405
@@ -11559,7 +11576,7 @@ CVE-2018-13114
RESERVED
CVE-2018-13113 (The transfer and transferFrom functions of a smart contract
...)
NOT-FOR-US: smart contract implementation for Easy Trading Token and
Ethereum token
-CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows
remote ...)
+CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows
remote ...)
- tcpreplay (low; bug #902952)
[stretch] - tcpreplay (Minor issue)
[jessie] - tcpreplay (Minor issue)
@@ -29084,8 +29101,8 @@ CVE-2018-6697
RESERVED
CVE-2018-6696
RESERVED
-CVE-2018-6695
- RESERVED
+CVE-2018-6695 (SSH host keys generation vulnerability in the server in McAfee
Threat ...)
+ TODO: check
CVE-2018-6694
RESERVED
CVE-2018-6693 (An unprivileged user can delete arbitrary files on a Linux
system ...)
@@ -31986,8 +32003,8 @@ CVE-2018-5923
RESERVED
CVE-2018-5922
RESERVED
-CVE-2018-5921
- RESERVED
+CVE-2018-5921 (A potential security vulnerability has been identified with
certain HP ...)
+
[Git][security-tracker-team/security-tracker][master] Update iformation for CVE-2018-14656
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d551e8f9 by Salvatore Bonaccorso at 2018-10-04T06:13:43Z Update iformation for CVE-2018-14656 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7760,6 +7760,8 @@ CVE-2018-14657 CVE-2018-14656 [Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler] RESERVED - linux 4.18.6-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4 CVE-2018-14655 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d551e8f95b2cce3ae55b9b88ce8be55fc6526459 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d551e8f95b2cce3ae55b9b88ce8be55fc6526459 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14656/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01ab157f by Salvatore Bonaccorso at 2018-10-04T06:11:55Z Add CVE-2018-14656/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7757,8 +7757,10 @@ CVE-2018-14658 RESERVED CVE-2018-14657 RESERVED -CVE-2018-14656 +CVE-2018-14656 [Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler] RESERVED + - linux 4.18.6-1 + NOTE: Fixed by: https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4 CVE-2018-14655 RESERVED CVE-2018-14654 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01ab157f31955c4fa74afac92a8cfd67522a7d14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01ab157f31955c4fa74afac92a8cfd67522a7d14 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
