[Git][security-tracker-team/security-tracker][master] Add CVE-2018-19052/lighttpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d56c4bb by Salvatore Bonaccorso at 2018-11-07T07:54:07Z Add CVE-2018-19052/lighttpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2018-19052 [potential path traversal with specific configs] + - lighttpd + NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 RESERVED CVE-2018-19047 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d56c4bbc0898f20582109b2a89565b7dc23145b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d56c4bbc0898f20582109b2a89565b7dc23145b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10851/pdns
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 058b5b25 by Salvatore Bonaccorso at 2018-11-07T06:40:14Z Add CVE-2018-10851/pdns - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20979,7 +20979,10 @@ CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the avail NOTE: https://pagure.io/SSSD/sssd/issue/3766 CVE-2018-10851 [Crafted answer can cause a denial of service] RESERVED + - pdns - pdns-recursor + NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html + NOTE: https://downloads.powerdns.com/patches/2018-03/ NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html NOTE: https://downloads.powerdns.com/patches/2018-04/ CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/058b5b253a6902b0c91b327656752896b4bc1d28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/058b5b253a6902b0c91b327656752896b4bc1d28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10851/pdns-recursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 893ddc4a by Salvatore Bonaccorso at 2018-11-07T06:38:55Z Add CVE-2018-10851/pdns-recursor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20977,8 +20977,11 @@ CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the avail {DLA-1429-1} - sssd (bug #902860) NOTE: https://pagure.io/SSSD/sssd/issue/3766 -CVE-2018-10851 +CVE-2018-10851 [Crafted answer can cause a denial of service] RESERVED + - pdns-recursor + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html + NOTE: https://downloads.powerdns.com/patches/2018-04/ CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race ...) {DLA-1428-1} [experimental] - 389-ds-base 1.4.0.13-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/893ddc4a24dd953b0055acc3dadc3bc39844b88d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/893ddc4a24dd953b0055acc3dadc3bc39844b88d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14626/pdns
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a21285e4 by Salvatore Bonaccorso at 2018-11-07T06:36:52Z Add CVE-2018-14626/pdns - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10865,7 +10865,11 @@ CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does NOTE: https://github.com/wildfly/wildfly/pull/10675 CVE-2018-14626 [Packet cache pollution via crafted query] RESERVED + - pdns + [stretch] - pdns (Vulnerable code present only in >= 4.1.0) - pdns-recursor + NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html + NOTE: https://downloads.powerdns.com/patches/2018-05/ NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html NOTE: https://downloads.powerdns.com/patches/2018-06/ CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a21285e40bb7282c8f7127380e932994850d33c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a21285e40bb7282c8f7127380e932994850d33c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14626/pdns-recursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff4d8343 by Salvatore Bonaccorso at 2018-11-07T06:33:33Z Add CVE-2018-14626/pdns-recursor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10863,8 +10863,11 @@ CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does - wildfly (bug #752018) NOTE: https://issues.jboss.org/browse/WFLY-9107 NOTE: https://github.com/wildfly/wildfly/pull/10675 -CVE-2018-14626 +CVE-2018-14626 [Packet cache pollution via crafted query] RESERVED + - pdns-recursor + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html + NOTE: https://downloads.powerdns.com/patches/2018-06/ CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to ...) - linux [jessie] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff4d8343b79d8e72c93a61d5804f1f9efe1ca562 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff4d8343b79d8e72c93a61d5804f1f9efe1ca562 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14644/pdns-recursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ae63f69 by Salvatore Bonaccorso at 2018-11-07T06:31:24Z Add CVE-2018-14644/pdns-recursor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10805,8 +10805,11 @@ CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1. [stretch] - haproxy (Only affects 1.8.x) [jessie] - haproxy (Only affects 1.8.x) NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813 -CVE-2018-14644 +CVE-2018-14644 [Crafted query for meta-types can cause a denial of service] RESERVED + - pdns-recursor + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html + NOTE: https://downloads.powerdns.com/patches/2018-07/ CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynflow ...) - foreman (bug #663101) NOTE: Issue in a foreman component: smart_proxy_dynflow, which might land in separate source. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ae63f69eb2898a5724d04961fd2c5eb062667e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ae63f69eb2898a5724d04961fd2c5eb062667e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two entries related to amanda
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3de04d05 by Salvatore Bonaccorso at 2018-11-07T06:27:41Z Add two entries related to amanda - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -936,8 +936,12 @@ CVE-2018-18633 CVE-2018-18632 RESERVED CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...) + - amanda + NOTE: https://www.exploit-db.com/exploits/39244/ TODO: check CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...) + - amanda + NOTE: https://www.exploit-db.com/exploits/39217/ TODO: check CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 ...) - xen View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3de04d056a2ffa35ecb1b24ac91f613214c04193 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3de04d056a2ffa35ecb1b24ac91f613214c04193 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14667
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fed3ac53 by Salvatore Bonaccorso at 2018-11-07T06:23:28Z Add CVE-2018-14667 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10683,8 +10683,9 @@ CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c - libmspack 0.7-1 (bug #904799) NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 -CVE-2018-14667 +CVE-2018-14667 [Expression Language injection via UserResource allows for unauthenticated remote code execution] RESERVED + NOT-FOR-US: RichFaces CVE-2018-14666 RESERVED CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An incorrect ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fed3ac5300a9bdf42ee13b335cde09da9c951d88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fed3ac5300a9bdf42ee13b335cde09da9c951d88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim tiff
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: b1c53523 by Brian May at 2018-11-07T06:08:26Z Claim tiff - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -101,7 +101,7 @@ systemd thunderbird (Emilio Pozuelo) NOTE: 20181106: needs rustc/cargo currently in NEW -- -tiff +tiff (Brian May) -- xen -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1c535230ba017fb37e4f15899a9080c4554762c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1c535230ba017fb37e4f15899a9080c4554762c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-18954/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4b37aa2 by Salvatore Bonaccorso at 2018-11-07T05:40:32Z Add CVE-2018-18954/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -192,8 +192,11 @@ CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata NOTE: https://redmine.openinfosecfoundation.org/issues/2658#change-10374 CVE-2018-18955 RESERVED -CVE-2018-18954 +CVE-2018-18954 [ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb] RESERVED + - qemu + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html CVE-2018-18953 RESERVED CVE-2018-18952 (JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4b37aa2a4a339d642e0cf6463219af9d4e7e3db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4b37aa2a4a339d642e0cf6463219af9d4e7e3db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two new NFUs in Apache Syncope
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e4bdf4d by Salvatore Bonaccorso at 2018-11-07T05:35:33Z Process two new NFUs in Apache Syncope - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4510,10 +4510,11 @@ CVE-2018-17187 RESERVED CVE-2018-17186 RESERVED + NOT-FOR-US: Apache Syncope CVE-2018-17185 RESERVED CVE-2018-17184 (A malicious user with enough administration entitlements can inject ...) - TODO: check + NOT-FOR-US: Apache Syncope CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The ...) {DSA-4308-1 DLA-1531-1 DLA-1529-1} - linux 4.18.10-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4bdf4d6f55aa4017129c838c748bcc19b0ffea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4bdf4d6f55aa4017129c838c748bcc19b0ffea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] nginx fixes
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b9a6f5a9 by Moritz Muehlenhoff at 2018-11-06T22:47:30Z nginx fixes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5293,16 +5293,19 @@ CVE-2018-16845 [Memory disclosure in the ngx_http_mp4_module] - nginx (bug #913090) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html NOTE: https://nginx.org/download/patch.2018.mp4.txt + NOTE: http://hg.nginx.org/nginx/rev/fdc19a3289c1 NOTE: Fixed in 1.15.6, 1.14.1. CVE-2018-16844 [Excessive CPU usage in HTTP/2] RESERVED - nginx (bug #913090) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html + NOTE: http://hg.nginx.org/nginx/rev/9200b41db765 NOTE: Fixed in 1.15.6, 1.14.1. CVE-2018-16843 [Excessive memory usage in HTTP/2] RESERVED - nginx (bug #913090) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html + NOTE: http://hg.nginx.org/nginx/rev/d4448892a294 NOTE: Fixed in 1.15.6, 1.14.1. CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...) {DSA-4331-1 DLA-1568-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9a6f5a9f32b41d4d5614987b6f050ba818a715d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9a6f5a9f32b41d4d5614987b6f050ba818a715d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-18778
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92a669e7 by Salvatore Bonaccorso at 2018-11-06T21:40:38Z Add bug reference for CVE-2018-18778 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -579,7 +579,7 @@ CVE-2018-18780 CVE-2018-18779 RESERVED CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary files. ...) - - mini-httpd + - mini-httpd (bug #913095) CVE-2018-18777 (Directory traversal vulnerability in Microstrategy Web, version 7, in ...) NOT-FOR-US: Microstrategy Web CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92a669e7c37a519af3c4781c94c5d9dbd77d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92a669e7c37a519af3c4781c94c5d9dbd77d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 620dab8e by Salvatore Bonaccorso at 2018-11-06T21:26:20Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2828,7 +2828,7 @@ CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...) NOT-FOR-US: InduSoft Web Studio CVE-2018-17913 (A type confusion vulnerability exists when processing project files in ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...) NOT-FOR-US: CASE Suite CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...) @@ -2836,15 +2836,15 @@ CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-bas CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly ...) NOT-FOR-US: Advantech WebAccess CVE-2018-17909 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the ...) NOT-FOR-US: Advantech WebAccess CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-17906 RESERVED CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This ...) NOT-FOR-US: Reliance 4 SCADA/HMI CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...) @@ -4991,7 +4991,7 @@ CVE-2018-16988 CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external ...) NOT-FOR-US: Squash TM CVE-2018-16986 (Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 ...) - TODO: check + NOT-FOR-US: Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...) NOT-FOR-US: Lizard CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which ...) @@ -13951,9 +13951,9 @@ CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucib CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree for ...) - TODO: check + NOT-FOR-US: Sourcetree for Windows CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree for macOS ...) - TODO: check + NOT-FOR-US: Sourcetree for macOS CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...) NOT-FOR-US: Atlassian Jira CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/620dab8e73db591d17d36829b231ddedc1e6cc2e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/620dab8e73db591d17d36829b231ddedc1e6cc2e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2014-10077/ruby-i18n
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 675547d6 by Salvatore Bonaccorso at 2018-11-06T21:16:24Z Add bug reference for CVE-2014-10077/ruby-i18n - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -135,7 +135,7 @@ CVE-2018-18982 CVE-2018-18981 RESERVED CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...) - - ruby-i18n + - ruby-i18n (bug #913093) NOTE: https://github.com/svenfuchs/i18n/pull/289 NOTE: https://github.com/svenfuchs/i18n/commit/24e71a9a4901ed18c9cab5c53109fd9bf2416bcb CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/675547d69c49120f85c82f617cd254fae02d9207 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/675547d69c49120f85c82f617cd254fae02d9207 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two IBM NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d287134c by Salvatore Bonaccorso at 2018-11-06T20:56:58Z Process two IBM NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46574,7 +46574,7 @@ CVE-2018-1696 CVE-2018-1695 (IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations ...) NOT-FOR-US: IBM CVE-2018-1694 (IBM Jazz applications (IBM Rational Collaborative Lifecycle Management ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1693 RESERVED CVE-2018-1692 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) @@ -46750,7 +46750,7 @@ CVE-2018-1608 CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...) NOT-FOR-US: IBM CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) NOT-FOR-US: IBM CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d287134c9965b51d836db23d126a95acfd646275 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d287134c9965b51d836db23d126a95acfd646275 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2014-10077/ruby-i18n
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c0c1a27 by Salvatore Bonaccorso at 2018-11-06T20:44:24Z Add CVE-2014-10077/ruby-i18n - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -135,7 +135,9 @@ CVE-2018-18982 CVE-2018-18981 RESERVED CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...) - TODO: check + - ruby-i18n + NOTE: https://github.com/svenfuchs/i18n/pull/289 + NOTE: https://github.com/svenfuchs/i18n/commit/24e71a9a4901ed18c9cab5c53109fd9bf2416bcb CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager CVE-2018-18979 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c0c1a272b8c5a652256d754841129361a2be979 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c0c1a272b8c5a652256d754841129361a2be979 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1684{3,4,5}/nginx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: de848aa9 by Salvatore Bonaccorso at 2018-11-06T20:31:27Z Add bug reference for CVE-2018-1684{3,4,5}/nginx - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5288,18 +5288,18 @@ CVE-2018-16846 RESERVED CVE-2018-16845 [Memory disclosure in the ngx_http_mp4_module] RESERVED - - nginx + - nginx (bug #913090) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html NOTE: https://nginx.org/download/patch.2018.mp4.txt NOTE: Fixed in 1.15.6, 1.14.1. CVE-2018-16844 [Excessive CPU usage in HTTP/2] RESERVED - - nginx + - nginx (bug #913090) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html NOTE: Fixed in 1.15.6, 1.14.1. CVE-2018-16843 [Excessive memory usage in HTTP/2] RESERVED - - nginx + - nginx (bug #913090) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html NOTE: Fixed in 1.15.6, 1.14.1. CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de848aa9cb5697e5a44b7be36b9018a85b680e2d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de848aa9cb5697e5a44b7be36b9018a85b680e2d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add short descriptions for nginx issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 019602f5 by Salvatore Bonaccorso at 2018-11-06T20:23:11Z Add short descriptions for nginx issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5286,18 +5286,22 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html CVE-2018-16846 RESERVED -CVE-2018-16845 +CVE-2018-16845 [Memory disclosure in the ngx_http_mp4_module] RESERVED - nginx NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html -CVE-2018-16844 + NOTE: https://nginx.org/download/patch.2018.mp4.txt + NOTE: Fixed in 1.15.6, 1.14.1. +CVE-2018-16844 [Excessive CPU usage in HTTP/2] RESERVED - nginx NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html -CVE-2018-16843 + NOTE: Fixed in 1.15.6, 1.14.1. +CVE-2018-16843 [Excessive memory usage in HTTP/2] RESERVED - nginx NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html + NOTE: Fixed in 1.15.6, 1.14.1. CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...) {DSA-4331-1 DLA-1568-1} - curl 7.62.0-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/019602f52d9378eda4894a49b9e2b73947a45bcf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/019602f52d9378eda4894a49b9e2b73947a45bcf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update commit for CVE-2018-14660/glusterfs (still under review upstream)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2501b0d by Salvatore Bonaccorso at 2018-11-06T20:15:56Z Update commit for CVE-2018-14660/glusterfs (still under review upstream) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10699,7 +10699,7 @@ CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926 NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/ - NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=9232f3937f81749120e2b1150116b09e7c575354 + NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696 CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...) {DLA-1565-1} - glusterfs (bug #912997) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2501b0d03217e040d8515b0a4ba6054520f01a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2501b0d03217e040d8515b0a4ba6054520f01a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09c15896 by security tracker role at 2018-11-06T20:10:26Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,141 @@ +CVE-2018-19048 + RESERVED +CVE-2018-19047 + RESERVED +CVE-2018-19046 + RESERVED +CVE-2018-19045 + RESERVED +CVE-2018-19044 + RESERVED +CVE-2018-19043 + RESERVED +CVE-2018-19042 + RESERVED +CVE-2018-19041 + RESERVED +CVE-2018-19040 + RESERVED +CVE-2018-19039 + RESERVED +CVE-2018-19038 + RESERVED +CVE-2018-19037 + RESERVED +CVE-2018-19036 + RESERVED +CVE-2018-19035 + RESERVED +CVE-2018-19034 + RESERVED +CVE-2018-19033 + RESERVED +CVE-2018-19032 + RESERVED +CVE-2018-19031 + RESERVED +CVE-2018-19030 + RESERVED +CVE-2018-19029 + RESERVED +CVE-2018-19028 + RESERVED +CVE-2018-19027 + RESERVED +CVE-2018-19026 + RESERVED +CVE-2018-19025 + RESERVED +CVE-2018-19024 + RESERVED +CVE-2018-19023 + RESERVED +CVE-2018-19022 + RESERVED +CVE-2018-19021 + RESERVED +CVE-2018-19020 + RESERVED +CVE-2018-19019 + RESERVED +CVE-2018-19018 + RESERVED +CVE-2018-19017 + RESERVED +CVE-2018-19016 + RESERVED +CVE-2018-19015 + RESERVED +CVE-2018-19014 + RESERVED +CVE-2018-19013 + RESERVED +CVE-2018-19012 + RESERVED +CVE-2018-19011 + RESERVED +CVE-2018-19010 + RESERVED +CVE-2018-19009 + RESERVED +CVE-2018-19008 + RESERVED +CVE-2018-19007 + RESERVED +CVE-2018-19006 + RESERVED +CVE-2018-19005 + RESERVED +CVE-2018-19004 + RESERVED +CVE-2018-19003 + RESERVED +CVE-2018-19002 + RESERVED +CVE-2018-19001 + RESERVED +CVE-2018-19000 + RESERVED +CVE-2018-18999 + RESERVED +CVE-2018-18998 + RESERVED +CVE-2018-18997 + RESERVED +CVE-2018-18996 + RESERVED +CVE-2018-18995 + RESERVED +CVE-2018-18994 + RESERVED +CVE-2018-18993 + RESERVED +CVE-2018-18992 + RESERVED +CVE-2018-18991 + RESERVED +CVE-2018-18990 + RESERVED +CVE-2018-18989 + RESERVED +CVE-2018-18988 + RESERVED +CVE-2018-18987 + RESERVED +CVE-2018-18986 + RESERVED +CVE-2018-18985 + RESERVED +CVE-2018-18984 + RESERVED +CVE-2018-18983 + RESERVED +CVE-2018-18982 + RESERVED +CVE-2018-18981 + RESERVED +CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...) + TODO: check CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager CVE-2018-18979 @@ -3666,6 +3804,7 @@ CVE-2018-17473 [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-17472 RESERVED + {DSA-4330-1} - chromium-browser 70.0.3538.67-1 [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-17471 @@ -4371,8 +4510,8 @@ CVE-2018-17186 RESERVED CVE-2018-17185 RESERVED -CVE-2018-17184 - RESERVED +CVE-2018-17184 (A malicious user with enough administration entitlements can inject ...) + TODO: check CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The ...) {DSA-4308-1 DLA-1531-1 DLA-1529-1} - linux 4.18.10-1 @@ -4849,8 +4988,8 @@ CVE-2018-16988 RESERVED CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external ...) NOT-FOR-US: Squash TM -CVE-2018-16986 - RESERVED +CVE-2018-16986 (Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 ...) + TODO: check CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...) NOT-FOR-US: Lizard CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which ...) @@ -5160,7 +5299,7 @@ CVE-2018-16843 - nginx NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...) - {DSA-4331-1} + {DSA-4331-1 DLA-1568-1} - curl 7.62.0-1 NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211 @@ -5174,7 +5313,7 @@ CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59. NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3 CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...) - {DSA-4331-1} + {DSA-4331-1
[Git][security-tracker-team/security-tracker][master] CVE-2018-14652/glusterfs fixed in unstable with 5.0-1 upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfe52d0b by Salvatore Bonaccorso at 2018-11-06T20:06:53Z CVE-2018-14652/glusterfs fixed in unstable with 5.0-1 upload The vulnerability fix is just a part of the whole upstream change which landed in 5.0alpha, upstream commit as per http://git.gluster.org/cgit/glusterfs.git/commit/?id=052849983e51a061d7fb2c3ffd74fa78bb257084 For the release-4.1 branch the fix is part of that one as http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2c195712a9ecbda4fa02f5308138a1257a2558a .. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10598,7 +10598,7 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13 CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...) {DLA-1565-1} - - glusterfs (bug #912997) + - glusterfs 5.0-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974 NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfe52d0bc918def793a76e7f507a6a997f993f4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfe52d0bc918def793a76e7f507a6a997f993f4f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update commit references for CVE-2018-14654/glusterfs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3750373c by Salvatore Bonaccorso at 2018-11-06T20:04:36Z Update commit references for CVE-2018-14654/glusterfs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10585,7 +10585,8 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576 NOTE: https://review.gluster.org/#/c/glusterfs/+/21534/ - NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=923d0a56525111e1e24db19817419b4519a98090 + NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1) + NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5) CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...) {DLA-1565-1} - glusterfs (bug #912997) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3750373ca1af0e007f9af17dba9523a331d79bfd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3750373ca1af0e007f9af17dba9523a331d79bfd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take mariadb
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 378d0929 by Emilio Pozuelo Monfort at 2018-11-06T19:47:10Z dla: take mariadb - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -62,7 +62,7 @@ linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- -mariadb-10.0 +mariadb-10.0 (Emilio Pozuelo) -- mysql-connector-java -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/378d0929be188e66060ce16c99adb2dd324047d5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/378d0929be188e66060ce16c99adb2dd324047d5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new nginx issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b1e3ebca by Moritz Muehlenhoff at 2018-11-06T19:38:30Z new nginx issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5149,10 +5149,16 @@ CVE-2018-16846 RESERVED CVE-2018-16845 RESERVED + - nginx + NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html CVE-2018-16844 RESERVED + - nginx + NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html CVE-2018-16843 RESERVED + - nginx + NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...) {DSA-4331-1} - curl 7.62.0-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1e3ebca9f3d5ad43bb58de494226d12b2363c37 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1e3ebca9f3d5ad43bb58de494226d12b2363c37 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Claim jasper in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c256dd46 by Markus Koschany at 2018-11-06T18:32:03Z Claim jasper in dla-needed.txt - - - - - 6f5856fa by Markus Koschany at 2018-11-06T18:33:45Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -34,7 +34,7 @@ imagemagick (Thorsten Alteholz) NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats NOTE: 20181023: wait with upload until this is done in unstable -> #907336 -- -jasper +jasper (apo) NOTE: 20181104: consider fixing no-dsa issues too because the package is used NOTE: by almost 50 % of sponsors. (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1bd5c13fb744cddc051e5bb0bd4bfed6afd3b778...6f5856fafd2df0fc481dc8e7e9340a6bf303 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1bd5c13fb744cddc051e5bb0bd4bfed6afd3b778...6f5856fafd2df0fc481dc8e7e9340a6bf303 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Reorder listing for contact adresses
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e16c4f86 by Salvatore Bonaccorso at 2018-11-06T18:14:17Z Reorder listing for contact adresses - - - - - 1bd5c13f by Salvatore Bonaccorso at 2018-11-06T18:15:11Z Add warning note - - - - - 1 changed file: - doc/security-team.d.o/contact Changes: = doc/security-team.d.o/contact = @@ -1,3 +1,5 @@ +This is more a TODO list/work in progress to improve documentation + Mail @@ -6,10 +8,10 @@ Mail What each list is for: -- -- debian-secur...@lists.debian.org +- t...@security.debian.org / secur...@debian.org (security team contact) +- debian-secur...@lists.debian.org (public discussion list) - debian-secur...@debian.org seems to be redirected to debian-priv...@lists.debian.org -- debian-security-trac...@lists.debian.org -- t...@security.debian.org +- debian-security-trac...@lists.debian.org (security tracker discussion list) - (and more) - consolidate lists? (which are needed? explicit names, e.g., -public/-private) - RT? (incoming queue for non encrypted mails) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e...1bd5c13fb744cddc051e5bb0bd4bfed6afd3b778 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e...1bd5c13fb744cddc051e5bb0bd4bfed6afd3b778 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Three curl CVEs were adressed in recent DLA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b5a6165 by Salvatore Bonaccorso at 2018-11-06T18:08:34Z Three curl CVEs were adressed in recent DLA - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -102212,7 +102212,6 @@ CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when ...) {DLA-767-1} - curl 7.52.1-1 (bug #848958) - [jessie] - curl (Minor issue) NOTE: https://curl.haxx.se/docs/adv_20161221A.html NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9 NOTE: There are no known vulnerable applications but as this is a @@ -110061,7 +110060,6 @@ CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_uplo CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...) {DLA-625-1} - curl 7.51.0-1 (bug #837945) - [jessie] - curl (Minor issue, can be fixed in point release or next DSA) NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2 @@ -110198,7 +110196,6 @@ CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...) {DLA-616-1} - curl 7.51.0-1 (bug #836918) - [jessie] - curl (Minor issue, can be fixed in point release or next DSA; affects only NSS backend) NOTE: Only affects libcurl3-nss NOTE: http://seclists.org/oss-sec/2016/q3/419 NOTE: https://curl.haxx.se/docs/adv_20160907.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1568-1 for curl
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 98da9693 by Markus Koschany at 2018-11-06T18:04:06Z Reserve DLA-1568-1 for curl - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 Nov 2018] DLA-1568-1 curl - security update + {CVE-2016-7141 CVE-2016-7167 CVE-2016-9586 CVE-2018-16839 CVE-2018-16842} + [jessie] - curl 7.38.0-4+deb8u13 [05 Nov 2018] DLA-1567-1 gthumb - security update {CVE-2018-18718} [jessie] - gthumb 3:3.3.1-2.1+deb8u1 = data/dla-needed.txt = @@ -15,10 +15,6 @@ ansible (Chris Lamb) cairo NOTE: 20181024: No fix available yet. -- -curl (Markus Koschany) - NOTE: 20181102: consider fixing no-dsa issues too because they are already - NOTE: fixed in Stretch. (apo) --- enigmail (Antoine Beaupre) NOTE: 20180926: see 871s9fps8e@curie.anarc.at before working on this (anarcat) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98da969394413bee0b6d49a003fbba93ff64ea11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98da969394413bee0b6d49a003fbba93ff64ea11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim squid3 in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ed38e87 by Abhijith PA at 2018-11-06T16:59:30Z Claim squid3 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -93,7 +93,7 @@ sdl-image1.2 (Chris Lamb) -- spamassassin (Antoine Beaupre) -- -squid3 +squid3 (Abhijith PA) NOTE:20181101: consider fixing no-dsa issues too. (apo) -- symfony (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ed38e873268c3d659d48eceff0bce509d2a04bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ed38e873268c3d659d48eceff0bce509d2a04bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add missing CVE ID for Chromium
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 43264cf2 by Moritz Muehlenhoff at 2018-11-06T16:39:07Z Add missing CVE ID for Chromium One poppler issue ignored - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -174,6 +174,7 @@ CVE-2018-18898 RESERVED CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in ...) - poppler + [stretch] - poppler (Negligable security impact) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654 CVE-2018-18896 RESERVED = data/DSA/list = @@ -11,7 +11,7 @@ {CVE-2018-16839 CVE-2018-16842} [stretch] - curl 7.52.1-5+deb9u8 [02 Nov 2018] DSA-4330-1 chromium-browser - security update - {CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477} + {CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477} [stretch] - chromium-browser 70.0.3538.67-1~deb9u1 [28 Oct 2018] DSA-4329-1 teeworlds - security update {CVE-2018-18541} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43264cf223182a08f40bfa8f85752ae181d73b14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43264cf223182a08f40bfa8f85752ae181d73b14 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: b0e3cd7a by Emilio Pozuelo Monfort at 2018-11-06T16:34:55Z dla: take thunderbird - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -102,7 +102,8 @@ systemd NOTE: 20181101: I recommend to fix all open issues including the postponed NOTE: ones, too. (apo) -- -thunderbird +thunderbird (Emilio Pozuelo) + NOTE: 20181106: needs rustc/cargo currently in NEW -- tiff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0e3cd7a5c3f90796ffd2b8e15206f3213b3b3bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0e3cd7a5c3f90796ffd2b8e15206f3213b3b3bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add poppler fix
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 17c991f7 by Moritz Muehlenhoff at 2018-11-06T16:16:22Z Add poppler fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5667,7 +5667,7 @@ CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc ma - poppler (low; bug #909802) [stretch] - poppler (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951 - NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67 + NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91/diffs?commit_id=e16f2d5bf39842c647d413bbd6e16de73c76a2c8 CVE-2018-16645 (There is an excessive memory allocation issue in the functions ...) {DSA-4316-1 DLA-1530-1} - imagemagick 8:6.9.10.14+dfsg-1 (bug #910889) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/17c991f7992270d9f7ecf004741c1c3acc235b8d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/17c991f7992270d9f7ecf004741c1c3acc235b8d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add and claim icu
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: c49ec762 by Roberto C. Sánchez at 2018-11-06T12:25:14Z Add and claim icu - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,6 +32,8 @@ firmware-nonfree (Ben Hutchings) icecast2 (Abhijith PA) NOTE: 20181106: please upload https://git.fosscommunity.in/bhe/patches/raw/master/icecast2_deb8u2.debdiff -- +icu (Roberto C. Sánchez) +-- imagemagick (Thorsten Alteholz) NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats NOTE: 20181023: wait with upload until this is done in unstable -> #907336 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c49ec762be86aa809325aa18d5596a6e669937e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c49ec762be86aa809325aa18d5596a6e669937e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/claim openssl
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c138db0 by Roberto C. Sánchez at 2018-11-06T12:20:13Z LTS/claim openssl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -79,7 +79,7 @@ openjpeg2 (Hugo Lefeuvre) NOTE: to approve CVE-2017-17480 before upload. NOTE: had in depth investigations for CVE-2018-5727, see upstream bug report -- -openssl +openssl (Roberto C. Sánchez) -- qemu (Santiago) NOTE: 20181026: no fix yet for recent dsa issues, but start working on View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c138db045d3344eabcdccd5c31901d94fe4f311 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c138db045d3344eabcdccd5c31901d94fe4f311 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-18956/suricata
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a216d66b by Salvatore Bonaccorso at 2018-11-06T10:00:08Z Add CVE-2018-18956/suricata - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,7 +47,9 @@ CVE-2018-18958 CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffer ...) NOT-FOR-US: libIEC61850 CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x ...) - TODO: check + - suricata + NOTE: https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html + NOTE: https://redmine.openinfosecfoundation.org/issues/2658#change-10374 CVE-2018-18955 RESERVED CVE-2018-18954 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a216d66b0a871775920d2be24ce4f44d8973715a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a216d66b0a871775920d2be24ce4f44d8973715a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note to icecast2 in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d726b03 by Abhijith PA at 2018-11-06T09:46:34Z Add note to icecast2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -30,6 +30,7 @@ firmware-nonfree (Ben Hutchings) NOTE: Waiting for approval of Stretch update. -- icecast2 (Abhijith PA) + NOTE: 20181106: please upload https://git.fosscommunity.in/bhe/patches/raw/master/icecast2_deb8u2.debdiff -- imagemagick (Thorsten Alteholz) NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d726b031df81d27f1b797cb1a751a045418bd3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d726b031df81d27f1b797cb1a751a045418bd3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c4a17fa4 by Salvatore Bonaccorso at 2018-11-06T08:34:04Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager CVE-2018-18979 RESERVED CVE-2018-18978 @@ -27,13 +27,13 @@ CVE-2018-18968 CVE-2018-18967 RESERVED CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce ...) - TODO: check + NOT-FOR-US: Degrau Publicidade e Internet Plataforma de E-commerce CVE-2018-18962 RESERVED CVE-2018-18961 @@ -45,7 +45,7 @@ CVE-2018-18959 CVE-2018-18958 RESERVED CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffer ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x ...) TODO: check CVE-2018-18955 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a17fa4c2a1da16d5cd5c1416af641784ded715 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a17fa4c2a1da16d5cd5c1416af641784ded715 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 530f8354 by security tracker role at 2018-11-06T08:10:16Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) + TODO: check +CVE-2018-18979 + RESERVED +CVE-2018-18978 + RESERVED +CVE-2018-18977 + RESERVED +CVE-2018-18976 + RESERVED +CVE-2018-18975 + RESERVED +CVE-2018-18974 + RESERVED +CVE-2018-18973 + RESERVED +CVE-2018-18972 + RESERVED +CVE-2018-18971 + RESERVED +CVE-2018-18970 + RESERVED +CVE-2018-18969 + RESERVED +CVE-2018-18968 + RESERVED +CVE-2018-18967 + RESERVED +CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) + TODO: check +CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) + TODO: check +CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) + TODO: check +CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce ...) + TODO: check +CVE-2018-18962 + RESERVED +CVE-2018-18961 + RESERVED +CVE-2018-18960 + RESERVED +CVE-2018-18959 + RESERVED +CVE-2018-18958 + RESERVED +CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffer ...) + TODO: check +CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x ...) + TODO: check +CVE-2018-18955 + RESERVED CVE-2018-18954 RESERVED CVE-2018-18953 @@ -2632,24 +2684,24 @@ CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P NOT-FOR-US: P2P Cloud Server CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...) NOT-FOR-US: InduSoft Web Studio -CVE-2018-17913 - RESERVED +CVE-2018-17913 (A type confusion vulnerability exists when processing project files in ...) + TODO: check CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...) NOT-FOR-US: CASE Suite CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...) NOT-FOR-US: LAquis SCADA CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly ...) NOT-FOR-US: Advantech WebAccess -CVE-2018-17909 - RESERVED +CVE-2018-17909 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) + TODO: check CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the ...) NOT-FOR-US: Advantech WebAccess -CVE-2018-17907 - RESERVED +CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) + TODO: check CVE-2018-17906 RESERVED -CVE-2018-17905 - RESERVED +CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) + TODO: check CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This ...) NOT-FOR-US: Reliance 4 SCADA/HMI CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...) @@ -13743,10 +13795,10 @@ CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucib NOT-FOR-US: Atlassian CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and ...) NOT-FOR-US: Atlassian Fisheye and Crucible -CVE-2018-13397 - RESERVED -CVE-2018-13396 - RESERVED +CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree for ...) + TODO: check +CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree for macOS ...) + TODO: check CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...) NOT-FOR-US: Atlassian Jira CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/530f8354dd64ab635792ec5ae5a947382c6f6cee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/530f8354dd64ab635792ec5ae5a947382c6f6cee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits