[Git][security-tracker-team/security-tracker][master] Add CVE-2018-19052/lighttpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d56c4bb by Salvatore Bonaccorso at 2018-11-07T07:54:07Z Add CVE-2018-19052/lighttpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2018-19052 [potential path traversal with specific configs] + - lighttpd + NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 RESERVED CVE-2018-19047 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d56c4bbc0898f20582109b2a89565b7dc23145b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d56c4bbc0898f20582109b2a89565b7dc23145b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10851/pdns
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 058b5b25 by Salvatore Bonaccorso at 2018-11-07T06:40:14Z Add CVE-2018-10851/pdns - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20979,7 +20979,10 @@ CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the avail NOTE: https://pagure.io/SSSD/sssd/issue/3766 CVE-2018-10851 [Crafted answer can cause a denial of service] RESERVED + - pdns - pdns-recursor + NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html + NOTE: https://downloads.powerdns.com/patches/2018-03/ NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html NOTE: https://downloads.powerdns.com/patches/2018-04/ CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/058b5b253a6902b0c91b327656752896b4bc1d28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/058b5b253a6902b0c91b327656752896b4bc1d28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10851/pdns-recursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
893ddc4a by Salvatore Bonaccorso at 2018-11-07T06:38:55Z
Add CVE-2018-10851/pdns-recursor
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -20977,8 +20977,11 @@ CVE-2018-10852 (The UNIX pipe which sudo uses to
contact SSSD and read the avail
{DLA-1429-1}
- sssd (bug #902860)
NOTE: https://pagure.io/SSSD/sssd/issue/3766
-CVE-2018-10851
+CVE-2018-10851 [Crafted answer can cause a denial of service]
RESERVED
+ - pdns-recursor
+ NOTE:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html
+ NOTE: https://downloads.powerdns.com/patches/2018-04/
CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to
a race ...)
{DLA-1428-1}
[experimental] - 389-ds-base 1.4.0.13-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/893ddc4a24dd953b0055acc3dadc3bc39844b88d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/893ddc4a24dd953b0055acc3dadc3bc39844b88d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14626/pdns
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a21285e4 by Salvatore Bonaccorso at 2018-11-07T06:36:52Z Add CVE-2018-14626/pdns - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10865,7 +10865,11 @@ CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does NOTE: https://github.com/wildfly/wildfly/pull/10675 CVE-2018-14626 [Packet cache pollution via crafted query] RESERVED + - pdns + [stretch] - pdns (Vulnerable code present only in >= 4.1.0) - pdns-recursor + NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html + NOTE: https://downloads.powerdns.com/patches/2018-05/ NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html NOTE: https://downloads.powerdns.com/patches/2018-06/ CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a21285e40bb7282c8f7127380e932994850d33c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a21285e40bb7282c8f7127380e932994850d33c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14626/pdns-recursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ff4d8343 by Salvatore Bonaccorso at 2018-11-07T06:33:33Z Add CVE-2018-14626/pdns-recursor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10863,8 +10863,11 @@ CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does - wildfly (bug #752018) NOTE: https://issues.jboss.org/browse/WFLY-9107 NOTE: https://github.com/wildfly/wildfly/pull/10675 -CVE-2018-14626 +CVE-2018-14626 [Packet cache pollution via crafted query] RESERVED + - pdns-recursor + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html + NOTE: https://downloads.powerdns.com/patches/2018-06/ CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to ...) - linux [jessie] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff4d8343b79d8e72c93a61d5804f1f9efe1ca562 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff4d8343b79d8e72c93a61d5804f1f9efe1ca562 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14644/pdns-recursor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ae63f69 by Salvatore Bonaccorso at 2018-11-07T06:31:24Z Add CVE-2018-14644/pdns-recursor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10805,8 +10805,11 @@ CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1. [stretch] - haproxy (Only affects 1.8.x) [jessie] - haproxy (Only affects 1.8.x) NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813 -CVE-2018-14644 +CVE-2018-14644 [Crafted query for meta-types can cause a denial of service] RESERVED + - pdns-recursor + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html + NOTE: https://downloads.powerdns.com/patches/2018-07/ CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynflow ...) - foreman (bug #663101) NOTE: Issue in a foreman component: smart_proxy_dynflow, which might land in separate source. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ae63f69eb2898a5724d04961fd2c5eb062667e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ae63f69eb2898a5724d04961fd2c5eb062667e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two entries related to amanda
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3de04d05 by Salvatore Bonaccorso at 2018-11-07T06:27:41Z Add two entries related to amanda - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -936,8 +936,12 @@ CVE-2018-18633 CVE-2018-18632 RESERVED CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...) + - amanda + NOTE: https://www.exploit-db.com/exploits/39244/ TODO: check CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...) + - amanda + NOTE: https://www.exploit-db.com/exploits/39217/ TODO: check CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 ...) - xen View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3de04d056a2ffa35ecb1b24ac91f613214c04193 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3de04d056a2ffa35ecb1b24ac91f613214c04193 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14667
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fed3ac53 by Salvatore Bonaccorso at 2018-11-07T06:23:28Z Add CVE-2018-14667 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10683,8 +10683,9 @@ CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c - libmspack 0.7-1 (bug #904799) NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 -CVE-2018-14667 +CVE-2018-14667 [Expression Language injection via UserResource allows for unauthenticated remote code execution] RESERVED + NOT-FOR-US: RichFaces CVE-2018-14666 RESERVED CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An incorrect ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fed3ac5300a9bdf42ee13b335cde09da9c951d88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fed3ac5300a9bdf42ee13b335cde09da9c951d88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim tiff
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: b1c53523 by Brian May at 2018-11-07T06:08:26Z Claim tiff - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -101,7 +101,7 @@ systemd thunderbird (Emilio Pozuelo) NOTE: 20181106: needs rustc/cargo currently in NEW -- -tiff +tiff (Brian May) -- xen -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1c535230ba017fb37e4f15899a9080c4554762c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1c535230ba017fb37e4f15899a9080c4554762c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-18954/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4b37aa2 by Salvatore Bonaccorso at 2018-11-07T05:40:32Z Add CVE-2018-18954/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -192,8 +192,11 @@ CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata NOTE: https://redmine.openinfosecfoundation.org/issues/2658#change-10374 CVE-2018-18955 RESERVED -CVE-2018-18954 +CVE-2018-18954 [ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb] RESERVED + - qemu + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html CVE-2018-18953 RESERVED CVE-2018-18952 (JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4b37aa2a4a339d642e0cf6463219af9d4e7e3db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4b37aa2a4a339d642e0cf6463219af9d4e7e3db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two new NFUs in Apache Syncope
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e4bdf4d by Salvatore Bonaccorso at 2018-11-07T05:35:33Z
Process two new NFUs in Apache Syncope
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -4510,10 +4510,11 @@ CVE-2018-17187
RESERVED
CVE-2018-17186
RESERVED
+ NOT-FOR-US: Apache Syncope
CVE-2018-17185
RESERVED
CVE-2018-17184 (A malicious user with enough administration entitlements can
inject ...)
- TODO: check
+ NOT-FOR-US: Apache Syncope
CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8.
The ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.10-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4bdf4d6f55aa4017129c838c748bcc19b0ffea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4bdf4d6f55aa4017129c838c748bcc19b0ffea
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] nginx fixes
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9a6f5a9 by Moritz Muehlenhoff at 2018-11-06T22:47:30Z
nginx fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5293,16 +5293,19 @@ CVE-2018-16845 [Memory disclosure in the
ngx_http_mp4_module]
- nginx (bug #913090)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
NOTE: https://nginx.org/download/patch.2018.mp4.txt
+ NOTE: http://hg.nginx.org/nginx/rev/fdc19a3289c1
NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16844 [Excessive CPU usage in HTTP/2]
RESERVED
- nginx (bug #913090)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
+ NOTE: http://hg.nginx.org/nginx/rev/9200b41db765
NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16843 [Excessive memory usage in HTTP/2]
RESERVED
- nginx (bug #913090)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
+ NOTE: http://hg.nginx.org/nginx/rev/d4448892a294
NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a
heap-based ...)
{DSA-4331-1 DLA-1568-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9a6f5a9f32b41d4d5614987b6f050ba818a715d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9a6f5a9f32b41d4d5614987b6f050ba818a715d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-18778
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92a669e7 by Salvatore Bonaccorso at 2018-11-06T21:40:38Z Add bug reference for CVE-2018-18778 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -579,7 +579,7 @@ CVE-2018-18780 CVE-2018-18779 RESERVED CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary files. ...) - - mini-httpd + - mini-httpd (bug #913095) CVE-2018-18777 (Directory traversal vulnerability in Microstrategy Web, version 7, in ...) NOT-FOR-US: Microstrategy Web CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92a669e7c37a519af3c4781c94c5d9dbd77d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92a669e7c37a519af3c4781c94c5d9dbd77d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 620dab8e by Salvatore Bonaccorso at 2018-11-06T21:26:20Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2828,7 +2828,7 @@ CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...) NOT-FOR-US: InduSoft Web Studio CVE-2018-17913 (A type confusion vulnerability exists when processing project files in ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...) NOT-FOR-US: CASE Suite CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...) @@ -2836,15 +2836,15 @@ CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-bas CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly ...) NOT-FOR-US: Advantech WebAccess CVE-2018-17909 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the ...) NOT-FOR-US: Advantech WebAccess CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-17906 RESERVED CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This ...) NOT-FOR-US: Reliance 4 SCADA/HMI CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...) @@ -4991,7 +4991,7 @@ CVE-2018-16988 CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external ...) NOT-FOR-US: Squash TM CVE-2018-16986 (Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 ...) - TODO: check + NOT-FOR-US: Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...) NOT-FOR-US: Lizard CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which ...) @@ -13951,9 +13951,9 @@ CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucib CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree for ...) - TODO: check + NOT-FOR-US: Sourcetree for Windows CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree for macOS ...) - TODO: check + NOT-FOR-US: Sourcetree for macOS CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...) NOT-FOR-US: Atlassian Jira CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/620dab8e73db591d17d36829b231ddedc1e6cc2e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/620dab8e73db591d17d36829b231ddedc1e6cc2e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2014-10077/ruby-i18n
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 675547d6 by Salvatore Bonaccorso at 2018-11-06T21:16:24Z Add bug reference for CVE-2014-10077/ruby-i18n - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -135,7 +135,7 @@ CVE-2018-18982 CVE-2018-18981 RESERVED CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...) - - ruby-i18n + - ruby-i18n (bug #913093) NOTE: https://github.com/svenfuchs/i18n/pull/289 NOTE: https://github.com/svenfuchs/i18n/commit/24e71a9a4901ed18c9cab5c53109fd9bf2416bcb CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/675547d69c49120f85c82f617cd254fae02d9207 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/675547d69c49120f85c82f617cd254fae02d9207 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two IBM NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d287134c by Salvatore Bonaccorso at 2018-11-06T20:56:58Z Process two IBM NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46574,7 +46574,7 @@ CVE-2018-1696 CVE-2018-1695 (IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations ...) NOT-FOR-US: IBM CVE-2018-1694 (IBM Jazz applications (IBM Rational Collaborative Lifecycle Management ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1693 RESERVED CVE-2018-1692 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) @@ -46750,7 +46750,7 @@ CVE-2018-1608 CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...) NOT-FOR-US: IBM CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) NOT-FOR-US: IBM CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d287134c9965b51d836db23d126a95acfd646275 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d287134c9965b51d836db23d126a95acfd646275 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2014-10077/ruby-i18n
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c0c1a27 by Salvatore Bonaccorso at 2018-11-06T20:44:24Z Add CVE-2014-10077/ruby-i18n - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -135,7 +135,9 @@ CVE-2018-18982 CVE-2018-18981 RESERVED CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...) - TODO: check + - ruby-i18n + NOTE: https://github.com/svenfuchs/i18n/pull/289 + NOTE: https://github.com/svenfuchs/i18n/commit/24e71a9a4901ed18c9cab5c53109fd9bf2416bcb CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager CVE-2018-18979 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c0c1a272b8c5a652256d754841129361a2be979 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c0c1a272b8c5a652256d754841129361a2be979 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1684{3,4,5}/nginx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de848aa9 by Salvatore Bonaccorso at 2018-11-06T20:31:27Z
Add bug reference for CVE-2018-1684{3,4,5}/nginx
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5288,18 +5288,18 @@ CVE-2018-16846
RESERVED
CVE-2018-16845 [Memory disclosure in the ngx_http_mp4_module]
RESERVED
- - nginx
+ - nginx (bug #913090)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
NOTE: https://nginx.org/download/patch.2018.mp4.txt
NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16844 [Excessive CPU usage in HTTP/2]
RESERVED
- - nginx
+ - nginx (bug #913090)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16843 [Excessive memory usage in HTTP/2]
RESERVED
- - nginx
+ - nginx (bug #913090)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a
heap-based ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de848aa9cb5697e5a44b7be36b9018a85b680e2d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de848aa9cb5697e5a44b7be36b9018a85b680e2d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add short descriptions for nginx issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
019602f5 by Salvatore Bonaccorso at 2018-11-06T20:23:11Z
Add short descriptions for nginx issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5286,18 +5286,22 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was
found in the NVM Express
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
CVE-2018-16846
RESERVED
-CVE-2018-16845
+CVE-2018-16845 [Memory disclosure in the ngx_http_mp4_module]
RESERVED
- nginx
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
-CVE-2018-16844
+ NOTE: https://nginx.org/download/patch.2018.mp4.txt
+ NOTE: Fixed in 1.15.6, 1.14.1.
+CVE-2018-16844 [Excessive CPU usage in HTTP/2]
RESERVED
- nginx
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
-CVE-2018-16843
+ NOTE: Fixed in 1.15.6, 1.14.1.
+CVE-2018-16843 [Excessive memory usage in HTTP/2]
RESERVED
- nginx
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
+ NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a
heap-based ...)
{DSA-4331-1 DLA-1568-1}
- curl 7.62.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/019602f52d9378eda4894a49b9e2b73947a45bcf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/019602f52d9378eda4894a49b9e2b73947a45bcf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update commit for CVE-2018-14660/glusterfs (still under review upstream)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b2501b0d by Salvatore Bonaccorso at 2018-11-06T20:15:56Z
Update commit for CVE-2018-14660/glusterfs (still under review upstream)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -10699,7 +10699,7 @@ CVE-2018-14660 (A flaw was found in glusterfs server
through versions 4.1.4 and
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/
- NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=9232f3937f81749120e2b1150116b09e7c575354
+ NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696
CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is
vulnerable ...)
{DLA-1565-1}
- glusterfs (bug #912997)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2501b0d03217e040d8515b0a4ba6054520f01a3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2501b0d03217e040d8515b0a4ba6054520f01a3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
09c15896 by security tracker role at 2018-11-06T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,141 @@
+CVE-2018-19048
+ RESERVED
+CVE-2018-19047
+ RESERVED
+CVE-2018-19046
+ RESERVED
+CVE-2018-19045
+ RESERVED
+CVE-2018-19044
+ RESERVED
+CVE-2018-19043
+ RESERVED
+CVE-2018-19042
+ RESERVED
+CVE-2018-19041
+ RESERVED
+CVE-2018-19040
+ RESERVED
+CVE-2018-19039
+ RESERVED
+CVE-2018-19038
+ RESERVED
+CVE-2018-19037
+ RESERVED
+CVE-2018-19036
+ RESERVED
+CVE-2018-19035
+ RESERVED
+CVE-2018-19034
+ RESERVED
+CVE-2018-19033
+ RESERVED
+CVE-2018-19032
+ RESERVED
+CVE-2018-19031
+ RESERVED
+CVE-2018-19030
+ RESERVED
+CVE-2018-19029
+ RESERVED
+CVE-2018-19028
+ RESERVED
+CVE-2018-19027
+ RESERVED
+CVE-2018-19026
+ RESERVED
+CVE-2018-19025
+ RESERVED
+CVE-2018-19024
+ RESERVED
+CVE-2018-19023
+ RESERVED
+CVE-2018-19022
+ RESERVED
+CVE-2018-19021
+ RESERVED
+CVE-2018-19020
+ RESERVED
+CVE-2018-19019
+ RESERVED
+CVE-2018-19018
+ RESERVED
+CVE-2018-19017
+ RESERVED
+CVE-2018-19016
+ RESERVED
+CVE-2018-19015
+ RESERVED
+CVE-2018-19014
+ RESERVED
+CVE-2018-19013
+ RESERVED
+CVE-2018-19012
+ RESERVED
+CVE-2018-19011
+ RESERVED
+CVE-2018-19010
+ RESERVED
+CVE-2018-19009
+ RESERVED
+CVE-2018-19008
+ RESERVED
+CVE-2018-19007
+ RESERVED
+CVE-2018-19006
+ RESERVED
+CVE-2018-19005
+ RESERVED
+CVE-2018-19004
+ RESERVED
+CVE-2018-19003
+ RESERVED
+CVE-2018-19002
+ RESERVED
+CVE-2018-19001
+ RESERVED
+CVE-2018-19000
+ RESERVED
+CVE-2018-18999
+ RESERVED
+CVE-2018-18998
+ RESERVED
+CVE-2018-18997
+ RESERVED
+CVE-2018-18996
+ RESERVED
+CVE-2018-18995
+ RESERVED
+CVE-2018-18994
+ RESERVED
+CVE-2018-18993
+ RESERVED
+CVE-2018-18992
+ RESERVED
+CVE-2018-18991
+ RESERVED
+CVE-2018-18990
+ RESERVED
+CVE-2018-18989
+ RESERVED
+CVE-2018-18988
+ RESERVED
+CVE-2018-18987
+ RESERVED
+CVE-2018-18986
+ RESERVED
+CVE-2018-18985
+ RESERVED
+CVE-2018-18984
+ RESERVED
+CVE-2018-18983
+ RESERVED
+CVE-2018-18982
+ RESERVED
+CVE-2018-18981
+ RESERVED
+CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before
0.8.0 ...)
+ TODO: check
CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in
Zoho ...)
NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and
OpManager
CVE-2018-18979
@@ -3666,6 +3804,7 @@ CVE-2018-17473
[jessie] - chromium-browser (End of life, see DSA 4020)
CVE-2018-17472
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser (End of life, see DSA 4020)
CVE-2018-17471
@@ -4371,8 +4510,8 @@ CVE-2018-17186
RESERVED
CVE-2018-17185
RESERVED
-CVE-2018-17184
- RESERVED
+CVE-2018-17184 (A malicious user with enough administration entitlements can
inject ...)
+ TODO: check
CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8.
The ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.10-1
@@ -4849,8 +4988,8 @@ CVE-2018-16988
RESERVED
CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of
external ...)
NOT-FOR-US: Squash TM
-CVE-2018-16986
- RESERVED
+CVE-2018-16986 (Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and
CC2650 ...)
+ TODO: check
CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address
was ...)
NOT-FOR-US: Lizard
CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which
...)
@@ -5160,7 +5299,7 @@ CVE-2018-16843
- nginx
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a
heap-based ...)
- {DSA-4331-1}
+ {DSA-4331-1 DLA-1568-1}
- curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
@@ -5174,7 +5313,7 @@ CVE-2018-16840 (A heap use-after-free flaw was found in
curl versions from 7.59.
NOTE: Fixed by:
https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
NOTE: Introduced by:
https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer
overrun ...)
- {DSA-4331-1}
+ {DSA-4331-1
[Git][security-tracker-team/security-tracker][master] CVE-2018-14652/glusterfs fixed in unstable with 5.0-1 upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfe52d0b by Salvatore Bonaccorso at 2018-11-06T20:06:53Z
CVE-2018-14652/glusterfs fixed in unstable with 5.0-1 upload
The vulnerability fix is just a part of the whole upstream change which
landed in 5.0alpha, upstream commit as per
http://git.gluster.org/cgit/glusterfs.git/commit/?id=052849983e51a061d7fb2c3ffd74fa78bb257084
For the release-4.1 branch the fix is part of that one as
http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2c195712a9ecbda4fa02f5308138a1257a2558a
..
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -10598,7 +10598,7 @@ CVE-2018-14653 (The Gluster file system through
versions 4.1.4 and 3.12 is vulne
NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13
CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is
vulnerable ...)
{DLA-1565-1}
- - glusterfs (bug #912997)
+ - glusterfs 5.0-1 (bug #912997)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfe52d0bc918def793a76e7f507a6a997f993f4f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfe52d0bc918def793a76e7f507a6a997f993f4f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update commit references for CVE-2018-14654/glusterfs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3750373c by Salvatore Bonaccorso at 2018-11-06T20:04:36Z
Update commit references for CVE-2018-14654/glusterfs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -10585,7 +10585,8 @@ CVE-2018-14654 (The Gluster file system through version
4.1.4 is vulnerable to a
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
NOTE: https://review.gluster.org/#/c/glusterfs/+/21534/
- NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=923d0a56525111e1e24db19817419b4519a98090
+ NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664
(release-4.1)
+ NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23
(release-5)
CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is
vulnerable ...)
{DLA-1565-1}
- glusterfs (bug #912997)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3750373ca1af0e007f9af17dba9523a331d79bfd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3750373ca1af0e007f9af17dba9523a331d79bfd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take mariadb
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 378d0929 by Emilio Pozuelo Monfort at 2018-11-06T19:47:10Z dla: take mariadb - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -62,7 +62,7 @@ linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- -mariadb-10.0 +mariadb-10.0 (Emilio Pozuelo) -- mysql-connector-java -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/378d0929be188e66060ce16c99adb2dd324047d5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/378d0929be188e66060ce16c99adb2dd324047d5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new nginx issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1e3ebca by Moritz Muehlenhoff at 2018-11-06T19:38:30Z
new nginx issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5149,10 +5149,16 @@ CVE-2018-16846
RESERVED
CVE-2018-16845
RESERVED
+ - nginx
+ NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
CVE-2018-16844
RESERVED
+ - nginx
+ NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
CVE-2018-16843
RESERVED
+ - nginx
+ NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a
heap-based ...)
{DSA-4331-1}
- curl 7.62.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1e3ebca9f3d5ad43bb58de494226d12b2363c37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1e3ebca9f3d5ad43bb58de494226d12b2363c37
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Claim jasper in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: c256dd46 by Markus Koschany at 2018-11-06T18:32:03Z Claim jasper in dla-needed.txt - - - - - 6f5856fa by Markus Koschany at 2018-11-06T18:33:45Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -34,7 +34,7 @@ imagemagick (Thorsten Alteholz) NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats NOTE: 20181023: wait with upload until this is done in unstable -> #907336 -- -jasper +jasper (apo) NOTE: 20181104: consider fixing no-dsa issues too because the package is used NOTE: by almost 50 % of sponsors. (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1bd5c13fb744cddc051e5bb0bd4bfed6afd3b778...6f5856fafd2df0fc481dc8e7e9340a6bf303 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1bd5c13fb744cddc051e5bb0bd4bfed6afd3b778...6f5856fafd2df0fc481dc8e7e9340a6bf303 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Reorder listing for contact adresses
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e16c4f86 by Salvatore Bonaccorso at 2018-11-06T18:14:17Z Reorder listing for contact adresses - - - - - 1bd5c13f by Salvatore Bonaccorso at 2018-11-06T18:15:11Z Add warning note - - - - - 1 changed file: - doc/security-team.d.o/contact Changes: = doc/security-team.d.o/contact = @@ -1,3 +1,5 @@ +This is more a TODO list/work in progress to improve documentation + Mail @@ -6,10 +8,10 @@ Mail What each list is for: -- -- debian-secur...@lists.debian.org +- t...@security.debian.org / secur...@debian.org (security team contact) +- debian-secur...@lists.debian.org (public discussion list) - debian-secur...@debian.org seems to be redirected to debian-priv...@lists.debian.org -- debian-security-trac...@lists.debian.org -- t...@security.debian.org +- debian-security-trac...@lists.debian.org (security tracker discussion list) - (and more) - consolidate lists? (which are needed? explicit names, e.g., -public/-private) - RT? (incoming queue for non encrypted mails) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e...1bd5c13fb744cddc051e5bb0bd4bfed6afd3b778 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e...1bd5c13fb744cddc051e5bb0bd4bfed6afd3b778 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Three curl CVEs were adressed in recent DLA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b5a6165 by Salvatore Bonaccorso at 2018-11-06T18:08:34Z
Three curl CVEs were adressed in recent DLA
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -102212,7 +102212,6 @@ CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1
is vulnerable to an improper
CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow
when ...)
{DLA-767-1}
- curl 7.52.1-1 (bug #848958)
- [jessie] - curl (Minor issue)
NOTE: https://curl.haxx.se/docs/adv_20161221A.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
NOTE: There are no known vulnerable applications but as this is a
@@ -110061,7 +110060,6 @@ CVE-2016-7168 (Cross-site scripting (XSS)
vulnerability in the media_handle_uplo
CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
{DLA-625-1}
- curl 7.51.0-1 (bug #837945)
- [jessie] - curl (Minor issue, can be fixed in point release or
next DSA)
NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
@@ -110198,7 +110196,6 @@ CVE-2016-7135 (Directory traversal vulnerability in
Plone CMS 5.x through 5.0.6
CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...)
{DLA-616-1}
- curl 7.51.0-1 (bug #836918)
- [jessie] - curl (Minor issue, can be fixed in point release or
next DSA; affects only NSS backend)
NOTE: Only affects libcurl3-nss
NOTE: http://seclists.org/oss-sec/2016/q3/419
NOTE: https://curl.haxx.se/docs/adv_20160907.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b5a6165070a2f0626a3abf7a23cd7f6c2fa1d1e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1568-1 for curl
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98da9693 by Markus Koschany at 2018-11-06T18:04:06Z
Reserve DLA-1568-1 for curl
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[06 Nov 2018] DLA-1568-1 curl - security update
+ {CVE-2016-7141 CVE-2016-7167 CVE-2016-9586 CVE-2018-16839
CVE-2018-16842}
+ [jessie] - curl 7.38.0-4+deb8u13
[05 Nov 2018] DLA-1567-1 gthumb - security update
{CVE-2018-18718}
[jessie] - gthumb 3:3.3.1-2.1+deb8u1
=
data/dla-needed.txt
=
@@ -15,10 +15,6 @@ ansible (Chris Lamb)
cairo
NOTE: 20181024: No fix available yet.
--
-curl (Markus Koschany)
- NOTE: 20181102: consider fixing no-dsa issues too because they are already
- NOTE: fixed in Stretch. (apo)
---
enigmail (Antoine Beaupre)
NOTE: 20180926: see 871s9fps8e@curie.anarc.at before working on this
(anarcat)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/98da969394413bee0b6d49a003fbba93ff64ea11
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/98da969394413bee0b6d49a003fbba93ff64ea11
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim squid3 in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ed38e87 by Abhijith PA at 2018-11-06T16:59:30Z Claim squid3 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -93,7 +93,7 @@ sdl-image1.2 (Chris Lamb) -- spamassassin (Antoine Beaupre) -- -squid3 +squid3 (Abhijith PA) NOTE:20181101: consider fixing no-dsa issues too. (apo) -- symfony (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ed38e873268c3d659d48eceff0bce509d2a04bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ed38e873268c3d659d48eceff0bce509d2a04bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add missing CVE ID for Chromium
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43264cf2 by Moritz Muehlenhoff at 2018-11-06T16:39:07Z
Add missing CVE ID for Chromium
One poppler issue ignored
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -174,6 +174,7 @@ CVE-2018-18898
RESERVED
CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory
leak in ...)
- poppler
+ [stretch] - poppler (Negligable security impact)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
CVE-2018-18896
RESERVED
=
data/DSA/list
=
@@ -11,7 +11,7 @@
{CVE-2018-16839 CVE-2018-16842}
[stretch] - curl 7.52.1-5+deb9u8
[02 Nov 2018] DSA-4330-1 chromium-browser - security update
- {CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464
CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469
CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475
CVE-2018-17476 CVE-2018-17477}
+ {CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464
CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469
CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474
CVE-2018-17475 CVE-2018-17476 CVE-2018-17477}
[stretch] - chromium-browser 70.0.3538.67-1~deb9u1
[28 Oct 2018] DSA-4329-1 teeworlds - security update
{CVE-2018-18541}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43264cf223182a08f40bfa8f85752ae181d73b14
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43264cf223182a08f40bfa8f85752ae181d73b14
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: b0e3cd7a by Emilio Pozuelo Monfort at 2018-11-06T16:34:55Z dla: take thunderbird - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -102,7 +102,8 @@ systemd NOTE: 20181101: I recommend to fix all open issues including the postponed NOTE: ones, too. (apo) -- -thunderbird +thunderbird (Emilio Pozuelo) + NOTE: 20181106: needs rustc/cargo currently in NEW -- tiff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0e3cd7a5c3f90796ffd2b8e15206f3213b3b3bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0e3cd7a5c3f90796ffd2b8e15206f3213b3b3bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add poppler fix
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
17c991f7 by Moritz Muehlenhoff at 2018-11-06T16:16:22Z
Add poppler fix
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5667,7 +5667,7 @@ CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj()
function in Parser.cc ma
- poppler (low; bug #909802)
[stretch] - poppler (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
- NOTE: Proposed fix:
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67
+ NOTE:
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91/diffs?commit_id=e16f2d5bf39842c647d413bbd6e16de73c76a2c8
CVE-2018-16645 (There is an excessive memory allocation issue in the functions
...)
{DSA-4316-1 DLA-1530-1}
- imagemagick 8:6.9.10.14+dfsg-1 (bug #910889)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/17c991f7992270d9f7ecf004741c1c3acc235b8d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/17c991f7992270d9f7ecf004741c1c3acc235b8d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add and claim icu
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: c49ec762 by Roberto C. Sánchez at 2018-11-06T12:25:14Z Add and claim icu - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,6 +32,8 @@ firmware-nonfree (Ben Hutchings) icecast2 (Abhijith PA) NOTE: 20181106: please upload https://git.fosscommunity.in/bhe/patches/raw/master/icecast2_deb8u2.debdiff -- +icu (Roberto C. Sánchez) +-- imagemagick (Thorsten Alteholz) NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats NOTE: 20181023: wait with upload until this is done in unstable -> #907336 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c49ec762be86aa809325aa18d5596a6e669937e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c49ec762be86aa809325aa18d5596a6e669937e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS/claim openssl
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c138db0 by Roberto C. Sánchez at 2018-11-06T12:20:13Z LTS/claim openssl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -79,7 +79,7 @@ openjpeg2 (Hugo Lefeuvre) NOTE: to approve CVE-2017-17480 before upload. NOTE: had in depth investigations for CVE-2018-5727, see upstream bug report -- -openssl +openssl (Roberto C. Sánchez) -- qemu (Santiago) NOTE: 20181026: no fix yet for recent dsa issues, but start working on View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c138db045d3344eabcdccd5c31901d94fe4f311 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c138db045d3344eabcdccd5c31901d94fe4f311 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-18956/suricata
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a216d66b by Salvatore Bonaccorso at 2018-11-06T10:00:08Z Add CVE-2018-18956/suricata - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,7 +47,9 @@ CVE-2018-18958 CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffer ...) NOT-FOR-US: libIEC61850 CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x ...) - TODO: check + - suricata + NOTE: https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html + NOTE: https://redmine.openinfosecfoundation.org/issues/2658#change-10374 CVE-2018-18955 RESERVED CVE-2018-18954 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a216d66b0a871775920d2be24ce4f44d8973715a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a216d66b0a871775920d2be24ce4f44d8973715a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note to icecast2 in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d726b03 by Abhijith PA at 2018-11-06T09:46:34Z Add note to icecast2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -30,6 +30,7 @@ firmware-nonfree (Ben Hutchings) NOTE: Waiting for approval of Stretch update. -- icecast2 (Abhijith PA) + NOTE: 20181106: please upload https://git.fosscommunity.in/bhe/patches/raw/master/icecast2_deb8u2.debdiff -- imagemagick (Thorsten Alteholz) NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d726b031df81d27f1b797cb1a751a045418bd3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d726b031df81d27f1b797cb1a751a045418bd3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c4a17fa4 by Salvatore Bonaccorso at 2018-11-06T08:34:04Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager CVE-2018-18979 RESERVED CVE-2018-18978 @@ -27,13 +27,13 @@ CVE-2018-18968 CVE-2018-18967 RESERVED CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce ...) - TODO: check + NOT-FOR-US: Degrau Publicidade e Internet Plataforma de E-commerce CVE-2018-18962 RESERVED CVE-2018-18961 @@ -45,7 +45,7 @@ CVE-2018-18959 CVE-2018-18958 RESERVED CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffer ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x ...) TODO: check CVE-2018-18955 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a17fa4c2a1da16d5cd5c1416af641784ded715 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a17fa4c2a1da16d5cd5c1416af641784ded715 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 530f8354 by security tracker role at 2018-11-06T08:10:16Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...) + TODO: check +CVE-2018-18979 + RESERVED +CVE-2018-18978 + RESERVED +CVE-2018-18977 + RESERVED +CVE-2018-18976 + RESERVED +CVE-2018-18975 + RESERVED +CVE-2018-18974 + RESERVED +CVE-2018-18973 + RESERVED +CVE-2018-18972 + RESERVED +CVE-2018-18971 + RESERVED +CVE-2018-18970 + RESERVED +CVE-2018-18969 + RESERVED +CVE-2018-18968 + RESERVED +CVE-2018-18967 + RESERVED +CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) + TODO: check +CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) + TODO: check +CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist ...) + TODO: check +CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce ...) + TODO: check +CVE-2018-18962 + RESERVED +CVE-2018-18961 + RESERVED +CVE-2018-18960 + RESERVED +CVE-2018-18959 + RESERVED +CVE-2018-18958 + RESERVED +CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffer ...) + TODO: check +CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x ...) + TODO: check +CVE-2018-18955 + RESERVED CVE-2018-18954 RESERVED CVE-2018-18953 @@ -2632,24 +2684,24 @@ CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P NOT-FOR-US: P2P Cloud Server CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI ...) NOT-FOR-US: InduSoft Web Studio -CVE-2018-17913 - RESERVED +CVE-2018-17913 (A type confusion vulnerability exists when processing project files in ...) + TODO: check CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...) NOT-FOR-US: CASE Suite CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based ...) NOT-FOR-US: LAquis SCADA CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly ...) NOT-FOR-US: Advantech WebAccess -CVE-2018-17909 - RESERVED +CVE-2018-17909 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) + TODO: check CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the ...) NOT-FOR-US: Advantech WebAccess -CVE-2018-17907 - RESERVED +CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) + TODO: check CVE-2018-17906 RESERVED -CVE-2018-17905 - RESERVED +CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...) + TODO: check CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This ...) NOT-FOR-US: Reliance 4 SCADA/HMI CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...) @@ -13743,10 +13795,10 @@ CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucib NOT-FOR-US: Atlassian CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and ...) NOT-FOR-US: Atlassian Fisheye and Crucible -CVE-2018-13397 - RESERVED -CVE-2018-13396 - RESERVED +CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree for ...) + TODO: check +CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree for macOS ...) + TODO: check CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...) NOT-FOR-US: Atlassian Jira CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/530f8354dd64ab635792ec5ae5a947382c6f6cee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/530f8354dd64ab635792ec5ae5a947382c6f6cee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
