[Git][security-tracker-team/security-tracker][master] LTS/Claim libapache-mod-jk
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 1817a88d by Roberto C. Sánchez at 2018-11-12T05:10:50Z LTS/Claim libapache-mod-jk - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -25,7 +25,7 @@ jasper (apo) NOTE: 20181104: consider fixing no-dsa issues too because the package is used NOTE: by almost 50 % of sponsors. (apo) -- -libapache-mod-jk +libapache-mod-jk (Roberto C. Sánchez) NOTE: 20181104: I contacted the security team and asked about upgrading the NOTE: package to the latest upstream version because the changes are rather NOTE: intrusive. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1817a88d51325328664330b5d0cba015aba3f8e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1817a88d51325328664330b5d0cba015aba3f8e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Annotate CVE-2018-18928 as not affecting jessie
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: d493e89c by Roberto C. Sánchez at 2018-11-12T04:59:12Z Annotate CVE-2018-18928 as not affecting jessie - - - - - aaaeb645 by Roberto C. Sánchez at 2018-11-12T05:00:18Z remove icu from dla-needed.txt, no remaining open CVEs - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -571,6 +571,7 @@ CVE-2018-18929 RESERVED CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has an ...) - icu + [jessie] - icu (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=900059 NOTE: Fixed by: https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51 NOTE: https://unicode-org.atlassian.net/browse/ICU-20246 = data/dla-needed.txt = @@ -21,8 +21,6 @@ enigmail (Antoine Beaupre) icecast2 (Abhijith PA) NOTE: 20181106: please upload https://git.fosscommunity.in/bhe/patches/raw/master/icecast2_deb8u2.debdiff -- -icu (Roberto C. Sánchez) --- jasper (apo) NOTE: 20181104: consider fixing no-dsa issues too because the package is used NOTE: by almost 50 % of sponsors. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/009a3d1229413c91a31e2a1d6d375bcd6ce49d66...aaaeb64549f2b548e1ad1663f7fb4a6046a9107f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/009a3d1229413c91a31e2a1d6d375bcd6ce49d66...aaaeb64549f2b548e1ad1663f7fb4a6046a9107f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim openjdk-7
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 009a3d12 by Emilio Pozuelo Monfort at 2018-11-11T21:58:06Z dla: claim openjdk-7 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,7 +54,7 @@ nsis (Thorsten Alteholz) NOTE: 20181007: likely affects UNIX systems. (Chris Lamb) NOTE: 20181110: waiting for email answer -- -openjdk-7 +openjdk-7 (Emilio Pozuelo) -- openjpeg2 (Hugo Lefeuvre) NOTE: 20181022: wrote patches for CVE-2018-5785 and CVE-2017-17480, waiting for upstream View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/009a3d1229413c91a31e2a1d6d375bcd6ce49d66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/009a3d1229413c91a31e2a1d6d375bcd6ce49d66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a4af964f by Moritz Muehlenhoff at 2018-11-11T21:43:22Z stretch triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -163,10 +163,12 @@ CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended NOT-FOR-US: tianti CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD ...) - exiv2 (bug #913272) + [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/426 NOTE: https://github.com/Exiv2/exiv2/pull/518 CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from ...) - exiv2 (bug #913273) + [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/427 NOTE: https://github.com/Exiv2/exiv2/pull/518 CVE-2018-19106 = data/dsa-needed.txt = @@ -20,6 +20,8 @@ ansible -- ceph -- +chromium-browser +-- glusterfs -- gnutls28 @@ -42,10 +44,14 @@ mariadb-10.1/stable -- mercurial -- +mkvtoolnix +-- openjpeg2 (luciano) -- passenger -- +pdns +-- php7.0 wait until more severe issues have come up -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4af964f0a88b3ef0ce742a345697a51c24cf857 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4af964f0a88b3ef0ce742a345697a51c24cf857 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-19052
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b15ca0f by Salvatore Bonaccorso at 2018-11-11T21:27:02Z Add bug reference for CVE-2018-19052 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -303,7 +303,7 @@ CVE-2018-19049 CVE-2017-18351 RESERVED CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c in ...) - - lighttpd + - lighttpd (bug #913528) [stretch] - lighttpd (Minor issue) [jessie] - lighttpd (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b15ca0fc5923361bddb21dd5ca4fe8e3a576998 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b15ca0fc5923361bddb21dd5ca4fe8e3a576998 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1574-1 for imagemagick
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 117350b0 by Thorsten Alteholz at 2018-11-11T21:02:58Z Reserve DLA-1574-1 for imagemagick - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[11 Nov 2018] DLA-1574-1 imagemagick - security update + {CVE-2018-18025} + [jessie] - imagemagick 8:6.8.9.9-5+deb8u15 [10 Nov 2018] DLA-1573-1 firmware-nonfree - security update {CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081} [jessie] - firmware-nonfree 20161130-4~deb8u1 = data/dla-needed.txt = @@ -23,11 +23,6 @@ icecast2 (Abhijith PA) -- icu (Roberto C. Sánchez) -- -imagemagick (Thorsten Alteholz) - NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats - NOTE: 20181023: wait with upload until this is done in unstable -> #907336 - NOTE: 20181110: bug still open so upload without ubuntu patch --- jasper (apo) NOTE: 20181104: consider fixing no-dsa issues too because the package is used NOTE: by almost 50 % of sponsors. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/117350b05525f52c24a02939198ffa5736163937 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/117350b05525f52c24a02939198ffa5736163937 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa entry for CVE-2017-7519/ceph
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7217fe49 by Salvatore Bonaccorso at 2018-11-11T21:00:15Z Remove no-dsa entry for CVE-2017-7519/ceph - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81920,7 +81920,6 @@ CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6 CVE-2017-7519 (In Ceph, a format string flaw was found in the way libradosstriper ...) - ceph 12.2.8+dfsg1-1 (bug #864535) - [stretch] - ceph (Minor issue) [jessie] - ceph (Vulnerable code not present) NOTE: http://tracker.ceph.com/issues/20240 CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the way ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7217fe49af2a67d3f3aafd8afba5dee000572388 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7217fe49af2a67d3f3aafd8afba5dee000572388 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2018-19052 (lighttpd) for jessie.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 62d52130 by Chris Lamb at 2018-11-11T20:58:31Z Triage CVE-2018-19052 (lighttpd) for jessie. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -305,6 +305,7 @@ CVE-2017-18351 CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c in ...) - lighttpd [stretch] - lighttpd (Minor issue) + [jessie] - lighttpd (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d5213025fbb28fd8f5d80f11e415ea45ec6722 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d5213025fbb28fd8f5d80f11e415ea45ec6722 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0beaa53d by Salvatore Bonaccorso at 2018-11-11T20:25:32Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2018-19182 RESERVED CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows ...) - TODO: check + NOT-FOR-US: YUNUCMS CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if ...) - TODO: check + NOT-FOR-US: YUNUCMS CVE-2018-19179 RESERVED CVE-2018-19178 (In JEESNS 1.3, ...) - TODO: check + NOT-FOR-US: JEESNS CVE-2018-19177 RESERVED CVE-2018-19176 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0beaa53d46654738b88f366b54588e14aa9c427d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0beaa53d46654738b88f366b54588e14aa9c427d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0479646f by security tracker role at 2018-11-11T20:10:22Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2018-19182 + RESERVED +CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows ...) + TODO: check +CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if ...) + TODO: check +CVE-2018-19179 + RESERVED +CVE-2018-19178 (In JEESNS 1.3, ...) + TODO: check +CVE-2018-19177 + RESERVED +CVE-2018-19176 + RESERVED +CVE-2018-19175 + RESERVED +CVE-2018-19174 + RESERVED +CVE-2018-19173 + RESERVED +CVE-2018-19172 + RESERVED +CVE-2018-19171 + RESERVED CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first three ...) NOT-FOR-US: JPress CVE-2018-19169 @@ -3018,12 +3042,14 @@ CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGI CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...) NOT-FOR-US: Aryanic HighPortal CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes ...) + {DSA-4338-1} - qemu (bug #911469) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5 CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because ...) + {DSA-4338-1} - qemu (bug #911468) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html @@ -21366,6 +21392,7 @@ CVE-2018-10840 (Linux kernel is vulnerable to a heap-based buffer overflow in th NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199347 NOTE: Fixed by: https://git.kernel.org/linus/8a2b307c21d4b290e3cbe33f768f194286d07c23 CVE-2018-10839 (Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is ...) + {DSA-4338-1} - qemu (bug #910431) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0479646f3529d305289cb1caac431d955588e152 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0479646f3529d305289cb1caac431d955588e152 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track pending fixes for stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 16b5165d by Salvatore Bonaccorso at 2018-11-11T19:54:20Z Track pending fixes for stretch-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -32,3 +32,9 @@ CVE-2018-18718 [stretch] - gthumb 3:3.4.4.1-5+deb9u1 CVE-2018-16336 [stretch] - exiv2 0.25-3.1+deb9u2 +CVE-2018-13053 + [stretch] - linux 4.9.135-1 +CVE-2018-17972 + [stretch] - linux 4.9.135-1 +CVE-2018-18281 + [stretch] - linux 4.9.135-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16b5165d4b4cca59727ff40fc076b603a73e10ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16b5165d4b4cca59727ff40fc076b603a73e10ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] qemu DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 533b6b94 by Moritz Muehlenhoff at 2018-11-11T17:55:42Z qemu DSA - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -711,6 +711,7 @@ CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an CVE-2018-18849 [lsi53c895a: OOB msg buffer access leads to DoS] RESERVED - qemu (bug #912535) + [stretch] - qemu (Minor issue, revisit for later update) - qemu-kvm NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e58ccf039650065a9442de43c9816f81e88f27f6 NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/1 @@ -3042,6 +3043,7 @@ CVE-2018-17959 RESERVED CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c ...) - qemu (bug #911499) + [stretch] - qemu (Minor issue, revisit for later update) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730 = data/DSA/list = @@ -1,3 +1,6 @@ +[11 Nov 2018] DSA-4338-1 qemu - security update + {CVE-2018-10839 CVE-2018-17962 CVE-2018-17963} + [stretch] - qemu 1:2.8+dfsg-6+deb9u5 [10 Nov 2018] DSA-4337-1 thunderbird - security update {CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393} [stretch] - thunderbird 1:60.3.0-1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/533b6b94d5b3f8a1eddfd65a4c5ef54dfc2ad7cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/533b6b94d5b3f8a1eddfd65a4c5ef54dfc2ad7cc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-10861/ceph fixed with 12.2.8 upstream
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4acbe1f by Salvatore Bonaccorso at 2018-11-11T16:37:56Z CVE-2018-10861/ceph fixed with 12.2.8 upstream - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21246,7 +21246,7 @@ CVE-2018-10863 CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate ...) - wildfly (bug #752018) CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any ...) - - ceph (bug #913470) + - ceph 12.2.8+dfsg1-1 (bug #913470) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24838 NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4acbe1f0d277697313dc1ebc5d2c444a4283295 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4acbe1f0d277697313dc1ebc5d2c444a4283295 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix for CVE-2018-1128 included in 12.2.8 upstream
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 37f2446f by Salvatore Bonaccorso at 2018-11-11T16:35:35Z Fix for CVE-2018-1128 included in 12.2.8 upstream - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49117,7 +49117,7 @@ CVE-2018-1128 (It was found that cephx authentication protocol did not verify ce - linux [jessie] - linux (Protocol change is too difficult) NOTE: https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea - - ceph (bug #913471) + - ceph 12.2.8+dfsg1-1 (bug #913471) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24836 NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37f2446f934ecc582d875f0ad7ddf3c081e0f377 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37f2446f934ecc582d875f0ad7ddf3c081e0f377 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix for CVE-2018-1129 included in 12.2.8 upstream
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5dcb2715 by Salvatore Bonaccorso at 2018-11-11T16:33:32Z Fix for CVE-2018-1129 included in 12.2.8 upstream - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49109,7 +49109,7 @@ CVE-2018-1129 (A flaw was found in the way signature calculation was handled by - linux [jessie] - linux (Message signatures not implemented) NOTE: https://git.kernel.org/linus/cc255c76c70f7a87d97939621eae04b600d9f4a1 - - ceph (bug #913472) + - ceph 12.2.8+dfsg1-1 (bug #913472) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24837 NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5dcb27151c50faa528df8dee7e96d4125e5cb171 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5dcb27151c50faa528df8dee7e96d4125e5cb171 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Use the namedtuple class supplied with Python
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dba05bac by Brian May at 2018-08-20T07:13:21Z Use the namedtuple class supplied with Python - - - - - 9dbc156e by Salvatore Bonaccorso at 2018-11-11T14:23:50Z Merge branch 'bam/security-tracker-use_pythons_namedtuple' - - - - - 5 changed files: - doc/python-format.txt - lib/python/sectracker/analyzers.py - lib/python/sectracker/diagnostics.py - lib/python/sectracker/parsers.py - − lib/python/sectracker/xcollections.py Changes: = doc/python-format.txt = @@ -3,8 +3,7 @@ NOTE: THIS DOES NOT DESCRIBE THE CURRENT IMPLEMENTATION # Layout of major internal data structures Most data structures use named tuples, as provided by -xcollections.namedtuples (they are not available in Python 2.5, but -the implementation from Python 2.6 works on Python 2.5, too). +collections.namedtuples. Due to the way unpickling works, you need to import the "parsers" package. = lib/python/sectracker/analyzers.py = @@ -18,7 +18,7 @@ import apt_pkg as _apt_pkg import re as _re -from sectracker.xcollections import namedtuple as _namedtuple +from collections import namedtuple as _namedtuple # vercmp is the Debian version comparison algorithm _apt_pkg.init() = lib/python/sectracker/diagnostics.py = @@ -15,7 +15,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -from sectracker.xcollections import namedtuple as _namedtuple +from collections import namedtuple as _namedtuple Message = _namedtuple("Message", "file line level message") = lib/python/sectracker/parsers.py = @@ -19,7 +19,7 @@ import re import debian_support import sectracker.regexpcase as _regexpcase -from sectracker.xcollections import namedtuple as _namedtuple +from collections import namedtuple as _namedtuple import sectracker.xpickle as _xpickle import sectracker.diagnostics = lib/python/sectracker/xcollections.py deleted = @@ -1,93 +0,0 @@ -# Lifted from python2.6-minimal 2.6.5-1. -# See /usr/share/doc/python2.6/copyright for copyright information. -# -# This version has been modified, unneeded functions have been removed. - -import sys as _sys -from keyword import iskeyword as _iskeyword -from operator import itemgetter as _itemgetter - -def namedtuple(typename, field_names, verbose=False): -"""Returns a new subclass of tuple with named fields. - ->>> Point = namedtuple('Point', 'x y') ->>> Point.__doc__ # docstring for the new class -'Point(x, y)' ->>> p = Point(11, y=22) # instantiate with positional args or keywords ->>> p[0] + p[1] # indexable like a plain tuple -33 ->>> x, y = p# unpack like a regular tuple ->>> x, y -(11, 22) ->>> p.x + p.y # fields also accessable by name -33 ->>> d = p._asdict() # convert to a dictionary ->>> d['x'] -11 ->>> Point(**d) # convert from a dictionary -Point(x=11, y=22) ->>> p._replace(x=100) # _replace() is like str.replace() but targets named fields -Point(x=100, y=22) - -""" - -# Parse and validate the field names. Validation serves two purposes, -# generating informative error messages and preventing template injection attacks. -if isinstance(field_names, basestring): -field_names = field_names.replace(',', ' ').split() # names separated by whitespace and/or commas -field_names = tuple(map(str, field_names)) -for name in (typename,) + field_names: -if not all(c.isalnum() or c=='_' for c in name): -raise ValueError('Type names and field names can only contain alphanumeric characters and underscores: %r' % name) -if _iskeyword(name): -raise ValueError('Type names and field names cannot be a keyword: %r' % name) -if name[0].isdigit(): -raise ValueError('Type names and field names cannot start with a number: %r' % name) -seen_names = set() -for name in field_names: -if name.startswith('_'): -raise ValueError('Field names cannot start with an underscore: %r' % name) -if name in seen_names: -raise ValueError('Encountered duplicate field name: %r' % name) -seen_names.add(name) - -# Create and fill-in the class template -numfields = len(field_names) -argtxt = repr(field_names).replace("'", "")[1:-1] # tuple repr without parens or quotes -reprtxt = ', '.joi
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-15750/salt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b8c6e62 by Salvatore Bonaccorso at 2018-11-11T14:10:08Z Add bug reference for CVE-2018-15750/salt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8455,7 +8455,7 @@ CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allo - salt (bug #913475) NOTE: Fixed in 2017.7.8, 2018.3.3 CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...) - - salt + - salt (bug #913476) [stretch] - salt (Minor issue) NOTE: Fixed in 2017.7.8, 2018.3.3 CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b8c6e6280e53ce577d6a3e35d2c6ad3197ff077 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b8c6e6280e53ce577d6a3e35d2c6ad3197ff077 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-15751/salt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a3d5a63 by Salvatore Bonaccorso at 2018-11-11T14:02:55Z Add bug reference for CVE-2018-15751/salt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8452,7 +8452,7 @@ CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensa CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...) NOT-FOR-US: MensaMax application for Android CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow ...) - - salt + - salt (bug #913475) NOTE: Fixed in 2017.7.8, 2018.3.3 CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...) - salt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a3d5a6344e5319eb2d97757c8d3eefc61472198 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a3d5a6344e5319eb2d97757c8d3eefc61472198 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug references for ceph issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0133195 by Salvatore Bonaccorso at 2018-11-11T13:31:48Z Add bug references for ceph issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21246,7 +21246,7 @@ CVE-2018-10863 CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate ...) - wildfly (bug #752018) CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any ...) - - ceph + - ceph (bug #913470) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24838 NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc @@ -49109,7 +49109,7 @@ CVE-2018-1129 (A flaw was found in the way signature calculation was handled by - linux [jessie] - linux (Message signatures not implemented) NOTE: https://git.kernel.org/linus/cc255c76c70f7a87d97939621eae04b600d9f4a1 - - ceph + - ceph (bug #913472) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24837 NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587 @@ -49117,7 +49117,7 @@ CVE-2018-1128 (It was found that cephx authentication protocol did not verify ce - linux [jessie] - linux (Protocol change is too difficult) NOTE: https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea - - ceph + - ceph (bug #913471) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24836 NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e013319502b2d20e8c93f3a86e46a521ad405863 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e013319502b2d20e8c93f3a86e46a521ad405863 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] three keepalived issues unimportant
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f1035520 by Moritz Muehlenhoff at 2018-11-11T12:42:31Z three keepalived issues unimportant lighttpd, mini-httpd no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -280,23 +280,25 @@ CVE-2017-18351 RESERVED CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c in ...) - lighttpd + [stretch] - lighttpd (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 RESERVED CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application ...) NOT-FOR-US: mPDF CVE-2018-19046 (keepalived 2.0.8 didn't check for existing plain files when writing ...) - - keepalived + - keepalived (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141 NOTE: https://github.com/acassen/keepalived/issues/1048 + NOTE: Neutralised by kernel hardening CVE-2018-19045 (keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...) - - keepalived + - keepalived (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141 NOTE: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6 NOTE: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067 - NOTE: ttps://github.com/acassen/keepalived/issues/1048 + NOTE: https://github.com/acassen/keepalived/issues/1048 CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...) - - keepalived + - keepalived (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141 NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306 NOTE: https://github.com/acassen/keepalived/issues/1048 @@ -878,6 +880,7 @@ CVE-2018-18779 RESERVED CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary files. ...) - mini-httpd (bug #913095) + [stretch] - mini-httpd (Minor issue) CVE-2018-18777 (Directory traversal vulnerability in Microstrategy Web, version 7, in ...) NOT-FOR-US: Microstrategy Web CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f10355208a0b294478531f1d2a2ef7a41cf06f28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f10355208a0b294478531f1d2a2ef7a41cf06f28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fac307bb by Moritz Muehlenhoff at 2018-11-11T11:38:11Z new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4088,6 +4088,8 @@ CVE-2018-17479 RESERVED CVE-2018-17478 RESERVED + - chromium-browser + [jessie] - chromium-browser (End of life, see DSA 4020) CVE-2018-17477 RESERVED {DSA-4330-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac307bbfab0e50c2d1b6f46fd1b99a874d31a1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac307bbfab0e50c2d1b6f46fd1b99a874d31a1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] remove n/a for ansible
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 07f86154 by Moritz Muehlenhoff at 2018-11-11T11:25:19Z remove n/a for ansible - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21270,7 +21270,6 @@ CVE-2018-10856 (It has been discovered that podman before version 0.6.1 does not NOT-FOR-US: Podman CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the ...) - ansible 2.5.5+dfsg-1 (low) - [stretch] - ansible (Vulnerable code not present) [jessie] - ansible (vulnerable code not present) NOTE: https://github.com/ansible/ansible/pull/41414 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588855 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07f8615450f5e2e7d63bdd14d088814ded062146 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07f8615450f5e2e7d63bdd14d088814ded062146 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02586405 by Salvatore Bonaccorso at 2018-11-11T08:58:30Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first three ...) - TODO: check + NOT-FOR-US: JPress CVE-2018-19169 RESERVED CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi ...) - TODO: check + NOT-FOR-US: FruityWifi CVE-2018-19167 RESERVED CVE-2018-19166 @@ -65,7 +65,7 @@ CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...) NOT-FOR-US: DomainMOD CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file ...) - TODO: check + NOT-FOR-US: ClipperCMS CVE-2018-19134 RESERVED CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/025864055128b1780af55ee26a598597581221a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/025864055128b1780af55ee26a598597581221a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7eb469d8 by security tracker role at 2018-11-11T08:10:21Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first three ...) + TODO: check +CVE-2018-19169 + RESERVED +CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi ...) + TODO: check +CVE-2018-19167 + RESERVED +CVE-2018-19166 + RESERVED +CVE-2018-19165 + RESERVED +CVE-2018-19164 + RESERVED +CVE-2018-19163 + RESERVED +CVE-2018-19162 + RESERVED +CVE-2018-19161 + RESERVED +CVE-2018-19160 + RESERVED +CVE-2018-19159 + RESERVED +CVE-2018-19158 + RESERVED +CVE-2018-19157 + RESERVED +CVE-2018-19156 + RESERVED +CVE-2018-19155 + RESERVED +CVE-2018-19154 + RESERVED +CVE-2018-19153 + RESERVED +CVE-2018-19152 + RESERVED +CVE-2018-19151 + RESERVED CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in ...) NOT-FOR-US: pdfforge PDF Architect CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...) @@ -24,8 +64,8 @@ CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address NOT-FOR-US: DomainMOD CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...) NOT-FOR-US: DomainMOD -CVE-2018-19135 - RESERVED +CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file ...) + TODO: check CVE-2018-19134 RESERVED CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...) @@ -53,20 +93,17 @@ CVE-2018-19122 (An issue has been found in libIEC61850 v1.3. It is a NULL pointe NOT-FOR-US: libIEC61850 CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in ...) NOT-FOR-US: libIEC61850 -CVE-2018-19141 [otrs: Security Advisory 2018-09] - RESERVED +CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...) - otrs2 6.0.1-1 NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/ NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions). NOTE: Add workaround and mark first 6.x version as fixing version -CVE-2018-19142 [otrs: Security Advisory 2018-08] - RESERVED +CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin ...) - otrs2 6.0.13-1 [stretch] - otrs2 (Only affects 6.x) [jessie] - otrs2 (Only affects 6.x) NOTE: https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/ -CVE-2018-19143 [otrs: Security Advisory 2018-07] - RESERVED +CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before ...) - otrs2 6.0.13-1 NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/ CVE-2018-19120 @@ -16906,7 +16943,7 @@ CVE-2018-12394 RESERVED CVE-2018-12393 RESERVED - {DSA-4324-1 DLA-1571-1} + {DSA-4337-1 DSA-4324-1 DLA-1571-1} - firefox-esr 60.3.0esr-1 - firefox 63.0-1 - thunderbird 1:60.3.0-1 @@ -16915,7 +16952,7 @@ CVE-2018-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393 CVE-2018-12392 RESERVED - {DSA-4324-1 DLA-1571-1} + {DSA-4337-1 DSA-4324-1 DLA-1571-1} - firefox-esr 60.3.0esr-1 - firefox 63.0-1 - thunderbird 1:60.3.0-1 @@ -16932,7 +16969,7 @@ CVE-2018-12391 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391 CVE-2018-12390 RESERVED - {DSA-4324-1 DLA-1571-1} + {DSA-4337-1 DSA-4324-1 DLA-1571-1} - firefox-esr 60.3.0esr-1 - firefox 63.0-1 - thunderbird 1:60.3.0-1 @@ -16941,7 +16978,7 @@ CVE-2018-12390 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390 CVE-2018-12389 RESERVED - {DSA-4324-1 DLA-1571-1} + {DSA-4337-1 DSA-4324-1 DLA-1571-1} - firefox-esr 60.3.0esr-1 - thunderbird 1:60.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389 @@ -47903,8 +47940,8 @@ CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManag NOT-FOR-US: Fortinet CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for Android ...) NOT-FOR-US: Dolphin Browser for Android -CVE-2017-17550 - RESERVED +CVE-2017-17550 (ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a ...) + TODO: check CVE-2017-