[Git][security-tracker-team/security-tracker][master] LTS/Claim libapache-mod-jk
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 1817a88d by Roberto C. Sánchez at 2018-11-12T05:10:50Z LTS/Claim libapache-mod-jk - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -25,7 +25,7 @@ jasper (apo) NOTE: 20181104: consider fixing no-dsa issues too because the package is used NOTE: by almost 50 % of sponsors. (apo) -- -libapache-mod-jk +libapache-mod-jk (Roberto C. Sánchez) NOTE: 20181104: I contacted the security team and asked about upgrading the NOTE: package to the latest upstream version because the changes are rather NOTE: intrusive. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1817a88d51325328664330b5d0cba015aba3f8e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1817a88d51325328664330b5d0cba015aba3f8e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Annotate CVE-2018-18928 as not affecting jessie
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: d493e89c by Roberto C. Sánchez at 2018-11-12T04:59:12Z Annotate CVE-2018-18928 as not affecting jessie - - - - - aaaeb645 by Roberto C. Sánchez at 2018-11-12T05:00:18Z remove icu from dla-needed.txt, no remaining open CVEs - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -571,6 +571,7 @@ CVE-2018-18929 RESERVED CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has an ...) - icu + [jessie] - icu (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=900059 NOTE: Fixed by: https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51 NOTE: https://unicode-org.atlassian.net/browse/ICU-20246 = data/dla-needed.txt = @@ -21,8 +21,6 @@ enigmail (Antoine Beaupre) icecast2 (Abhijith PA) NOTE: 20181106: please upload https://git.fosscommunity.in/bhe/patches/raw/master/icecast2_deb8u2.debdiff -- -icu (Roberto C. Sánchez) --- jasper (apo) NOTE: 20181104: consider fixing no-dsa issues too because the package is used NOTE: by almost 50 % of sponsors. (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/009a3d1229413c91a31e2a1d6d375bcd6ce49d66...aaaeb64549f2b548e1ad1663f7fb4a6046a9107f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/009a3d1229413c91a31e2a1d6d375bcd6ce49d66...aaaeb64549f2b548e1ad1663f7fb4a6046a9107f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim openjdk-7
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 009a3d12 by Emilio Pozuelo Monfort at 2018-11-11T21:58:06Z dla: claim openjdk-7 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,7 +54,7 @@ nsis (Thorsten Alteholz) NOTE: 20181007: likely affects UNIX systems. (Chris Lamb) NOTE: 20181110: waiting for email answer -- -openjdk-7 +openjdk-7 (Emilio Pozuelo) -- openjpeg2 (Hugo Lefeuvre) NOTE: 20181022: wrote patches for CVE-2018-5785 and CVE-2017-17480, waiting for upstream View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/009a3d1229413c91a31e2a1d6d375bcd6ce49d66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/009a3d1229413c91a31e2a1d6d375bcd6ce49d66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a4af964f by Moritz Muehlenhoff at 2018-11-11T21:43:22Z stretch triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -163,10 +163,12 @@ CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended NOT-FOR-US: tianti CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD ...) - exiv2 (bug #913272) + [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/426 NOTE: https://github.com/Exiv2/exiv2/pull/518 CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from ...) - exiv2 (bug #913273) + [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/427 NOTE: https://github.com/Exiv2/exiv2/pull/518 CVE-2018-19106 = data/dsa-needed.txt = @@ -20,6 +20,8 @@ ansible -- ceph -- +chromium-browser +-- glusterfs -- gnutls28 @@ -42,10 +44,14 @@ mariadb-10.1/stable -- mercurial -- +mkvtoolnix +-- openjpeg2 (luciano) -- passenger -- +pdns +-- php7.0 wait until more severe issues have come up -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4af964f0a88b3ef0ce742a345697a51c24cf857 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4af964f0a88b3ef0ce742a345697a51c24cf857 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-19052
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b15ca0f by Salvatore Bonaccorso at 2018-11-11T21:27:02Z Add bug reference for CVE-2018-19052 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -303,7 +303,7 @@ CVE-2018-19049 CVE-2017-18351 RESERVED CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c in ...) - - lighttpd + - lighttpd (bug #913528) [stretch] - lighttpd (Minor issue) [jessie] - lighttpd (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b15ca0fc5923361bddb21dd5ca4fe8e3a576998 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b15ca0fc5923361bddb21dd5ca4fe8e3a576998 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1574-1 for imagemagick
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
117350b0 by Thorsten Alteholz at 2018-11-11T21:02:58Z
Reserve DLA-1574-1 for imagemagick
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[11 Nov 2018] DLA-1574-1 imagemagick - security update
+ {CVE-2018-18025}
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u15
[10 Nov 2018] DLA-1573-1 firmware-nonfree - security update
{CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077
CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081}
[jessie] - firmware-nonfree 20161130-4~deb8u1
=
data/dla-needed.txt
=
@@ -23,11 +23,6 @@ icecast2 (Abhijith PA)
--
icu (Roberto C. Sánchez)
--
-imagemagick (Thorsten Alteholz)
- NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled
formats
- NOTE: 20181023: wait with upload until this is done in unstable -> #907336
- NOTE: 20181110: bug still open so upload without ubuntu patch
---
jasper (apo)
NOTE: 20181104: consider fixing no-dsa issues too because the package is used
NOTE: by almost 50 % of sponsors. (apo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/117350b05525f52c24a02939198ffa5736163937
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/117350b05525f52c24a02939198ffa5736163937
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa entry for CVE-2017-7519/ceph
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7217fe49 by Salvatore Bonaccorso at 2018-11-11T21:00:15Z Remove no-dsa entry for CVE-2017-7519/ceph - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81920,7 +81920,6 @@ CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6 CVE-2017-7519 (In Ceph, a format string flaw was found in the way libradosstriper ...) - ceph 12.2.8+dfsg1-1 (bug #864535) - [stretch] - ceph (Minor issue) [jessie] - ceph (Vulnerable code not present) NOTE: http://tracker.ceph.com/issues/20240 CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the way ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7217fe49af2a67d3f3aafd8afba5dee000572388 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7217fe49af2a67d3f3aafd8afba5dee000572388 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2018-19052 (lighttpd) for jessie.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 62d52130 by Chris Lamb at 2018-11-11T20:58:31Z Triage CVE-2018-19052 (lighttpd) for jessie. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -305,6 +305,7 @@ CVE-2017-18351 CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c in ...) - lighttpd [stretch] - lighttpd (Minor issue) + [jessie] - lighttpd (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d5213025fbb28fd8f5d80f11e415ea45ec6722 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d5213025fbb28fd8f5d80f11e415ea45ec6722 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0beaa53d by Salvatore Bonaccorso at 2018-11-11T20:25:32Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2018-19182 RESERVED CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows ...) - TODO: check + NOT-FOR-US: YUNUCMS CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if ...) - TODO: check + NOT-FOR-US: YUNUCMS CVE-2018-19179 RESERVED CVE-2018-19178 (In JEESNS 1.3, ...) - TODO: check + NOT-FOR-US: JEESNS CVE-2018-19177 RESERVED CVE-2018-19176 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0beaa53d46654738b88f366b54588e14aa9c427d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0beaa53d46654738b88f366b54588e14aa9c427d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0479646f by security tracker role at 2018-11-11T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,27 @@
+CVE-2018-19182
+ RESERVED
+CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5
allows ...)
+ TODO: check
+CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if
...)
+ TODO: check
+CVE-2018-19179
+ RESERVED
+CVE-2018-19178 (In JEESNS 1.3, ...)
+ TODO: check
+CVE-2018-19177
+ RESERVED
+CVE-2018-19176
+ RESERVED
+CVE-2018-19175
+ RESERVED
+CVE-2018-19174
+ RESERVED
+CVE-2018-19173
+ RESERVED
+CVE-2018-19172
+ RESERVED
+CVE-2018-19171
+ RESERVED
CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first
three ...)
NOT-FOR-US: JPress
CVE-2018-19169
@@ -3018,12 +3042,14 @@ CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak
vulnerability in WriteSGI
CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
NOT-FOR-US: Aryanic HighPortal
CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet
sizes ...)
+ {DSA-4338-1}
- qemu (bug #911469)
- qemu-kvm
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5
CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c
because ...)
+ {DSA-4338-1}
- qemu (bug #911468)
- qemu-kvm
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
@@ -21366,6 +21392,7 @@ CVE-2018-10840 (Linux kernel is vulnerable to a
heap-based buffer overflow in th
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199347
NOTE: Fixed by:
https://git.kernel.org/linus/8a2b307c21d4b290e3cbe33f768f194286d07c23
CVE-2018-10839 (Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation
support is ...)
+ {DSA-4338-1}
- qemu (bug #910431)
- qemu-kvm
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0479646f3529d305289cb1caac431d955588e152
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0479646f3529d305289cb1caac431d955588e152
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track pending fixes for stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 16b5165d by Salvatore Bonaccorso at 2018-11-11T19:54:20Z Track pending fixes for stretch-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -32,3 +32,9 @@ CVE-2018-18718 [stretch] - gthumb 3:3.4.4.1-5+deb9u1 CVE-2018-16336 [stretch] - exiv2 0.25-3.1+deb9u2 +CVE-2018-13053 + [stretch] - linux 4.9.135-1 +CVE-2018-17972 + [stretch] - linux 4.9.135-1 +CVE-2018-18281 + [stretch] - linux 4.9.135-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16b5165d4b4cca59727ff40fc076b603a73e10ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16b5165d4b4cca59727ff40fc076b603a73e10ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] qemu DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
533b6b94 by Moritz Muehlenhoff at 2018-11-11T17:55:42Z
qemu DSA
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -711,6 +711,7 @@ CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x
before 2018.9.1, an
CVE-2018-18849 [lsi53c895a: OOB msg buffer access leads to DoS]
RESERVED
- qemu (bug #912535)
+ [stretch] - qemu (Minor issue, revisit for later update)
- qemu-kvm
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=e58ccf039650065a9442de43c9816f81e88f27f6
NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/1
@@ -3042,6 +3043,7 @@ CVE-2018-17959
RESERVED
CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in
hw/net/rtl8139.c ...)
- qemu (bug #911499)
+ [stretch] - qemu (Minor issue, revisit for later update)
- qemu-kvm
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[11 Nov 2018] DSA-4338-1 qemu - security update
+ {CVE-2018-10839 CVE-2018-17962 CVE-2018-17963}
+ [stretch] - qemu 1:2.8+dfsg-6+deb9u5
[10 Nov 2018] DSA-4337-1 thunderbird - security update
{CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393}
[stretch] - thunderbird 1:60.3.0-1~deb9u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/533b6b94d5b3f8a1eddfd65a4c5ef54dfc2ad7cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/533b6b94d5b3f8a1eddfd65a4c5ef54dfc2ad7cc
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-10861/ceph fixed with 12.2.8 upstream
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4acbe1f by Salvatore Bonaccorso at 2018-11-11T16:37:56Z CVE-2018-10861/ceph fixed with 12.2.8 upstream - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21246,7 +21246,7 @@ CVE-2018-10863 CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate ...) - wildfly (bug #752018) CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any ...) - - ceph (bug #913470) + - ceph 12.2.8+dfsg1-1 (bug #913470) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24838 NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4acbe1f0d277697313dc1ebc5d2c444a4283295 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4acbe1f0d277697313dc1ebc5d2c444a4283295 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix for CVE-2018-1128 included in 12.2.8 upstream
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 37f2446f by Salvatore Bonaccorso at 2018-11-11T16:35:35Z Fix for CVE-2018-1128 included in 12.2.8 upstream - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49117,7 +49117,7 @@ CVE-2018-1128 (It was found that cephx authentication protocol did not verify ce - linux [jessie] - linux (Protocol change is too difficult) NOTE: https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea - - ceph (bug #913471) + - ceph 12.2.8+dfsg1-1 (bug #913471) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24836 NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37f2446f934ecc582d875f0ad7ddf3c081e0f377 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37f2446f934ecc582d875f0ad7ddf3c081e0f377 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix for CVE-2018-1129 included in 12.2.8 upstream
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5dcb2715 by Salvatore Bonaccorso at 2018-11-11T16:33:32Z Fix for CVE-2018-1129 included in 12.2.8 upstream - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49109,7 +49109,7 @@ CVE-2018-1129 (A flaw was found in the way signature calculation was handled by - linux [jessie] - linux (Message signatures not implemented) NOTE: https://git.kernel.org/linus/cc255c76c70f7a87d97939621eae04b600d9f4a1 - - ceph (bug #913472) + - ceph 12.2.8+dfsg1-1 (bug #913472) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24837 NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5dcb27151c50faa528df8dee7e96d4125e5cb171 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5dcb27151c50faa528df8dee7e96d4125e5cb171 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Use the namedtuple class supplied with Python
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dba05bac by Brian May at 2018-08-20T07:13:21Z
Use the namedtuple class supplied with Python
- - - - -
9dbc156e by Salvatore Bonaccorso at 2018-11-11T14:23:50Z
Merge branch 'bam/security-tracker-use_pythons_namedtuple'
- - - - -
5 changed files:
- doc/python-format.txt
- lib/python/sectracker/analyzers.py
- lib/python/sectracker/diagnostics.py
- lib/python/sectracker/parsers.py
- − lib/python/sectracker/xcollections.py
Changes:
=
doc/python-format.txt
=
@@ -3,8 +3,7 @@ NOTE: THIS DOES NOT DESCRIBE THE CURRENT IMPLEMENTATION
# Layout of major internal data structures
Most data structures use named tuples, as provided by
-xcollections.namedtuples (they are not available in Python 2.5, but
-the implementation from Python 2.6 works on Python 2.5, too).
+collections.namedtuples.
Due to the way unpickling works, you need to import the "parsers"
package.
=
lib/python/sectracker/analyzers.py
=
@@ -18,7 +18,7 @@
import apt_pkg as _apt_pkg
import re as _re
-from sectracker.xcollections import namedtuple as _namedtuple
+from collections import namedtuple as _namedtuple
# vercmp is the Debian version comparison algorithm
_apt_pkg.init()
=
lib/python/sectracker/diagnostics.py
=
@@ -15,7 +15,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-from sectracker.xcollections import namedtuple as _namedtuple
+from collections import namedtuple as _namedtuple
Message = _namedtuple("Message", "file line level message")
=
lib/python/sectracker/parsers.py
=
@@ -19,7 +19,7 @@ import re
import debian_support
import sectracker.regexpcase as _regexpcase
-from sectracker.xcollections import namedtuple as _namedtuple
+from collections import namedtuple as _namedtuple
import sectracker.xpickle as _xpickle
import sectracker.diagnostics
=
lib/python/sectracker/xcollections.py deleted
=
@@ -1,93 +0,0 @@
-# Lifted from python2.6-minimal 2.6.5-1.
-# See /usr/share/doc/python2.6/copyright for copyright information.
-#
-# This version has been modified, unneeded functions have been removed.
-
-import sys as _sys
-from keyword import iskeyword as _iskeyword
-from operator import itemgetter as _itemgetter
-
-def namedtuple(typename, field_names, verbose=False):
-"""Returns a new subclass of tuple with named fields.
-
->>> Point = namedtuple('Point', 'x y')
->>> Point.__doc__ # docstring for the new class
-'Point(x, y)'
->>> p = Point(11, y=22) # instantiate with positional args or
keywords
->>> p[0] + p[1] # indexable like a plain tuple
-33
->>> x, y = p# unpack like a regular tuple
->>> x, y
-(11, 22)
->>> p.x + p.y # fields also accessable by name
-33
->>> d = p._asdict() # convert to a dictionary
->>> d['x']
-11
->>> Point(**d) # convert from a dictionary
-Point(x=11, y=22)
->>> p._replace(x=100) # _replace() is like str.replace() but
targets named fields
-Point(x=100, y=22)
-
-"""
-
-# Parse and validate the field names. Validation serves two purposes,
-# generating informative error messages and preventing template injection
attacks.
-if isinstance(field_names, basestring):
-field_names = field_names.replace(',', ' ').split() # names separated
by whitespace and/or commas
-field_names = tuple(map(str, field_names))
-for name in (typename,) + field_names:
-if not all(c.isalnum() or c=='_' for c in name):
-raise ValueError('Type names and field names can only contain
alphanumeric characters and underscores: %r' % name)
-if _iskeyword(name):
-raise ValueError('Type names and field names cannot be a keyword:
%r' % name)
-if name[0].isdigit():
-raise ValueError('Type names and field names cannot start with a
number: %r' % name)
-seen_names = set()
-for name in field_names:
-if name.startswith('_'):
-raise ValueError('Field names cannot start with an underscore: %r'
% name)
-if name in seen_names:
-raise ValueError('Encountered duplicate field name: %r' % name)
-seen_names.add(name)
-
-# Create and fill-in the class template
-numfields = len(field_names)
-argtxt = repr(field_names).replace("'", "")[1:-1] # tuple repr without
parens or quotes
-reprtxt = ', '.joi
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-15750/salt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b8c6e62 by Salvatore Bonaccorso at 2018-11-11T14:10:08Z Add bug reference for CVE-2018-15750/salt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8455,7 +8455,7 @@ CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allo - salt (bug #913475) NOTE: Fixed in 2017.7.8, 2018.3.3 CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...) - - salt + - salt (bug #913476) [stretch] - salt (Minor issue) NOTE: Fixed in 2017.7.8, 2018.3.3 CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b8c6e6280e53ce577d6a3e35d2c6ad3197ff077 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b8c6e6280e53ce577d6a3e35d2c6ad3197ff077 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-15751/salt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a3d5a63 by Salvatore Bonaccorso at 2018-11-11T14:02:55Z Add bug reference for CVE-2018-15751/salt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8452,7 +8452,7 @@ CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensa CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...) NOT-FOR-US: MensaMax application for Android CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow ...) - - salt + - salt (bug #913475) NOTE: Fixed in 2017.7.8, 2018.3.3 CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...) - salt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a3d5a6344e5319eb2d97757c8d3eefc61472198 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a3d5a6344e5319eb2d97757c8d3eefc61472198 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug references for ceph issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0133195 by Salvatore Bonaccorso at 2018-11-11T13:31:48Z Add bug references for ceph issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21246,7 +21246,7 @@ CVE-2018-10863 CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate ...) - wildfly (bug #752018) CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any ...) - - ceph + - ceph (bug #913470) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24838 NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc @@ -49109,7 +49109,7 @@ CVE-2018-1129 (A flaw was found in the way signature calculation was handled by - linux [jessie] - linux (Message signatures not implemented) NOTE: https://git.kernel.org/linus/cc255c76c70f7a87d97939621eae04b600d9f4a1 - - ceph + - ceph (bug #913472) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24837 NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587 @@ -49117,7 +49117,7 @@ CVE-2018-1128 (It was found that cephx authentication protocol did not verify ce - linux [jessie] - linux (Protocol change is too difficult) NOTE: https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea - - ceph + - ceph (bug #913471) [jessie] - ceph (Intrusive changes) NOTE: http://tracker.ceph.com/issues/24836 NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e013319502b2d20e8c93f3a86e46a521ad405863 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e013319502b2d20e8c93f3a86e46a521ad405863 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] three keepalived issues unimportant
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f1035520 by Moritz Muehlenhoff at 2018-11-11T12:42:31Z three keepalived issues unimportant lighttpd, mini-httpd no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -280,23 +280,25 @@ CVE-2017-18351 RESERVED CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c in ...) - lighttpd + [stretch] - lighttpd (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 RESERVED CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application ...) NOT-FOR-US: mPDF CVE-2018-19046 (keepalived 2.0.8 didn't check for existing plain files when writing ...) - - keepalived + - keepalived (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141 NOTE: https://github.com/acassen/keepalived/issues/1048 + NOTE: Neutralised by kernel hardening CVE-2018-19045 (keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...) - - keepalived + - keepalived (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141 NOTE: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6 NOTE: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067 - NOTE: ttps://github.com/acassen/keepalived/issues/1048 + NOTE: https://github.com/acassen/keepalived/issues/1048 CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...) - - keepalived + - keepalived (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141 NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306 NOTE: https://github.com/acassen/keepalived/issues/1048 @@ -878,6 +880,7 @@ CVE-2018-18779 RESERVED CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary files. ...) - mini-httpd (bug #913095) + [stretch] - mini-httpd (Minor issue) CVE-2018-18777 (Directory traversal vulnerability in Microstrategy Web, version 7, in ...) NOT-FOR-US: Microstrategy Web CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f10355208a0b294478531f1d2a2ef7a41cf06f28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f10355208a0b294478531f1d2a2ef7a41cf06f28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fac307bb by Moritz Muehlenhoff at 2018-11-11T11:38:11Z
new chromium issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -4088,6 +4088,8 @@ CVE-2018-17479
RESERVED
CVE-2018-17478
RESERVED
+ - chromium-browser
+ [jessie] - chromium-browser (End of life, see DSA 4020)
CVE-2018-17477
RESERVED
{DSA-4330-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac307bbfab0e50c2d1b6f46fd1b99a874d31a1b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac307bbfab0e50c2d1b6f46fd1b99a874d31a1b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] remove n/a for ansible
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 07f86154 by Moritz Muehlenhoff at 2018-11-11T11:25:19Z remove n/a for ansible - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21270,7 +21270,6 @@ CVE-2018-10856 (It has been discovered that podman before version 0.6.1 does not NOT-FOR-US: Podman CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the ...) - ansible 2.5.5+dfsg-1 (low) - [stretch] - ansible (Vulnerable code not present) [jessie] - ansible (vulnerable code not present) NOTE: https://github.com/ansible/ansible/pull/41414 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588855 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07f8615450f5e2e7d63bdd14d088814ded062146 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/07f8615450f5e2e7d63bdd14d088814ded062146 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02586405 by Salvatore Bonaccorso at 2018-11-11T08:58:30Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first three ...) - TODO: check + NOT-FOR-US: JPress CVE-2018-19169 RESERVED CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi ...) - TODO: check + NOT-FOR-US: FruityWifi CVE-2018-19167 RESERVED CVE-2018-19166 @@ -65,7 +65,7 @@ CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...) NOT-FOR-US: DomainMOD CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file ...) - TODO: check + NOT-FOR-US: ClipperCMS CVE-2018-19134 RESERVED CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/025864055128b1780af55ee26a598597581221a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/025864055128b1780af55ee26a598597581221a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7eb469d8 by security tracker role at 2018-11-11T08:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,43 @@
+CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first
three ...)
+ TODO: check
+CVE-2018-19169
+ RESERVED
+CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in
FruityWifi ...)
+ TODO: check
+CVE-2018-19167
+ RESERVED
+CVE-2018-19166
+ RESERVED
+CVE-2018-19165
+ RESERVED
+CVE-2018-19164
+ RESERVED
+CVE-2018-19163
+ RESERVED
+CVE-2018-19162
+ RESERVED
+CVE-2018-19161
+ RESERVED
+CVE-2018-19160
+ RESERVED
+CVE-2018-19159
+ RESERVED
+CVE-2018-19158
+ RESERVED
+CVE-2018-19157
+ RESERVED
+CVE-2018-19156
+ RESERVED
+CVE-2018-19155
+ RESERVED
+CVE-2018-19154
+ RESERVED
+CVE-2018-19153
+ RESERVED
+CVE-2018-19152
+ RESERVED
+CVE-2018-19151
+ RESERVED
CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll
in ...)
NOT-FOR-US: pdfforge PDF Architect
CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...)
@@ -24,8 +64,8 @@ CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the
assets/edit/ip-address
NOT-FOR-US: DomainMOD
CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...)
NOT-FOR-US: DomainMOD
-CVE-2018-19135
- RESERVED
+CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder
file ...)
+ TODO: check
CVE-2018-19134
RESERVED
CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get
everyone's email ...)
@@ -53,20 +93,17 @@ CVE-2018-19122 (An issue has been found in libIEC61850
v1.3. It is a NULL pointe
NOT-FOR-US: libIEC61850
CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in
...)
NOT-FOR-US: libIEC61850
-CVE-2018-19141 [otrs: Security Advisory 2018-09]
- RESERVED
+CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and
5.0.x before ...)
- otrs2 6.0.1-1
NOTE:
https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
NOTE: Only the 4.x and 5.x series are affected (and possibly earlier
versions).
NOTE: Add workaround and mark first 6.x version as fixing version
-CVE-2018-19142 [otrs: Security Advisory 2018-08]
- RESERVED
+CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows
an admin ...)
- otrs2 6.0.13-1
[stretch] - otrs2 (Only affects 6.x)
[jessie] - otrs2 (Only affects 6.x)
NOTE:
https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/
-CVE-2018-19143 [otrs: Security Advisory 2018-07]
- RESERVED
+CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x
before ...)
- otrs2 6.0.13-1
NOTE:
https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
CVE-2018-19120
@@ -16906,7 +16943,7 @@ CVE-2018-12394
RESERVED
CVE-2018-12393
RESERVED
- {DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -16915,7 +16952,7 @@ CVE-2018-12393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393
CVE-2018-12392
RESERVED
- {DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -16932,7 +16969,7 @@ CVE-2018-12391
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391
CVE-2018-12390
RESERVED
- {DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -16941,7 +16978,7 @@ CVE-2018-12390
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
CVE-2018-12389
RESERVED
- {DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- thunderbird 1:60.3.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
@@ -47903,8 +47940,8 @@ CVE-2018-1351 (A Cross-site Scripting (XSS)
vulnerability in Fortinet FortiManag
NOT-FOR-US: Fortinet
CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for
Android ...)
NOT-FOR-US: Dolphin Browser for Android
-CVE-2017-17550
- RESERVED
+CVE-2017-17550 (ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are
affected by a ...)
+ TODO: check
CVE-2017-
