[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Triage cups for LTS
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: fe9cea7f by Chris Lamb at 2018-02-22T08:07:15+00:00 Triage cups for LTS - - - - - f9fb555d by Chris Lamb at 2018-02-22T08:08:06+00:00 Claim cups in data/dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,6 +10,8 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- +cups (Chris Lamb) +-- dovecot (Thorsten Alteholz) NOTE: after applying the patch, login segfaults NOTE: maintainer and security team are looking into this View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1dc83a408aecb4ca6827d817ad5fa6b7c7bfca36...f9fb555d97bb2884f75bb9b7f4bac8be52fe70d1 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1dc83a408aecb4ca6827d817ad5fa6b7c7bfca36...f9fb555d97bb2884f75bb9b7f4bac8be52fe70d1 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0fb3939f by security tracker role at 2018-02-22T09:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,67 @@ +CVE-2018-7338 + RESERVED +CVE-2018-7337 + RESERVED +CVE-2018-7336 + RESERVED +CVE-2018-7335 + RESERVED +CVE-2018-7334 + RESERVED +CVE-2018-7333 + RESERVED +CVE-2018-7332 + RESERVED +CVE-2018-7331 + RESERVED +CVE-2018-7330 + RESERVED +CVE-2018-7329 + RESERVED +CVE-2018-7328 + RESERVED +CVE-2018-7327 + RESERVED +CVE-2018-7326 + RESERVED +CVE-2018-7325 + RESERVED +CVE-2018-7324 + RESERVED +CVE-2018-7323 + RESERVED +CVE-2018-7322 + RESERVED +CVE-2018-7321 + RESERVED +CVE-2018-7320 + RESERVED +CVE-2018-7319 + RESERVED +CVE-2018-7318 + RESERVED +CVE-2018-7317 + RESERVED +CVE-2018-7316 + RESERVED +CVE-2018-7315 + RESERVED +CVE-2018-7314 + RESERVED +CVE-2018-7313 + RESERVED +CVE-2018-7312 + RESERVED +CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root ...) + TODO: check +CVE-2018-7310 + RESERVED +CVE-2018-7309 + RESERVED +CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin hosting ...) + TODO: check +CVE-2018-7307 + RESERVED CVE-2018-7306 RESERVED CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to ...) @@ -36,20 +100,20 @@ CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communicat NOT-FOR-US: Armadito CVE-2018-7288 RESERVED -CVE-2018-7287 - RESERVED -CVE-2018-7286 - RESERVED -CVE-2018-7285 - RESERVED -CVE-2018-7284 - RESERVED +CVE-2018-7287 (An issue was discovered in res_http_websocket.c in Asterisk 15.x ...) + TODO: check +CVE-2018-7286 (An issue was discovered in Asterisk through 13.19.1, 14.x through ...) + TODO: check +CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x through ...) + TODO: check +CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.1, ...) + TODO: check CVE-2018-7283 RESERVED CVE-2018-7282 RESERVED -CVE-2018-7281 - RESERVED +CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a root privilege escalation ...) + TODO: check CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2018-193 @@ -982,8 +1046,8 @@ CVE-2018-6938 RESERVED CVE-2018-6937 RESERVED -CVE-2018-6936 - RESERVED +CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via ...) + TODO: check CVE-2018-6935 RESERVED CVE-2018-6934 @@ -19195,22 +19259,22 @@ CVE-2018-0208 RESERVED CVE-2018-0207 RESERVED -CVE-2018-0206 - RESERVED -CVE-2018-0205 - RESERVED -CVE-2018-0204 - RESERVED -CVE-2018-0203 - RESERVED +CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check +CVE-2018-0205 (A vulnerability in the User Provisioning tab in the Cisco Prime ...) + TODO: check +CVE-2018-0204 (A vulnerability in the web portal of the Cisco Prime Collaboration ...) + TODO: check +CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could allow ...) + TODO: check CVE-2018-0202 RESERVED -CVE-2018-0201 - RESERVED -CVE-2018-0200 - RESERVED -CVE-2018-0199 - RESERVED +CVE-2018-0201 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) + TODO: check +CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime Service ...) + TODO: check +CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) + TODO: check CVE-2018-0198 RESERVED CVE-2018-0197 @@ -19311,14 +19375,14 @@ CVE-2018-0150 RESERVED CVE-2018-0149 RESERVED -CVE-2018-0148 - RESERVED +CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco UCS ...) + TODO: check CVE-2018-0147 RESERVED -CVE-2018-0146 - RESERVED -CVE-2018-0145 - RESERVED +CVE-2018-0146 (A vulnerability in the Cisco Data Center Analytics Framework ...) + TODO: check +CVE-2018-0145 (A vulnerability in the web-based management interface of the Cisco Data ...) + TODO: check CVE-2018-0144 RESERVED CVE-2018-0143 @@ -19329,8 +19393,8 @@ CVE-2018-0141 RESERVED CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security ...) NOT-FOR-US: Cisco -CVE-2018-0139 - RESERVED +CVE-2018-01
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7287/asterisk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9cfceb8a by Salvatore Bonaccorso at 2018-02-22T10:15:33+01:00 Add CVE-2018-7287/asterisk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -101,7 +101,9 @@ CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communicat CVE-2018-7288 RESERVED CVE-2018-7287 (An issue was discovered in res_http_websocket.c in Asterisk 15.x ...) - TODO: check + - asterisk (Only affects Asterisk 15.x) + NOTE: downloads.digium.com/pub/security/AST-2018-006.html + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27658 CVE-2018-7286 (An issue was discovered in Asterisk through 13.19.1, 14.x through ...) TODO: check CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x through ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9cfceb8a8268878424f8fa27ce10d5c095575a7e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9cfceb8a8268878424f8fa27ce10d5c095575a7e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7286/asterisk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 19c295b0 by Salvatore Bonaccorso at 2018-02-22T10:17:41+01:00 Add CVE-2018-7286/asterisk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -105,7 +105,9 @@ CVE-2018-7287 (An issue was discovered in res_http_websocket.c in Asterisk 15.x NOTE: downloads.digium.com/pub/security/AST-2018-006.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27658 CVE-2018-7286 (An issue was discovered in Asterisk through 13.19.1, 14.x through ...) - TODO: check + - asterisk + NOTE: http://downloads.asterisk.org/pub/security/AST-2018-005.html + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27618 CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x through ...) TODO: check CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.1, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19c295b0a1760ac7cb72af931d7dd3e3f1890fa3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19c295b0a1760ac7cb72af931d7dd3e3f1890fa3 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7284/asterisk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48477709 by Salvatore Bonaccorso at 2018-02-22T10:21:25+01:00 Add CVE-2018-7284/asterisk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -112,7 +112,8 @@ CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x throu - asterisk (Only affects Asterisk 15.x) NOTE: http://downloads.asterisk.org/pub/security/AST-2018-001.html CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.1, ...) - TODO: check + - asterisk + NOTE: http://downloads.asterisk.org/pub/security/AST-2018-004.html CVE-2018-7283 RESERVED CVE-2018-7282 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48477709c81613e1eec0820bfea2860dd2355165 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48477709c81613e1eec0820bfea2860dd2355165 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7285/asterisk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64d38f56 by Salvatore Bonaccorso at 2018-02-22T10:19:57+01:00 Add CVE-2018-7285/asterisk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -109,7 +109,8 @@ CVE-2018-7286 (An issue was discovered in Asterisk through 13.19.1, 14.x through NOTE: http://downloads.asterisk.org/pub/security/AST-2018-005.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27618 CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x through ...) - TODO: check + - asterisk (Only affects Asterisk 15.x) + NOTE: http://downloads.asterisk.org/pub/security/AST-2018-001.html CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.1, ...) TODO: check CVE-2018-7283 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64d38f566f15337723a22db4bd9d257a682fc1a8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64d38f566f15337723a22db4bd9d257a682fc1a8 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52e71db8 by Salvatore Bonaccorso at 2018-02-22T10:41:32+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -53,13 +53,13 @@ CVE-2018-7313 CVE-2018-7312 RESERVED CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root ...) - TODO: check + NOT-FOR-US: PrivateVPN for macOS CVE-2018-7310 RESERVED CVE-2018-7309 RESERVED CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin hosting ...) - TODO: check + NOT-FOR-US: DanWin hosting CVE-2018-7307 RESERVED CVE-2018-7306 @@ -119,7 +119,7 @@ CVE-2018-7283 CVE-2018-7282 RESERVED CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a root privilege escalation ...) - TODO: check + NOT-FOR-US: CactusVPN for macOS CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2018-193 @@ -19266,21 +19266,21 @@ CVE-2018-0208 CVE-2018-0207 RESERVED CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco Unified ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0205 (A vulnerability in the User Provisioning tab in the Cisco Prime ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0204 (A vulnerability in the web portal of the Cisco Prime Collaboration ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could allow ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0202 RESERVED CVE-2018-0201 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime Service ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0198 RESERVED CVE-2018-0197 @@ -19382,13 +19382,13 @@ CVE-2018-0150 CVE-2018-0149 RESERVED CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco UCS ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0147 RESERVED CVE-2018-0146 (A vulnerability in the Cisco Data Center Analytics Framework ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0145 (A vulnerability in the web-based management interface of the Cisco Data ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0144 RESERVED CVE-2018-0143 @@ -19400,7 +19400,7 @@ CVE-2018-0141 CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security ...) NOT-FOR-US: Cisco CVE-2018-0139 (A vulnerability in the Interactive Voice Response (IVR) management ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower System ...) NOT-FOR-US: Cisco CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime Network ...) @@ -19418,7 +19418,7 @@ CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code of CVE-2018-0131 RESERVED CVE-2018-0130 (A vulnerability in the use of JSON web tokens by the web-based service ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco Data ...) NOT-FOR-US: Cisco CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco Data ...) @@ -19430,13 +19430,13 @@ CVE-2018-0126 CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ ...) NOT-FOR-US: Cisco CVE-2018-0124 (A vulnerability in Cisco Unified Communications Domain Manager could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for Cisco IOS ...) NOT-FOR-US: Cisco CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system for ...) NOT-FOR-US: Cisco CVE-2018-0121 (A vulnerability in the authentication functionality of the web-based ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified Communications ...) NOT-FOR-US: Cisco CVE-2018-0119 (A vulnerability in certain authentication controls in the account ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52e71db8f737c2bedfa5366368870a070d2de473 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52e71db8f737c2bedfa5366368870a070d2de473 You're receiving this email becau
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: spectre/meltdown: add linux-grsec as unfixed
Yves-Alexis Perez pushed to branch master at Debian Security Tracker / security-tracker Commits: 1005c4ad by Yves-Alexis Perez at 2018-02-22T13:18:41+01:00 spectre/meltdown: add linux-grsec as unfixed - - - - - 84aa5f28 by Yves-Alexis Perez at 2018-02-22T13:18:41+01:00 allocate DSA for linux - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -54102,6 +54102,7 @@ CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html NOTE: Paper: https://meltdownattack.com/meltdown.pdf NOTE: https://01.org/security/advisories/intel-oss-10003 + - linux-grsec CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and ...) - linux - nvidia-graphics-drivers 384.111-1 (bug #886852) @@ -54118,6 +54119,7 @@ CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html NOTE: Paper: https://spectreattack.com/spectre.pdf NOTE: https://01.org/security/advisories/intel-oss-10002 + - linux-grsec CVE-2017-5752 RESERVED CVE-2017-5751 @@ -54221,6 +54223,7 @@ CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + - linux-grsec CVE-2017-5714 RESERVED CVE-2017-5713 = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[22 Feb 2018] DSA-4120-1 linux - security update + {CVE-2017-5715 CVE-2017-5754 CVE-2017-13166 CVE-2018-5750} + [stretch] - linux 4.9.82-1+deb9u2 [19 Feb 2018] DSA-4119-1 libav - security update {CVE-2017-16803} [jessie] - libav 6:11.12-1~deb8u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/52e71db8f737c2bedfa5366368870a070d2de473...84aa5f28e431cb817ba5c269116c5bafcd400a77 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/52e71db8f737c2bedfa5366368870a070d2de473...84aa5f28e431cb817ba5c269116c5bafcd400a77 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA for gcc-6
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: de035f02 by Salvatore Bonaccorso at 2018-02-22T14:50:36+01:00 Reserve DSA for gcc-6 - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,5 @@ +[22 Feb 2018] DSA-4121-1 gcc-6 - update + [stretch] - gcc-6 6.3.0-18+deb9u1 [22 Feb 2018] DSA-4120-1 linux - security update {CVE-2017-5715 CVE-2017-5754 CVE-2017-13166 CVE-2018-5750} [stretch] - linux 4.9.82-1+deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de035f0216d779e9f6e81d2dbfa14d7244be8256 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de035f0216d779e9f6e81d2dbfa14d7244be8256 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1288-1 for cups
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 072f71a1 by Chris Lamb at 2018-02-22T14:22:28+00:00 Reserve DLA-1288-1 for cups - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[22 Feb 2018] DLA-1288-1 cups - security update + {CVE-2017-18190} + [wheezy] - cups 1.5.3-5+deb7u7 [20 Feb 2018] DLA-1287-1 zziplib - security update {CVE-2018-6869} [wheezy] - zziplib 0.13.56-1.1+deb7u2 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,8 +10,6 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -cups (Chris Lamb) --- dovecot (Thorsten Alteholz) NOTE: after applying the patch, login segfaults NOTE: maintainer and security team are looking into this View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/072f71a1d0909ad6e85463d3f78f1f3de78fcc80 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/072f71a1d0909ad6e85463d3f78f1f3de78fcc80 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Merge fixes included in DSA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 37ce58dc by Salvatore Bonaccorso at 2018-02-22T16:52:21+01:00 Merge fixes included in DSA - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1124,6 +1124,7 @@ CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion c NOTE: https://github.com/qpdf/qpdf/issues/51 CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel before ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...) NOT-FOR-US: MISP @@ -3264,6 +3265,7 @@ CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Servi NOT-FOR-US: FreeSSHd CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...) - linux 4.14.13-1 + [stretch] - linux 4.9.80-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68 @@ -5399,6 +5401,7 @@ CVE-2018-5346 RESERVED CVE-2018-104 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 CVE-2018-101 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...) - glibc 2.26-4 (bug #887001) [stretch] - glibc (Minor issue, can be fixed along in next DSA or preferably point release) @@ -5414,6 +5417,7 @@ CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 [jessie] - linux (Vulnerability introduced later) [wheezy] - linux (Vulnerability introduced later) NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 @@ -5452,9 +5456,11 @@ CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave f NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737 CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c CVE-2017-1000441 REJECTED @@ -19738,15 +19744,19 @@ CVE-2017-16915 RESERVED CVE-2017-16914 (The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/be6123df1ea8f01ee2f896a16c2b7be3e4557a5a CVE-2017-16913 (The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/c6688ef9f29762e65bce325ef4acd6c675806366 CVE-2017-16912 (The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 and ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 CVE-2017-16910 RESERVED @@ -25283,6 +25293,7 @@ CVE-2017-15130 RESERVED CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0 @@ -30806,6 +30817,7 @@ CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds w NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to ...) -
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new drupal7 issues (#891150, #891152, #891153, #891154)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1d74d6a by Salvatore Bonaccorso at 2018-02-22T21:01:10+01:00 Add new drupal7 issues (#891150, #891152, #891153, #891154) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,15 @@ +CVE-2018- [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page] + - drupal7 (bug #891154) + NOTE: https://www.drupal.org/sa-core-2018-001 +CVE-2018- [SA-CORE-2018-001: jQuery vulnerability with untrusted domains] + - drupal7 (bug #891153) + NOTE: https://www.drupal.org/sa-core-2018-001 +CVE-2018- [SA-CORE-2018-001: Private file access bypass] + - drupal7 (bug #891152) + NOTE: https://www.drupal.org/sa-core-2018-001 +CVE-2018- [SA-CORE-2018-001: JavaScript cross-site scripting prevention is incomplete] + - drupal7 (bug #891150) + NOTE: https://www.drupal.org/sa-core-2018-001 CVE-2018-7338 RESERVED CVE-2018-7337 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1d74d6acdfd6465969a8437c84dae073d3cc1ab --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1d74d6acdfd6465969a8437c84dae073d3cc1ab You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: cups spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cb346ea2 by Moritz Muehlenhoff at 2018-02-22T21:01:32+01:00 cups spu - - - - - 1ea709ea by Moritz Muehlenhoff at 2018-02-22T21:13:41+01:00 Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -115,3 +115,5 @@ CVE-2017-16927 [stretch] - xrdp 0.9.1-9+deb9u2 CVE-2017-1000248 [stretch] - ruby-redis-store 1.1.6-1+deb9u1 +CVE-2017-18190 + [stretch] - cups 2.2.1-8+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a1d74d6acdfd6465969a8437c84dae073d3cc1ab...1ea709ea7adbf4e2c14859b448b85ae4460cd881 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a1d74d6acdfd6465969a8437c84dae073d3cc1ab...1ea709ea7adbf4e2c14859b448b85ae4460cd881 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-15400/cups
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc4c54cb by Salvatore Bonaccorso at 2018-02-22T21:42:37+01:00 Add CVE-2017-15400/cups - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -24453,7 +24453,12 @@ CVE-2017-15402 CVE-2017-15401 RESERVED CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...) - TODO: check + - cups 2.2.3-2 + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=777215 + NOTE: Patches from upstream to restrict what filters will be accpeted + NOTE: https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41 (v2.2.2) + NOTE: https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b (v2.2.2) + TODO: double-check CVE-2017-15399 RESERVED {DSA-4024-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc4c54cb3ef14f7fd9d1f0a71216c4ec21d1c0b7 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc4c54cb3ef14f7fd9d1f0a71216c4ec21d1c0b7 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 25f85058 by Salvatore Bonaccorso at 2018-02-22T21:53:29+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1065,7 +1065,7 @@ CVE-2018-6938 CVE-2018-6937 RESERVED CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via ...) - TODO: check + NOT-FOR-US: D-Link CVE-2018-6935 RESERVED CVE-2018-6934 @@ -33746,7 +33746,7 @@ CVE-2017-12417 CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x ...) - TODO: check + NOT-FOR-US: OXID eShop CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an ...) @@ -39032,13 +39032,13 @@ CVE-2017-9972 CVE-2017-9971 RESERVED CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider Electric's ...) NOT-FOR-US: Schneider Electric CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schneider ...) @@ -39046,7 +39046,7 @@ CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schn CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric Pelco ...) NOT-FOR-US: Schneider Electric CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...) NOT-FOR-US: Schneider Electric CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX ...) @@ -42033,7 +42033,7 @@ CVE-2017-9515 CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a ...) NOT-FOR-US: Atlassian Bamboo CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams ...) - TODO: check + NOT-FOR-US: Atlassian Activity Streams CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and ...) NOT-FOR-US: Atlassian CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...) @@ -43952,19 +43952,19 @@ CVE-2017-8987 CVE-2017-8986 RESERVED CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local ...) - TODO: check + NOT-FOR-US: HPE XP Storage CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE Intelligent ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) ...) - TODO: check + NOT-FOR-US: HPE Integrated Lights-Out 2 (iLO 2) firmware CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability in HPE ...) NOT-FOR-US: HPE IceWall Products CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard Enterprise ...) @@ -52834,17 +52834,17 @@ CVE-2017-6232 CVE-2017-6231 RESERVED CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus ...) - TODO: check + NOT-FOR-US: Ruckus Networks firmware CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and ...) - TODO: check + NOT-FOR-US: Ruckus Networks firmware
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02977357 by security tracker role at 2018-02-22T21:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,161 @@ +CVE-2018-7415 + RESERVED +CVE-2018-7414 + RESERVED +CVE-2018-7413 + RESERVED +CVE-2018-7412 + RESERVED +CVE-2018-7411 + RESERVED +CVE-2018-7410 + RESERVED +CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...) + TODO: check +CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...) + TODO: check +CVE-2018-7407 + RESERVED +CVE-2018-7406 + RESERVED +CVE-2018-7405 + RESERVED +CVE-2018-7404 + RESERVED +CVE-2018-7403 + RESERVED +CVE-2018-7402 + RESERVED +CVE-2018-7401 + RESERVED +CVE-2018-7400 + RESERVED +CVE-2018-7399 + RESERVED +CVE-2018-7398 + RESERVED +CVE-2018-7397 + RESERVED +CVE-2018-7396 + RESERVED +CVE-2018-7395 + RESERVED +CVE-2018-7394 + RESERVED +CVE-2018-7393 + RESERVED +CVE-2018-7392 + RESERVED +CVE-2018-7391 + RESERVED +CVE-2018-7390 + RESERVED +CVE-2018-7389 + RESERVED +CVE-2018-7388 + RESERVED +CVE-2018-7387 + RESERVED +CVE-2018-7386 + RESERVED +CVE-2018-7385 + RESERVED +CVE-2018-7384 + RESERVED +CVE-2018-7383 + RESERVED +CVE-2018-7382 + RESERVED +CVE-2018-7381 + RESERVED +CVE-2018-7380 + RESERVED +CVE-2018-7379 + RESERVED +CVE-2018-7378 + RESERVED +CVE-2018-7377 + RESERVED +CVE-2018-7376 + RESERVED +CVE-2018-7375 + RESERVED +CVE-2018-7374 + RESERVED +CVE-2018-7373 + RESERVED +CVE-2018-7372 + RESERVED +CVE-2018-7371 + RESERVED +CVE-2018-7370 + RESERVED +CVE-2018-7369 + RESERVED +CVE-2018-7368 + RESERVED +CVE-2018-7367 + RESERVED +CVE-2018-7366 + RESERVED +CVE-2018-7365 + RESERVED +CVE-2018-7364 + RESERVED +CVE-2018-7363 + RESERVED +CVE-2018-7362 + RESERVED +CVE-2018-7361 + RESERVED +CVE-2018-7360 + RESERVED +CVE-2018-7359 + RESERVED +CVE-2018-7358 + RESERVED +CVE-2018-7357 + RESERVED +CVE-2018-7356 + RESERVED +CVE-2018-7355 + RESERVED +CVE-2018-7354 + RESERVED +CVE-2018-7353 + RESERVED +CVE-2018-7352 + RESERVED +CVE-2018-7351 + RESERVED +CVE-2018-7350 + RESERVED +CVE-2018-7349 + RESERVED +CVE-2018-7348 + RESERVED +CVE-2018-7347 + RESERVED +CVE-2018-7346 + RESERVED +CVE-2018-7345 + RESERVED +CVE-2018-7344 + RESERVED +CVE-2018-7343 + RESERVED +CVE-2018-7342 + RESERVED +CVE-2018-7341 + RESERVED +CVE-2018-7340 + RESERVED +CVE-2018-7339 + RESERVED +CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...) + TODO: check +CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...) + TODO: check CVE-2018- [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page] - drupal7 (bug #891154) NOTE: https://www.drupal.org/sa-core-2018-001 @@ -48,22 +206,22 @@ CVE-2018-7321 RESERVED CVE-2018-7320 RESERVED -CVE-2018-7319 - RESERVED -CVE-2018-7318 - RESERVED -CVE-2018-7317 - RESERVED -CVE-2018-7316 - RESERVED -CVE-2018-7315 - RESERVED -CVE-2018-7314 - RESERVED -CVE-2018-7313 - RESERVED -CVE-2018-7312 - RESERVED +CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component ...) + TODO: check +CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via ...) + TODO: check +CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for Joomla! via ...) + TODO: check +CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component for ...) + TODO: check +CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the ...) + TODO: check +CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! ...) + TODO: check +CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the ...) + TODO: check +CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 component for ...) + TODO: check CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root ...) NOT-FOR-US: PrivateVPN for macOS CVE-2018-7310 @@ -84,18 +242,18 @@ CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...) NOT-FOR-US: Tiki CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG conten
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18193/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea64cd13 by Salvatore Bonaccorso at 2018-02-22T22:14:16+01:00 Add CVE-2017-18193/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -155,7 +155,8 @@ CVE-2018-7339 CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...) TODO: check CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...) - TODO: check + - linux 4.13.4-1 + NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0 CVE-2018- [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page] - drupal7 (bug #891154) NOTE: https://www.drupal.org/sa-core-2018-001 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea64cd1341cf278f13322e74806b26fd707ed0e4 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea64cd1341cf278f13322e74806b26fd707ed0e4 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7409/unixodbc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0aa4bb0 by Salvatore Bonaccorso at 2018-02-22T22:28:03+01:00 Add CVE-2018-7409/unixodbc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -11,7 +11,7 @@ CVE-2018-7411 CVE-2018-7410 RESERVED CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...) - TODO: check + - unixodbc CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...) TODO: check CVE-2018-7407 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0aa4bb0cf285f94d69f610eed134791769f991b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0aa4bb0cf285f94d69f610eed134791769f991b You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 140cba52 by Salvatore Bonaccorso at 2018-02-22T22:37:19+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -153,7 +153,7 @@ CVE-2018-7340 CVE-2018-7339 RESERVED CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...) - TODO: check + NOT-FOR-US: HamayeshNegar CMS CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...) - linux 4.13.4-1 NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0 @@ -208,21 +208,21 @@ CVE-2018-7321 CVE-2018-7320 RESERVED CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component ...) - TODO: check + NOT-FOR-US: OS Property Real Estate component for Joomla! CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via ...) - TODO: check + NOT-FOR-US: CheckList component for Joomla! CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for Joomla! via ...) - TODO: check + NOT-FOR-US: Proclaim component for Joomla! CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component for ...) - TODO: check + NOT-FOR-US: Proclaim component for Joomla! CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the ...) - TODO: check + NOT-FOR-US: Ek Rishta component for Joomla! CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! ...) - TODO: check + NOT-FOR-US: PrayerCenter component for Joomla! CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the ...) - TODO: check + NOT-FOR-US: CW Tags component for Joomla! CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 component for ...) - TODO: check + NOT-FOR-US: Alexandria Book Library component for Joomla! CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root ...) NOT-FOR-US: PrivateVPN for macOS CVE-2018-7310 @@ -244,17 +244,17 @@ CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...) CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...) NOT-FOR-US: Tiki CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port ...) - TODO: check + NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...) - TODO: check + NOT-FOR-US: eQ-3 AG Homematic CCU2 CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 AG ...) - TODO: check + NOT-FOR-US: eQ-3 AG Homematic CCU2 CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic ...) - TODO: check + NOT-FOR-US: eQ-3 AG Homematic CCU2 CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG ...) - TODO: check + NOT-FOR-US: eQ-3 AG Homematic CCU2 CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method ...) - TODO: check + NOT-FOR-US: eQ-3 AG Homematic CCU2 CVE-2018-7295 RESERVED CVE-2018-7294 @@ -1386,7 +1386,7 @@ CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthentica CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a ...) NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the ...) - TODO: check + NOT-FOR-US: Wolf CMS CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host ...) NOT-FOR-US: Typesetter CMS CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ...) @@ -15139,13 +15139,13 @@ CVE-2018-1419 CVE-2018-1418 RESERVED CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for ...) - TODO: check + NOT-FOR-US: IBM Runtimes for Java Technology CVE-2018-1416 RESERVED CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2018-1413 RESERVED CVE-2018-1412 @@ -15189,9 +15189,9 @@ CVE-2018-1394 CVE-2018-1393 RESERVED CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...) - TODO: check + NOT-FOR-US: IBM Financial Transaction Manager CV
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1289-1 for irssi
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: d4363eca by Chris Lamb at 2018-02-22T22:01:05+00:00 Reserve DLA-1289-1 for irssi - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[22 Feb 2018] DLA-1289-1 irssi - security update + {CVE-2018-7050 CVE-2018-7051 CVE-2018-7052} + [wheezy] - irssi 0.8.15-5+deb7u5 [22 Feb 2018] DLA-1288-1 cups - security update {CVE-2017-18190} [wheezy] - cups 1.5.3-5+deb7u7 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -30,10 +30,6 @@ golang (Abhijith PA) icu (Thorsten Alteholz) NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public -- -irssi (Chris Lamb) - NOTE: give maintainer time to reply to https://lists.debian.org/87k1vcitzn@curie.anarc.at (anarcat) - NOTE: 20180221: Will upload 20180222 (lamby) --- krb5 NOTE: lts-do-not-call NOTE: Details not public. Yet. See https://lists.debian.org/msgid-search/20180208212643.GB7792@pisco.westfalen.local View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4363ecac526165fd08a061c6371608577568fa1 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4363ecac526165fd08a061c6371608577568fa1 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA number for squid3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f50d6ed by Salvatore Bonaccorso at 2018-02-23T00:25:36+01:00 Reserve DSA number for squid3 - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,7 @@ +[23 Feb 2018] DSA-4122-1 squid3 - security update + {CVE-2018-124 CVE-2018-127} + [jessie] - squid3 3.4.8-6+deb8u5 + [stretch] - squid3 3.5.23-5+deb9u1 [22 Feb 2018] DSA-4121-1 gcc-6 - update [stretch] - gcc-6 6.3.0-18+deb9u1 [22 Feb 2018] DSA-4120-1 linux - security update = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -75,8 +75,6 @@ simplesamlphp (abhijith) -- sqlite3/oldstable -- -squid3 (carnil) --- sssd/stable -- tomcat7/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f50d6ed135824d224c24709536e66b0ad1943ec --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f50d6ed135824d224c24709536e66b0ad1943ec You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for puppet issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e1a5419 by Salvatore Bonaccorso at 2018-02-23T06:20:51+01:00 Update status for puppet issues Add fixing version for CVE-2017-10689 which got resolved uploading new upstream version 5.4.0 to unstable. CVE-2017-10960 did affect only experimental and the 5.4.0-1 upload included the fix as well. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -38846,13 +38846,12 @@ CVE-2017-10692 CVE-2017-10691 RESERVED CVE-2017-10690 (In previous versions of Puppet Agent it was possible for the agent to ...) - [experimental] - puppet (bug #890440) - puppet (Only affects Puppet 5, only in experimental) NOTE: https://puppet.com/security/cve/CVE-2017-10690 NOTE: https://tickets.puppetlabs.com/browse/PUP-8225 NOTE: Fixed by: https://github.com/puppetlabs/puppet/commit/bd87bef2c3862d333f4c1f2b148b147d449a375b CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install a ...) - - puppet (bug #890412) + - puppet 5.4.0-1 (bug #890412) [stretch] - puppet (Minor issue) [jessie] - puppet (Minor issue) [wheezy] - puppet (vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e1a5419e398ec030013a2fe9459d3c8dcda7908 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e1a5419e398ec030013a2fe9459d3c8dcda7908 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-15696 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8e73c8c by Salvatore Bonaccorso at 2018-02-23T06:28:24+01:00 Mark CVE-2017-15696 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -23830,6 +23830,7 @@ CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ... NOT-FOR-US: Apache NiFi CVE-2017-15696 RESERVED + NOT-FOR-US: Apache Geode CVE-2017-15695 RESERVED CVE-2017-15694 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e73c8cddb36b9abe1514c8f93cacceb4728251 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e73c8cddb36b9abe1514c8f93cacceb4728251 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1305/tomcat*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bb2da48 by Salvatore Bonaccorso at 2018-02-23T06:35:43+01:00 Add CVE-2018-1305/tomcat* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -16008,8 +16008,20 @@ CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL NOT-FOR-US: Apache juddi-client CVE-2018-1306 RESERVED -CVE-2018-1305 +CVE-2018-1305 [Security constraint annotations applied too late] RESERVED + - tomcat9 (bug #802312) + - tomcat8 8.5.28-1 + - tomcat8.0 (unimportant) + NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java + - tomcat7 7.0.72-3 + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + NOTE: https://svn.apache.org/r1823314 (8.5.x) + NOTE: https://svn.apache.org/r1824358 (8.5.x) + NOTE: https://svn.apache.org/r1823319 (8.0.x) + NOTE: https://svn.apache.org/r1824359 (8.0.x) + NOTE: https://svn.apache.org/r1823322 (7.0.x) + NOTE: https://svn.apache.org/r1824360 (7.0.x) CVE-2018-1304 RESERVED CVE-2018-1303 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bb2da484de086ada60c957f55e38e5e1d48ef69 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bb2da484de086ada60c957f55e38e5e1d48ef69 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1304/tomcat
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c030c344 by Salvatore Bonaccorso at 2018-02-23T06:39:23+01:00 Add CVE-2018-1304/tomcat - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -16022,8 +16022,18 @@ CVE-2018-1305 [Security constraint annotations applied too late] NOTE: https://svn.apache.org/r1824359 (8.0.x) NOTE: https://svn.apache.org/r1823322 (7.0.x) NOTE: https://svn.apache.org/r1824360 (7.0.x) -CVE-2018-1304 +CVE-2018-1304 [Security constraints mapped to context root are ignored] RESERVED + - tomcat9 (bug #802312) + - tomcat8 8.5.28-1 + - tomcat8.0 (unimportant) + NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java + - tomcat7 7.0.72-3 + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + NOTE: https://svn.apache.org/r1823307 (8.5.x) + NOTE: https://svn.apache.org/r1823308 (8.0.x) + NOTE: https://svn.apache.org/r1823309 (7.0.x) + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62067 CVE-2018-1303 RESERVED CVE-2018-1302 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c030c344a88afa29713009ba6e17a14098400927 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c030c344a88afa29713009ba6e17a14098400927 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Start tracking five new freexl issues fixed upstream in 1.0.5
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fbbbd806 by Salvatore Bonaccorso at 2018-02-23T07:04:46+01:00 Start tracking five new freexl issues fixed upstream in 1.0.5 Needs clarification if CVEs were requested. According to the comments in the respective Fedora/Red Hat Bugzilla this might not have been the case yet. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,18 @@ +CVE-2018- [heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record] + - freexl 1.0.5-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892 +CVE-2018- [heap-buffer-overflow in freexl.c:383 parse_unicode_string] + - freexl 1.0.5-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889 +CVE-2018- [heap-buffer-overflow in freexl.c:1866 parse_SST] + - freexl 1.0.5-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885 +CVE-2018- [heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST] + - freexl 1.0.5-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883 +CVE-2018- [heap-buffer-overflow in freexl::destroy_cell] + - freexl 1.0.5-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879 CVE-2018-7415 RESERVED CVE-2018-7414 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbbbd8063e456d2389467e8d9b070e740a05a9ff --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbbbd8063e456d2389467e8d9b070e740a05a9ff You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7262/ceph
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d515c82 by Salvatore Bonaccorso at 2018-02-23T07:11:47+01:00 Add CVE-2018-7262/ceph - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -461,8 +461,11 @@ CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad th NOTE: https://bugs.debian.org/870608 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784 TODO: clarify with MITRE why this CVE was additionally assigned -CVE-2018-7262 +CVE-2018-7262 [Malformed HTTP requests handled in rgw_civetweb.cc:RGW::init_env() can lead to NULL pointer dereference] RESERVED + - ceph + NOTE: Original pull request: https://github.com/ceph/ceph/pull/20403 + NOTE: Superseeded by: https://github.com/ceph/ceph/pull/20488 CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS ...) NOT-FOR-US: Radiant CMS CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.php in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d515c823d147ec6103b5caa87b120dc706c3f27 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d515c823d147ec6103b5caa87b120dc706c3f27 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] claim libvpx
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: a6040865 by Thorsten Alteholz at 2018-02-23T08:48:25+01:00 claim libvpx - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -61,7 +61,7 @@ libvorbis (Guido Günther) NOTE: Underlying reason for CVE-2017-14160 yet unclear, no upstream feedback on this issue. NOTE: Fixes for other CVEs applied upstream and in sid. -- -libvpx +libvpx (Thorsten Alteholz) NOTE: 20180220: Second hunk of upstream patch will not cleanly apply. (lamby) -- linux View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a60408651f7e3268f32f93c8c506d0b32857206e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a60408651f7e3268f32f93c8c506d0b32857206e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits