[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6520/simplesamlphp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b434029c by Salvatore Bonaccorso at 2018-02-02T08:06:42+01:00 Add CVE-2018-6520/simplesamlphp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,8 @@ +CVE-2018-6520 [Open redirection protection bypass] + - simplesamlphp 1.15.2-1 + [stretch] - simplesamlphp (Minor issue) + [jessie] - simplesamlphp (Minor issue) + NOTE: https://simplesamlphp.org/security/201801-02 CVE-2018-6519 [Denial of Service in timestamp validation function] - simplesamlphp 1.15.2-1 [stretch] - simplesamlphp (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b434029c6665392f975839a1d13817bab73310fd --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b434029c6665392f975839a1d13817bab73310fd You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-6519 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 765f21e2 by Salvatore Bonaccorso at 2018-02-02T08:06:03+01:00 Mark CVE-2018-6519 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,7 @@ CVE-2018-6519 [Denial of Service in timestamp validation function] - simplesamlphp 1.15.2-1 + [stretch] - simplesamlphp (Minor issue) + [jessie] - simplesamlphp (Minor issue) NOTE: https://simplesamlphp.org/security/201801-01 NOTE: The issue lies in the simplesamlphp/saml2 part, which is NOTE: updated in 1.15.2 to the respective fixed version. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/765f21e2bdaa099e84d8e3b8350e132f61b92b17 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/765f21e2bdaa099e84d8e3b8350e132f61b92b17 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6519/simplesamlphp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0dfd0d5 by Salvatore Bonaccorso at 2018-02-02T08:04:28+01:00 Add CVE-2018-6519/simplesamlphp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2018-6519 [Denial of Service in timestamp validation function] + - simplesamlphp 1.15.2-1 + NOTE: https://simplesamlphp.org/security/201801-01 + NOTE: The issue lies in the simplesamlphp/saml2 part, which is + NOTE: updated in 1.15.2 to the respective fixed version. + NOTE: https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d CVE-2018-6518 RESERVED CVE-2018-6517 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0dfd0d59ee8e7a713a50a8701d2998a6cc96f9d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0dfd0d59ee8e7a713a50a8701d2998a6cc96f9d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing vesion for CVE-2017-1000501/awstats
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8bf09737 by Salvatore Bonaccorso at 2018-02-02T07:42:35+01:00 Add fixing vesion for CVE-2017-1000501/awstats - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -6719,7 +6719,7 @@ CVE-2017-1000435 REJECTED CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path traversal flaw ...) {DSA-4092-1 DLA-1238-1} - - awstats (bug #885835) + - awstats 7.6+dfsg-2 (bug #885835) NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899 NOTE: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651 CVE-2017-17972 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bf09737710dc7f4ddfa2d8ee956d51663738093 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bf09737710dc7f4ddfa2d8ee956d51663738093 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] ffmpeg n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 773c14fe by Moritz Muehlenhoff at 2018-02-01T22:45:55+01:00 ffmpeg n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -349,8 +349,7 @@ CVE-2018-6394 CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection via the ...) NOT-FOR-US: FreePBX CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...) - - ffmpeg - - libav + - ffmpeg (Didn't affect any releases, only master for a few days) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5 NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235 CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovered on ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/773c14fe899b5a965640994ff3b3864419033445 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/773c14fe899b5a965640994ff3b3864419033445 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-6485: sort package entries
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d4a1418 by Salvatore Bonaccorso at 2018-02-01T22:32:57+01:00 CVE-2018-6485: sort package entries - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -148,8 +148,8 @@ CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign i - glibc (bug #878159) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) - [wheezy] - eglibc (Minor issue) - eglibc + [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22 CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus error in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d4a141892e372ab9954fd31c4daa663cd980653 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d4a141892e372ab9954fd31c4daa663cd980653 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-6381: #889096
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b7bbe67 by Salvatore Bonaccorso at 2018-02-01T22:17:35+01:00 Add bug reference for CVE-2018-6381: #889096 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -374,7 +374,7 @@ CVE-2018-6382 (MantisBT 2.10.0 allows local users to conduct SQL Injection attac [wheezy] - mantis (Not supported in Wheezy) NOTE: https://mantisbt.org/bugs/view.php?id=23908 CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid ...) - - zziplib + - zziplib (bug #889096) [stretch] - zziplib (Minor issue) [jessie] - zziplib (Minor issue) [wheezy] - zziplib (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b7bbe6755f7d2a6f883e5690711e1839fd18c99 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b7bbe6755f7d2a6f883e5690711e1839fd18c99 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0026a7e9 by Salvatore Bonaccorso at 2018-02-01T21:06:03+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -270,7 +270,7 @@ CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted hea CVE-2018-6375 RESERVED CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients ...) - TODO: check + NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients CVE-2018-6373 RESERVED CVE-2018-6372 @@ -6254,7 +6254,7 @@ CVE-2018-3837 CVE-2018-3836 RESERVED CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in version 2.2 ...) - TODO: check + NOT-FOR-US: Per Face Texture (PTEX) CVE-2018-3834 RESERVED CVE-2018-3833 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0026a7e99c56af14c16fb11fa191e42aa6142179 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0026a7e99c56af14c16fb11fa191e42aa6142179 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-1000494/miniupnpd fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84cf3604 by Salvatore Bonaccorso at 2018-02-01T20:25:16+01:00 CVE-2017-1000494/miniupnpd fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4097,7 +4097,7 @@ CVE-2017-1000496 (Commsy version 9.0.0 is vulnerable to XXE attacks in the confi CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site ...) NOT-FOR-US: QuickApps CMS CVE-2017-1000494 (Uninitialized stack variable vulnerability in NameValueParserEndElt ...) - - miniupnpd (bug #887129) + - miniupnpd 2.0.20171212-1 (bug #887129) [stretch] - miniupnpd (Minor issue) [jessie] - miniupnpd (Minor issue) - miniupnpc (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84cf360427767f3416197865b7f7710630119de5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84cf360427767f3416197865b7f7710630119de5 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for CVE-2017-15706 and tomcat8
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a244f61 by Salvatore Bonaccorso at 2018-02-01T13:10:07+01:00 Update status for CVE-2017-15706 and tomcat8 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -20954,6 +20954,8 @@ CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outd CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache Tomcat ...) - tomcat9 (bug #802312) - tomcat8 8.5.24-1 + [stretch] - tomcat8 (Issue introduced later) + [jessie] - tomcat8 (Issue introduced later) - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 (Only affects 7.0.79 to 7.0.82, Upstream bugzilla entry bz#61201 not addressed) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a244f61abc12bf73ea976b22081e96eb9e840e3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a244f61abc12bf73ea976b22081e96eb9e840e3 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits