date:20180201

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6520/simplesamlphp

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b434029c by Salvatore Bonaccorso at 2018-02-02T08:06:42+01:00
Add CVE-2018-6520/simplesamlphp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,8 @@
+CVE-2018-6520 [Open redirection protection bypass]
+   - simplesamlphp 1.15.2-1
+   [stretch] - simplesamlphp  (Minor issue)
+   [jessie] - simplesamlphp  (Minor issue)
+   NOTE: https://simplesamlphp.org/security/201801-02
 CVE-2018-6519 [Denial of Service in timestamp validation function]
- simplesamlphp 1.15.2-1
[stretch] - simplesamlphp  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b434029c6665392f975839a1d13817bab73310fd

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b434029c6665392f975839a1d13817bab73310fd
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-6519 as no-dsa

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
765f21e2 by Salvatore Bonaccorso at 2018-02-02T08:06:03+01:00
Mark CVE-2018-6519 as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,7 @@
 CVE-2018-6519 [Denial of Service in timestamp validation function]
- simplesamlphp 1.15.2-1
+   [stretch] - simplesamlphp  (Minor issue)
+   [jessie] - simplesamlphp  (Minor issue)
NOTE: https://simplesamlphp.org/security/201801-01
NOTE: The issue lies in the simplesamlphp/saml2 part, which is
NOTE: updated in 1.15.2 to the respective fixed version.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/765f21e2bdaa099e84d8e3b8350e132f61b92b17

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/765f21e2bdaa099e84d8e3b8350e132f61b92b17
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6519/simplesamlphp

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0dfd0d5 by Salvatore Bonaccorso at 2018-02-02T08:04:28+01:00
Add CVE-2018-6519/simplesamlphp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-6519 [Denial of Service in timestamp validation function]
+   - simplesamlphp 1.15.2-1
+   NOTE: https://simplesamlphp.org/security/201801-01
+   NOTE: The issue lies in the simplesamlphp/saml2 part, which is
+   NOTE: updated in 1.15.2 to the respective fixed version.
+   NOTE: 
https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d
 CVE-2018-6518
RESERVED
 CVE-2018-6517



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0dfd0d59ee8e7a713a50a8701d2998a6cc96f9d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0dfd0d59ee8e7a713a50a8701d2998a6cc96f9d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing vesion for CVE-2017-1000501/awstats

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8bf09737 by Salvatore Bonaccorso at 2018-02-02T07:42:35+01:00
Add fixing vesion for CVE-2017-1000501/awstats

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6719,7 +6719,7 @@ CVE-2017-1000435
REJECTED
 CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path 
traversal flaw ...)
{DSA-4092-1 DLA-1238-1}
-   - awstats  (bug #885835)
+   - awstats 7.6+dfsg-2 (bug #885835)
NOTE: 
https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
NOTE: 
https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
 CVE-2017-17972



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bf09737710dc7f4ddfa2d8ee956d51663738093

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bf09737710dc7f4ddfa2d8ee956d51663738093
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] ffmpeg n/a

2018-02-01 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
773c14fe by Moritz Muehlenhoff at 2018-02-01T22:45:55+01:00
ffmpeg n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -349,8 +349,7 @@ CVE-2018-6394
 CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection 
via the ...)
NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in 
FFmpeg ...)
-   - ffmpeg 
-   - libav 
+   - ffmpeg  (Didn't affect any releases, only master for a 
few days)
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
 CVE-2018-6391 (A cross-site request forgery web vulnerability has been 
discovered on ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/773c14fe899b5a965640994ff3b3864419033445

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/773c14fe899b5a965640994ff3b3864419033445
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-6485: sort package entries

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5d4a1418 by Salvatore Bonaccorso at 2018-02-01T22:32:57+01:00
CVE-2018-6485: sort package entries

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -148,8 +148,8 @@ CVE-2018-6485 (An integer overflow in the implementation of 
the posix_memalign i
- glibc  (bug #878159)
[stretch] - glibc  (Minor issue)
[jessie] - glibc  (Minor issue)
-   [wheezy] - eglibc  (Minor issue)
- eglibc 
+   [wheezy] - eglibc  (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
NOTE: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
 CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus 
error in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d4a141892e372ab9954fd31c4daa663cd980653

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d4a141892e372ab9954fd31c4daa663cd980653
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-6381: #889096

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8b7bbe67 by Salvatore Bonaccorso at 2018-02-01T22:17:35+01:00
Add bug reference for CVE-2018-6381: #889096

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -374,7 +374,7 @@ CVE-2018-6382 (MantisBT 2.10.0 allows local users to 
conduct SQL Injection attac
[wheezy] - mantis  (Not supported in Wheezy)
NOTE: https://mantisbt.org/bugs/view.php?id=23908
 CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by 
invalid ...)
-   - zziplib 
+   - zziplib  (bug #889096)
[stretch] - zziplib  (Minor issue)
[jessie] - zziplib  (Minor issue)
[wheezy] - zziplib  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b7bbe6755f7d2a6f883e5690711e1839fd18c99

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b7bbe6755f7d2a6f883e5690711e1839fd18c99
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0026a7e9 by Salvatore Bonaccorso at 2018-02-01T21:06:03+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -270,7 +270,7 @@ CVE-2016-10711 (Apsis Pound before 2.8a allows request 
smuggling via crafted hea
 CVE-2018-6375
RESERVED
 CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux 
clients ...)
-   TODO: check
+   NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients
 CVE-2018-6373
RESERVED
 CVE-2018-6372
@@ -6254,7 +6254,7 @@ CVE-2018-3837
 CVE-2018-3836
RESERVED
 CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in 
version 2.2 ...)
-   TODO: check
+   NOT-FOR-US: Per Face Texture (PTEX)
 CVE-2018-3834
RESERVED
 CVE-2018-3833



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0026a7e99c56af14c16fb11fa191e42aa6142179

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0026a7e99c56af14c16fb11fa191e42aa6142179
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-1000494/miniupnpd fixed in unstable

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84cf3604 by Salvatore Bonaccorso at 2018-02-01T20:25:16+01:00
CVE-2017-1000494/miniupnpd fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4097,7 +4097,7 @@ CVE-2017-1000496 (Commsy version 9.0.0 is vulnerable to 
XXE attacks in the confi
 CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored 
Cross-site ...)
NOT-FOR-US: QuickApps CMS
 CVE-2017-1000494 (Uninitialized stack variable vulnerability in 
NameValueParserEndElt ...)
-   - miniupnpd  (bug #887129)
+   - miniupnpd 2.0.20171212-1 (bug #887129)
[stretch] - miniupnpd  (Minor issue)
[jessie] - miniupnpd  (Minor issue)
- miniupnpc  (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/84cf360427767f3416197865b7f7710630119de5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/84cf360427767f3416197865b7f7710630119de5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for CVE-2017-15706 and tomcat8

2018-02-01 Thread Salvatore Bonaccorso

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8a244f61 by Salvatore Bonaccorso at 2018-02-01T13:10:07+01:00
Update status for CVE-2017-15706 and tomcat8

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20954,6 +20954,8 @@ CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the 
REST Plugin is using an outd
 CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache 
Tomcat ...)
- tomcat9  (bug #802312)
- tomcat8 8.5.24-1
+   [stretch] - tomcat8  (Issue introduced later)
+   [jessie] - tomcat8  (Issue introduced later)
- tomcat8.0  (unimportant)
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7  (Only affects 7.0.79 to 7.0.82, Upstream 
bugzilla entry bz#61201 not addressed)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a244f61abc12bf73ea976b22081e96eb9e840e3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a244f61abc12bf73ea976b22081e96eb9e840e3
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6520/simplesamlphp

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-6519 as no-dsa

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6519/simplesamlphp

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing vesion for CVE-2017-1000501/awstats

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] ffmpeg n/a

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-6485: sort package entries

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-6381: #889096

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-1000494/miniupnpd fixed in unstable

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for CVE-2017-15706 and tomcat8

10 matches

Site Navigation

Mail list logo

Footer information