Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2309a8eb by Salvatore Bonaccorso at 2018-03-10T11:02:24+01:00
Add more fixes from 9.4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2152,7 +2152,7 @@ CVE-2018-1000086
 CVE-2018-1000085 [Out-of-bounds heap read in XAR parser]
        RESERVED
        - clamav 0.99.3~beta1+dfsg-1
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.4+dfsg-1+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: 
https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
        NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
@@ -2536,7 +2536,7 @@ CVE-2018-7181
 CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
        {DLA-1288-1}
        - cups 2.2.3-2
-       [stretch] - cups <no-dsa> (Minor issue, can be fixed via pu)
+       [stretch] - cups 2.2.1-8+deb9u1
        [jessie] - cups <no-dsa> (Minor issue, can be fixed via pu)
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
        NOTE: 
https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 
(v2.2.2)
@@ -3812,7 +3812,7 @@ CVE-2018-6658
 CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI 
through ...)
        {DLA-1275-1}
        - uwsgi 2.0.15-10.2 (bug #889753)
-       [stretch] - uwsgi <no-dsa> (Minor issue)
+       [stretch] - uwsgi 2.0.14+20161117-3+deb9u1
        [jessie] - uwsgi <no-dsa> (Minor issue)
        NOTE: http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
        NOTE: 
https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
@@ -4226,7 +4226,7 @@ CVE-2018-6561 (dijit.Editor in Dojo Toolkit 1.13 allows 
XSS via the onload attri
        NOTE: https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
 CVE-2018-6560 (In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 
0.9.x and ...)
        - flatpak 0.10.3-1 (bug #888842)
-       [stretch] - flatpak <no-dsa> (Minor issue; will be fixed via point 
release)
+       [stretch] - flatpak 0.8.9-0+deb9u1
        NOTE: 
https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6
 CVE-2018-6559
        RESERVED
@@ -5300,18 +5300,19 @@ CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales 
Management System version 2017-
        NOT-FOR-US: Soyket Chowdhury Vehicle Sales Management System
 CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when 
the ...)
        - w3m 0.5.3-36 (bug #888097; unimportant)
+       [stretch] - w3m 0.5.3-34+deb9u1
        NOTE: 
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
        NOTE: Neutralised by kernel hardening
 CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer dereference flaw 
in ...)
        - w3m 0.5.3-36 (low)
-       [stretch] - w3m <no-dsa> (Minor issue)
+       [stretch] - w3m 0.5.3-34+deb9u1
        [jessie] - w3m <no-dsa> (Minor issue)
        [wheezy] - w3m <no-dsa> (Minor issue)
        NOTE: https://github.com/tats/w3m/issues/89
        NOTE: 
https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
 CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...)
        - w3m 0.5.3-36 (low)
-       [stretch] - w3m <no-dsa> (Minor issue)
+       [stretch] - w3m 0.5.3-34+deb9u1
        [jessie] - w3m <no-dsa> (Minor issue)
        [wheezy] - w3m <no-dsa> (Minor issue)
        NOTE: https://github.com/tats/w3m/issues/88
@@ -21574,7 +21575,7 @@ CVE-2018-0203 (A vulnerability in the SMTP relay of 
Cisco Unity Connection could
 CVE-2018-0202 [Out-of-bounds access in the PDF parser]
        RESERVED
        - clamav <unfixed>
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.4+dfsg-1+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11973
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11980
@@ -22004,7 +22005,7 @@ CVE-2017-16928 (The arq_updater binary in Arq 5.10 and 
earlier for Mac allows lo
 CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in 
the session ...)
        {DLA-1203-1}
        - xrdp 0.9.4-3 (bug #882463)
-       [stretch] - xrdp <no-dsa> (Minor issue)
+       [stretch] - xrdp 0.9.1-9+deb9u2
        [jessie] - xrdp <no-dsa> (Minor issue)
        NOTE: Proposed pull request: 
https://github.com/neutrinolabs/xrdp/pull/958
        NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
@@ -22322,7 +22323,7 @@ CVE-2017-16867 (Amazon Key through 2017-11-16 
mishandles Cloud Cam 802.11 ...)
        NOT-FOR-US: Amazon Key
 CVE-2017-1000248 (Redis-store &lt;=v1.3.0 allows unsafe objects to be loaded 
from redis ...)
        - ruby-redis-store 1.1.6-2 (bug #882034)
-       [stretch] - ruby-redis-store <no-dsa> (Minor issue)
+       [stretch] - ruby-redis-store 1.1.6-1+deb9u1
        NOTE: 
https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e
 CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 
is ...)
        NOT-FOR-US: CodeIgniter
@@ -25427,7 +25428,7 @@ CVE-2017-15917 (In Paessler PRTG Network Monitor 
17.3.33.2830, it's possible to 
        NOT-FOR-US: Paessler PRTG Network Monitor
 CVE-2017-15908 (In systemd 223 through 235, a remote DNS server can respond 
with a ...)
        - systemd 235-3 (bug #880026)
-       [stretch] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled 
by default)
+       [stretch] - systemd 232-25+deb9u2
        [jessie] - systemd <not-affected> (Vulnerable code introduced later)
        [wheezy] - systemd <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
@@ -25457,7 +25458,7 @@ CVE-2017-15907 (SQL injection vulnerability in 
phpCollab 2.5.1 and earlier allow
        NOT-FOR-US: phpCollab
 CVE-2017-15906 (The process_open function in sftp-server.c in OpenSSH before 
7.6 does ...)
        - openssh 1:7.6p1-1 (low)
-       [stretch] - openssh <no-dsa> (Minor issue)
+       [stretch] - openssh 1:7.4p1-10+deb9u3
        [jessie] - openssh <no-dsa> (Minor issue)
        [wheezy] - openssh <no-dsa> (Minor issue)
        NOTE: 
https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
@@ -36149,7 +36150,7 @@ CVE-2017-12381
 CVE-2017-12380 (ClamAV AntiVirus software versions 0.99.2 and prior contain a 
...)
        {DLA-1261-1}
        - clamav 0.99.3~beta2+dfsg-1 (bug #888484)
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11945
@@ -36157,7 +36158,7 @@ CVE-2017-12380 (ClamAV AntiVirus software versions 
0.99.2 and prior contain a ..
 CVE-2017-12379 (ClamAV AntiVirus software versions 0.99.2 and prior contain a 
...)
        {DLA-1261-1}
        - clamav 0.99.3~beta2+dfsg-1 (bug #888484)
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11944
@@ -36165,7 +36166,7 @@ CVE-2017-12379 (ClamAV AntiVirus software versions 
0.99.2 and prior contain a ..
 CVE-2017-12378 (ClamAV AntiVirus software versions 0.99.2 and prior contain a 
...)
        {DLA-1261-1}
        - clamav 0.99.3~beta2+dfsg-1 (bug #888484)
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11946
@@ -36174,7 +36175,7 @@ CVE-2017-12378 (ClamAV AntiVirus software versions 
0.99.2 and prior contain a ..
 CVE-2017-12377 (ClamAV AntiVirus software versions 0.99.2 and prior contain a 
...)
        {DLA-1261-1}
        - clamav 0.99.3~beta2+dfsg-1 (bug #888484)
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11943
@@ -36183,7 +36184,7 @@ CVE-2017-12377 (ClamAV AntiVirus software versions 
0.99.2 and prior contain a ..
 CVE-2017-12376 (ClamAV AntiVirus software versions 0.99.2 and prior contain a 
...)
        {DLA-1261-1}
        - clamav 0.99.3~beta2+dfsg-1 (bug #888484)
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11942
@@ -36191,7 +36192,7 @@ CVE-2017-12376 (ClamAV AntiVirus software versions 
0.99.2 and prior contain a ..
 CVE-2017-12375 (The ClamAV AntiVirus software versions 0.99.2 and prior 
contain a ...)
        {DLA-1261-1}
        - clamav 0.99.3~beta2+dfsg-1 (bug #888484)
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11940
@@ -36199,7 +36200,7 @@ CVE-2017-12375 (The ClamAV AntiVirus software versions 
0.99.2 and prior contain 
 CVE-2017-12374 (The ClamAV AntiVirus software versions 0.99.2 and prior 
contain a ...)
        {DLA-1261-1}
        - clamav 0.99.3~beta2+dfsg-1 (bug #888484)
-       [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
        NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11939
@@ -38842,6 +38843,7 @@ CVE-2017-11423 (The cabd_read_string function in 
mspack/cabd.c in libmspack 0.5a
        {DSA-3946-1 DLA-1279-1}
        - libmspack 0.6-1 (bug #868956)
        - clamav 0.99.3~beta1+dfsg-1 (unimportant)
+       [stretch] - clamav 0.99.4+dfsg-1+deb9u1
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public)
        NOTE: 
https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38
        NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
@@ -54564,7 +54566,7 @@ CVE-2017-6421 (In the touch controller function in all 
Qualcomm products with An
 CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 
allows ...)
        {DLA-1261-1 DLA-1105-1}
        - clamav 0.99.3~beta1+dfsg-1
-       [stretch] - clamav <no-dsa> (Gets updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (Gets updated via -updates)
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11798
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc
@@ -54573,6 +54575,7 @@ CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as 
used in ClamAV 0.99.2, al
        {DSA-3946-1 DLA-1279-1}
        - libmspack 0.6-1 (bug #871263)
        - clamav 0.99.3~beta1+dfsg-1 (unimportant)
+       [stretch] - clamav 0.99.4+dfsg-1+deb9u1
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11701
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1
        NOTE: ClamAV uses the libmspack system library when available. This is 
the
@@ -54583,7 +54586,7 @@ CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as 
used in ClamAV 0.99.2, al
 CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to 
cause a ...)
        {DLA-1261-1 DLA-1105-1}
        - clamav 0.99.3~beta1+dfsg-1
-       [stretch] - clamav <no-dsa> (Gets updated via -updates)
+       [stretch] - clamav 0.99.2+dfsg-6+deb9u1
        [jessie] - clamav <no-dsa> (Gets updated via -updates)
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11797
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c
@@ -56466,7 +56469,7 @@ CVE-2017-5754 (Systems with microprocessors utilizing 
speculative execution and 
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx 340.106-1
-       [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
+       [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
        [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
        [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
@@ -56484,7 +56487,7 @@ CVE-2017-5753 (Systems with microprocessors utilizing 
speculative execution and 
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx 340.106-1
-       [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
+       [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
        [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
        [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
@@ -56594,7 +56597,7 @@ CVE-2017-5715 (Systems with microprocessors utilizing 
speculative execution and 
        [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not 
supported)
        - nvidia-graphics-drivers-legacy-340xx 340.106-1
-       [stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not 
supported)
+       [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
        - nvidia-graphics-drivers-legacy-304xx <unfixed>
        [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
        [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2309a8eb2de74f79cdd5eee556931c3cb74c4657

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2309a8eb2de74f79cdd5eee556931c3cb74c4657
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to