Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7087a62 by Moritz Muehlenhoff at 2019-01-04T16:20:00Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4350,7 +4350,7 @@ CVE-2018-1000824 (MegaMek version < v0.45.1 contains a
Other/Unknown vulnerab
CVE-2018-1000823 (exist version <= 5.0.0-RC4 contains a XML External Entity
(XXE) ...)
TODO: check
CVE-2018-1000822 (codelibs fess version before commit faa265b contains a XML
External ...)
- TODO: check
+ NOT-FOR-US: codelibs fess
CVE-2018-1000821 (MicroMathematics version before commit 5c05ac8 contains a
XML External ...)
NOT-FOR-US: MicroMathematics
CVE-2018-1000820 (neo4j-contrib neo4j-apoc-procedures version before commit
45bc09c ...)
@@ -4363,7 +4363,7 @@ CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and
5.3.0 contains a Cross
CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0
contains ...)
NOT-FOR-US: Brave Software Inc. Brave
CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains
a ...)
- TODO: check
+ NOT-FOR-US: aio-libs aiohttp-session
CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross
Site ...)
- backdrop <itp> (bug #914257)
CVE-2018-1000812 (&#xc1;rtica Soluciones Tecnol&#xf3;gicas Integria
IMS version 5.0 MR56 ...)
@@ -19056,15 +19056,15 @@ CVE-2018-17163
CVE-2018-17162
RESERVED
CVE-2018-17161 (In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, ...)
- TODO: check
+ NOT-FOR-US: FreeBSD bootpd
CVE-2018-17160 (In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6,
...)
- TODO: check
+ NOT-FOR-US: FreeBSD bhyve
CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5,
the NFS ...)
- TODO: check
+ NOT-FOR-US: FreeBSD nfs server
CVE-2018-17158 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an
integer ...)
- TODO: check
+ NOT-FOR-US: FreeBSD nfs server
CVE-2018-17157 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an
integer ...)
- TODO: check
+ NOT-FOR-US: FreeBSD nfs server
CVE-2018-17156 (In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5,
due to ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-EN-18:13.icmp.asc
@@ -20838,7 +20838,7 @@ CVE-2018-16480
CVE-2018-16479
RESERVED
CVE-2018-16478 (A Path Traversal in simplehttpserver versions <=0.2.1
allows to list ...)
- TODO: check
+ NOT-FOR-US: simplehttpserver
CVE-2018-16477 (A bypass vulnerability in Active Storage >= 5.2.0 for
Google Cloud ...)
- rails <not-affected> (Only affects >= 5.2.0; vulnerable code not
present)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/5
@@ -22630,7 +22630,7 @@ CVE-2018-15803
CVE-2018-15802
REJECTED
CVE-2018-15801 (Spring Security versions 5.1.x prior to 5.1.2 contain an
authorization ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
CVE-2018-15800 (Cloud Foundry Bits Service, versions prior to 2.18.0, includes
an ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15799
@@ -23760,9 +23760,9 @@ CVE-2018-15337
CVE-2018-15336
RESERVED
CVE-2018-15335 (When APM 13.0.0-13.1.x is deployed as an OAuth Resource
Server, APM ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2018-15334 (A cross-site request forgery (CSRF) vulnerability in the APM
webtop ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2018-15333 (On versions 11.2.1. and greater, unrestricted Snapshot File
Access ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-15332 (The svpn component of the F5 BIG-IP APM client prior to
version ...)
@@ -48244,7 +48244,7 @@ CVE-2018-6337 (folly::secureRandom will re-use a buffer
between parent and child
NOTE:
https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
NOTE: https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
CVE-2018-6336 (An issue was discovered in osquery. A maliciously crafted ...)
- TODO: check
+ NOT-FOR-US: osquery
CVE-2018-6335 (A Malformed h2 frame can cause 'std::out_of_range' exception
when ...)
- hhvm 3.24.7+dfsg-1
NOTE:
https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
@@ -48259,7 +48259,7 @@ CVE-2018-6332 (A potential denial-of-service issue in
the Proxygen handling of .
- hhvm 3.24.7+dfsg-1 (bug #895194)
NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java
serialized ...)
- TODO: check
+ NOT-FOR-US: Buck parser-cache
CVE-2018-6330
RESERVED
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7087a62163f1dd195b4ce41423c284fe17a6243
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7087a62163f1dd195b4ce41423c284fe17a6243
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
