[Git][security-tracker-team/security-tracker][master] libgit2 0.27.0 based uploaded to unstable with 0.6 revision
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c4657ba by Salvatore Bonaccorso at 2018-07-18T06:30:01+02:00 libgit2 0.27.0 based uploaded to unstable with 0.6 revision - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -15512,13 +15512,13 @@ CVE-2018-8100 (The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 NOTE: Reproducer correctly detected as broken with jessie's poppler build CVE-2018-8099 (Incorrect returning of an error code in the index.c:read_entry() ...) [experimental] - libgit2 0.27.0+dfsg.1-0.1 - - libgit2 (low; bug #892962) + - libgit2 0.27.0+dfsg.1-0.6 (low; bug #892962) [stretch] - libgit2 (Minor issue) [jessie] - libgit2 (Minor issue) NOTE: https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe CVE-2018-8098 (Integer overflow in the index.c:read_entry() function while ...) [experimental] - libgit2 0.27.0+dfsg.1-0.1 - - libgit2 (low; bug #892961) + - libgit2 0.27.0+dfsg.1-0.6 (low; bug #892961) [stretch] - libgit2 (Minor issue) [jessie] - libgit2 (Minor issue) NOTE: https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c4657baa81208fc14e9dba67ea40470403697b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5c4657baa81208fc14e9dba67ea40470403697b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-1000613,bouncycastle: Stretch is not affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: edd00c55 by Markus Koschany at 2018-07-17T22:47:54+02:00 CVE-2018-1000613,bouncycastle: Stretch is not affected The XMSS/XMSS^MT algorithms were first introduced in version 1.57. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1338,7 +1338,7 @@ CVE-2018-1000614 (ONOS ONOS Controller version 1.13.1 and earlier contains a XML NOT-FOR-US: ONOS CVE-2018-1000613 (Legion of the Bouncy Castle Legion of the Bouncy Castle Java ...) - bouncycastle 1.60-1 (low) - [stretch] - bouncycastle (Minor issue) + [stretch] - bouncycastle (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57) [jessie] - bouncycastle (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57) NOTE: https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 NOTE: https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/edd00c55ed0d018c11db130580e121f5cd29b9e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/edd00c55ed0d018c11db130580e121f5cd29b9e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1434{7,6}/libextractor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14811ea1 by Salvatore Bonaccorso at 2018-07-17T22:39:27+02:00
Add CVE-2018-1434{7,6}/libextractor
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -76,9 +76,14 @@ CVE-2018-14349 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
CVE-2018-14348
RESERVED
CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop
vulnerability in ...)
- TODO: check
+ - libextractor
+ NOTE:
http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg0.html
+ NOTE: https://gnunet.org/bugs/view.php?id=5399
+ NOTE:
https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow
in ...)
- TODO: check
+ - libextractor
+ NOTE:
http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg1.html
+ NOTE:
https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured
with ...)
- sddm
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1101450
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14811ea1f2cfb5972a1209deee2801918b910085
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14811ea1f2cfb5972a1209deee2801918b910085
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14345/sddm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc870127 by Salvatore Bonaccorso at 2018-07-17T22:37:10+02:00 Add CVE-2018-14345/sddm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -80,7 +80,9 @@ CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerabil CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow in ...) TODO: check CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured with ...) - TODO: check + - sddm + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1101450 + NOTE: https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98 CVE-2018-14344 RESERVED CVE-2018-14343 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc870127c682b6660b20a7dd9a36e49701c5dfd4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc870127c682b6660b20a7dd9a36e49701c5dfd4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ffmpeg, blender DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
534a5d81 by Moritz Muehlenhoff at 2018-07-17T22:33:47+02:00
ffmpeg, blender DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,9 @@
+[17 Jul 2018] DSA-4249-1 ffmpeg - security update
+ {CVE-2018-6392 CVE-2018-6621 CVE-2018-7557 CVE-2018-10001
CVE-2018-12458 CVE-2018-13300 CVE-2018-13302}
+ [stretch] - ffmpeg 7:3.2.11-1~deb9u1
+[17 Jul 2018] DSA-4248-1 blender - security update
+ {CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902 CVE-2017-2903
CVE-2017-2904 CVE-2017-2905 CVE-2017-2906 CVE-2017-2907 CVE-2017-2908
CVE-2017-2918 CVE-2017-12081 CVE-2017-12082 CVE-2017-12086 CVE-2017-12099
CVE-2017-12100 CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104
CVE-2017-12105}
+ [stretch] - blender 2.79.b+dfsg0-1~deb9u1
[16 Jul 2018] DSA-4247-1 ruby-rack-protection - security update
{CVE-2018-1000119}
[stretch] - ruby-rack-protection 1.5.3-2+deb9u1
=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -20,12 +20,8 @@ ant
asterisk
berni working on updates
--
-blender (jmm)
---
enigmail
--
-ffmpeg (jmm)
---
gitlab
--
glusterfs
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/534a5d814609f534db20977ec665b597366ebb43
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/534a5d814609f534db20977ec665b597366ebb43
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add mutt to dsa-needed list (but not urgent for DSA)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 628875cf by Salvatore Bonaccorso at 2018-07-17T22:32:41+02:00 Add mutt to dsa-needed list (but not urgent for DSA) - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -58,6 +58,10 @@ mosquitto (seb) mupdf leaf package, might be a candidate for simply moving to 1.13 in stretch -- +mutt (carnil) + We will wait first for upload to unstable, and watch for regression reports + Non-urgent need for an update. +-- openjpeg2 (luciano) -- passenger View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/628875cf7288667a2c85011b05fd826693f91f4a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/628875cf7288667a2c85011b05fd826693f91f4a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14349/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
71e2aa9d by Salvatore Bonaccorso at 2018-07-17T22:31:12+02:00
Add CVE-2018-14349/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -69,7 +69,10 @@ CVE-2018-14350 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE:
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14348
RESERVED
CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop
vulnerability in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/71e2aa9d949684aab5558f959b366384d08286ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/71e2aa9d949684aab5558f959b366384d08286ba
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14350/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e14f724 by Salvatore Bonaccorso at 2018-07-17T22:30:08+02:00
Add CVE-2018-14350/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -64,7 +64,10 @@ CVE-2018-14351 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE:
https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741
NOTE:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14350 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14348
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e14f7247916ba1589244a8df33720eee5e5bdd2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e14f7247916ba1589244a8df33720eee5e5bdd2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14351/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5101b609 by Salvatore Bonaccorso at 2018-07-17T22:28:42+02:00
Add CVE-2018-14351/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -59,7 +59,10 @@ CVE-2018-14352 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE:
https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4
NOTE:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14351 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14350 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5101b6094e6280feba8e3b5314cc7be4292d7d76
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5101b6094e6280feba8e3b5314cc7be4292d7d76
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14352/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
066ff732 by Salvatore Bonaccorso at 2018-07-17T22:27:38+02:00
Add CVE-2018-14352/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -54,7 +54,10 @@ CVE-2018-14353 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE:
https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
NOTE:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14352 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14351 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14350 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/066ff73236c8784b0c591704b6e5313f40430403
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/066ff73236c8784b0c591704b6e5313f40430403
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14353/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c60409c by Salvatore Bonaccorso at 2018-07-17T22:26:46+02:00
Add CVE-2018-14353/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -49,7 +49,10 @@ CVE-2018-14354 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE:
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb
NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14353 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14352 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14351 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c60409cac4ded2fc36c5fe2fb706d4d48eda4e9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c60409cac4ded2fc36c5fe2fb706d4d48eda4e9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status of sympa in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: ad6eeb7b by Markus Koschany at 2018-07-17T22:25:58+02:00 Update status of sympa in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -118,6 +118,7 @@ symfony NOTE: 20180630: email sent to maintainer, please wait some time before working on this package -- sympa (Markus Koschany) + NOTE: Update is ready and will be released at the end of the month. -- taglib (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad6eeb7ba3a8ae0a9fdaea5b8e93b9bbbee4d3a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad6eeb7ba3a8ae0a9fdaea5b8e93b9bbbee4d3a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-1000613,bouncycastle: Jessie is not affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: a2d71d08 by Markus Koschany at 2018-07-17T22:23:40+02:00 CVE-2018-1000613,bouncycastle: Jessie is not affected The XMSS/XMSS^MT algorithms were first introduced in BC = 1.57. - - - - - 14cabe44 by Markus Koschany at 2018-07-17T22:24:34+02:00 Remove bouncycastle from dla-needed.txt. - - - - - b6db7023 by Markus Koschany at 2018-07-17T22:25:12+02:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1317,6 +1317,7 @@ CVE-2018-1000614 (ONOS ONOS Controller version 1.13.1 and earlier contains a XML CVE-2018-1000613 (Legion of the Bouncy Castle Legion of the Bouncy Castle Java ...) - bouncycastle 1.60-1 (low) [stretch] - bouncycastle (Minor issue) + [jessie] - bouncycastle (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57) NOTE: https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 NOTE: https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc CVE-2018-1000611 (SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross ...) = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -19,8 +19,6 @@ ant (Abhijith PA) -- blender -- -bouncycastle (Markus Koschany) --- busybox (Markus Koschany) NOTE: Update is ready and will be uploaded at the end of July when my updated NOTE: GPG key has been pushed to the keyring. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6e9cb130a1d046eec26b442c29d6b21b69bab837...b6db702345669673a81206f9e6af89a5a8c5d7fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6e9cb130a1d046eec26b442c29d6b21b69bab837...b6db702345669673a81206f9e6af89a5a8c5d7fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14354/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e9cb130 by Salvatore Bonaccorso at 2018-07-17T22:24:17+02:00
Add CVE-2018-14354/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -44,7 +44,10 @@ CVE-2018-14355 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE:
https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d
NOTE:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14353 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14352 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e9cb130a1d046eec26b442c29d6b21b69bab837
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e9cb130a1d046eec26b442c29d6b21b69bab837
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14355/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fdff5ff8 by Salvatore Bonaccorso at 2018-07-17T22:23:06+02:00
Add CVE-2018-14355/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -39,7 +39,10 @@ CVE-2018-14356 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE:
https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82
NOTE:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14353 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdff5ff86f71cb2246c4924ff9fb8d696773abb6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdff5ff86f71cb2246c4924ff9fb8d696773abb6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14356/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e92b5c3c by Salvatore Bonaccorso at 2018-07-17T22:21:54+02:00
Add CVE-2018-14356/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -34,7 +34,10 @@ CVE-2018-14357 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE:
https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725
NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e92b5c3c6c691b38412e5e2508de3bb1bdea9b84
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e92b5c3c6c691b38412e5e2508de3bb1bdea9b84
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop unneeded reference (no substantial information)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e281464 by Salvatore Bonaccorso at 2018-07-17T22:20:54+02:00 Drop unneeded reference (no substantial information) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -7,32 +7,26 @@ CVE-2018-14364 CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not ...) - neomutt NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e - NOTE: https://neomutt.org/2018/07/16/release CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) - neomutt - mutt NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e - NOTE: https://neomutt.org/2018/07/16/release NOTE: https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576 CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds ...) - neomutt NOTE: https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585 - NOTE: https://neomutt.org/2018/07/16/release CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in ...) - neomutt NOTE: https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3 - NOTE: https://neomutt.org/2018/07/16/release CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) - neomutt - mutt NOTE: https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85 - NOTE: https://neomutt.org/2018/07/16/release NOTE: https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) - neomutt - mutt NOTE: https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485 - NOTE: https://neomutt.org/2018/07/16/release NOTE: https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870 CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) - neomutt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e281464aebc171abda3ff8a283625120d0f2815 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e281464aebc171abda3ff8a283625120d0f2815 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14357/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92c3c13a by Salvatore Bonaccorso at 2018-07-17T22:20:07+02:00
Add CVE-2018-14357/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35,7 +35,10 @@ CVE-2018-14358 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE: https://neomutt.org/2018/07/16/release
NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/92c3c13a3c50ab3094a7483cdf1c291c5605e009
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/92c3c13a3c50ab3094a7483cdf1c291c5605e009
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14358/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
476df21f by Salvatore Bonaccorso at 2018-07-17T22:18:51+02:00
Add CVE-2018-14358/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -29,7 +29,11 @@ CVE-2018-14359 (An issue was discovered in Mutt before
1.10.1 and NeoMutt before
NOTE: https://neomutt.org/2018/07/16/release
NOTE:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
+ NOTE: https://neomutt.org/2018/07/16/release
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/476df21f73ea226cfffcf17daca088fd8405ed66
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/476df21f73ea226cfffcf17daca088fd8405ed66
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14359/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
032f472e by Salvatore Bonaccorso at 2018-07-17T22:17:38+02:00
Add CVE-2018-14359/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23,7 +23,11 @@ CVE-2018-14360 (An issue was discovered in NeoMutt before
2018-07-16. nntp_add_g
NOTE:
https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3
NOTE: https://neomutt.org/2018/07/16/release
CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85
+ NOTE: https://neomutt.org/2018/07/16/release
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
TODO: check
CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/032f472eea46f2921398d18604ce8cd660a9f75d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/032f472eea46f2921398d18604ce8cd660a9f75d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14360/neomutt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7333915 by Salvatore Bonaccorso at 2018-07-17T22:16:17+02:00 Add CVE-2018-14360/neomutt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -19,7 +19,9 @@ CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c pro NOTE: https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585 NOTE: https://neomutt.org/2018/07/16/release CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in ...) - TODO: check + - neomutt + NOTE: https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3 + NOTE: https://neomutt.org/2018/07/16/release CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) TODO: check CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7333915fac0f1f68d1b7e303d7effa2022c24ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7333915fac0f1f68d1b7e303d7effa2022c24ce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14361/neomutt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c756778b by Salvatore Bonaccorso at 2018-07-17T22:15:13+02:00 Add CVE-2018-14361/neomutt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -15,7 +15,9 @@ CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before NOTE: https://neomutt.org/2018/07/16/release NOTE: https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576 CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds ...) - TODO: check + - neomutt + NOTE: https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585 + NOTE: https://neomutt.org/2018/07/16/release CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in ...) TODO: check CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c756778b1bf1511817aa3be1743d169829eaa27f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c756778b1bf1511817aa3be1743d169829eaa27f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14362/{neomutt,mutt}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
792ed86c by Salvatore Bonaccorso at 2018-07-17T22:14:17+02:00
Add CVE-2018-14362/{neomutt,mutt}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,7 +9,11 @@ CVE-2018-14363 (An issue was discovered in NeoMutt before
2018-07-16. newsrc.c d
NOTE:
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
NOTE: https://neomutt.org/2018/07/16/release
CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt
before ...)
- TODO: check
+ - neomutt
+ - mutt
+ NOTE:
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
+ NOTE: https://neomutt.org/2018/07/16/release
+ NOTE:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c
proceeds ...)
TODO: check
CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16.
nntp_add_group in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/792ed86cf30b066094005dbe31a133952d10b99a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/792ed86cf30b066094005dbe31a133952d10b99a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14363/neomutt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dd89d20d by Salvatore Bonaccorso at 2018-07-17T22:12:58+02:00 Add CVE-2018-14363/neomutt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -5,7 +5,9 @@ CVE-2018-14365 CVE-2018-14364 RESERVED CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not ...) - TODO: check + - neomutt + NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e + NOTE: https://neomutt.org/2018/07/16/release CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) TODO: check CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd89d20d2b07e1ebb6489b0564676d1801f984b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd89d20d2b07e1ebb6489b0564676d1801f984b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc2fc7b0 by security tracker role at 2018-07-17T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,61 @@ +CVE-2018-14366 + RESERVED +CVE-2018-14365 + RESERVED +CVE-2018-14364 + RESERVED +CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not ...) + TODO: check +CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds ...) + TODO: check +CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in ...) + TODO: check +CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14353 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14352 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14351 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14350 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before ...) + TODO: check +CVE-2018-14348 + RESERVED +CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerability in ...) + TODO: check +CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow in ...) + TODO: check +CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured with ...) + TODO: check +CVE-2018-14344 + RESERVED +CVE-2018-14343 + RESERVED +CVE-2018-14342 + RESERVED +CVE-2018-14341 + RESERVED +CVE-2018-14340 + RESERVED +CVE-2018-14339 + RESERVED +CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses the ...) + TODO: check CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 ...) - mruby (bug #903985) NOTE: https://github.com/mruby/mruby/issues/4062 @@ -1041,18 +1099,18 @@ CVE-2018-13866 (An issue was discovered in the HDF HDF5 1.8.20 library. There is NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13865 (An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the ...) NOT-FOR-US: idreamsoft iCMS -CVE-2018-13864 - RESERVED -CVE-2018-13862 - RESERVED -CVE-2018-13861 - RESERVED -CVE-2018-13860 - RESERVED -CVE-2018-13859 - RESERVED -CVE-2018-13858 - RESERVED +CVE-2018-13864 (A directory traversal vulnerability has been found in the Assets ...) + TODO: check +CVE-2018-13862 (Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 ...) + TODO: check +CVE-2018-13861 (Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 ...) + TODO: check +CVE-2018-13860 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 ...) + TODO: check +CVE-2018-13859 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 ...) + TODO: check +CVE-2018-13858 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 ...) + TODO: check CVE-2018-13863 (The MongoDB bson JavaScript module (also known as js-bson) versions ...) - node-bson (bug #897282) NOTE: https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a @@ -19724,8 +19782,8 @@ CVE-2018-6683 RESERVED CVE-2018-6682 RESERVED -CVE-2018-6681 - RESERVED +CVE-2018-6681 (Abuse of Functionality vulnerability in the web interface in McAfee ...) + TODO: check CVE-2018-6680 RESERVED CVE-2018-6679 @@ -33786,8 +33844,8 @@ CVE-2018-1614 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using ... NOT-FOR-US: IBM CVE-2018-1613 RESERVED -CVE-2018-1612 - RESERVED +CVE-2018-1612 (IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could ...) + TODO: check CVE-2018-1611 RESERVED CVE-2018-1610 View it
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-14337
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39bbeec7 by Salvatore Bonaccorso at 2018-07-17T21:25:53+02:00 Add bug reference for CVE-2018-14337 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,5 @@ CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 ...) - - mruby + - mruby (bug #903985) NOTE: https://github.com/mruby/mruby/issues/4062 NOTE: https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b NOTE: https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39bbeec75c30ed8f2667a13ed1d841cd9c4cd3bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39bbeec75c30ed8f2667a13ed1d841cd9c4cd3bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove reference to commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5aeaae0f by Salvatore Bonaccorso at 2018-07-17T20:43:33+02:00 Remove reference to commit This commit was not for CVE-2018-1000544. It was to fix another issue, upstream issue #315, but not the CVE-2018-1000544. The full upstream fix for CVE-2018-1000544 has furthermore not yet been validated, cf. https://github.com/rubyzip/rubyzip/pull/371 . - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3798,7 +3798,6 @@ CVE-2018-1000545 CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory ...) - ruby-zip (bug #902720) NOTE: https://github.com/rubyzip/rubyzip/issues/369 - NOTE: https://github.com/rubyzip/rubyzip/commit/ce4208fdecc2ad079b05d3c49d70fe6ed1d07016 CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to ...) NOT-FOR-US: Akiee CVE-2018-1000542 (netbeans-mmd-plugin version = 1.4.3 contains a XML External Entity ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aeaae0fac4cb04751675da1737bc7164dbbaa05 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aeaae0fac4cb04751675da1737bc7164dbbaa05 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-100211/ruby-doorkeeper
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: afa76a8c by Salvatore Bonaccorso at 2018-07-17T20:39:32+02:00 Add bug reference for CVE-2018-100211/ruby-doorkeeper - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -646,7 +646,7 @@ CVE-2018-14038 CVE-2018-14037 RESERVED CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...) - - ruby-doorkeeper + - ruby-doorkeeper (bug #903980) NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891 NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119 NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afa76a8c15ec9ed29d44f41b45d335a41a75e446 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afa76a8c15ec9ed29d44f41b45d335a41a75e446 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Wrap paragraph
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d61d1ef by Salvatore Bonaccorso at 2018-07-17T20:24:35+02:00 Wrap paragraph - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -21,7 +21,8 @@ CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow lo - htslib [jessie] - htslib (Minor issue, ignored by upstream) NOTE: https://github.com/samtools/htslib/issues/736 - NOTE: Upstream closed the issue, reasoning that fixing the issue would cause another set of problems. + NOTE: Upstream closed the issue, reasoning that fixing the issue would + NOTE: cause another set of problems. CVE-2018-14328 RESERVED CVE-2018-14327 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d61d1ef4951db2512b42abb77b1e11662c494f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d61d1ef4951db2512b42abb77b1e11662c494f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove superflous dot in CVE/list.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b501684 by Markus Koschany at 2018-07-17T20:15:01+02:00 Remove superflous dot in CVE/list. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -28197,7 +28197,7 @@ CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby to ...) [experimental] - ruby-sanitize 4.6.5-1 - ruby-sanitize (bug #893610) - [jessie] - ruby-sanitize (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1). + [jessie] - ruby-sanitize (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1) NOTE: https://github.com/rgrove/sanitize/issues/176 NOTE: https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e NOTE: Only an issue in combination with libxml2 >= 2.9.2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b501684db6bd0e21490598facaaa69f2fa30dee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b501684db6bd0e21490598facaaa69f2fa30dee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing e62bd1e928dca706e4a2d2b0cd317865a6282306 failed
The error message was: data/CVE/list:28200: expected package entry, got: '[jessie] - ruby-sanitize (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1).' Makefile:34: recipe for target 'all' failed make: *** [all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add twitter-bootstrap and twitter-bootstrap3 to dla-needed.txt.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: e62bd1e9 by Mike Gabriel at 2018-07-17T19:52:51+02:00 Add twitter-bootstrap and twitter-bootstrap3 to dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -132,6 +132,10 @@ tomcat8 (Roberto C. Sánchez) -- twig -- +twitter-bootstrap +-- +twitter-bootstrap3 +-- vim-syntastic -- wine View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e62bd1e928dca706e4a2d2b0cd317865a6282306 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e62bd1e928dca706e4a2d2b0cd317865a6282306 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing 9401f1235a2261c82f9d0684e2ce1969042b2af3 failed
The error message was: data/CVE/list:28200: expected package entry, got: '[jessie] - ruby-sanitize (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1).' Makefile:34: recipe for target 'all' failed make: *** [all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: data/CVE/list: Add commit that fixes CVE-2018-1000544 (ruby-zip).
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ccf2d71 by Mike Gabriel at 2018-07-17T19:33:46+02:00 data/CVE/list: Add commit that fixes CVE-2018-1000544 (ruby-zip). - - - - - 9401f123 by Mike Gabriel at 2018-07-17T19:34:20+02:00 Add ruby-zip to dla-needed.txt. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3796,6 +3796,7 @@ CVE-2018-1000545 CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory ...) - ruby-zip (bug #902720) NOTE: https://github.com/rubyzip/rubyzip/issues/369 + NOTE: https://github.com/rubyzip/rubyzip/commit/ce4208fdecc2ad079b05d3c49d70fe6ed1d07016 CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to ...) NOT-FOR-US: Akiee CVE-2018-1000542 (netbeans-mmd-plugin version = 1.4.3 contains a XML External Entity ...) = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -111,6 +111,8 @@ resiprocate -- ruby2.1 -- +ruby-zip +-- slurm-llnl (Thorsten Alteholz) NOTE: 20180630: test package uploaded to https://people.debian.org/~alteholz/packages/jessie-lts/slurm-llnl/ -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ebc66f79026e623c894cbce02ac99725e3b66733...9401f1235a2261c82f9d0684e2ce1969042b2af3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ebc66f79026e623c894cbce02ac99725e3b66733...9401f1235a2261c82f9d0684e2ce1969042b2af3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Processing ebc66f79026e623c894cbce02ac99725e3b66733 failed
The error message was: data/CVE/list:28199: expected package entry, got: '[jessie] - ruby-sanitize (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1).' Makefile:34: recipe for target 'all' failed make: *** [all] Error 1 ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/CVE/list: Ignore CVE-2018-3740 (ruby-sanitize) for jessie. Issue only…
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: ebc66f79 by Mike Gabriel at 2018-07-17T19:28:33+02:00 data/CVE/list: Ignore CVE-2018-3740 (ruby-sanitize) for jessie. Issue only occurs with libxml2 = 2.9.2. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -28196,6 +28196,7 @@ CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby to ...) [experimental] - ruby-sanitize 4.6.5-1 - ruby-sanitize (bug #893610) + [jessie] - ruby-sanitize (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1). NOTE: https://github.com/rgrove/sanitize/issues/176 NOTE: https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e NOTE: Only an issue in combination with libxml2 >= 2.9.2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebc66f79026e623c894cbce02ac99725e3b66733 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebc66f79026e623c894cbce02ac99725e3b66733 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add vim-syntastic to dla-needed.txt.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 52063535 by Mike Gabriel at 2018-07-17T19:16:10+02:00 Add vim-syntastic to dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -130,6 +130,8 @@ tomcat8 (Roberto C. Sánchez) -- twig -- +vim-syntastic +-- wine NOTE: Consider either fixing wine-development too or marking it as NOTE: end-of-life. The stable version is actually only src:wine and is used View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52063535a8bd4fee7569a4269a2da82d78578c01 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52063535a8bd4fee7569a4269a2da82d78578c01 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add twig to dla-needed.txt.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 617d954c by Mike Gabriel at 2018-07-17T19:09:16+02:00 Add twig to dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -128,6 +128,8 @@ tiff3 (Holger Levsen) tomcat8 (Roberto C. Sánchez) NOTE: 20180630: Patches are ready; package FTBFS; awaiting feedback from the maintainers on how to build package without FTBFS. -- +twig +-- wine NOTE: Consider either fixing wine-development too or marking it as NOTE: end-of-life. The stable version is actually only src:wine and is used View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/617d954c93e0442638a61a4da67e074480fd2969 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/617d954c93e0442638a61a4da67e074480fd2969 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/CVE/list: Tag CVE-2018-14329 as for htslib in [jessie]. Upstream…
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 465d0599 by Mike Gabriel at 2018-07-17T19:06:23+02:00 data/CVE/list: Tag CVE-2018-14329 as no-dsa for htslib in [jessie]. Upstream chose to ignore the issue and encounter it with user education. See https://github.com/samtools/htslib/issues/736#issuecomment-405638099 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -19,7 +19,9 @@ CVE-2018-14330 RESERVED CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow local ...) - htslib + [jessie] - htslib (Minor issue, ignored by upstream) NOTE: https://github.com/samtools/htslib/issues/736 + NOTE: Upstream closed the issue, reasoning that fixing the issue would cause another set of problems. CVE-2018-14328 RESERVED CVE-2018-14327 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/465d05999225761e220c0f45003609697f9bf8ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/465d05999225761e220c0f45003609697f9bf8ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] libpgobject-util-dbadmin-perl no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6cc4d595 by Moritz Muehlenhoff at 2018-07-17T19:02:06+02:00 libpgobject-util-dbadmin-perl no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -12671,6 +12671,7 @@ CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php NOT-FOR-US: Gxlcms QY CVE-2018-9246 (The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in ...) - libpgobject-util-dbadmin-perl 0.130.1-1 (bug #900942) + [stretch] - libpgobject-util-dbadmin-perl (Minor issue) NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/2c25c3dbc8b832a657247d3ea63ae80f3c5df6b1 NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/f4e684008ca9e182833a70793ae91288d2c80218 NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/dc48d0e1af0dbf861779b2c781e0f4c612c22cfb View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6cc4d59573a5442c3e27db333ebf1ea040a5c4ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6cc4d59573a5442c3e27db333ebf1ea040a5c4ce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add yum-utils to dla-needed.txt.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: e3b67335 by Mike Gabriel at 2018-07-17T18:58:54+02:00 Add yum-utils to dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -140,5 +140,7 @@ wine-development wordpress (Markus Koschany) NOTE: Update is ready and will be released at the end of the month. -- +yum-utils +-- xen (Emilio Pozuelo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3b67335a3125ec150b5c452ab3b8f025f550bba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3b67335a3125ec150b5c452ab3b8f025f550bba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add giflib to dla-needed.txt (with comment).
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 00c0950c by Mike Gabriel at 2018-07-17T18:55:45+02:00 Add giflib to dla-needed.txt (with comment). - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -37,6 +37,10 @@ firefox-esr (Emilio Pozuelo) NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL. NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work. -- +giflib + NOTE: 20180717: As of today, no possible fix could be found for CVE-2018-11489 and + NOTE: 20180717: CVE-2018-11490 while triaging these issues. +-- git-annex NOTE: See #903037 for more information and a fix for Stretch. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00c0950cbbfec35a48fa51e9f3c90a388bcdc554 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00c0950cbbfec35a48fa51e9f3c90a388bcdc554 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add ruby2.1 to dla-needed.txt.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c182f57 by Mike Gabriel at 2018-07-17T18:33:57+02:00 Add ruby2.1 to dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -103,6 +103,8 @@ policykit-1 -- qemu (Santiago) -- +ruby2.1 +-- slurm-llnl (Thorsten Alteholz) NOTE: 20180630: test package uploaded to https://people.debian.org/~alteholz/packages/jessie-lts/slurm-llnl/ -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c182f5716815dd0c5d4770cfba6e4c65ebc7fcd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c182f5716815dd0c5d4770cfba6e4c65ebc7fcd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add libtomcrypt to dla-needed.txt.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: b3759ab5 by Mike Gabriel at 2018-07-17T17:19:54+02:00 Add libtomcrypt to dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -80,6 +80,8 @@ libidn (Santiago) -- libspring-java (Abhijith PA) -- +libtomcrypt +-- linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3759ab5e636df32fbaa31457905a99c350ebf7d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3759ab5e636df32fbaa31457905a99c350ebf7d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/CVE/list: Tag CVE-2017-17689 as for [jessie]. Wait for upstream…
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: e1f5c4c1 by Mike Gabriel at 2018-07-17T17:14:45+02:00 data/CVE/list: Tag CVE-2017-17689 as postponed for [jessie]. Wait for upstream release containing the fix. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -32263,6 +32263,7 @@ CVE-2017-17690 CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ...) - thunderbird (bug #898631) [stretch] - thunderbird (Wait until fixed in upstream release) + [jessie] - thunderbird (Wait until fixed in upstream release) - evolution (bug #898633) - kmail (bug #898634) - kf5-messagelib (bug #899127) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f5c4c19cbf3af1ec0022f8764e6c9af96d7fdf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f5c4c19cbf3af1ec0022f8764e6c9af96d7fdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/CVE/list: Tag CVE-2018-14073 and CVE-2018-14072 as (both: libsixel). Minor issues.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 35f09210 by Mike Gabriel at 2018-07-17T17:08:39+02:00 data/CVE/list: Tag CVE-2018-14073 and CVE-2018-14072 as postponed (both: libsixel). Minor issues. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -537,10 +537,12 @@ CVE-2018-14074 CVE-2018-14073 (libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. ...) - libsixel (low; bug #903858) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926 CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, ...) - libsixel (low; bug #903858) [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/67#issue-341198610 CVE-2018-14071 (The Geo Mashup plugin before 1.10.4 for WordPress has insufficient ...) NOT-FOR-US: Geo Mashup plugin for WordPress View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35f092104c42f4d93cde9c8ea2a045e79ac7d774 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35f092104c42f4d93cde9c8ea2a045e79ac7d774 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim libgit2
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: df93055d by Thorsten Alteholz at 2018-07-17T13:35:05+02:00 claim libgit2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -71,7 +71,7 @@ libav (Hugo Lefeuvre) NOTE: 20180529: Help is welcome, feel free to mail Hugo. Still up-to-date. Help needed for CVE triage and patch development. NOTE: 20180529: Just contacted some of the CVE reporters to ask for the reproducers, CC-ed team ML. -- -libgit2 +libgit2 (Thorsten Alteholz) -- libidn (Santiago) NOTE: CVE-2017-14062 fixed in wheezy. 20180622: Markus reports that Santiago has proposed an update for this to the security team. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df93055d732d327367fc53162d330334e36253a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df93055d732d327367fc53162d330334e36253a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60fcedf7 by Salvatore Bonaccorso at 2018-07-17T10:18:08+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -8,7 +8,7 @@ CVE-2018-14335 CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file ...) NOT-FOR-US: joyplus-cms CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode format within ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2018-14332 RESERVED CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a CSRF ...) @@ -1108,7 +1108,7 @@ CVE-2018-13834 CVE-2018-13833 (An issue was discovered in cmft through 2017-09-24. The ...) NOT-FOR-US: cmft CVE-2018-13832 (Multiple Persistent cross-site scripting (XSS) issues in the ...) - TODO: check + NOT-FOR-US: Techotronic all-in-one-favicon (aka All In One Favicon) plugin for WordPress CVE-2018-13831 RESERVED CVE-2018-13830 @@ -34642,7 +34642,7 @@ CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in CVE-2017-17542 RESERVED CVE-2017-17541 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2017-17540 (The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows ...) NOT-FOR-US: Fortinet FortiWLC CVE-2017-17539 (The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and ...) @@ -99350,25 +99350,25 @@ CVE-2016-6559 (Improper bounds checking of the obuf variable in the link_ntoa() CVE-2016-6558 (A command injection vulnerability exists in apply.cgi on the ASUS ...) TODO: check CVE-2016-6557 (In ASUS RP-AC52 access points with firmware version 1.0.1.1s and ...) - TODO: check + NOT-FOR-US: ASUS RP-AC52 access points CVE-2016-6556 RESERVED CVE-2016-6555 RESERVED CVE-2016-6554 (Synology NAS servers DS107, firmware version 3.1-1639 and prior, and ...) - TODO: check + NOT-FOR-US: Synology CVE-2016-6553 (Nuuo NT-4040 Titan, firmware NT-4040_01.07..0015_1120, uses ...) - TODO: check + NOT-FOR-US: Nuuo NT-4040 Titan CVE-2016-6552 (Green Packet DX-350 uses non-random default credentials of: ...) - TODO: check + NOT-FOR-US: Green Packet DX-350 CVE-2016-6551 (Intellian Satellite TV antennas t-Series and v-Series, firmware ...) TODO: check CVE-2016-6550 (The U by BBT app 1.5.4 and earlier for iOS does not properly verify ...) NOT-FOR-US: BB CVE-2016-6549 (The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, ...) - TODO: check + NOT-FOR-US: Zizai Tech Nut device CVE-2016-6548 (The Zizai Tech Nut mobile app makes requests via HTTP instead of ...) - TODO: check + NOT-FOR-US: Zizai Tech Nut mobile app CVE-2016-6547 (The Zizai Tech Nut mobile app stores the account password used to ...) TODO: check CVE-2016-6546 (The iTrack Easy mobile application stores the account password used to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60fcedf739aa55a4ac1a25db04462d2aac7b1294 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60fcedf739aa55a4ac1a25db04462d2aac7b1294 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c6b66da by Salvatore Bonaccorso at 2018-07-17T10:13:34+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -6,13 +6,13 @@ CVE-2018-14336 CVE-2018-14335 RESERVED CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file ...) - TODO: check + NOT-FOR-US: joyplus-cms CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode format within ...) TODO: check CVE-2018-14332 RESERVED CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a CSRF ...) - TODO: check + NOT-FOR-US: XiaoCms CVE-2018-14330 RESERVED CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow local ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c6b66da264acf3a799aeddc7ea626ce3c4b770b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c6b66da264acf3a799aeddc7ea626ce3c4b770b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14337/mruby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39dec6a7 by Salvatore Bonaccorso at 2018-07-17T10:12:40+02:00 Add CVE-2018-14337/mruby - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,6 @@ CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 ...) - TODO: check + - mruby + NOTE: https://github.com/mruby/mruby/issues/4062 CVE-2018-14336 RESERVED CVE-2018-14335 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39dec6a7e2161065c1b9715e0c6a33cef99e546c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/39dec6a7e2161065c1b9715e0c6a33cef99e546c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-14329/htslib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c975d4b by Salvatore Bonaccorso at 2018-07-17T10:13:05+02:00 Add CVE-2018-14329/htslib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -16,7 +16,8 @@ CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a CSRF CVE-2018-14330 RESERVED CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow local ...) - TODO: check + - htslib + NOTE: https://github.com/samtools/htslib/issues/736 CVE-2018-14328 RESERVED CVE-2018-14327 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c975d4b545f1e7df1d2e58e2f67c26bb92a9622 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c975d4b545f1e7df1d2e58e2f67c26bb92a9622 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39fa51e1 by security tracker role at 2018-07-17T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,25 @@
+CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in
mruby 1.4.1 ...)
+ TODO: check
+CVE-2018-14336
+ RESERVED
+CVE-2018-14335
+ RESERVED
+CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows
arbitrary file ...)
+ TODO: check
+CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode
format within ...)
+ TODO: check
+CVE-2018-14332
+ RESERVED
+CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a
CSRF ...)
+ TODO: check
+CVE-2018-14330
+ RESERVED
+CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow
local ...)
+ TODO: check
+CVE-2018-14328
+ RESERVED
+CVE-2018-14327
+ RESERVED
CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0
has TCP ...)
TODO: check
CVE-2018-14323
@@ -1083,8 +1105,8 @@ CVE-2018-13834
RESERVED
CVE-2018-13833 (An issue was discovered in cmft through 2017-09-24. The ...)
NOT-FOR-US: cmft
-CVE-2018-13832
- RESERVED
+CVE-2018-13832 (Multiple Persistent cross-site scripting (XSS) issues in the
...)
+ TODO: check
CVE-2018-13831
RESERVED
CVE-2018-13830
@@ -4022,8 +4044,8 @@ CVE-2018-12586
RESERVED
CVE-2018-12585
RESERVED
-CVE-2018-12584
- RESERVED
+CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in ...)
+ TODO: check
CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an
article via an ...)
NOT-FOR-US: AKCMS
CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin
account via ...)
@@ -8581,8 +8603,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information
Exposure when decrypti
NOTE:
https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10858
RESERVED
-CVE-2018-10857
- RESERVED
+CVE-2018-10857 (git-annex is vulnerable to a private data exposure and
exfiltration ...)
- git-annex 6.20180626-1
[stretch] - git-annex 6.20170101-1+deb9u2
NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
@@ -8642,8 +8663,7 @@ CVE-2018-10841 (glusterfs is vulnerable to privilege
escalation on gluster serve
[jessie] - glusterfs (vulnerable code not present)
NOTE: https://review.gluster.org/#/c/20328/
NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
-CVE-2018-10840 [ext4: correctly handle a zero-length xattr with a non-zero
e_value_offs]
- RESERVED
+CVE-2018-10840 (Linux kernel is vulnerable to a heap-based buffer overflow in
the ...)
- linux 4.17.3-1
[stretch] - linux (Vulnerable code not present)
[jessie] - linux (Vulnerable code not present)
@@ -16657,6 +16677,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2
for Node.js is prone to
NOTE: https://nodesecurity.io/advisories/565
NOTE: nodejs not covered by security support
CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and
earlier ...)
+ {DSA-4247-1}
- ruby-rack-protection (bug #892250)
[jessie] - ruby-rack-protection (Low prio package and low
prio vulnerability according to RedHat)
[wheezy] - ruby-rack-protection (Low prio package and low
prio vulnerability according to RedHat)
@@ -34618,8 +34639,8 @@ CVE-2017-17543 (Users' VPN authentication credentials
are unsafely encrypted in
NOT-FOR-US: Fortinet FortiClient
CVE-2017-17542
RESERVED
-CVE-2017-17541
- RESERVED
+CVE-2017-17541 (A Cross-site Scripting (XSS) vulnerability in Fortinet
FortiManager ...)
+ TODO: check
CVE-2017-17540 (The presence of a hardcoded account in Fortinet FortiWLC 8.3.3
allows ...)
NOT-FOR-US: Fortinet FortiWLC
CVE-2017-17539 (The presence of a hardcoded account in Fortinet FortiWLC
7.0.11 and ...)
@@ -36160,8 +36181,7 @@ CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path
traversal vulnerability .
NOTE: https://issues.jboss.org/browse/WFLY-9620
NOTE: https://developer.jboss.org/thread/276826
NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
-CVE-2018-1046 [stack-based buffer overflow in dnsreplay]
- RESERVED
+CVE-2018-1046 (pdns before version 4.1.2 is vulnerable to a buffer overflow in
...)
- pdns 4.1.2-1 (bug #898255)
[stretch] - pdns (local DoS when parsing untrusted files)
[jessie] - pdns (Vulnerable code not present)
@@ -44990,8 +45010,7 @@ CVE-2017-15139
[Git][security-tracker-team/security-tracker][master] Claim gpac
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: d8d2f6fd by Brian May at 2018-07-17T17:23:40+10:00 Claim gpac - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -40,7 +40,7 @@ git-annex -- gosa (Mike Gabriel) -- -gpac +gpac (Brian May) -- graphicsmagick (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8d2f6fd813b6384cd7e7841e0e4cbdb461aeae6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8d2f6fd813b6384cd7e7841e0e4cbdb461aeae6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] stable triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
617038f2 by Moritz Muehlenhoff at 2018-07-17T08:01:53+02:00
stable triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -168,9 +168,11 @@ CVE-2018-14241
RESERVED
CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant
memory ...)
- mp4v2
+ [stretch] - mp4v2 (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant
memory ...)
- mp4v2
+ [stretch] - mp4v2 (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14240
RESERVED
@@ -1207,6 +1209,7 @@ CVE-2018-1000611 (SURFnet OpenConext EngineBlock version
5.7.0 to 5.7.3 contains
NOT-FOR-US: SURFnet OpenConext EngineBlock
CVE-2018-1000622 (The Rust Programming Language rustdoc version Between 0.8
and 1.27.0 ...)
- rustc
+ [stretch] - rustc (Minor issue, can be fixed along in future
rustc update for ESR69)
NOTE:
https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM
CVE-2018-13787 (Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1,
A2, and ...)
NOT-FOR-US: Supermicro
@@ -3818,7 +3821,8 @@ CVE-2018-1000522
CVE-2018-1000521 (BigTree-CMS contains a Cross Site Scripting (XSS)
vulnerability in ...)
NOT-FOR-US: BigTree-CMS
CVE-2018-1000520 (ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite
Allows ...)
- - mbedtls
+ - mbedtls (low)
+ [stretch] - mbedtls (Minor issue)
- polarssl
NOTE: https://github.com/ARMmbed/mbedtls/issues/1561
CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation
vulnerability in ...)
@@ -32229,6 +32233,7 @@ CVE-2017-17690
RESERVED
CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC)
...)
- thunderbird (bug #898631)
+ [stretch] - thunderbird (Wait until fixed in upstream
release)
- evolution (bug #898633)
- kmail (bug #898634)
- kf5-messagelib (bug #899127)
@@ -37468,7 +37473,8 @@ CVE-2018-0739 (Constructed ASN.1 types with a recursive
definition (such as can
{DSA-4158-1 DSA-4157-1 DLA-1330-1}
- openssl 1.1.0h-1
- openssl1.0 1.0.2o-1
- - libtomcrypt 1.18.2-1
+ - libtomcrypt 1.18.2-1 (low)
+ [stretch] - libtomcrypt (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20180327.txt
NOTE: OpenSSL_1_1_0-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
NOTE: OpenSSL_1_0_2-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d
=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -51,7 +51,6 @@ mailman
mariadb-10.1/stable
--
mercurial
- 2018-06-07: jessie update proposed by anarcat in
https://lists.debian.org/87y3fr75kk@angela.anarc.at
--
mosquitto (seb)
2018-02-27: Roger Light provided a debdiff targetting stretch, needs review
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/617038f2a055c00cdd92b9384e3c9a85fe8cbb86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/617038f2a055c00cdd92b9384e3c9a85fe8cbb86
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
