[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2012-3144,glassfish: end-of-life for Jessie
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 9068a2de by Markus Koschany at 2018-10-11T21:29:19Z CVE-2012-3144,glassfish: end-of-life for Jessie This package has no real life impact. It is outdated and not used at runtime. - - - - - 1c0ba288 by Markus Koschany at 2018-10-11T21:49:05Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -210924,6 +210924,7 @@ CVE-2012-3156 (Unspecified vulnerability in the MySQL Server component in Oracle - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3155 (Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...) - glassfish (bug #692035) + [jessie] - glassfish [wheezy] - glassfish NOTE: Oracle doesn't provide any useful public information to fix the package without importing a new upstream version. CVE-2012-3154 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d...1c0ba28829e75f54ab0a01b9ab3b432bfed34031 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d...1c0ba28829e75f54ab0a01b9ab3b432bfed34031 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 377fbe0a by Salvatore Bonaccorso at 2018-10-11T21:18:54Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6064,7 +6064,7 @@ CVE-2018-15768 CVE-2018-15767 RESERVED CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint ...) - TODO: check + NOT-FOR-US: Dell CVE-2018-15765 RESERVED CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote ...) @@ -13845,7 +13845,7 @@ CVE-2018-12598 CVE-2018-12597 RESERVED CVE-2018-12596 (Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU ...) - TODO: check + NOT-FOR-US: Episerver Ektron CMS CVE-2018-12595 RESERVED CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to ...) @@ -14154,7 +14154,7 @@ CVE-2018-12476 CVE-2018-12475 RESERVED CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...) - TODO: check + NOT-FOR-US: obs-service-tar_scm of Open Build Service CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of ...) NOT-FOR-US: obs-service-tar_scm of Open Build Service CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux SMT ...) @@ -14207,9 +14207,9 @@ CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin ...) NOT-FOR-US: expressCart CVE-2018-12456 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token ...) - TODO: check + NOT-FOR-US: Intelbras NPLUG 1.0.0.14 wireless repeater devices CVE-2018-12455 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical ...) - TODO: check + NOT-FOR-US: Intelbras NPLUG 1.0.0.14 wireless repeater devices CVE-2018-12454 (The _addguess function of a simplelottery smart contract implementation ...) NOT-FOR-US: simplelottery CVE-2018-12453 (Type confusion in the xgroupCommand function in t_stream.c in ...) @@ -14223,7 +14223,7 @@ CVE-2018-12451 CVE-2018-12450 RESERVED CVE-2018-12449 (The Whale browser installer 0.4.3.0 and earlier versions allows DLL ...) - TODO: check + NOT-FOR-US: Whale browser installer CVE-2018-12448 (Whale Browser before 1.3.48.4 displays no URL information but only a ...) NOT-FOR-US: Whale Browser CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...) @@ -15149,7 +15149,7 @@ CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit 4. CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for Windows before ...) NOT-FOR-US: Intel OpenVINO Toolkit for Windows CVE-2018-12161 (Insufficient session validation in the webserver component of the ...) - TODO: check + NOT-FOR-US: Intel Rapid Web Server CVE-2018-12160 (DLL injection vulnerability in software installer for Intel Data ...) NOT-FOR-US: Intel CVE-2018-12159 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim all the magick
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 24044361 by Moritz Muehlenhoff at 2018-10-11T21:03:15Z claim all the magick drop no-dsa entries which will be fixed in forthcoming DSA migrate a few wireshark CVE IDs which were tracked in CVE/list to DSA/list - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -5320,21 +5320,18 @@ CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow .. NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - wireshark 2.6.3-1 (low) - [stretch] - wireshark (Minor issue) [jessie] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - wireshark 2.6.3-1 (low) - [stretch] - wireshark (Minor issue) [jessie] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) - wireshark 2.6.3-1 (low) - [stretch] - wireshark (Minor issue) [jessie] - wireshark (vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485 @@ -9546,20 +9543,17 @@ CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) {DLA-1451-1} - wireshark 2.6.2-1 - [stretch] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e NOTE: https://www.wireshark.org/security/wnpa-sec-2018-41.html CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) {DLA-1451-1} - wireshark 2.6.2-1 - [stretch] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c NOTE: https://www.wireshark.org/security/wnpa-sec-2018-40.html CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol ...) - wireshark 2.6.2-1 - [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310 @@ -9688,7 +9682,6 @@ CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured wi NOTE: https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98 CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) - wireshark 2.6.2-1 - [stretch] - wireshark (Minor issue) [jessie] - wireshark (Vulnerable code not present, introduced in v1.99.1rc0-224-g6720c80bab) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14672 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f7153685b39a164aea09ba7f96ebb648b8328ae @@ -9702,14 +9695,12 @@ CVE-2018-14343 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15 CVE-2018-14342 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) {DLA-1451-1} - wireshark 2.6.2-1 - [stretch] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13741 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=36af43dbb7673495948cd65d0346e8b9812b941c NOTE: https://www.wireshark.org/security/wnpa-sec-2018-34.html CVE-2018-14341 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...) {DLA-1451-1} - wireshark 2.6.2-1 - [stretch] - wireshark (Minor issue) NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c1ef1900 by security tracker role at 2018-10-11T20:11:22Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,191 @@ +CVE-2019-0085 + RESERVED +CVE-2019-0084 + RESERVED +CVE-2019-0083 + RESERVED +CVE-2019-0082 + RESERVED +CVE-2019-0081 + RESERVED +CVE-2019-0080 + RESERVED +CVE-2019-0079 + RESERVED +CVE-2019-0078 + RESERVED +CVE-2019-0077 + RESERVED +CVE-2019-0076 + RESERVED +CVE-2019-0075 + RESERVED +CVE-2019-0074 + RESERVED +CVE-2019-0073 + RESERVED +CVE-2019-0072 + RESERVED +CVE-2019-0071 + RESERVED +CVE-2019-0070 + RESERVED +CVE-2019-0069 + RESERVED +CVE-2019-0068 + RESERVED +CVE-2019-0067 + RESERVED +CVE-2019-0066 + RESERVED +CVE-2019-0065 + RESERVED +CVE-2019-0064 + RESERVED +CVE-2019-0063 + RESERVED +CVE-2019-0062 + RESERVED +CVE-2019-0061 + RESERVED +CVE-2019-0060 + RESERVED +CVE-2019-0059 + RESERVED +CVE-2019-0058 + RESERVED +CVE-2019-0057 + RESERVED +CVE-2019-0056 + RESERVED +CVE-2019-0055 + RESERVED +CVE-2019-0054 + RESERVED +CVE-2019-0053 + RESERVED +CVE-2019-0052 + RESERVED +CVE-2019-0051 + RESERVED +CVE-2019-0050 + RESERVED +CVE-2019-0049 + RESERVED +CVE-2019-0048 + RESERVED +CVE-2019-0047 + RESERVED +CVE-2019-0046 + RESERVED +CVE-2019-0045 + RESERVED +CVE-2019-0044 + RESERVED +CVE-2019-0043 + RESERVED +CVE-2019-0042 + RESERVED +CVE-2019-0041 + RESERVED +CVE-2019-0040 + RESERVED +CVE-2019-0039 + RESERVED +CVE-2019-0038 + RESERVED +CVE-2019-0037 + RESERVED +CVE-2019-0036 + RESERVED +CVE-2019-0035 + RESERVED +CVE-2019-0034 + RESERVED +CVE-2019-0033 + RESERVED +CVE-2019-0032 + RESERVED +CVE-2019-0031 + RESERVED +CVE-2019-0030 + RESERVED +CVE-2019-0029 + RESERVED +CVE-2019-0028 + RESERVED +CVE-2019-0027 + RESERVED +CVE-2019-0026 + RESERVED +CVE-2019-0025 + RESERVED +CVE-2019-0024 + RESERVED +CVE-2019-0023 + RESERVED +CVE-2019-0022 + RESERVED +CVE-2019-0021 + RESERVED +CVE-2019-0020 + RESERVED +CVE-2019-0019 + RESERVED +CVE-2019-0018 + RESERVED +CVE-2019-0017 + RESERVED +CVE-2019-0016 + RESERVED +CVE-2019-0015 + RESERVED +CVE-2019-0014 + RESERVED +CVE-2019-0013 + RESERVED +CVE-2019-0012 + RESERVED +CVE-2019-0011 + RESERVED +CVE-2019-0010 + RESERVED +CVE-2019-0009 + RESERVED +CVE-2019-0008 + RESERVED +CVE-2019-0007 + RESERVED +CVE-2019-0006 + RESERVED +CVE-2019-0005 + RESERVED +CVE-2019-0004 + RESERVED +CVE-2019-0003 + RESERVED +CVE-2019-0002 + RESERVED +CVE-2019-0001 + RESERVED +CVE-2018-18250 + RESERVED +CVE-2018-18249 + RESERVED +CVE-2018-18248 + RESERVED +CVE-2018-18247 + RESERVED +CVE-2018-18246 + RESERVED +CVE-2018-18245 + RESERVED +CVE-2018-18244 + RESERVED +CVE-2018-18243 + RESERVED +CVE-2018-18242 (youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated ...) + TODO: check CVE-2018-18241 RESERVED CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a command to ...) @@ -50,8 +238,8 @@ CVE-2018-18217 RESERVED CVE-2018-18216 RESERVED -CVE-2018-18215 - RESERVED +CVE-2018-18215 (In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can ...) + TODO: check CVE-2018-18214 RESERVED CVE-2018-18213 @@ -374,7 +562,7 @@ CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 ha NOTE: issue, but might still not be just a duplicate but an independent issue fixed with NOTE: same commit. CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has ...) - {DLA-1540-1} + {DSA-4314-1 DLA-1540-1} - net-snmp (bug #910638) NOTE: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos NOTE: https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/ @@ -5878,8 +6066,8 @@ CVE-2018-15768 RESERVED CVE-2018-15767 RESERVED -CVE-2018-15766 - RESERVED +CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint ...) + TODO: check CVE-2018-15765 RESERVED CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote ...) @@ -14044,8 +14232,8 @@ CVE-2018-12451 RESERVED CVE-2018-12450 RESERVED -CVE-2018-12449 - RESERVED +CVE-2018-12449 (The Whale browser installer 0.4.3.0 and earlier versions allows DLL ...) + TODO:
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for net-snmp update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed188f5a by Salvatore Bonaccorso at 2018-10-11T19:28:02Z Reserve DSA number for net-snmp update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[11 Oct 2018] DSA-4314-1 net-snmp - security update + {CVE-2018-18065} + [stretch] - net-snmp 5.7.3+dfsg-1.7+deb9u1 [08 Oct 2018] DSA-4313-1 linux - security update {CVE-2018-15471 CVE-2018-18021} [stretch] - linux 4.9.110-3+deb9u6 = data/dsa-needed.txt = @@ -59,8 +59,6 @@ mosquitto (seb) mupdf leaf package, might be a candidate for simply moving to 1.13 in stretch -- -net-snmp (carnil) --- openjpeg2 (luciano) -- otrs2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed188f5a69b22c586a1f99d0bcedc2eecf7afb53 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed188f5a69b22c586a1f99d0bcedc2eecf7afb53 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add one more additional commit needed for CVE-2018-17961
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a508c16d by Salvatore Bonaccorso at 2018-10-11T19:12:22Z Add one more additional commit needed for CVE-2018-17961 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -660,6 +660,7 @@ CVE-2018-17961 [ghostscript: bypassing executeonly to escape -dSAFER sandbox] NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291 CVE-2018-17960 RESERVED CVE-2018-17959 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a508c16d24c44e1013ed249f838dea978533 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a508c16d24c44e1013ed249f838dea978533 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add moin to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2132ff95 by Salvatore Bonaccorso at 2018-10-11T18:48:11Z Add moin to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -51,6 +51,8 @@ mariadb-10.1/stable -- mercurial -- +moin (carnil) +-- mosquitto (seb) 2018-02-27: Roger Light provided a debdiff targetting stretch, needs review -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2132ff95aa75e7c37eec3efc4789435c8c2d3225 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2132ff95aa75e7c37eec3efc4789435c8c2d3225 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Four CVEs fixed additionally with the xen upload as 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dd381f68 by Salvatore Bonaccorso at 2018-10-11T13:53:02Z Four CVEs fixed additionally with the xen upload as 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6958,7 +6958,7 @@ CVE-2018- [libykneomgr memory corruption] NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/ CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in oxenstored ...) {DSA-4274-1} - - xen (unimportant) + - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (unimportant) NOTE: https://xenbits.xen.org/xsa/advisory-272.html CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...) {DSA-4313-1} @@ -6968,12 +6968,12 @@ CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1607 CVE-2018-15468 (An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR ...) {DSA-4274-1} - - xen + - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 [jessie] - xen (Only affects 4.6 and later) NOTE: https://xenbits.xen.org/xsa/advisory-269.html CVE-2018-15469 (An issue was discovered in Xen through 4.11.x. ARM never properly ...) {DSA-4274-1} - - xen + - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 NOTE: https://xenbits.xen.org/xsa/advisory-268.html CVE-2018-15309 RESERVED @@ -38911,7 +38911,7 @@ CVE-2018-3621 CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and ...) {DSA-4279-1 DSA-4274-1 DLA-1529-1 DLA-1481-1} - linux 4.17.15-1 - - xen + - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 - intel-microcode 3.20180703.1 NOTE: Updates were already shipped with 20180703 release, but only disclosed later, see #906158 NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd381f68f4f375b4c13ac5a15c7243241ef45512 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd381f68f4f375b4c13ac5a15c7243241ef45512 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b110200c by Moritz Muehlenhoff at 2018-10-11T08:26:14Z NFUs - - - - - a5e68bbf by Moritz Muehlenhoff at 2018-10-11T08:30:26Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2018-18241 RESERVED CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a command to ...) - TODO: check + NOT-FOR-US: Pippo CVE-2018-18239 RESERVED CVE-2018-18238 @@ -107,7 +107,7 @@ CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: FineCms CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...) - TODO: check + NOT-FOR-US: GoPro gpmf-parser CVE-2018-18189 RESERVED CVE-2018-18188 @@ -384,9 +384,9 @@ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write du CVE-2018-18063 RESERVED CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive ...) - TODO: check + NOT-FOR-US: tecrail Responsive FileManager CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive ...) - TODO: check + NOT-FOR-US: tecrail Responsive FileManager CVE-2018-18060 RESERVED CVE-2018-18059 @@ -737,7 +737,7 @@ CVE-2018-17927 CVE-2018-17926 RESERVED CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control ...) - TODO: check + NOT-FOR-US: Gigasoft CVE-2018-17924 RESERVED CVE-2018-17923 @@ -1056,7 +1056,7 @@ CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.c CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...) NOT-FOR-US: blynk-server in Blynk CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM ...) - TODO: check + NOT-FOR-US: SugarCRM CVE-2018-17783 RESERVED CVE-2018-17782 @@ -2012,7 +2012,7 @@ CVE-2018-17339 CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based ...) NOT-FOR-US: pdfalto CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is ...) - TODO: check + NOT-FOR-US: Intelbras NPLUG CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in ...) - udisks2 2.8.1-1 (bug #909607) [stretch] - udisks2 (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ec6e57e298da8b7e59421759a9fc678588671cd9...a5e68bbfc951e9c22e1f3fa1a1fd81fd3a585be7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ec6e57e298da8b7e59421759a9fc678588671cd9...a5e68bbfc951e9c22e1f3fa1a1fd81fd3a585be7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] tomcat8.0 removed from the archive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ec6e57e2 by Salvatore Bonaccorso at 2018-10-11T08:25:31Z tomcat8.0 removed from the archive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15893,7 +15893,7 @@ CVE-2018-11785 CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...) - tomcat9 (bug #802312) - tomcat8 8.5.34-1 - - tomcat8.0 (unimportant) + - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API @@ -25678,7 +25678,7 @@ CVE-2018-8034 (The host name verification when using TLS with the WebSocket clie {DSA-4281-1 DLA-1491-1 DLA-1453-1} - tomcat9 (bug #802312) - tomcat8 8.5.32-1 - - tomcat8.0 (unimportant) + - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API @@ -25749,7 +25749,7 @@ CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomc - tomcat8 8.5.32-1 (bug #898935) [stretch] - tomcat8 (Minor issue; user expected to configure filters appropriately) [jessie] - tomcat8 (Minor issue; user expected to configure filters appropriately) - - tomcat8.0 (unimportant) + - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 7.0.72-3 [wheezy] - tomcat7 (vulnerable code not present) @@ -45480,7 +45480,7 @@ CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with ...) {DSA-4281-1 DLA-1491-1} - tomcat9 (bug #802312) - tomcat8 8.5.31-1 - - tomcat8.0 (unimportant) + - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 7.0.72-3 [jessie] - tomcat7 7.0.56-3+really7.0.88-1 @@ -45583,7 +45583,7 @@ CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache {DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1} - tomcat9 (bug #802312) - tomcat8 8.5.28-1 - - tomcat8.0 (unimportant) + - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API @@ -45597,7 +45597,7 @@ CVE-2018-1304 (The URL pattern of (the empty string) which exactly {DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1} - tomcat9 (bug #802312) - tomcat8 8.5.28-1 - - tomcat8.0 (unimportant) + - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API @@ -53916,7 +53916,7 @@ CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache T - tomcat8 8.5.24-1 [stretch] - tomcat8 (Issue introduced later) [jessie] - tomcat8 (Issue introduced later) - - tomcat8.0 (unimportant) + - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 (Only affects 7.0.79 to 7.0.82, Upstream bugzilla entry bz#61201 not addressed) NOTE: https://svn.apache.org/r1814828 (7.0.x) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec6e57e298da8b7e59421759a9fc678588671cd9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec6e57e298da8b7e59421759a9fc678588671cd9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove information from CVE-2018-3736, REJECTED as duplicate of CVE-2018-3739
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58133bed by Salvatore Bonaccorso at 2018-10-11T08:18:12Z Remove information from CVE-2018-3736, REJECTED as duplicate of CVE-2018-3739 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38608,7 +38608,6 @@ CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public NOTE: nodejs not covered by security support CVE-2018-3736 REJECTED - NOT-FOR-US: https-proxy-agent nodejs module CVE-2018-3735 (bracket-template suffers from reflected XSS possible when variable ...) NOT-FOR-US: bracket-template nodejs module CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability due to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58133bede3816859a56ae91781d4370faa066921 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58133bede3816859a56ae91781d4370faa066921 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8425b60 by security tracker role at 2018-10-11T08:11:05Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2018-18241 + RESERVED +CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a command to ...) + TODO: check +CVE-2018-18239 + RESERVED +CVE-2018-18238 + RESERVED +CVE-2018-18237 + RESERVED +CVE-2018-18236 + RESERVED +CVE-2018-18235 + RESERVED +CVE-2018-18234 + RESERVED +CVE-2018-18233 + RESERVED +CVE-2018-18232 + RESERVED +CVE-2018-18231 + RESERVED +CVE-2018-18230 + RESERVED +CVE-2018-18229 + RESERVED +CVE-2018-18228 + RESERVED +CVE-2018-18227 + RESERVED +CVE-2018-18226 + RESERVED +CVE-2018-18225 + RESERVED +CVE-2018-18224 + RESERVED +CVE-2018-18223 + RESERVED CVE-2018-18222 RESERVED CVE-2018-18221 @@ -345,10 +383,10 @@ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write du NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341 CVE-2018-18063 RESERVED -CVE-2018-18062 - RESERVED -CVE-2018-18061 - RESERVED +CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive ...) + TODO: check +CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive ...) + TODO: check CVE-2018-18060 RESERVED CVE-2018-18059 @@ -1017,8 +1055,8 @@ CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.c NOT-FOR-US: D-Link DIR-823G devices CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...) NOT-FOR-US: blynk-server in Blynk -CVE-2018-17784 - RESERVED +CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM ...) + TODO: check CVE-2018-17783 RESERVED CVE-2018-17782 @@ -1973,8 +2011,8 @@ CVE-2018-17339 RESERVED CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based ...) NOT-FOR-US: pdfalto -CVE-2018-17337 - RESERVED +CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is ...) + TODO: check CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in ...) - udisks2 2.8.1-1 (bug #909607) [stretch] - udisks2 (Vulnerable code introduced later) @@ -3318,8 +3356,7 @@ CVE-2018-16760 RESERVED CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from ...) NOT-FOR-US: EasyCMS -CVE-2018-16758 - RESERVED +CVE-2018-16758 (Missing message authentication in the meta-protocol in Tinc VPN ...) {DSA-4312-1 DLA-1538-1} - tinc 1.0.35-1 NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f @@ -3385,16 +3422,14 @@ CVE-2018-16740 RESERVED CVE-2018-16739 RESERVED -CVE-2018-16738 - RESERVED +CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication protocol, ...) {DSA-4312-1} - tinc 1.0.35-1 [jessie] - tinc (Only affects 1.0.30 to 1.0.34) NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a NOTE: This CVE is specific for tinc versions which did had mitigations put NOTE: in place for the Sweet32 attack in tinc 1.0.30. -CVE-2018-16737 - RESERVED +CVE-2018-16737 (tinc before 1.0.30 has a broken authentication protocol, without even ...) {DLA-1538-1} - tinc 1.0.31-1 NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a @@ -10771,8 +10806,8 @@ CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 NOT-FOR-US: ABBYY FlexiCapture CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in ...) NOT-FOR-US: concrete5 -CVE-2018-13789 - RESERVED +CVE-2018-13789 (An issue was discovered in Descor Infocad FM before 3.1.0.0. An ...) + TODO: check CVE-2018-13788 RESERVED CVE-2018-1000623 (JFrog JFrog Artifactory version Prior to version 6.0.3, since version ...) @@ -13630,8 +13665,8 @@ CVE-2018-12598 RESERVED CVE-2018-12597 RESERVED -CVE-2018-12596 - RESERVED +CVE-2018-12596 (Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU ...) + TODO: check CVE-2018-12595 RESERVED CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to ...) @@ -13780,14 +13815,14 @@ CVE-2018-12546 RESERVED CVE-2018-12545 RESERVED -CVE-2018-12544 - RESERVED +CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI
[Git][security-tracker-team/security-tracker][master] new potential libgig issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f94a0ca by Moritz Muehlenhoff at 2018-10-11T07:09:38Z new potential libgig issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,9 +27,9 @@ CVE-2018-18210 (XSS exists in DiliCMS 2.4.0 via the ...) CVE-2018-18209 (XSS exists in DiliCMS 2.4.0 via the ...) NOT-FOR-US: DiliCMS CVE-2018-18208 (Virtualmin 6.03 allows XSS via the query string, as demonstrated by the ...) - TODO: check + NOT-FOR-US: Virtualmin CVE-2018-18207 (Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi ...) - TODO: check + NOT-FOR-US: Virtualmin CVE-2018-18206 (In the client in Bytom before 1.0.6, checkTopicRegister in ...) NOT-FOR-US: Bytom CVE-2018-18205 @@ -49,17 +49,23 @@ CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...) CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php in ...) NOT-FOR-US: REDAXO CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18195 (An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: FineCms CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f94a0cade261a57da27d7d4a4297b277849c30d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f94a0cade261a57da27d7d4a4297b277849c30d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mono issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c9ea263c by Moritz Muehlenhoff at 2018-10-11T07:07:08Z new mono issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24979,7 +24979,7 @@ CVE-2018-8294 (A remote code execution vulnerability exists in the way that the CVE-2018-8293 RESERVED CVE-2018-8292 (An information disclosure vulnerability exists in .NET Core when ...) - TODO: check + - mono CVE-2018-8291 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2018-8290 (A remote code execution vulnerability exists in the way that the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9ea263c42e01ae2319489774d93ebc2afd167c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9ea263c42e01ae2319489774d93ebc2afd167c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cb868194 by Moritz Muehlenhoff at 2018-10-11T06:17:40Z NFU qpdf no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -460,6 +460,7 @@ CVE-2012-6710 (ext_find_user in eXtplorer through 2.1.2 allows remote attackers - extplorer CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and ...) - qpdf + [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/243 CVE-2018-1000806 @@ -8396,6 +8397,7 @@ CVE-2018-14665 RESERVED CVE-2018-14664 RESERVED + - foreman (bug #663101) CVE-2018-14663 RESERVED CVE-2018-14662 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb868194f9353f3ee5e36d46d8bcb84c3bad5b49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb868194f9353f3ee5e36d46d8bcb84c3bad5b49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pyopenssl no-dsa, NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d8f082f by Moritz Muehlenhoff at 2018-10-11T06:00:29Z pyopenssl no-dsa, NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -361,7 +361,8 @@ CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Input ...) NOT-FOR-US: privacyIDEA CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 ...) - - pyopenssl 17.5.0-1 + - pyopenssl 17.5.0-1 (low) + [stretch] - pyopenssl (Minor issue) NOTE: https://github.com/pyca/pyopenssl/pull/723 NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...) @@ -50360,47 +50361,47 @@ CVE-2018-0065 CVE-2018-0064 RESERVED CVE-2018-0063 (A vulnerability in the IP next-hop index database in Junos OS 17.3R3 ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0062 (A Denial of Service vulnerability in J-Web service may allow a remote ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0061 (A denial of service vulnerability in the telnetd service on Junos OS ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0060 (An improper input validation weakness in the device control daemon ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0059 (A persistent cross-site scripting vulnerability in the graphical user ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0058 (Receipt of a specially crafted IPv6 exception packet may be able to ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0057 (On MX Series and M120/M320 platforms configured in a Broadband Edge ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0056 (If a duplicate MAC address is learned by two different interfaces on ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0055 (Receipt of a specially crafted DHCPv6 message destined to a Junos OS ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0054 (On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0053 (An authentication bypass vulnerability in the initial boot sequence of ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0052 (If RSH service is enabled on Junos OS and if the PAM authentication is ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0051 (A Denial of Service vulnerability in the SIP application layer gateway ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0050 (An error handling vulnerability in Routing Protocols Daemon (RPD) of ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0049 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0048 (A vulnerability in the Routing Protocols Daemon (RPD) with Juniper ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0047 (A persistent cross-site scripting vulnerability in the UI framework ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0046 (A reflected cross-site scripting vulnerability in OpenNMS included ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0045 (Receipt of a specific Draft-Rosen MVPN control packet may cause the ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0044 (An insecure SSHD configuration in Juniper Device Manager (JDM) and ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0043 (Receipt of a specific MPLS packet may cause the routing protocol ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0042 (Juniper Networks CSO versions prior to 4.0.0 may log passwords in log ...) NOT-FOR-US: Juniper Networks CSO CVE-2018-0041 (Juniper Networks Contrail Service Orchestration releases prior to ...) @@ -50906,7 +50907,7 @@ CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Version ...) NOT-FOR-US: Moxa CVE-2017-16714 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...) - TODO: check + NOT-FOR-US: Ice Qube Thermal Management Center CVE-2017-16713 RESERVED CVE-2017-16712 @@ -53556,7 +53557,7 @@ CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android f CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15844 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) - TODO: