[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2012-3144,glassfish: end-of-life for Jessie
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 9068a2de by Markus Koschany at 2018-10-11T21:29:19Z CVE-2012-3144,glassfish: end-of-life for Jessie This package has no real life impact. It is outdated and not used at runtime. - - - - - 1c0ba288 by Markus Koschany at 2018-10-11T21:49:05Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -210924,6 +210924,7 @@ CVE-2012-3156 (Unspecified vulnerability in the MySQL Server component in Oracle - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3155 (Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...) - glassfish (bug #692035) + [jessie] - glassfish [wheezy] - glassfish NOTE: Oracle doesn't provide any useful public information to fix the package without importing a new upstream version. CVE-2012-3154 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d...1c0ba28829e75f54ab0a01b9ab3b432bfed34031 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d...1c0ba28829e75f54ab0a01b9ab3b432bfed34031 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 377fbe0a by Salvatore Bonaccorso at 2018-10-11T21:18:54Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6064,7 +6064,7 @@ CVE-2018-15768 CVE-2018-15767 RESERVED CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint ...) - TODO: check + NOT-FOR-US: Dell CVE-2018-15765 RESERVED CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote ...) @@ -13845,7 +13845,7 @@ CVE-2018-12598 CVE-2018-12597 RESERVED CVE-2018-12596 (Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU ...) - TODO: check + NOT-FOR-US: Episerver Ektron CMS CVE-2018-12595 RESERVED CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to ...) @@ -14154,7 +14154,7 @@ CVE-2018-12476 CVE-2018-12475 RESERVED CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...) - TODO: check + NOT-FOR-US: obs-service-tar_scm of Open Build Service CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of ...) NOT-FOR-US: obs-service-tar_scm of Open Build Service CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux SMT ...) @@ -14207,9 +14207,9 @@ CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin ...) NOT-FOR-US: expressCart CVE-2018-12456 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token ...) - TODO: check + NOT-FOR-US: Intelbras NPLUG 1.0.0.14 wireless repeater devices CVE-2018-12455 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical ...) - TODO: check + NOT-FOR-US: Intelbras NPLUG 1.0.0.14 wireless repeater devices CVE-2018-12454 (The _addguess function of a simplelottery smart contract implementation ...) NOT-FOR-US: simplelottery CVE-2018-12453 (Type confusion in the xgroupCommand function in t_stream.c in ...) @@ -14223,7 +14223,7 @@ CVE-2018-12451 CVE-2018-12450 RESERVED CVE-2018-12449 (The Whale browser installer 0.4.3.0 and earlier versions allows DLL ...) - TODO: check + NOT-FOR-US: Whale browser installer CVE-2018-12448 (Whale Browser before 1.3.48.4 displays no URL information but only a ...) NOT-FOR-US: Whale Browser CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...) @@ -15149,7 +15149,7 @@ CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit 4. CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for Windows before ...) NOT-FOR-US: Intel OpenVINO Toolkit for Windows CVE-2018-12161 (Insufficient session validation in the webserver component of the ...) - TODO: check + NOT-FOR-US: Intel Rapid Web Server CVE-2018-12160 (DLL injection vulnerability in software installer for Intel Data ...) NOT-FOR-US: Intel CVE-2018-12159 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/377fbe0a19f8ff79fd51fb93a9ac881cc9ec465d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim all the magick
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
24044361 by Moritz Muehlenhoff at 2018-10-11T21:03:15Z
claim all the magick
drop no-dsa entries which will be fixed in forthcoming DSA
migrate a few wireshark CVE IDs which were tracked in CVE/list to DSA/list
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -5320,21 +5320,18 @@ CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate
SWG70 3.x devices allow ..
NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to
2.2.16, the ...)
- wireshark 2.6.3-1 (low)
- [stretch] - wireshark (Minor issue)
[jessie] - wireshark (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html
CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to
2.2.16, the ...)
- wireshark 2.6.3-1 (low)
- [stretch] - wireshark (Minor issue)
[jessie] - wireshark (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html
CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to
2.2.16, the ...)
- wireshark 2.6.3-1 (low)
- [stretch] - wireshark (Minor issue)
[jessie] - wireshark (vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485
@@ -9546,20 +9543,17 @@ CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0
to 2.4.7, the IEEE 802.11
CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-41.html
CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-40.html
CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP
protocol ...)
- wireshark 2.6.2-1
- [stretch] - wireshark (Vulnerable code not present)
[jessie] - wireshark (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
@@ -9688,7 +9682,6 @@ CVE-2018-14345 (An issue was discovered in SDDM through
0.17.0. If configured wi
NOTE:
https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98
CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
- wireshark 2.6.2-1
- [stretch] - wireshark (Minor issue)
[jessie] - wireshark (Vulnerable code not present,
introduced in v1.99.1rc0-224-g6720c80bab)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14672
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f7153685b39a164aea09ba7f96ebb648b8328ae
@@ -9702,14 +9695,12 @@ CVE-2018-14343 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to
2.4.7, and 2.2.0 to 2.2.15
CVE-2018-14342 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13741
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=36af43dbb7673495948cd65d0346e8b9812b941c
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-34.html
CVE-2018-14341 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark (Minor issue)
NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1ef1900 by security tracker role at 2018-10-11T20:11:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,191 @@
+CVE-2019-0085
+ RESERVED
+CVE-2019-0084
+ RESERVED
+CVE-2019-0083
+ RESERVED
+CVE-2019-0082
+ RESERVED
+CVE-2019-0081
+ RESERVED
+CVE-2019-0080
+ RESERVED
+CVE-2019-0079
+ RESERVED
+CVE-2019-0078
+ RESERVED
+CVE-2019-0077
+ RESERVED
+CVE-2019-0076
+ RESERVED
+CVE-2019-0075
+ RESERVED
+CVE-2019-0074
+ RESERVED
+CVE-2019-0073
+ RESERVED
+CVE-2019-0072
+ RESERVED
+CVE-2019-0071
+ RESERVED
+CVE-2019-0070
+ RESERVED
+CVE-2019-0069
+ RESERVED
+CVE-2019-0068
+ RESERVED
+CVE-2019-0067
+ RESERVED
+CVE-2019-0066
+ RESERVED
+CVE-2019-0065
+ RESERVED
+CVE-2019-0064
+ RESERVED
+CVE-2019-0063
+ RESERVED
+CVE-2019-0062
+ RESERVED
+CVE-2019-0061
+ RESERVED
+CVE-2019-0060
+ RESERVED
+CVE-2019-0059
+ RESERVED
+CVE-2019-0058
+ RESERVED
+CVE-2019-0057
+ RESERVED
+CVE-2019-0056
+ RESERVED
+CVE-2019-0055
+ RESERVED
+CVE-2019-0054
+ RESERVED
+CVE-2019-0053
+ RESERVED
+CVE-2019-0052
+ RESERVED
+CVE-2019-0051
+ RESERVED
+CVE-2019-0050
+ RESERVED
+CVE-2019-0049
+ RESERVED
+CVE-2019-0048
+ RESERVED
+CVE-2019-0047
+ RESERVED
+CVE-2019-0046
+ RESERVED
+CVE-2019-0045
+ RESERVED
+CVE-2019-0044
+ RESERVED
+CVE-2019-0043
+ RESERVED
+CVE-2019-0042
+ RESERVED
+CVE-2019-0041
+ RESERVED
+CVE-2019-0040
+ RESERVED
+CVE-2019-0039
+ RESERVED
+CVE-2019-0038
+ RESERVED
+CVE-2019-0037
+ RESERVED
+CVE-2019-0036
+ RESERVED
+CVE-2019-0035
+ RESERVED
+CVE-2019-0034
+ RESERVED
+CVE-2019-0033
+ RESERVED
+CVE-2019-0032
+ RESERVED
+CVE-2019-0031
+ RESERVED
+CVE-2019-0030
+ RESERVED
+CVE-2019-0029
+ RESERVED
+CVE-2019-0028
+ RESERVED
+CVE-2019-0027
+ RESERVED
+CVE-2019-0026
+ RESERVED
+CVE-2019-0025
+ RESERVED
+CVE-2019-0024
+ RESERVED
+CVE-2019-0023
+ RESERVED
+CVE-2019-0022
+ RESERVED
+CVE-2019-0021
+ RESERVED
+CVE-2019-0020
+ RESERVED
+CVE-2019-0019
+ RESERVED
+CVE-2019-0018
+ RESERVED
+CVE-2019-0017
+ RESERVED
+CVE-2019-0016
+ RESERVED
+CVE-2019-0015
+ RESERVED
+CVE-2019-0014
+ RESERVED
+CVE-2019-0013
+ RESERVED
+CVE-2019-0012
+ RESERVED
+CVE-2019-0011
+ RESERVED
+CVE-2019-0010
+ RESERVED
+CVE-2019-0009
+ RESERVED
+CVE-2019-0008
+ RESERVED
+CVE-2019-0007
+ RESERVED
+CVE-2019-0006
+ RESERVED
+CVE-2019-0005
+ RESERVED
+CVE-2019-0004
+ RESERVED
+CVE-2019-0003
+ RESERVED
+CVE-2019-0002
+ RESERVED
+CVE-2019-0001
+ RESERVED
+CVE-2018-18250
+ RESERVED
+CVE-2018-18249
+ RESERVED
+CVE-2018-18248
+ RESERVED
+CVE-2018-18247
+ RESERVED
+CVE-2018-18246
+ RESERVED
+CVE-2018-18245
+ RESERVED
+CVE-2018-18244
+ RESERVED
+CVE-2018-18243
+ RESERVED
+CVE-2018-18242 (youke365 v1.1.5 has SQL injection via admin/login.html, as
demonstrated ...)
+ TODO: check
CVE-2018-18241
RESERVED
CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a
command to ...)
@@ -50,8 +238,8 @@ CVE-2018-18217
RESERVED
CVE-2018-18216
RESERVED
-CVE-2018-18215
- RESERVED
+CVE-2018-18215 (In youke365 v1.1.5, admin/user.html has a CSRF vulnerability
that can ...)
+ TODO: check
CVE-2018-18214
RESERVED
CVE-2018-18213
@@ -374,7 +562,7 @@ CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in
Net-SNMP before 5.8 ha
NOTE: issue, but might still not be just a duplicate but an independent
issue fixed with
NOTE: same commit.
CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before
5.8 has ...)
- {DLA-1540-1}
+ {DSA-4314-1 DLA-1540-1}
- net-snmp (bug #910638)
NOTE: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
NOTE:
https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
@@ -5878,8 +6066,8 @@ CVE-2018-15768
RESERVED
CVE-2018-15767
RESERVED
-CVE-2018-15766
- RESERVED
+CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell
Endpoint ...)
+ TODO: check
CVE-2018-15765
RESERVED
CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a
remote ...)
@@ -14044,8 +14232,8 @@ CVE-2018-12451
RESERVED
CVE-2018-12450
RESERVED
-CVE-2018-12449
- RESERVED
+CVE-2018-12449 (The Whale browser installer 0.4.3.0 and earlier versions
allows DLL ...)
+ TODO:
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for net-snmp update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed188f5a by Salvatore Bonaccorso at 2018-10-11T19:28:02Z
Reserve DSA number for net-snmp update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[11 Oct 2018] DSA-4314-1 net-snmp - security update
+ {CVE-2018-18065}
+ [stretch] - net-snmp 5.7.3+dfsg-1.7+deb9u1
[08 Oct 2018] DSA-4313-1 linux - security update
{CVE-2018-15471 CVE-2018-18021}
[stretch] - linux 4.9.110-3+deb9u6
=
data/dsa-needed.txt
=
@@ -59,8 +59,6 @@ mosquitto (seb)
mupdf
leaf package, might be a candidate for simply moving to 1.13 in stretch
--
-net-snmp (carnil)
---
openjpeg2 (luciano)
--
otrs2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed188f5a69b22c586a1f99d0bcedc2eecf7afb53
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed188f5a69b22c586a1f99d0bcedc2eecf7afb53
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add one more additional commit needed for CVE-2018-17961
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a508c16d by Salvatore Bonaccorso at 2018-10-11T19:12:22Z Add one more additional commit needed for CVE-2018-17961 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -660,6 +660,7 @@ CVE-2018-17961 [ghostscript: bypassing executeonly to escape -dSAFER sandbox] NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9 + NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291 CVE-2018-17960 RESERVED CVE-2018-17959 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a508c16d24c44e1013ed249f838dea978533 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a508c16d24c44e1013ed249f838dea978533 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add moin to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2132ff95 by Salvatore Bonaccorso at 2018-10-11T18:48:11Z Add moin to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -51,6 +51,8 @@ mariadb-10.1/stable -- mercurial -- +moin (carnil) +-- mosquitto (seb) 2018-02-27: Roger Light provided a debdiff targetting stretch, needs review -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2132ff95aa75e7c37eec3efc4789435c8c2d3225 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2132ff95aa75e7c37eec3efc4789435c8c2d3225 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Four CVEs fixed additionally with the xen upload as 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd381f68 by Salvatore Bonaccorso at 2018-10-11T13:53:02Z
Four CVEs fixed additionally with the xen upload as
4.11.1~pre.20180911.5acdd26fdc+dfsg-2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -6958,7 +6958,7 @@ CVE-2018- [libykneomgr memory corruption]
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/
CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in
oxenstored ...)
{DSA-4274-1}
- - xen (unimportant)
+ - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-272.html
CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...)
{DSA-4313-1}
@@ -6968,12 +6968,12 @@ CVE-2018-15471 (An issue was discovered in
xenvif_set_hash_mapping in ...)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1607
CVE-2018-15468 (An issue was discovered in Xen through 4.11.x. The DEBUGCTL
MSR ...)
{DSA-4274-1}
- - xen
+ - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
[jessie] - xen (Only affects 4.6 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-269.html
CVE-2018-15469 (An issue was discovered in Xen through 4.11.x. ARM never
properly ...)
{DSA-4274-1}
- - xen
+ - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
NOTE: https://xenbits.xen.org/xsa/advisory-268.html
CVE-2018-15309
RESERVED
@@ -38911,7 +38911,7 @@ CVE-2018-3621
CVE-2018-3620 (Systems with microprocessors utilizing speculative execution
and ...)
{DSA-4279-1 DSA-4274-1 DLA-1529-1 DLA-1481-1}
- linux 4.17.15-1
- - xen
+ - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
- intel-microcode 3.20180703.1
NOTE: Updates were already shipped with 20180703 release, but only
disclosed later, see #906158
NOTE:
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd381f68f4f375b4c13ac5a15c7243241ef45512
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd381f68f4f375b4c13ac5a15c7243241ef45512
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b110200c by Moritz Muehlenhoff at 2018-10-11T08:26:14Z NFUs - - - - - a5e68bbf by Moritz Muehlenhoff at 2018-10-11T08:30:26Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2018-18241 RESERVED CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a command to ...) - TODO: check + NOT-FOR-US: Pippo CVE-2018-18239 RESERVED CVE-2018-18238 @@ -107,7 +107,7 @@ CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: FineCms CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...) - TODO: check + NOT-FOR-US: GoPro gpmf-parser CVE-2018-18189 RESERVED CVE-2018-18188 @@ -384,9 +384,9 @@ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write du CVE-2018-18063 RESERVED CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive ...) - TODO: check + NOT-FOR-US: tecrail Responsive FileManager CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive ...) - TODO: check + NOT-FOR-US: tecrail Responsive FileManager CVE-2018-18060 RESERVED CVE-2018-18059 @@ -737,7 +737,7 @@ CVE-2018-17927 CVE-2018-17926 RESERVED CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control ...) - TODO: check + NOT-FOR-US: Gigasoft CVE-2018-17924 RESERVED CVE-2018-17923 @@ -1056,7 +1056,7 @@ CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.c CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...) NOT-FOR-US: blynk-server in Blynk CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM ...) - TODO: check + NOT-FOR-US: SugarCRM CVE-2018-17783 RESERVED CVE-2018-17782 @@ -2012,7 +2012,7 @@ CVE-2018-17339 CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based ...) NOT-FOR-US: pdfalto CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is ...) - TODO: check + NOT-FOR-US: Intelbras NPLUG CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in ...) - udisks2 2.8.1-1 (bug #909607) [stretch] - udisks2 (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ec6e57e298da8b7e59421759a9fc678588671cd9...a5e68bbfc951e9c22e1f3fa1a1fd81fd3a585be7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ec6e57e298da8b7e59421759a9fc678588671cd9...a5e68bbfc951e9c22e1f3fa1a1fd81fd3a585be7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] tomcat8.0 removed from the archive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec6e57e2 by Salvatore Bonaccorso at 2018-10-11T08:25:31Z
tomcat8.0 removed from the archive
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -15893,7 +15893,7 @@ CVE-2018-11785
CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to
9.0.11, ...)
- tomcat9 (bug #802312)
- tomcat8 8.5.34-1
- - tomcat8.0 (unimportant)
+ - tomcat8.0 (unimportant)
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7 7.0.72-3
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
@@ -25678,7 +25678,7 @@ CVE-2018-8034 (The host name verification when using
TLS with the WebSocket clie
{DSA-4281-1 DLA-1491-1 DLA-1453-1}
- tomcat9 (bug #802312)
- tomcat8 8.5.32-1
- - tomcat8.0 (unimportant)
+ - tomcat8.0 (unimportant)
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7 7.0.72-3
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
@@ -25749,7 +25749,7 @@ CVE-2018-8014 (The defaults settings for the CORS
filter provided in Apache Tomc
- tomcat8 8.5.32-1 (bug #898935)
[stretch] - tomcat8 (Minor issue; user expected to configure
filters appropriately)
[jessie] - tomcat8 (Minor issue; user expected to configure
filters appropriately)
- - tomcat8.0 (unimportant)
+ - tomcat8.0 (unimportant)
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7 7.0.72-3
[wheezy] - tomcat7 (vulnerable code not present)
@@ -45480,7 +45480,7 @@ CVE-2018-1336 (An improper handing of overflow in the
UTF-8 decoder with ...)
{DSA-4281-1 DLA-1491-1}
- tomcat9 (bug #802312)
- tomcat8 8.5.31-1
- - tomcat8.0 (unimportant)
+ - tomcat8.0 (unimportant)
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7 7.0.72-3
[jessie] - tomcat7 7.0.56-3+really7.0.88-1
@@ -45583,7 +45583,7 @@ CVE-2018-1305 (Security constraints defined by
annotations of Servlets in Apache
{DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
- tomcat9 (bug #802312)
- tomcat8 8.5.28-1
- - tomcat8.0 (unimportant)
+ - tomcat8.0 (unimportant)
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7 7.0.72-3
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
@@ -45597,7 +45597,7 @@ CVE-2018-1304 (The URL pattern of (the
empty string) which exactly
{DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
- tomcat9 (bug #802312)
- tomcat8 8.5.28-1
- - tomcat8.0 (unimportant)
+ - tomcat8.0 (unimportant)
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7 7.0.72-3
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
@@ -53916,7 +53916,7 @@ CVE-2017-15706 (As part of the fix for bug 61201, the
documentation for Apache T
- tomcat8 8.5.24-1
[stretch] - tomcat8 (Issue introduced later)
[jessie] - tomcat8 (Issue introduced later)
- - tomcat8.0 (unimportant)
+ - tomcat8.0 (unimportant)
NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
- tomcat7 (Only affects 7.0.79 to 7.0.82, Upstream
bugzilla entry bz#61201 not addressed)
NOTE: https://svn.apache.org/r1814828 (7.0.x)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec6e57e298da8b7e59421759a9fc678588671cd9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec6e57e298da8b7e59421759a9fc678588671cd9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove information from CVE-2018-3736, REJECTED as duplicate of CVE-2018-3739
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58133bed by Salvatore Bonaccorso at 2018-10-11T08:18:12Z Remove information from CVE-2018-3736, REJECTED as duplicate of CVE-2018-3739 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38608,7 +38608,6 @@ CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public NOTE: nodejs not covered by security support CVE-2018-3736 REJECTED - NOT-FOR-US: https-proxy-agent nodejs module CVE-2018-3735 (bracket-template suffers from reflected XSS possible when variable ...) NOT-FOR-US: bracket-template nodejs module CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability due to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58133bede3816859a56ae91781d4370faa066921 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58133bede3816859a56ae91781d4370faa066921 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c8425b60 by security tracker role at 2018-10-11T08:11:05Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2018-18241
+ RESERVED
+CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a
command to ...)
+ TODO: check
+CVE-2018-18239
+ RESERVED
+CVE-2018-18238
+ RESERVED
+CVE-2018-18237
+ RESERVED
+CVE-2018-18236
+ RESERVED
+CVE-2018-18235
+ RESERVED
+CVE-2018-18234
+ RESERVED
+CVE-2018-18233
+ RESERVED
+CVE-2018-18232
+ RESERVED
+CVE-2018-18231
+ RESERVED
+CVE-2018-18230
+ RESERVED
+CVE-2018-18229
+ RESERVED
+CVE-2018-18228
+ RESERVED
+CVE-2018-18227
+ RESERVED
+CVE-2018-18226
+ RESERVED
+CVE-2018-18225
+ RESERVED
+CVE-2018-18224
+ RESERVED
+CVE-2018-18223
+ RESERVED
CVE-2018-18222
RESERVED
CVE-2018-18221
@@ -345,10 +383,10 @@ CVE-2018-18064 (cairo through 1.15.14 has an
out-of-bounds stack-memory write du
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
CVE-2018-18063
RESERVED
-CVE-2018-18062
- RESERVED
-CVE-2018-18061
- RESERVED
+CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive
...)
+ TODO: check
+CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive
...)
+ TODO: check
CVE-2018-18060
RESERVED
CVE-2018-18059
@@ -1017,8 +1055,8 @@ CVE-2018-17786 (On D-Link DIR-823G devices,
ExportSettings.sh, upload_settings.c
NOT-FOR-US: D-Link DIR-823G devices
CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal
exists via ...)
NOT-FOR-US: blynk-server in Blynk
-CVE-2018-17784
- RESERVED
+CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in
SugarCRM ...)
+ TODO: check
CVE-2018-17783
RESERVED
CVE-2018-17782
@@ -1973,8 +2011,8 @@ CVE-2018-17339
RESERVED
CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a
heap-based ...)
NOT-FOR-US: pdfalto
-CVE-2018-17337
- RESERVED
+CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID
that is ...)
+ TODO: check
CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log
in ...)
- udisks2 2.8.1-1 (bug #909607)
[stretch] - udisks2 (Vulnerable code introduced later)
@@ -3318,8 +3356,7 @@ CVE-2018-16760
RESERVED
CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from
...)
NOT-FOR-US: EasyCMS
-CVE-2018-16758
- RESERVED
+CVE-2018-16758 (Missing message authentication in the meta-protocol in Tinc
VPN ...)
{DSA-4312-1 DLA-1538-1}
- tinc 1.0.35-1
NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
@@ -3385,16 +3422,14 @@ CVE-2018-16740
RESERVED
CVE-2018-16739
RESERVED
-CVE-2018-16738
- RESERVED
+CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication
protocol, ...)
{DSA-4312-1}
- tinc 1.0.35-1
[jessie] - tinc (Only affects 1.0.30 to 1.0.34)
NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
NOTE: This CVE is specific for tinc versions which did had mitigations
put
NOTE: in place for the Sweet32 attack in tinc 1.0.30.
-CVE-2018-16737
- RESERVED
+CVE-2018-16737 (tinc before 1.0.30 has a broken authentication protocol,
without even ...)
{DLA-1538-1}
- tinc 1.0.31-1
NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
@@ -10771,8 +10806,8 @@ CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture
before 12 Release 1 Update 7
NOT-FOR-US: ABBYY FlexiCapture
CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in ...)
NOT-FOR-US: concrete5
-CVE-2018-13789
- RESERVED
+CVE-2018-13789 (An issue was discovered in Descor Infocad FM before 3.1.0.0.
An ...)
+ TODO: check
CVE-2018-13788
RESERVED
CVE-2018-1000623 (JFrog JFrog Artifactory version Prior to version 6.0.3,
since version ...)
@@ -13630,8 +13665,8 @@ CVE-2018-12598
RESERVED
CVE-2018-12597
RESERVED
-CVE-2018-12596
- RESERVED
+CVE-2018-12596 (Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3
Site CU ...)
+ TODO: check
CVE-2018-12595
RESERVED
CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote
attackers to ...)
@@ -13780,14 +13815,14 @@ CVE-2018-12546
RESERVED
CVE-2018-12545
RESERVED
-CVE-2018-12544
- RESERVED
+CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the
OpenAPI
[Git][security-tracker-team/security-tracker][master] new potential libgig issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f94a0ca by Moritz Muehlenhoff at 2018-10-11T07:09:38Z new potential libgig issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,9 +27,9 @@ CVE-2018-18210 (XSS exists in DiliCMS 2.4.0 via the ...) CVE-2018-18209 (XSS exists in DiliCMS 2.4.0 via the ...) NOT-FOR-US: DiliCMS CVE-2018-18208 (Virtualmin 6.03 allows XSS via the query string, as demonstrated by the ...) - TODO: check + NOT-FOR-US: Virtualmin CVE-2018-18207 (Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi ...) - TODO: check + NOT-FOR-US: Virtualmin CVE-2018-18206 (In the client in Bytom before 1.0.6, checkTopicRegister in ...) NOT-FOR-US: Bytom CVE-2018-18205 @@ -49,17 +49,23 @@ CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...) CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php in ...) NOT-FOR-US: REDAXO CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18195 (An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer ...) - TODO: check + - libgig + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: FineCms CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f94a0cade261a57da27d7d4a4297b277849c30d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f94a0cade261a57da27d7d4a4297b277849c30d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mono issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c9ea263c by Moritz Muehlenhoff at 2018-10-11T07:07:08Z new mono issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24979,7 +24979,7 @@ CVE-2018-8294 (A remote code execution vulnerability exists in the way that the CVE-2018-8293 RESERVED CVE-2018-8292 (An information disclosure vulnerability exists in .NET Core when ...) - TODO: check + - mono CVE-2018-8291 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2018-8290 (A remote code execution vulnerability exists in the way that the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9ea263c42e01ae2319489774d93ebc2afd167c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9ea263c42e01ae2319489774d93ebc2afd167c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cb868194 by Moritz Muehlenhoff at 2018-10-11T06:17:40Z NFU qpdf no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -460,6 +460,7 @@ CVE-2012-6710 (ext_find_user in eXtplorer through 2.1.2 allows remote attackers - extplorer CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and ...) - qpdf + [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/243 CVE-2018-1000806 @@ -8396,6 +8397,7 @@ CVE-2018-14665 RESERVED CVE-2018-14664 RESERVED + - foreman (bug #663101) CVE-2018-14663 RESERVED CVE-2018-14662 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb868194f9353f3ee5e36d46d8bcb84c3bad5b49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb868194f9353f3ee5e36d46d8bcb84c3bad5b49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pyopenssl no-dsa, NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d8f082f by Moritz Muehlenhoff at 2018-10-11T06:00:29Z pyopenssl no-dsa, NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -361,7 +361,8 @@ CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Input ...) NOT-FOR-US: privacyIDEA CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 ...) - - pyopenssl 17.5.0-1 + - pyopenssl 17.5.0-1 (low) + [stretch] - pyopenssl (Minor issue) NOTE: https://github.com/pyca/pyopenssl/pull/723 NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...) @@ -50360,47 +50361,47 @@ CVE-2018-0065 CVE-2018-0064 RESERVED CVE-2018-0063 (A vulnerability in the IP next-hop index database in Junos OS 17.3R3 ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0062 (A Denial of Service vulnerability in J-Web service may allow a remote ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0061 (A denial of service vulnerability in the telnetd service on Junos OS ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0060 (An improper input validation weakness in the device control daemon ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0059 (A persistent cross-site scripting vulnerability in the graphical user ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0058 (Receipt of a specially crafted IPv6 exception packet may be able to ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0057 (On MX Series and M120/M320 platforms configured in a Broadband Edge ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0056 (If a duplicate MAC address is learned by two different interfaces on ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0055 (Receipt of a specially crafted DHCPv6 message destined to a Junos OS ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0054 (On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0053 (An authentication bypass vulnerability in the initial boot sequence of ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0052 (If RSH service is enabled on Junos OS and if the PAM authentication is ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0051 (A Denial of Service vulnerability in the SIP application layer gateway ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0050 (An error handling vulnerability in Routing Protocols Daemon (RPD) of ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0049 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0048 (A vulnerability in the Routing Protocols Daemon (RPD) with Juniper ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0047 (A persistent cross-site scripting vulnerability in the UI framework ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0046 (A reflected cross-site scripting vulnerability in OpenNMS included ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0045 (Receipt of a specific Draft-Rosen MVPN control packet may cause the ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0044 (An insecure SSHD configuration in Juniper Device Manager (JDM) and ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0043 (Receipt of a specific MPLS packet may cause the routing protocol ...) - TODO: check + NOT-FOR-US: Juniper CVE-2018-0042 (Juniper Networks CSO versions prior to 4.0.0 may log passwords in log ...) NOT-FOR-US: Juniper Networks CSO CVE-2018-0041 (Juniper Networks Contrail Service Orchestration releases prior to ...) @@ -50906,7 +50907,7 @@ CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Version ...) NOT-FOR-US: Moxa CVE-2017-16714 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...) - TODO: check + NOT-FOR-US: Ice Qube Thermal Management Center CVE-2017-16713 RESERVED CVE-2017-16712 @@ -53556,7 +53557,7 @@ CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android f CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15844 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...) - TODO:
