[Git][security-tracker-team/security-tracker][master] Add fixed version for virtualbox issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a97ef998 by Salvatore Bonaccorso at 2018-11-11T07:45:05Z Add fixed version for virtualbox issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -222,11 +222,11 @@ CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted I CVE-2018-19056 (pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" ...) NOT-FOR-US: pandao Editor.md CVE-2018- [VirtualBox E1000 Guest-to-Host Escape] - - virtualbox (bug #913137) + - virtualbox 5.2.22-dfsg-1 (bug #913137) [jessie] - virtualbox (DSA-3699-1) NOTE: https://github.com/MorteNoir1/virtualbox_e1000_0day NOTE: Changes between 5.2.20 and 5.2.22: https://paste.debian.net/plain/1051089 - TODO: confirm on if issue fixed completely with the changes in 5.2.22 + NOTE: https://github.com/MorteNoir1/virtualbox_e1000_0day/issues/12 CVE-2018-19055 RESERVED CVE-2018-19054 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a97ef998be12331a5d8061c533cf2cf3522d7fc4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a97ef998be12331a5d8061c533cf2cf3522d7fc4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage xml-security-c for jessie.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 0efd599b by Chris Lamb at 2018-11-11T07:35:16Z data/dla-needed.txt: Triage xml-security-c for jessie. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -97,3 +97,5 @@ tiff (Brian May) -- xen -- +xml-security-c +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0efd599b14b9670ecf9b3165967938f8ab5dd3b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0efd599b14b9670ecf9b3165967938f8ab5dd3b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 859a0d48 by Moritz Muehlenhoff at 2018-11-10T22:01:47Z thunderbird DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[10 Nov 2018] DSA-4337-1 thunderbird - security update + {CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393} + [stretch] - thunderbird 1:60.3.0-1~deb9u1 [10 Nov 2018] DSA-4336-1 ghostscript - security update {CVE-2018-11645 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284} [stretch] - ghostscript 9.25~dfsg-0+deb9u1 = data/dsa-needed.txt = @@ -56,8 +56,6 @@ sssd -- symfony -- -thunderbird (jmm) --- tiff -- xml-security-c View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/859a0d48e2dcd0b7e056d2ac415c9ee8541f7da2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/859a0d48e2dcd0b7e056d2ac415c9ee8541f7da2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1573-1 for firmware-nonfree
Ben Hutchings pushed to branch master at Debian Security Tracker / security-tracker Commits: 03777357 by Ben Hutchings at 2018-11-10T21:24:55Z Reserve DLA-1573-1 for firmware-nonfree - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[10 Nov 2018] DLA-1573-1 firmware-nonfree - security update + {CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081} + [jessie] - firmware-nonfree 20161130-4~deb8u1 [08 Nov 2018] DLA-1572-1 nginx - security update {CVE-2018-16845} [jessie] - nginx 1.6.2-5+deb8u6 = data/dla-needed.txt = @@ -18,9 +18,6 @@ cairo enigmail (Antoine Beaupre) NOTE: 20180926: see 871s9fps8e@curie.anarc.at before working on this (anarcat) -- -firmware-nonfree (Ben Hutchings) - NOTE: Waiting for approval of Stretch update. --- icecast2 (Abhijith PA) NOTE: 20181106: please upload https://git.fosscommunity.in/bhe/patches/raw/master/icecast2_deb8u2.debdiff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/037773579c6b772c89b59d82caf076dcf94cf49b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/037773579c6b772c89b59d82caf076dcf94cf49b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-18751/gettext
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f080a4c by Salvatore Bonaccorso at 2018-11-10T20:32:26Z Add fixed version for CVE-2018-18751/gettext - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -900,7 +900,7 @@ CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands via CVE-2018-18752 (Webiness Inventory 2.3 suffers from an Arbitrary File upload ...) NOT-FOR-US: Webiness Inventory CVE-2018-18751 (An issue was discovered in GNU gettext 0.19.8. There is a double free ...) - - gettext (unimportant; bug #913173) + - gettext 0.19.8.1-9 (unimportant; bug #913173) NOTE: https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commitdiff;h=dce3a16e5e9368245735e29bf498dcd5e3e474a4 NOTE: Negligible security impact CVE-2018-18750 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f080a4cc722a04cbb302f4171ae3d843fb91391 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f080a4cc722a04cbb302f4171ae3d843fb91391 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-19149/poppler
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a5bdbe0 by Salvatore Bonaccorso at 2018-11-10T20:28:05Z Add CVE-2018-19149/poppler - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,8 @@ CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in ...) NOT-FOR-US: pdfforge PDF Architect CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...) - TODO: check + - poppler (unimportant) + NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/664 CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid ...) - caddy (bug #810890) CVE-2018-19147 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a5bdbe06a148c008a2ed076624ac7f1514c2189 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a5bdbe06a148c008a2ed076624ac7f1514c2189 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-19148/caddy, itp'ed, #810890
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01581002 by Salvatore Bonaccorso at 2018-11-10T20:17:13Z Add CVE-2018-19148/caddy, itp'ed, #810890 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...) TODO: check CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid ...) - TODO: check + - caddy (bug #810890) CVE-2018-19147 RESERVED CVE-2018-19146 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/015810020c3459165872789a0ac0abed1b33f01e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/015810020c3459165872789a0ac0abed1b33f01e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f509912 by Salvatore Bonaccorso at 2018-11-10T20:16:21Z Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in ...) - TODO: check + NOT-FOR-US: pdfforge PDF Architect CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...) TODO: check CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f509912f5d64771cd7d3bf9b5b919a6990b5766 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f509912f5d64771cd7d3bf9b5b919a6990b5766 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2d894a65 by security tracker role at 2018-11-10T20:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in ...) + TODO: check +CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...) + TODO: check +CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid ...) + TODO: check CVE-2018-19147 RESERVED CVE-2018-19146 @@ -2037,7 +2043,7 @@ CVE-2018-18286 CVE-2018-18285 RESERVED CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...) - {DLA-1552-1} + {DSA-4336-1 DLA-1552-1} - ghostscript 9.25~dfsg-3 (bug #911175) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696 @@ -2663,7 +2669,7 @@ CVE-2018-18074 (The Requests package before 2.20.0 for Python sends an HTTP ...) NOTE: https://github.com/requests/requests/pull/4718 NOTE: https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protection ...) - {DLA-1552-1} + {DSA-4336-1 DLA-1552-1} - ghostscript 9.25~dfsg-3 (bug #910758) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927 @@ -2982,7 +2988,7 @@ CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c be NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b1d80d12c5f7ff081bb80ab4f4241d4248691192 CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...) - {DLA-1552-1} + {DSA-4336-1 DLA-1552-1} - ghostscript 9.25~dfsg-3 (bug #910678) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682 NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4 @@ -18957,7 +18963,7 @@ CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...) NOTE: Not covered by security support NOTE: https://webkitgtk.org/security/WSA-2018-0005.html CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status ...) - {DLA-1504-1} + {DSA-4336-1 DLA-1504-1} - ghostscript 9.21~dfsg-1 (low) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1) @@ -51928,7 +51934,7 @@ CVE-2018-0362 (A vulnerability in BIOS authentication management of Cisco 5000 S CVE-2018-0361 (ClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...) {DLA-1461-1} - clamav 0.100.1+dfsg-1 -[stretch] - clamav 0.100.1+dfsg-0+deb9u1 + [stretch] - clamav 0.100.1+dfsg-0+deb9u1 NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html CVE-2018-0360 (ClamAV before 0.100.1 has an HWP integer overflow with a resultant ...) {DLA-1461-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d894a655bd3b43e50e429099c0deaa4ca57f66b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d894a655bd3b43e50e429099c0deaa4ca57f66b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] takeover coordinated with Roberto, same version in jessie and wheezy
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b0e536c by Thorsten Alteholz at 2018-11-10T19:00:07Z takeover coordinated with Roberto, same version in jessie and wheezy - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -69,7 +69,7 @@ openjpeg2 (Hugo Lefeuvre) NOTE: to approve CVE-2017-17480 before upload. NOTE: had in depth investigations for CVE-2018-5727, see upstream bug report -- -openssl (Roberto C. Sánchez) +openssl (Thorsten Alteholz) -- pdns (Abhijith PA) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b0e536cdf279862a96693e708cbfbb838a8f56d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b0e536cdf279862a96693e708cbfbb838a8f56d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update notes
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 2c76e37a by Thorsten Alteholz at 2018-11-10T18:57:29Z update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,6 +29,7 @@ icu (Roberto C. Sánchez) imagemagick (Thorsten Alteholz) NOTE: 20181023: add additional Ubuntu patch to disable ghostscript handled formats NOTE: 20181023: wait with upload until this is done in unstable -> #907336 + NOTE: 20181110: bug still open so upload without ubuntu patch -- jasper (apo) NOTE: 20181104: consider fixing no-dsa issues too because the package is used @@ -59,6 +60,7 @@ mysql-connector-java nsis (Thorsten Alteholz) NOTE: 20181007: Windows installer, but issue was reported by gpg4win so NOTE: 20181007: likely affects UNIX systems. (Chris Lamb) + NOTE: 20181110: waiting for email answer -- openjdk-7 -- @@ -85,6 +87,7 @@ squid3 (Abhijith PA) NOTE:20181101: to mention in DLA, and others very intrusive to backport. Substantial change from 3.4 -> 3.5. -- symfony (Thorsten Alteholz) + NOTE: 20181110: patches ready, struggling with test suite, waiting for email -- systemd NOTE: 20181101: I recommend to fix all open issues including the postponed View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c76e37ab4f58708d04706438e7c2343869015ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c76e37ab4f58708d04706438e7c2343869015ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for ghostscript update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 435394dd by Salvatore Bonaccorso at 2018-11-10T15:33:57Z Reserve DSA number for ghostscript update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[10 Nov 2018] DSA-4336-1 ghostscript - security update + {CVE-2018-11645 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284} + [stretch] - ghostscript 9.25~dfsg-0+deb9u1 [08 Nov 2018] DSA-4335-1 nginx - security update {CVE-2018-16843 CVE-2018-16844 CVE-2018-16845} [stretch] - nginx 1.10.3-1+deb9u2 = data/dsa-needed.txt = @@ -20,11 +20,6 @@ ansible -- ceph -- -ghostscript (carnil) - Regression update: #909076, possibly #909929 (but see upstream issue), - and #909957 - Regression #90 seems to not affect stretch, but needs double-check --- glusterfs -- gnutls28 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/435394ddb9d712f0e0a380b306fe98967ed8e05a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/435394ddb9d712f0e0a380b306fe98967ed8e05a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-11723
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64581ff5 by Salvatore Bonaccorso at 2018-11-10T13:14:15Z Add references for CVE-2018-11723 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18706,6 +18706,8 @@ CVE-2018-11723 (** DISPUTED ** The libpff_name_to_id_map_entry_read function in [stretch] - libpff (Minor issue) [jessie] - libpff (Minor issue) NOTE: http://seclists.org/fulldisclosure/2018/Jun/15 + NOTE: https://github.com/libyal/libpff/issues/64 + NOTE: https://github.com/libyal/libpff/commit/7b92bcace7e743cc9417e3cc3e4eee29abb70cf5 CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' ...) NOT-FOR-US: WUZHI CMS CVE-2018-11721 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64581ff572609b8b136a5a788b95b09a13ca1f55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64581ff572609b8b136a5a788b95b09a13ca1f55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim pdns and add note to squid3
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: c539afd1 by Abhijith PA at 2018-11-10T12:45:38Z Claim pdns and add note to squid3 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -69,7 +69,7 @@ openjpeg2 (Hugo Lefeuvre) -- openssl (Roberto C. Sánchez) -- -pdns +pdns (Abhijith PA) -- qemu (Santiago) NOTE: 20181026: no fix yet for recent dsa issues, but start working on @@ -81,6 +81,8 @@ spamassassin (Antoine Beaupre) -- squid3 (Abhijith PA) NOTE:20181101: consider fixing no-dsa issues too. (apo) + NOTE:20181110: The latest vulnerability is a one line fix. In rest of the no-dsa issues one seems fixed but forgot + NOTE:20181101: to mention in DLA, and others very intrusive to backport. Substantial change from 3.4 -> 3.5. -- symfony (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c539afd176e0b106bfaf6f40d3570ee116c6ede5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c539afd176e0b106bfaf6f40d3570ee116c6ede5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove ignored tag for CVE-2018-11645/ghostscript
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b071d670 by Salvatore Bonaccorso at 2018-11-10T09:12:48Z Remove ignored tag for CVE-2018-11645/ghostscript - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18957,7 +18957,6 @@ CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...) CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status ...) {DLA-1504-1} - ghostscript 9.21~dfsg-1 (low) - [stretch] - ghostscript (Negligible impact) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1) CVE-2018-11644 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b071d670ecc01572b53f1216ff20bd3e09728a07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b071d670ecc01572b53f1216ff20bd3e09728a07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync proposed update list with updates really included in point release
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b5d0c1b by Salvatore Bonaccorso at 2018-11-10T09:07:45Z Sync proposed update list with updates really included in point release Verified against dak log itself, exception in version added is the clamav version for the first upload round as the fix was already in the earlier version uploaded and thus known in the archive. - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -1321,7 +1321,7 @@ CVE-2018-18576 CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts ...) {DLA-1555-1} - libmspack 0.8-1 (bug #911637) - [stretch] - libmspack (Minor issue) + [stretch] - libmspack 0.5-1+deb9u3 NOTE: https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1 CVE-2018-18586 (** DISPUTED ** chmextract.c in the chmextract sample program, as ...) @@ -1337,7 +1337,7 @@ CVE-2018-18584 (In mspack/cab.h in libmspack before 0.8alpha and cabextract befo - cabextract 1.4-5 NOTE: Starting with 1.4-5 cabextract uses the mspack system library - libmspack 0.8-1 (bug #911640) - [stretch] - libmspack (Minor issue) + [stretch] - libmspack 0.5-1+deb9u3 NOTE: https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1 CVE-2018-18575 @@ -6444,11 +6444,11 @@ CVE-2018-16514 RESERVED CVE-2018-17088 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may ...) - jhead 1:3.00-8 (bug #907925) - [stretch] - jhead (Minor issue) + [stretch] - jhead 1:3.00-4+deb9u1 [jessie] - jhead (Minor issue) CVE-2018-16554 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may ...) - jhead 1:3.00-8 (bug #908176) - [stretch] - jhead (Minor issue) + [stretch] - jhead 1:3.00-4+deb9u1 [jessie] - jhead (Minor issue) CVE-2018-16515 (Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events ...) - matrix-synapse 0.33.3.1-1 (bug #908044) @@ -6654,61 +6654,61 @@ CVE-2018-16428 (In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmar NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1364 CVE-2018-16427 (Various out of bounds reads when handling responses in OpenSC before ...) - opensc 0.19.0~rc1-1 (low; bug #909444) - [stretch] - opensc (Minor issue) + [stretch] - opensc 0.16.0-3+deb9u1 [jessie] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/pull/1447/commits/8fe377e93b4b56060e5bbfb6f3142ceaeca744fa NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ CVE-2018-16426 (Endless recursion when handling responses from an IAS-ECC card in ...) - opensc 0.19.0~rc1-1 (low; bug #909444) - [stretch] - opensc (Minor issue) + [stretch] - opensc 0.16.0-3+deb9u1 [jessie] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ CVE-2018-16425 (A double free when handling responses from an HSM Card in ...) - opensc 0.19.0~rc1-1 (low; bug #909444) - [stretch] - opensc (Minor issue) + [stretch] - opensc 0.16.0-3+deb9u1 [jessie] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ CVE-2018-16424 (A double free when handling responses in read_file in tools/egk-tool.c ...) - opensc 0.19.0~rc1-1 (low; bug #909444) - [stretch] - opensc (Minor issue) + [stretch] - opensc 0.16.0-3+deb9u1 [jessie] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ CVE-2018-16423 (A double free when handling responses from a smartcard in ...) - opensc 0.19.0~rc1-1 (low; bug #909444) - [stretch] - opensc (Minor issue) + [stretch] - opensc 0.16.0-3+deb9u1 [jessie] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-db0cd89ff279ad8c7b3bb780cdf2770a NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ CVE-2018-16422 (A single byte buffer overflow when handling responses from an esteid ...) - opensc 0.19.0~rc1-1 (low; bug #909444) -
[Git][security-tracker-team/security-tracker][master] gitlab and knot-resolved acked for removal from stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2bb95db by Salvatore Bonaccorso at 2018-11-10T08:43:01Z gitlab and knot-resolved acked for removal from stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1144,12 +1144,10 @@ CVE-2018-18647 [Unauthorized changes to a protected branch's access levels] CVE-2018-18646 [SSRF in Hipchat integration] RESERVED - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/ CVE-2018-18645 [Information exposure when replying to issues through email] RESERVED - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/ CVE-2018-18644 [Metrics information disclosure in Prometheus integration] RESERVED @@ -1166,12 +1164,10 @@ CVE-2018-18642 [Persistent XSS in License Management and Security Reports] CVE-2018-18641 [Cleartext storage of personal access tokens] RESERVED - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/ CVE-2018-18640 [Information exposure in stored browser history] RESERVED - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/ CVE-2018-18639 RESERVED @@ -4146,7 +4142,6 @@ CVE-2018-17456 (Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2 CVE-2018-17455 [IDOR merge request approvals] RESERVED - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17454 [Persistent XSS on issue details] RESERVED @@ -4161,7 +4156,6 @@ CVE-2018-17453 [GRPC::Unknown logging token disclosure] CVE-2018-17452 [validate_localhost function in url_blocker.rb could be bypassed] RESERVED - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17451 [Slack integration CSRF Oauth2] RESERVED @@ -7325,16 +7319,13 @@ CVE-2018-16048 (An issue was discovered in GitLab Community and Enterprise Editi NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/ CVE-2018-16051 (An issue was discovered in GitLab Community and Enterprise Edition ...) - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/6012 NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/ CVE-2018- [gitlab: Missing CSRF in System Hooks] - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/ CVE-2018-16049 (An issue was discovered in GitLab Community and Enterprise Edition ...) - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/46967 NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49272 NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/ @@ -9148,7 +9139,6 @@ CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formu CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs] RESERVED - gitlab - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-15467 RESERVED @@ -11261,7 +11251,6 @@ CVE-2018-14604 (An issue was discovered in GitLab Community and Enterprise Editi NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ CVE-2018-14603 (An issue was discovered in GitLab Community and Enterprise Edition ...) - gitlab 10.8.7+dfsg-1 - [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ CVE-2018-14602 (An issue was discovered in GitLab Community and Enterprise Edition ...) - gitlab 10.8.7+dfsg-1 @@ -11976,7 +11965,6 @@ CVE-2018-14365 RESERVED CVE-2018-14364 (GitLab Community and Enterprise Edition
[Git][security-tracker-team/security-tracker][master] Record two propups to unstable as same version in unstable and stable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7f50151 by Salvatore Bonaccorso at 2018-11-10T08:34:17Z Record two propups to unstable as same version in unstable and stable moin/1.9.9-1+deb9u1 (CVE-2017-5934/#910776) xml-security-c/1.7.3-4+deb9u1 (#905332) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10416,7 +10416,7 @@ CVE-2018- [DSA verification crashes OpenSSL on invalid combinations of key c NOTE: https://issues.apache.org/jira/browse/SANTUARIO-496 CVE-2018- [Default KeyInfo resolver doesn't check for empty element content.] [experimental] - xml-security-c 2.0.1-1 - - xml-security-c (bug #905332) + - xml-security-c 1.7.3-4+deb9u1 (bug #905332) [stretch] - xml-security-c 1.7.3-4+deb9u1 [jessie] - xml-security-c 1.7.2-3+deb8u1 NOTE: https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491 @@ -86878,7 +86878,7 @@ CVE-2017-5935 RESERVED CVE-2017-5934 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI ...) {DSA-4318-1 DLA-1546-1} - - moin (bug #910776) + - moin 1.9.9-1+deb9u1 (bug #910776) NOTE: https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024 CVE-2017-5933 (Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, ...) NOT-FOR-US: Citrix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7f5015148fa84b4263dd4e842b8309fee6ba22a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7f5015148fa84b4263dd4e842b8309fee6ba22a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-19139/jasper
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 540d0d99 by Salvatore Bonaccorso at 2018-11-10T08:21:33Z Add CVE-2018-19139/jasper - - - - - a09118bf by Salvatore Bonaccorso at 2018-11-10T08:23:07Z Merge remote-tracking branch 'origin/master' - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,8 @@ CVE-2018-19144 CVE-2018-19140 RESERVED CVE-2018-19139 (An issue has been found in JasPer 2.0.14. There is a memory leak in ...) - - jasper + - jasper (low) + NOTE: https://github.com/mdadams/jasper/issues/188 CVE-2018-19138 (WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. ...) NOT-FOR-US: WSTMart CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/82b0f5ef93860d15ba2a60aaba8c67b474c42b46...a09118bf0a33f3721c0b8f6880c4cbb1e407a39d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/82b0f5ef93860d15ba2a60aaba8c67b474c42b46...a09118bf0a33f3721c0b8f6880c4cbb1e407a39d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 82b0f5ef by Moritz Muehlenhoff at 2018-11-10T08:21:15Z NFUs new jasper issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,15 +3,15 @@ CVE-2018-19147 CVE-2018-19146 RESERVED CVE-2018-19145 (An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in ...) - TODO: check + NOT-FOR-US: S-CMS CVE-2018-19144 RESERVED CVE-2018-19140 RESERVED CVE-2018-19139 (An issue has been found in JasPer 2.0.14. There is a memory leak in ...) - TODO: check + - jasper CVE-2018-19138 (WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. ...) - TODO: check + NOT-FOR-US: WSTMart CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ...) NOT-FOR-US: DomainMOD CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...) @@ -142,13 +142,13 @@ CVE-2018-19089 (tianti 2.3 has stored XSS in the userlist module via the ...) CVE-2018-19088 RESERVED CVE-2018-19087 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a ...) - TODO: check + NOT-FOR-US: IOBit Malware Fighter CVE-2018-19086 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a ...) - TODO: check + NOT-FOR-US: IOBit Malware Fighter CVE-2018-19085 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a ...) - TODO: check + NOT-FOR-US: IOBit Malware Fighter CVE-2018-19084 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a ...) - TODO: check + NOT-FOR-US: IOBit Malware Fighter CVE-2018-19083 (WeCenter 3.2.0 through 3.2.2 has XSS in the ...) NOT-FOR-US: WeCenter CVE-2018-19082 (An issue was discovered on Foscam Opticam i5 devices with System ...) @@ -8319,7 +8319,7 @@ CVE-2018-15798 CVE-2018-15797 RESERVED CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2018-15795 RESERVED CVE-2018-15794 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82b0f5ef93860d15ba2a60aaba8c67b474c42b46 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82b0f5ef93860d15ba2a60aaba8c67b474c42b46 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a98af3f3 by security tracker role at 2018-11-10T08:10:15Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2018-19147 + RESERVED +CVE-2018-19146 + RESERVED +CVE-2018-19145 (An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in ...) + TODO: check +CVE-2018-19144 + RESERVED +CVE-2018-19140 + RESERVED +CVE-2018-19139 (An issue has been found in JasPer 2.0.14. There is a memory leak in ...) + TODO: check +CVE-2018-19138 (WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. ...) + TODO: check CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ...) NOT-FOR-US: DomainMOD CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...) @@ -32,16 +46,19 @@ CVE-2018-19122 (An issue has been found in libIEC61850 v1.3. It is a NULL pointe CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in ...) NOT-FOR-US: libIEC61850 CVE-2018-19141 [otrs: Security Advisory 2018-09] + RESERVED - otrs2 6.0.1-1 NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/ NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions). NOTE: Add workaround and mark first 6.x version as fixing version CVE-2018-19142 [otrs: Security Advisory 2018-08] + RESERVED - otrs2 6.0.13-1 [stretch] - otrs2 (Only affects 6.x) [jessie] - otrs2 (Only affects 6.x) NOTE: https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/ CVE-2018-19143 [otrs: Security Advisory 2018-07] + RESERVED - otrs2 6.0.13-1 NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/ CVE-2018-19120 @@ -124,14 +141,14 @@ CVE-2018-19089 (tianti 2.3 has stored XSS in the userlist module via the ...) NOT-FOR-US: tianti CVE-2018-19088 RESERVED -CVE-2018-19087 - RESERVED -CVE-2018-19086 - RESERVED -CVE-2018-19085 - RESERVED -CVE-2018-19084 - RESERVED +CVE-2018-19087 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a ...) + TODO: check +CVE-2018-19086 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a ...) + TODO: check +CVE-2018-19085 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a ...) + TODO: check +CVE-2018-19084 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a ...) + TODO: check CVE-2018-19083 (WeCenter 3.2.0 through 3.2.2 has XSS in the ...) NOT-FOR-US: WeCenter CVE-2018-19082 (An issue was discovered on Foscam Opticam i5 devices with System ...) @@ -3737,8 +3754,8 @@ CVE-2018-17614 CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is ...) - telegram-desktop NOTE: https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html -CVE-2018-17612 - RESERVED +CVE-2018-17612 (Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) ...) + TODO: check CVE-2018-17611 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...) NOT-FOR-US: Foxit CVE-2018-17610 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...) @@ -8301,8 +8318,8 @@ CVE-2018-15798 RESERVED CVE-2018-15797 RESERVED -CVE-2018-15796 - RESERVED +CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an ...) + TODO: check CVE-2018-15795 RESERVED CVE-2018-15794 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a98af3f306499d5a155712687781daae47560f25 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a98af3f306499d5a155712687781daae47560f25 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits