[Git][security-tracker-team/security-tracker][master] Add CVE-2018-12022/jackson-databind
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ba93952 by Salvatore Bonaccorso at 2019-01-31T07:48:17Z Add CVE-2018-12022/jackson-databind - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37776,8 +37776,11 @@ CVE-2018-12023 [improper polymorphic deserialization of types from Oracle JDBC d - jackson-databind 2.9.8-1 NOTE: https://github.com/FasterXML/jackson-databind/issues/2058 NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1 -CVE-2018-12022 +CVE-2018-12022 [improper polymorphic deserialization of types from Jodd-db library] RESERVED + - jackson-databind 2.9.8-1 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2052 + NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1 CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect access ...) - singularity-container 2.5.2-1 NOTE: https://github.com/singularityware/singularity/releases/tag/2.5.2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ba939525dd019d9b09a615c3aa0e50d4df99b50 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ba939525dd019d9b09a615c3aa0e50d4df99b50 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-12023/jackson-databind
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9577b5b1 by Salvatore Bonaccorso at 2019-01-31T07:46:15Z Add CVE-2018-12023/jackson-databind - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37771,8 +37771,11 @@ CVE-2018-12025 (The transferFrom function of a smart contract implementation for NOT-FOR-US: FuturXE CVE-2018-12024 RESERVED -CVE-2018-12023 +CVE-2018-12023 [improper polymorphic deserialization of types from Oracle JDBC driver] RESERVED + - jackson-databind 2.9.8-1 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2058 + NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1 CVE-2018-12022 RESERVED CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect access ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9577b5b1fa6ed05dedcbd0bc7053ca9dde0b93e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9577b5b1fa6ed05dedcbd0bc7053ca9dde0b93e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5782/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc5a48da by Salvatore Bonaccorso at 2019-01-31T07:44:07Z Add CVE-2019-5782/chromium - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3276,6 +3276,7 @@ CVE-2019-5783 RESERVED CVE-2019-5782 RESERVED + - chromium CVE-2019-5781 RESERVED - chromium View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc5a48da82579e31266832db3f0670b1739b45d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc5a48da82579e31266832db3f0670b1739b45d7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-6690/python-gnupg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c05f5a5 by Salvatore Bonaccorso at 2019-01-31T07:42:18Z Add CVE-2019-6690/python-gnupg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1156,8 +1156,12 @@ CVE-2019-6692 RESERVED CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the ...) NOT-FOR-US: phpwind -CVE-2019-6690 +CVE-2019-6690 [improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt()] RESERVED + - python-gnupg 0.4.4-1 + NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability + NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112 + NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112 CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework ...) NOT-FOR-US: Jenkins CVE-2019-6689 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c05f5a530cdd6b1252c4f82cc6749e275c43c5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c05f5a530cdd6b1252c4f82cc6749e275c43c5b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-7147/nasm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 34561db0 by Salvatore Bonaccorso at 2019-01-31T07:38:59Z Add CVE-2019-7147/nasm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -183,7 +183,8 @@ CVE-2019-7148 (An attempted excessive memory allocation was discovered in the fu NOTE: malloc can fail on invalid file, but "nothing" bad with security implication will NOTE: happen, negligible security impact. CVE-2019-7147 (A buffer over-read exists in the function crc64ib in crc64.c in nasmlib ...) - TODO: check + - nasm (Vulnerable code introduced later) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392544 CVE-2019-7146 (In elfutils 0.175, there is a buffer over-read in the ebl_object_note ...) - elfutils (bug #920911) [stretch] - elfutils (Vulnerable code introduced in 0.175) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34561db06c119366bff15508a3a7537b196613f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34561db06c119366bff15508a3a7537b196613f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2018-207{48,49,50}/libvncserver
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ed0f24c by Salvatore Bonaccorso at 2019-01-30T22:20:07Z
Track fixed version for CVE-2018-207{48,49,50}/libvncserver
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -13178,7 +13178,7 @@ CVE-2018-20020 (LibVNC before commit
7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
NOTE:
https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds
write ...)
- - libvncserver (bug #920941)
+ - libvncserver 0.9.11+dfsg-1.3 (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-20019 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
NOTE:
https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
@@ -29573,11 +29573,11 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS
via the ...)
CVE-2018-15128
RESERVED
CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write
vulnerability ...)
- - libvncserver (bug #920941)
+ - libvncserver 0.9.11+dfsg-1.3 (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-15127 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-20749 (LibVNC before 0.9.12 contains a heap out-of-bounds write
vulnerability ...)
- - libvncserver (bug #920941)
+ - libvncserver 0.9.11+dfsg-1.3 (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-15127 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de
contains ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ed0f24cedaa832ae0385ef6359866aaca1b080c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ed0f24cedaa832ae0385ef6359866aaca1b080c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-3813/spice in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a26c40fd by Salvatore Bonaccorso at 2019-01-30T21:06:36Z
Add fixed version for CVE-2019-3813/spice in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -7442,7 +7442,7 @@ CVE-2019-3814
CVE-2019-3813 [Off-by-one error in array access in spice/server/memslot.c]
RESERVED
{DSA-4375-1 DLA-1649-1}
- - spice (bug #920762)
+ - spice 0.14.0-1.3 (bug #920762)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665371
CVE-2019-3812
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a26c40fd926eaf76c69e33a199fa5a775c676bbd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a26c40fd926eaf76c69e33a199fa5a775c676bbd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs have been fixed
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a67d65cb by Thorsten Alteholz at 2019-01-30T20:44:49Z
CVEs have been fixed
- - - - -
8ccf597a by Thorsten Alteholz at 2019-01-30T20:45:22Z
Reserve DLA-1651-1 for libgd2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -28467,7 +28467,6 @@ CVE-2018-1000224 (Godot Engine version All versions
prior to 2.1.5, all 3.0 vers
CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability
vulnerability ...)
- libgd2 2.2.5-4.1 (low; bug #906886)
[stretch] - libgd2 2.2.4-2+deb9u3
- [jessie] - libgd2 (Minor issue)
NOTE: https://github.com/libgd/libgd/issues/447
NOTE:
https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
CVE-2018-1000221 (pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow
...)
@@ -55861,7 +55860,6 @@ CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library
(aka libgd), as used in PH
NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
- libgd2 2.2.5-4.1 (bug #887485)
[stretch] - libgd2 2.2.4-2+deb9u3
- [jessie] - libgd2 (Minor issue, can be fixed along in a
future update)
NOTE: https://github.com/libgd/libgd/issues/420
NOTE:
https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through
1.16. The ...)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[30 Jan 2019] DLA-1651-1 libgd2 - security update
+ {CVE-2018-5711 CVE-2018-1000222 CVE-2019-6977 CVE-2019-6978}
+ [jessie] - libgd2 2.1.0-5+deb8u12
[30 Jan 2019] DLA-1650-1 rssh - security update
{CVE-2019-118}
[jessie] - rssh 2.3.4-4+deb8u1
=
data/dla-needed.txt
=
@@ -70,8 +70,6 @@ jackson-databind (Thorsten Alteholz)
libav (Mike Gabriel)
NOTE: 20190128: More patches / fixes in my local pipeline. Uploads coming
soon.
--
-libgd2 (Thorsten Alteholz)
---
libraw (Abhijith PA)
NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
NOTE: especially those that are still marked vulnerable in Stretch but also
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/45c8e8ddfcba339333f1b95ec9f1a7daf7ecf53c...8ccf597af61f75314195bfcc569def556d808132
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/45c8e8ddfcba339333f1b95ec9f1a7daf7ecf53c...8ccf597af61f75314195bfcc569def556d808132
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45c8e8dd by security tracker role at 2019-01-30T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,21 @@
+CVE-2019-7224
+ RESERVED
+CVE-2019-7223
+ RESERVED
+CVE-2019-7222
+ RESERVED
+CVE-2019-7221
+ RESERVED
+CVE-2019-7220
+ RESERVED
+CVE-2019-7219
+ RESERVED
+CVE-2019-7218
+ RESERVED
+CVE-2019-7217
+ RESERVED
+CVE-2019-7216
+ RESERVED
CVE-2019-7215
RESERVED
CVE-2019-7214
@@ -495,6 +513,7 @@ CVE-2019-6990 (A stored-self XSS exists in
web/skins/classic/views/zones.php of
CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1
allow remote ...)
NOT-FOR-US: Atlassian Crowd
CVE-2019-118 [Remote code execution in scp support]
+ {DSA-4377-1 DLA-1650-1}
- rssh 2.3.4-9 (bug #919623)
NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/
CVE-2019-6989
@@ -7422,7 +7441,7 @@ CVE-2019-3814
RESERVED
CVE-2019-3813 [Off-by-one error in array access in spice/server/memslot.c]
RESERVED
- {DSA-4375-1}
+ {DSA-4375-1 DLA-1649-1}
- spice (bug #920762)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665371
@@ -8738,6 +8757,7 @@ CVE-2018-1000890 (FrontAccounting 2.4.5 contains a Time
Based Blind SQL Injectio
CVE-2018-1000889 (Logisim Evolution version 2.14.3 and earlier contains an XML
External ...)
NOT-FOR-US: Logisim Evolution
CVE-2018-1000888 (PEAR Archive_Tar version 1.4.3 and earlier contains a
CWE-502, CWE-915 ...)
+ {DSA-4378-1}
- php-pear 1:1.10.6+submodules+notgz-1.1 (bug #919147)
NOTE: https://pear.php.net/bugs/bug.php?id=23782
NOTE:
https://github.com/pear/Archive_Tar/commit/59ace120ac5ceb5f0d36e40e48e1884de1badf76
@@ -13157,7 +13177,7 @@ CVE-2018-20020 (LibVNC before commit
7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
NOTE:
https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
NOTE:
https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
-CVE-2018-20748 [Incomplete fix for CVE-2018-20019]
+CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds
write ...)
- libvncserver (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-20019 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
@@ -19607,8 +19627,8 @@ CVE-2018-19029
RESERVED
CVE-2018-19028
RESERVED
-CVE-2018-19027
- RESERVED
+CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions
4.50 and ...)
+ TODO: check
CVE-2018-19026
RESERVED
CVE-2018-19025
@@ -20856,6 +20876,7 @@ CVE-2018-18506
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18506
CVE-2018-18505
RESERVED
+ {DSA-4376-1 DLA-1648-1}
- firefox 65.0-1
- firefox-esr 60.5.0esr-1
- thunderbird 1:60.5.0-1
@@ -20876,6 +20897,7 @@ CVE-2018-18502
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18502
CVE-2018-18501
RESERVED
+ {DSA-4376-1 DLA-1648-1}
- firefox 65.0-1
- firefox-esr 60.5.0esr-1
- thunderbird 1:60.5.0-1
@@ -20884,6 +20906,7 @@ CVE-2018-18501
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18501
CVE-2018-18500
RESERVED
+ {DSA-4376-1 DLA-1648-1}
- firefox 65.0-1
- firefox-esr 60.5.0esr-1
- thunderbird 1:60.5.0-1
@@ -29550,11 +29573,11 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS
via the ...)
NOT-FOR-US: ThinkSAAS
CVE-2018-15128
RESERVED
-CVE-2018-20750 [Incomplete fix for CVE-2018-15127]
+CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write
vulnerability ...)
- libvncserver (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-15127 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
-CVE-2018-20749 [Incomplete fix for CVE-2018-15127]
+CVE-2018-20749 (LibVNC before 0.9.12 contains a heap out-of-bounds write
vulnerability ...)
- libvncserver (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-15127 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
@@ -104785,7 +104808,7 @@ CVE-2017-6521
RESERVED
CVE-2017-6520 (The
[Git][security-tracker-team/security-tracker][master] CVE/list: update for latest cacti release
Paul Gevers pushed to branch master at Debian Security Tracker / security-tracker Commits: f21f0376 by Paul Gevers at 2019-01-30T18:24:31Z CVE/list: update for latest cacti release - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1716,19 +1716,19 @@ CVE-2019-6448 CVE-2019-6447 (The ES File Explorer File Manager application through 4.1.9.7.4 for ...) NOT-FOR-US: ES File Explorer File Manager application CVE-2018-20726 (A cross-site scripting (XSS) vulnerability exists in host.php (via ...) - - cacti + - cacti 1.2.1+ds1-1 NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d NOTE: https://github.com/Cacti/cacti/issues/2213 CVE-2018-20725 (A cross-site scripting (XSS) vulnerability exists in ...) - - cacti + - cacti 1.2.1+ds1-1 NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d NOTE: https://github.com/Cacti/cacti/issues/2214 CVE-2018-20724 (A cross-site scripting (XSS) vulnerability exists in pollers.php in ...) - - cacti + - cacti 1.2.1+ds1-1 NOTE: https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53 NOTE: https://github.com/Cacti/cacti/issues/2212 CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in ...) - - cacti + - cacti 1.2.1+ds1-1 NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d NOTE: https://github.com/Cacti/cacti/issues/2215 CVE-2018-20722 @@ -271417,7 +271417,7 @@ CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help D NOT-FOR-US: PHD Help Desk CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...) [experimental] - cacti 1.2.0~beta2+ds1-1 - - cacti (unimportant; bug #561339) + - cacti 1.2.1+ds1-1 (unimportant; bug #561339) NOTE: 4b0e1566.1070...@moritz-naumann.com in bugtraq NOTE: as one requires admin access to cacti, upstream will implement a whitelist NOTE: https://github.com/Cacti/cacti/issues/1072 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f21f03767e4adbb3a299bdf3892c5efe001e8cd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f21f03767e4adbb3a299bdf3892c5efe001e8cd3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2018-207{48,49,50}/libvncserver
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73ff7dfa by Salvatore Bonaccorso at 2019-01-30T18:23:10Z
Add Debian bug reference for CVE-2018-207{48,49,50}/libvncserver
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -13158,7 +13158,7 @@ CVE-2018-20020 (LibVNC before commit
7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
NOTE:
https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
CVE-2018-20748 [Incomplete fix for CVE-2018-20019]
- - libvncserver
+ - libvncserver (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-20019 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
NOTE:
https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
@@ -29551,11 +29551,11 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS
via the ...)
CVE-2018-15128
RESERVED
CVE-2018-20750 [Incomplete fix for CVE-2018-15127]
- - libvncserver
+ - libvncserver (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-15127 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-20749 [Incomplete fix for CVE-2018-15127]
- - libvncserver
+ - libvncserver (bug #920941)
[stretch] - libvncserver (Incomplete fix for
CVE-2018-15127 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de
contains ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/73ff7dfa36f079fa2a738b5b06576c24fc9a1ca6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/73ff7dfa36f079fa2a738b5b06576c24fc9a1ca6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add spelling fix in explanation of not-affected status
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b5254993 by Salvatore Bonaccorso at 2019-01-30T18:16:42Z
Add spelling fix in explanation of not-affected status
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -29552,11 +29552,11 @@ CVE-2018-15128
RESERVED
CVE-2018-20750 [Incomplete fix for CVE-2018-15127]
- libvncserver
- [stretch] - libvncserver (Incomplete fix CVE-2018-15127
not applied)
+ [stretch] - libvncserver (Incomplete fix for
CVE-2018-15127 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-20749 [Incomplete fix for CVE-2018-15127]
- libvncserver
- [stretch] - libvncserver (Incomplete fix CVE-2018-15127
not applied)
+ [stretch] - libvncserver (Incomplete fix for
CVE-2018-15127 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de
contains ...)
{DLA-1617-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b52549939741538998c6c1cf1bd9cb61185b4e24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b52549939741538998c6c1cf1bd9cb61185b4e24
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Stretch not affected by CVE-2018-20748, CVE-2018-20749 and CVE-2018-20750
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f52786d6 by Salvatore Bonaccorso at 2019-01-30T18:15:02Z
Stretch not affected by CVE-2018-20748, CVE-2018-20749 and CVE-2018-20750
As no update with incomplete fixes was released for the CVE-2018-20019
and CVE-2018-15127 issues stretch version of src:libvncserver is not
affected by the CVEs assigned due to the security issues caused by the
incomplete fixes.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -13159,6 +13159,7 @@ CVE-2018-20020 (LibVNC before commit
7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
CVE-2018-20748 [Incomplete fix for CVE-2018-20019]
- libvncserver
+ [stretch] - libvncserver (Incomplete fix for
CVE-2018-20019 not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
NOTE:
https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
NOTE:
https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
@@ -29551,9 +29552,11 @@ CVE-2018-15128
RESERVED
CVE-2018-20750 [Incomplete fix for CVE-2018-15127]
- libvncserver
+ [stretch] - libvncserver (Incomplete fix CVE-2018-15127
not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-20749 [Incomplete fix for CVE-2018-15127]
- libvncserver
+ [stretch] - libvncserver (Incomplete fix CVE-2018-15127
not applied)
NOTE:
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de
contains ...)
{DLA-1617-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f52786d6cd2be87abd5c39acde3ad98f83893599
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f52786d6cd2be87abd5c39acde3ad98f83893599
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20748/libvncserver
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d33dc413 by Salvatore Bonaccorso at 2019-01-30T18:12:29Z
Add CVE-2018-20748/libvncserver
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -13157,12 +13157,24 @@ CVE-2018-20020 (LibVNC before commit
7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
NOTE:
https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
NOTE:
https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
+CVE-2018-20748 [Incomplete fix for CVE-2018-20019]
+ - libvncserver
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae
CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f
contains ...)
{DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
NOTE: https://github.com/LibVNC/libvncserver/issues/247
NOTE:
https://github.com/LibVNC/libvncserver/commit/a83439b9fbe0f03c48eb94ed05729cb016f8b72f
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/
+ NOTE: When fixing this issue apply the complete set of fixes to not
open CVE-2018-20748.
+ NOTE: Additional commits:
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae
CVE-2018-20018 (S-CMS V3.0 has SQL injection via the S_id parameter, as
demonstrated by ...)
NOT-FOR-US: S-CMS
CVE-2018-20017 (SEMCMS 3.5 has XSS via the first text box to the
SEMCMS_Main.php URI. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d33dc41307fb53be8317a3fd17daca57a82421a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d33dc41307fb53be8317a3fd17daca57a82421a4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-207{49,50}/libvncserver incomplete fixes for CVE-2018-15127
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
574c881f by Salvatore Bonaccorso at 2019-01-30T18:13:17Z
Add CVE-2018-207{49,50}/libvncserver incomplete fixes for CVE-2018-15127
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -29549,12 +29549,22 @@ CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS
via the ...)
NOT-FOR-US: ThinkSAAS
CVE-2018-15128
RESERVED
+CVE-2018-20750 [Incomplete fix for CVE-2018-15127]
+ - libvncserver
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
+CVE-2018-20749 [Incomplete fix for CVE-2018-15127]
+ - libvncserver
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de
contains ...)
{DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
NOTE: https://github.com/LibVNC/libvncserver/issues/243
NOTE:
https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de
NOTE:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/
+ NOTE: When fixing this issue make sure to not open CVE-2018-20749 and
CVE-2018-20750
+ NOTE: Additional commits:
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
+ NOTE:
https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b
contains ...)
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
[jessie] - libvncserver (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/574c881fc3bf170ebc9034d4216dc12e9db0e79f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/574c881fc3bf170ebc9034d4216dc12e9db0e79f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for mariadb-10.3 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4a82492 by Salvatore Bonaccorso at 2019-01-30T18:08:09Z Add Debian bug reference for mariadb-10.3 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11640,7 +11640,7 @@ CVE-2019-2538 (Vulnerability in the Oracle Managed File Transfer component of Or NOT-FOR-US: Oracle CVE-2019-2537 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 5.7.25-1 (bug #919817) - - mariadb-10.3 + - mariadb-10.3 (bug #920933) - mariadb-10.1 - mariadb-10.0 NOTE: Fixed in MariaDB: 10.3.13, 10.1.38, 10.0.38 @@ -11710,7 +11710,7 @@ CVE-2019-2511 (Vulnerability in the Oracle VM VirtualBox component of Oracle ... [jessie] - virtualbox (DSA-3699-1) CVE-2019-2510 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 5.7.25-1 (bug #919817) - - mariadb-10.3 + - mariadb-10.3 (bug #920933) NOTE: Fixed in MariaDB: 10.3.13 CVE-2019-2509 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.2.24-dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4a8249266be4a599a531ba84d0d5b47f27778cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4a8249266be4a599a531ba84d0d5b47f27778cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1650-1 for rssh
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2733bdb6 by Markus Koschany at 2019-01-30T17:47:50Z
Reserve DLA-1650-1 for rssh
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[30 Jan 2019] DLA-1650-1 rssh - security update
+ {CVE-2019-118}
+ [jessie] - rssh 2.3.4-4+deb8u1
[30 Jan 2019] DLA-1649-1 spice - security update
{CVE-2019-3813}
[jessie] - spice 0.12.5-1+deb8u7
=
data/dla-needed.txt
=
@@ -120,8 +120,6 @@ qemu (Hugo Lefeuvre)
NOTE: CVE-2018-19665: see
https://lists.debian.org/debian-lts/2019/01/msg00073.html
NOTE: 20190129: working on a second upload addressing latest cves
--
-rssh (Markus Koschany)
---
symfony (Roberto C. Sánchez)
NOTE: 20190128: Working on resolving FTFBS with feedback received from
mailing list (roberto)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2733bdb6f1ef78dfe3e1786d872b9d2f4564ef18
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2733bdb6f1ef78dfe3e1786d872b9d2f4564ef18
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] One duplicate CVE for avahi REJECTED
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7de61b85 by Salvatore Bonaccorso at 2019-01-30T16:52:30Z One duplicate CVE for avahi REJECTED Move relevant information to the remaining entry CVE-2017-6519 as it was decided that the CVE-2018-1000845 is to be rejected. The rejection will be included in future CVE feed update. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9408,10 +9408,8 @@ CVE-2018-1000847 (FreshDNS version 1.0.3 and prior contains a Cross Site Scripti NOT-FOR-US: FreshDNS CVE-2018-1000846 (FreshDNS version 1.0.3 and earlier contains a Cross ite Request ...) NOT-FOR-US: FreshDNS -CVE-2018-1000845 (Avahi version 0.7 contains a Incorrect Access Control vulnerability in ...) - - avahi (unimportant; bug #917047) - NOTE: https://github.com/lathiat/avahi/issues/203 - NOTE: https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f +CVE-2018-1000845 + REJECTED CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit ...) NOT-FOR-US: Square Retrofit CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit ...) @@ -104763,8 +104761,9 @@ CVE-2017-6521 CVE-2017-6520 (The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 ...) NOT-FOR-US: Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 ...) - - avahi (unimportant) + - avahi (unimportant; bug #917047) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1426712 + NOTE: https://github.com/lathiat/avahi/issues/203 NOTE: https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...) NOT-FOR-US: SanaCMS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7de61b8577f12d6423ab083d89e53b1eb43986cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7de61b8577f12d6423ab083d89e53b1eb43986cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1649-1 for spice
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
019a4b1e by Emilio Pozuelo Monfort at 2019-01-30T16:26:21Z
Reserve DLA-1649-1 for spice
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[30 Jan 2019] DLA-1649-1 spice - security update
+ {CVE-2019-3813}
+ [jessie] - spice 0.12.5-1+deb8u7
[30 Jan 2019] DLA-1648-1 firefox-esr - security update
{CVE-2018-18500 CVE-2018-18501 CVE-2018-18505}
[jessie] - firefox-esr 60.5.0esr-1~deb8u1
=
data/dla-needed.txt
=
@@ -122,8 +122,6 @@ qemu (Hugo Lefeuvre)
--
rssh (Markus Koschany)
--
-spice (Emilio)
---
symfony (Roberto C. Sánchez)
NOTE: 20190128: Working on resolving FTFBS with feedback received from
mailing list (roberto)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/019a4b1ec9024e3ef1071152787d0e15dae2001e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/019a4b1ec9024e3ef1071152787d0e15dae2001e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-1648-1 for firefox-esr
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51065f99 by Emilio Pozuelo Monfort at 2019-01-30T16:21:49Z
Reserve DLA-1648-1 for firefox-esr
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[30 Jan 2019] DLA-1648-1 firefox-esr - security update
+ {CVE-2018-18500 CVE-2018-18501 CVE-2018-18505}
+ [jessie] - firefox-esr 60.5.0esr-1~deb8u1
[29 Jan 2019] DLA-1647-1 apache2 - security update
{CVE-2018-17199}
[jessie] - apache2 2.4.10-10+deb8u13
=
data/dla-needed.txt
=
@@ -28,8 +28,6 @@ exiv2 (Thorsten Alteholz)
faad2 (Hugo Lefeuvre)
NOTE: 20190125: No known patch yet. Going to fix the most exploitable issues
at first.
--
-firefox-esr (Emilio)
---
firmware-nonfree
NOTE: needed by sponsors
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/51065f99da151f49d8b578cf67677fe1ca8e369c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/51065f99da151f49d8b578cf67677fe1ca8e369c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim php5 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 79ea5296 by Roberto C. Sánchez at 2019-01-30T15:42:41Z LTS: claim php5 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -101,7 +101,7 @@ nss -- openssh (Mike Gabriel) -- -php5 +php5 (Roberto C. Sánchez) -- phpmyadmin (Lucas Kanashiro) NOTE: 20190116: Please also fix no-dsa issue CVE-2018-19970 (requested by sunweaver, with frontdesk hat on) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/79ea5296bbe3649cc9f99679dba2a1e0c432ff7a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/79ea5296bbe3649cc9f99679dba2a1e0c432ff7a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add php5 to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: dd339f5b by Markus Koschany at 2019-01-30T15:31:02Z Add php5 to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -101,6 +101,8 @@ nss -- openssh (Mike Gabriel) -- +php5 +-- phpmyadmin (Lucas Kanashiro) NOTE: 20190116: Please also fix no-dsa issue CVE-2018-19970 (requested by sunweaver, with frontdesk hat on) NOTE: 20190116: Please also triage CVE-2018-19969. Thanks. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd339f5b0041792627b82c8b01044383003f97f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd339f5b0041792627b82c8b01044383003f97f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for php-pear update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef1dbc49 by Salvatore Bonaccorso at 2019-01-30T15:28:41Z
Reserve DSA number for php-pear update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[30 Jan 2019] DSA-4378-1 php-pear - security update
+ {CVE-2018-1000888}
+ [stretch] - php-pear 1:1.10.1+submodules+notgz-9+deb9u1
[30 Jan 2019] DSA-4377-1 rssh - security update
{CVE-2019-118}
[stretch] - rssh 2.3.4-5+deb9u1
=
data/dsa-needed.txt
=
@@ -52,8 +52,6 @@ openssh (corsac)
--
passenger
--
-php-pear (carnil)
---
simplesamlphp
--
smarty3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef1dbc491f00702dd407fe35eb8566a7e64968fb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef1dbc491f00702dd407fe35eb8566a7e64968fb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] rssh DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40b75608 by Moritz Muehlenhoff at 2019-01-30T15:20:37Z
rssh DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[30 Jan 2019] DSA-4377-1 rssh - security update
+ {CVE-2019-118}
+ [stretch] - rssh 2.3.4-5+deb9u1
[30 Jan 2019] DSA-4376-1 firefox-esr - security update
{CVE-2018-18500 CVE-2018-18501 CVE-2018-18505}
[stretch] - firefox-esr 60.5.0esr-1~deb9u1
=
data/dsa-needed.txt
=
@@ -54,9 +54,6 @@ passenger
--
php-pear (carnil)
--
-rssh (jmm)
- Maintainer prepared a debdiff for a proposed update, needs review + ack
---
simplesamlphp
--
smarty3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/40b75608605250f01fab49cae7715f8bdbeba939
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/40b75608605250f01fab49cae7715f8bdbeba939
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] firefox DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55cfb215 by Moritz Muehlenhoff at 2019-01-30T14:56:18Z
firefox DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[30 Jan 2019] DSA-4376-1 firefox-esr - security update
+ {CVE-2018-18500 CVE-2018-18501 CVE-2018-18505}
+ [stretch] - firefox-esr 60.5.0esr-1~deb9u1
[29 Jan 2019] DSA-4375-1 spice - security update
{CVE-2019-3813}
[stretch] - spice 0.12.8-2.1+deb9u3
=
data/dsa-needed.txt
=
@@ -23,8 +23,6 @@ chromium
faad2
not yet fixed upstream
--
-firefox-esr (jmm)
---
glusterfs
--
graphicsmagick
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/55cfb21541bbe4b6c568ee378d7fc2f14f84cdda
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/55cfb21541bbe4b6c568ee378d7fc2f14f84cdda
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2019-7150/elfutils
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c845012 by Salvatore Bonaccorso at 2019-01-30T14:44:30Z Add Debian bug reference for CVE-2019-7150/elfutils - - - - - 2329150b by Salvatore Bonaccorso at 2019-01-30T14:44:54Z Add Debian bug reference for CVE-2019-7149/elfutils - - - - - 40252230 by Salvatore Bonaccorso at 2019-01-30T14:45:10Z Add Debian bug for CVE-2019-7146/elfutils - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -150,12 +150,12 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in ...) NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can ...) - - elfutils + - elfutils (bug #920909) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 CVE-2019-7149 (A heap-based buffer over-read was discovered in the function ...) - - elfutils + - elfutils (bug #920910) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35 @@ -167,7 +167,7 @@ CVE-2019-7148 (An attempted excessive memory allocation was discovered in the fu CVE-2019-7147 (A buffer over-read exists in the function crc64ib in crc64.c in nasmlib ...) TODO: check CVE-2019-7146 (In elfutils 0.175, there is a buffer over-read in the ebl_object_note ...) - - elfutils + - elfutils (bug #920911) [stretch] - elfutils (Vulnerable code introduced in 0.175) [jessie] - elfutils (Vulnerable code introduced in 0.175) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24075 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e1f5eb8bff5a11cd3e6761fb8eb83ddf1bcf727f...402522301a7c609637191618f92e0989d684840f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e1f5eb8bff5a11cd3e6761fb8eb83ddf1bcf727f...402522301a7c609637191618f92e0989d684840f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track unstable fix for CVE-2018-17204/openvswitch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1f5eb8b by Salvatore Bonaccorso at 2019-01-30T14:42:31Z Track unstable fix for CVE-2018-17204/openvswitch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24230,7 +24230,7 @@ CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7. NOTE: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 (branch-2.8) NOTE: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 (branch-2.7) CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, ...) - - openvswitch + - openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 [jessie] - openvswitch (Vulnerable code does not exist; no such function) NOTE: https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa (master) NOTE: https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168 (branch-2.8) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f5eb8bff5a11cd3e6761fb8eb83ddf1bcf727f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f5eb8bff5a11cd3e6761fb8eb83ddf1bcf727f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2018-17205/openvswitch fixed in 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 for unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a75503d by Salvatore Bonaccorso at 2019-01-30T14:40:22Z CVE-2018-17205/openvswitch fixed in 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 for unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24224,7 +24224,7 @@ CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7. NOTE: https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8 (branch-2.8) NOTE: https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 (branch-2.7) CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, ...) - - openvswitch + - openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 [jessie] - openvswitch (Vulnerable code does not exist; no such function) NOTE: https://github.com/openvswitch/ovs/commit/9a0ac025de9303334688ff08f01fc08604d2f624 (master) NOTE: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 (branch-2.8) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a75503d08a7274411dba0cc70218f11da35ea70 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a75503d08a7274411dba0cc70218f11da35ea70 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-17206/openvswitch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ab2779b8 by Salvatore Bonaccorso at 2019-01-30T14:37:47Z Add fixed version for CVE-2018-17206/openvswitch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24218,7 +24218,7 @@ CVE-2018-17208 (Linksys Velop 1.1.2.187020 devices allow unauthenticated command CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 1.2.42. By ...) NOT-FOR-US: Snap Creek Duplicator CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...) - - openvswitch + - openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 [jessie] - openvswitch (Vulnerable code does not exist; no such function) NOTE: https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226 (master) NOTE: https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8 (branch-2.8) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab2779b8fb8df96610a896e2f497bee3b11a4e0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab2779b8fb8df96610a896e2f497bee3b11a4e0e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fix for CVE-2017-8872/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2a2d93c by Salvatore Bonaccorso at 2019-01-30T13:44:38Z Track fix for CVE-2017-8872/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -97435,6 +97435,7 @@ CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9. [jessie] - libxml2 (Minor issue) [wheezy] - libxml2 (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 CVE-2017-8871 (The cr_parser_parse_selector_core function in cr-parser.c in libcroco ...) - libcroco (bug #864666; low) [stretch] - libcroco (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2a2d93ce230daa435fb30df402e11b2e5f9c609 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2a2d93ce230daa435fb30df402e11b2e5f9c609 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] take thunderbird
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 10236f85 by Moritz Muehlenhoff at 2019-01-30T13:39:30Z take thunderbird - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -66,5 +66,5 @@ smarty3 sssd Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release. -- -thunderbird +thunderbird (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10236f85345594db02f964b0217e662f81281cab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10236f85345594db02f964b0217e662f81281cab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 276e8284 by Moritz Muehlenhoff at 2019-01-30T13:36:00Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32610,6 +32610,7 @@ CVE-2018-14014 (In waimai Super Cms 20150505, there is a CSRF vulnerability that NOT-FOR-US: waimai Super Cms CVE-2018-14013 RESERVED + NOT-FOR-US: Zimbra CVE-2018-14012 (WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default ...) NOT-FOR-US: WolfSight CMS CVE-2018-14011 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/276e8284fc3219d4e6fb7d25cbe71bd89dba518d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/276e8284fc3219d4e6fb7d25cbe71bd89dba518d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add coturn to dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 6de2a8cb by Markus Koschany at 2019-01-30T13:18:48Z Add coturn to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,6 +13,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues cairo NOTE: 20190109: No fix available yet. (ola) -- +coturn +-- drupal7 (Abhijith PA) -- enigmail View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6de2a8cbe34d362f173f474c787b286ded9873eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6de2a8cbe34d362f173f474c787b286ded9873eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-6131,mupdf: Jessie is not affected.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 1336a18c by Markus Koschany at 2019-01-30T12:59:39Z CVE-2019-6131,mupdf: Jessie is not affected. Vulnerable code is not present (svg support). - - - - - c4aeb744 by Markus Koschany at 2019-01-30T13:00:19Z CVE-2019-6130,mupdf: Jessie is no-dsa Minor issue. Jessie is also only partly affected. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2488,11 +2488,13 @@ CVE-2019-6132 (An issue was discovered in Bento4 v1.5.1-627. There is a memory l CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack ...) - mupdf 1.14.0+ds1-3 (bug #918970) [stretch] - mupdf (Minor issue) + [jessie] - mupdf (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700442 NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the ...) - mupdf 1.14.0+ds1-3 (bug #918971) [stretch] - mupdf (Minor issue) + [jessie] - mupdf (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446 NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed CVE-2019-6129 (png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ac408c2ff33b583df6c68d0c9fd5fe93599435ab...c4aeb744c8e00087e9ba556e2de2f059f4c3d7cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ac408c2ff33b583df6c68d0c9fd5fe93599435ab...c4aeb744c8e00087e9ba556e2de2f059f4c3d7cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim rssh in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: ac408c2f by Markus Koschany at 2019-01-30T12:51:14Z Claim rssh in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -118,6 +118,8 @@ qemu (Hugo Lefeuvre) NOTE: CVE-2018-19665: see https://lists.debian.org/debian-lts/2019/01/msg00073.html NOTE: 20190129: working on a second upload addressing latest cves -- +rssh (Markus Koschany) +-- spice (Emilio) -- symfony (Roberto C. Sánchez) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac408c2ff33b583df6c68d0c9fd5fe93599435ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac408c2ff33b583df6c68d0c9fd5fe93599435ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: remove libreoffice, no open issues
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 00fb28ea by Emilio Pozuelo Monfort at 2019-01-30T12:19:27Z dla: remove libreoffice, no open issues - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -72,8 +72,6 @@ libav (Mike Gabriel) -- libgd2 (Thorsten Alteholz) -- -libreoffice --- libraw (Abhijith PA) NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too, NOTE: especially those that are still marked vulnerable in Stretch but also View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00fb28eae4317c066636738a3e0acdfd88dd7b5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00fb28eae4317c066636738a3e0acdfd88dd7b5d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take mariadb-10.0
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 6099c192 by Emilio Pozuelo Monfort at 2019-01-30T12:16:11Z dla: take mariadb-10.0 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,6 +88,8 @@ linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- +mariadb-10.0 (Emilio) +-- nettle (Ola Lundqvist) NOTE: 20190119: Prerequisite for gnutls28 being fixed. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6099c192f6794e82366fb8b04b2bdd90af72a99c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6099c192f6794e82366fb8b04b2bdd90af72a99c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take spice
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a2275b9 by Emilio Pozuelo Monfort at 2019-01-30T11:41:25Z dla: take spice - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -118,6 +118,8 @@ qemu (Hugo Lefeuvre) NOTE: CVE-2018-19665: see https://lists.debian.org/debian-lts/2019/01/msg00073.html NOTE: 20190129: working on a second upload addressing latest cves -- +spice (Emilio) +-- symfony (Roberto C. Sánchez) NOTE: 20190128: Working on resolving FTFBS with feedback received from mailing list (roberto) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a2275b9e1a58c610c6a4c2b84c563ca6d026ba1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a2275b9e1a58c610c6a4c2b84c563ca6d026ba1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 5 commits: Add upstream commit reference for CVE-2019-7150
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ca9d5f1 by Salvatore Bonaccorso at 2019-01-30T09:55:40Z Add upstream commit reference for CVE-2019-7150 - - - - - 58fd3cc3 by Salvatore Bonaccorso at 2019-01-30T09:56:05Z Add upstream commit reference for CVE-2019-7149 - - - - - 441592a5 by Salvatore Bonaccorso at 2019-01-30T09:56:37Z Update severity for CVE-2019-7148/elfutils Although there is an issue, and malloc() can fail on an invalid file, nothing other furhter bad security wise can happend here as describend in https://sourceware.org/bugzilla/show_bug.cgi?id=24085 . As such demote severity to unimportant and add a respective explaining note on the negligible security impact. - - - - - 18d6b277 by Salvatore Bonaccorso at 2019-01-30T09:57:39Z Add upstream commits for CVE-2019-7146/elfutils - - - - - 75714855 by Salvatore Bonaccorso at 2019-01-30T09:57:56Z Update suite status for CVE-2019-7146/elfutils for stretch and earlier - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -153,19 +153,27 @@ CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault c - elfutils NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 CVE-2019-7149 (A heap-based buffer over-read was discovered in the function ...) - elfutils NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35 CVE-2019-7148 (An attempted excessive memory allocation was discovered in the function ...) - - elfutils + - elfutils (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24085 + NOTE: malloc can fail on invalid file, but "nothing" bad with security implication will + NOTE: happen, negligible security impact. CVE-2019-7147 (A buffer over-read exists in the function crc64ib in crc64.c in nasmlib ...) TODO: check CVE-2019-7146 (In elfutils 0.175, there is a buffer over-read in the ebl_object_note ...) - elfutils + [stretch] - elfutils (Vulnerable code introduced in 0.175) + [jessie] - elfutils (Vulnerable code introduced in 0.175) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24075 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24081 + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=012018907ca05eb0ab51d424a596ef38fc87cae1 + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=cd7ded3df43f655af945c869976401a602e46fcd CVE-2019-7145 RESERVED CVE-2019-7144 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f51646130f07e3c91f9943ee6436d479edece4c9...75714855580b6f1b194d2da03b1ed5d70048b267 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f51646130f07e3c91f9943ee6436d479edece4c9...75714855580b6f1b194d2da03b1ed5d70048b267 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] firefox issues from mfsa2019-01 fixed via 65.0-1 upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5164613 by Salvatore Bonaccorso at 2019-01-30T09:16:31Z firefox issues from mfsa2019-01 fixed via 65.0-1 upload - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20831,11 +20831,11 @@ CVE-2018-18507 RESERVED CVE-2018-18506 RESERVED - - firefox + - firefox 65.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18506 CVE-2018-18505 RESERVED - - firefox + - firefox 65.0-1 - firefox-esr 60.5.0esr-1 - thunderbird 1:60.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18505 @@ -20843,19 +20843,19 @@ CVE-2018-18505 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18505 CVE-2018-18504 RESERVED - - firefox + - firefox 65.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18504 CVE-2018-18503 RESERVED - - firefox + - firefox 65.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18503 CVE-2018-18502 RESERVED - - firefox + - firefox 65.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18502 CVE-2018-18501 RESERVED - - firefox + - firefox 65.0-1 - firefox-esr 60.5.0esr-1 - thunderbird 1:60.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18501 @@ -20863,7 +20863,7 @@ CVE-2018-18501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18501 CVE-2018-18500 RESERVED - - firefox + - firefox 65.0-1 - firefox-esr 60.5.0esr-1 - thunderbird 1:60.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18500 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f51646130f07e3c91f9943ee6436d479edece4c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f51646130f07e3c91f9943ee6436d479edece4c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2016-5824 as affecting thunderbird
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 23d5928c by Emilio Pozuelo Monfort at 2019-01-30T09:06:50Z Mark CVE-2016-5824 as affecting thunderbird - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -135199,6 +135199,7 @@ CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service - libical (bug #860451) [stretch] - libical (Minor issue) [jessie] - libical (Minor issue) + - thunderbird 1:60.5.0-1 NOTE: Original report: https://github.com/libical/libical/issues/235 NOTE: Reopened at: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 NOTE: Reproducer: https://bugzilla.mozilla.org/attachment.cgi?id=8757553 @@ -135207,6 +135208,8 @@ CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service NOTE: Whilst the upstream commits in issues/251 fix the issue of #251 itself NOTE: they do not fix the bugzilla.mozilla.org case 1275400 which was assigned NOTE: in http://www.openwall.com/lists/oss-security/2016/06/25/4 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2016-5824 + NOTE: thunderbird uses embedded libical copy CVE-2016-5823 (The icalproperty_new_clone function in libical 0.47 and 1.0 allows ...) - libical 1.0-1 [wheezy] - libical (Only possible denial of service, not severe enough to solve) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d5928c487f3c7dba551a964e1d78528502d854 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d5928c487f3c7dba551a964e1d78528502d854 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: dcfa4201 by Henri Salo at 2019-01-30T08:47:53Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32636,16 +32636,22 @@ CVE-2018-13996 (Genann through 2018-07-08 has a stack-based buffer over-read in NOT-FOR-US: Genann CVE-2018-13995 RESERVED + NOT-FOR-US: Phoenix Contact FL switch CVE-2018-13994 RESERVED + NOT-FOR-US: Phoenix Contact FL switch CVE-2018-13993 RESERVED + NOT-FOR-US: Phoenix Contact FL switch CVE-2018-13992 RESERVED + NOT-FOR-US: Phoenix Contact FL switch CVE-2018-13991 RESERVED + NOT-FOR-US: Phoenix Contact FL switch CVE-2018-13990 RESERVED + NOT-FOR-US: Phoenix Contact FL switch CVE-2018-13989 (Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST ...) NOT-FOR-US: Grundig Smart Inter@ctive TV 3.0 devices CVE-2018-13988 (Poppler through 0.62 contains an out of bounds read vulnerability due ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcfa4201a84bdebd40e749bf7184e727e2238c71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcfa4201a84bdebd40e749bf7184e727e2238c71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: f81557c9 by Henri Salo at 2019-01-30T08:42:15Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1468,14 +1468,17 @@ CVE-2019-6524 RESERVED CVE-2019-6523 RESERVED + NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6522 RESERVED CVE-2019-6521 RESERVED + NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6520 RESERVED CVE-2019-6519 RESERVED + NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6518 RESERVED CVE-2019-6517 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f81557c91a85b77c1ea780d8be9bd7f0d913404b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f81557c91a85b77c1ea780d8be9bd7f0d913404b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a235ee6 by Henri Salo at 2019-01-30T08:27:01Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1442,6 +1442,7 @@ CVE-2019-6536 RESERVED CVE-2019-6535 RESERVED + NOT-FOR-US: Mitsubishi Electric MELSEC-Q Series PLCs CVE-2019-6534 RESERVED CVE-2019-6533 @@ -1462,6 +1463,7 @@ CVE-2019-6526 RESERVED CVE-2019-6525 RESERVED + NOT-FOR-US: AVEVA Wonderware System Platform CVE-2019-6524 RESERVED CVE-2019-6523 @@ -1478,6 +1480,7 @@ CVE-2019-6518 RESERVED CVE-2019-6517 RESERVED + NOT-FOR-US: BD FACSLyric CVE-2019-6516 RESERVED CVE-2019-6515 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a235ee64b6905570715af88676fa425b78b3d12 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a235ee64b6905570715af88676fa425b78b3d12 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 92d838bc by Henri Salo at 2019-01-30T08:18:59Z NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2980,6 +2980,7 @@ CVE-2019-5910 RESERVED CVE-2019-5909 RESERVED + NOT-FOR-US: Yokogawa License Manager Service CVE-2019-5908 RESERVED CVE-2019-5907 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92d838bc7acfa6d00a87f9f607270aa9e2017ea5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92d838bc7acfa6d00a87f9f607270aa9e2017ea5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d6b76ec by security tracker role at 2019-01-30T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,81 @@
+CVE-2019-7215
+ RESERVED
+CVE-2019-7214
+ RESERVED
+CVE-2019-7213
+ RESERVED
+CVE-2019-7212
+ RESERVED
+CVE-2019-7211
+ RESERVED
+CVE-2019-7210
+ RESERVED
+CVE-2019-7209
+ RESERVED
+CVE-2019-7208
+ RESERVED
+CVE-2019-7207
+ RESERVED
+CVE-2019-7206
+ RESERVED
+CVE-2019-7205
+ RESERVED
+CVE-2019-7204
+ RESERVED
+CVE-2019-7203
+ RESERVED
+CVE-2019-7202
+ RESERVED
+CVE-2019-7201
+ RESERVED
+CVE-2019-7200
+ RESERVED
+CVE-2019-7199
+ RESERVED
+CVE-2019-7198
+ RESERVED
+CVE-2019-7197
+ RESERVED
+CVE-2019-7196
+ RESERVED
+CVE-2019-7195
+ RESERVED
+CVE-2019-7194
+ RESERVED
+CVE-2019-7193
+ RESERVED
+CVE-2019-7192
+ RESERVED
+CVE-2019-7191
+ RESERVED
+CVE-2019-7190
+ RESERVED
+CVE-2019-7189
+ RESERVED
+CVE-2019-7188
+ RESERVED
+CVE-2019-7187
+ RESERVED
+CVE-2019-7186
+ RESERVED
+CVE-2019-7185
+ RESERVED
+CVE-2019-7184
+ RESERVED
+CVE-2019-7183
+ RESERVED
+CVE-2019-7182
+ RESERVED
+CVE-2019-7181
+ RESERVED
+CVE-2019-7180
+ RESERVED
+CVE-2019-7179
+ RESERVED
+CVE-2018-20747
+ RESERVED
+CVE-2018-20746
+ RESERVED
CVE-2019-7178
RESERVED
CVE-2019-7177
@@ -11637,6 +11715,7 @@ CVE-2019-2504 (Vulnerability in the Oracle VM
VirtualBox component of Oracle ...
- virtualbox 5.2.24-dfsg-1
[jessie] - virtualbox (DSA-3699-1)
CVE-2019-2503 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1570-1}
- mysql-5.7 5.7.25-1 (bug #919817)
- mariadb-10.0
NOTE: Fixed in MariaDB: 10.0.37
@@ -14374,8 +14453,8 @@ CVE-2018-19860
RESERVED
CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a
relative ...)
NOT-FOR-US: OpenRefine
-CVE-2018-19858
- RESERVED
+CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to
the lack ...)
+ TODO: check
CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media
player ...)
{DSA-4366-1}
- vlc 3.0.4-4 (bug #915760)
@@ -14578,8 +14657,8 @@ CVE-2018-19784 (The str_rot_pass function in ...)
NOT-FOR-US: PHP-Proxy
CVE-2018-19783
RESERVED
-CVE-2018-19782
- RESERVED
+CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET
requests in ...)
+ TODO: check
CVE-2018-19781
RESERVED
CVE-2018-19780
@@ -18137,8 +18216,8 @@ CVE-2018-19442
RESERVED
CVE-2018-19441
RESERVED
-CVE-2018-19440
- RESERVED
+CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
+ TODO: check
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure
Global ...)
NOT-FOR-US: Oracle
CVE-2018-19438
@@ -19794,8 +19873,8 @@ CVE-2018-18897 (An issue was discovered in Poppler
0.71.0. There is a memory lea
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
CVE-2018-18896
RESERVED
-CVE-2018-18895
- RESERVED
+CVE-2018-18895 (A version of Castor XML, as used in Cisco WebEx Meetings
Server before ...)
+ TODO: check
CVE-2018-18894
RESERVED
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method,
related to ...)
@@ -23614,8 +23693,8 @@ CVE-2018-17433 (A heap-based buffer overflow in
ReadGifImageDesc() in gifread.c
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in
H5Osdspace.c in ...)
- hdf5
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
-CVE-2018-17431
- RESERVED
+CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote
...)
+ TODO: check
CVE-2018-17430
RESERVED
CVE-2018-17429
@@ -24150,6 +24229,7 @@ CVE-2018-17200
RESERVED
CVE-2018-17199 [mod_session_cookie does not respect expiry time]
RESERVED
+ {DLA-1647-1}
- apache2 2.4.38-1 (bug #920303)
NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
NOTE: 2.4.x http://svn.apache.org/r1851409
@@ -29413,8 +29493,8 @@ CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows
directory traversal via ...)
NOT-FOR-US: Ericsson-LG iPECS NMS 30M
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload
any file ...)
NOT-FOR-US: CeLa Link CLR-M20 devices
-CVE-2018-15136
- RESERVED
+CVE-2018-15136 (TitanHQ SpamTitan before 7.01 has Improper input validation.
This ...)
+ TODO: check
CVE-2018-15135
RESERVED
[Git][security-tracker-team/security-tracker][master] Add fixed version via unstable for three thunderbird CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa61719a by Salvatore Bonaccorso at 2019-01-30T08:03:15Z Add fixed version via unstable for three thunderbird CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20751,7 +20751,7 @@ CVE-2018-18505 RESERVED - firefox - firefox-esr 60.5.0esr-1 - - thunderbird + - thunderbird 1:60.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18505 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18505 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18505 @@ -20771,7 +20771,7 @@ CVE-2018-18501 RESERVED - firefox - firefox-esr 60.5.0esr-1 - - thunderbird + - thunderbird 1:60.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18501 @@ -20779,7 +20779,7 @@ CVE-2018-18500 RESERVED - firefox - firefox-esr 60.5.0esr-1 - - thunderbird + - thunderbird 1:60.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18500 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa61719a827aad80a628b06a1070efe2347ddf94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa61719a827aad80a628b06a1070efe2347ddf94 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 767da4b1 by Salvatore Bonaccorso at 2019-01-30T08:00:54Z Add thunderbird to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -66,3 +66,5 @@ smarty3 sssd Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release. -- +thunderbird +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/767da4b1f00531371a6be498833f3f1c8c383695 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/767da4b1f00531371a6be498833f3f1c8c383695 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
