[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-4871 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7dcf4de by Salvatore Bonaccorso at 2018-01-10T07:52:55+01:00 Mark CVE-2018-4871 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -954,6 +954,7 @@ CVE-2018-4872 RESERVED CVE-2018-4871 RESERVED + NOT-FOR-US: Adobe Flash Player CVE-2018-4870 RESERVED CVE-2018-4869 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7dcf4de55725a5a88f54ae892c7cc8d88df4996 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7dcf4de55725a5a88f54ae892c7cc8d88df4996 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Replace with http link to email
Brian May pushed to branch master at Debian Security Tracker / security-tracker Commits: d1b0403d by Brian May at 2018-01-10T17:47:39+11:00 Replace with http link to email - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -54,7 +54,7 @@ opencv (Thorsten Alteholz) -- poco NOTE: Is library; only reverse dependancy in wheezy is sitplus. - NOTE: 20180109: Maintainer working on it, see <20180109084423.GT17182@vis> + NOTE: 20180109: Maintainer working on it, see http://lists.debian.org/20180109084423.GT17182@vis -- smarty3 (Chris Lamb) NOTE: 20180108: Maintainer will take care of it, but ping in 6d. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1b0403d16d1a97889089610ba6932bfb5b6e0c8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1b0403d16d1a97889089610ba6932bfb5b6e0c8 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Change wording for explanation to other uses
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 68e8ca68 by Salvatore Bonaccorso at 2018-01-10T07:30:45+01:00 Change wording for explanation to other uses - - - - - 6aa82648 by Salvatore Bonaccorso at 2018-01-10T07:35:23+01:00 Reference commits for redmine issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,10 @@ CVE-2018- [Remote command execution through mercurial adapter] - redmine - [wheezy] - redmine (Not supported wheezy LTS) + [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/issues/27516 (private) + NOTE: https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd + NOTE: https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678 + NOTE: https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4 CVE-2018-5313 RESERVED @@ -9215,7 +9218,7 @@ CVE-2017-17671 (vBulletin through 5.3.x on Windows allows remote PHP code execut NOT-FOR-US: vBulletin CVE-2017-17670 (In VideoLAN VLC media player through 2.2.8, there is a type conversion ...) - vlc 3.0.0~rc2-1 - [wheezy] - vlc (Not supported wheezy LTS) + [wheezy] - vlc (Not supported in wheezy LTS) NOTE: http://www.openwall.com/lists/oss-security/2017/12/15/1 NOTE: POC: https://gist.github.com/dyntopia/194d912287656f66dd502158b0cd2e68 CVE-2017-17669 (There is a heap-based buffer over-read in the ...) @@ -14565,7 +14568,7 @@ CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...) NOT-FOR-US: MISP CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...) - redmine 3.4.2-1 - [wheezy] - redmine (Not supported wheezy LTS) + [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/issues/25713 (private) NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0 NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc @@ -18045,68 +18048,68 @@ CVE-2017-15514 RESERVED CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...) - redmine (bug #882544) - [wheezy] - redmine (Not supported wheezy LTS) + [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/27186 (private) NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3 NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...) - redmine (bug #882545) - [wheezy] - redmine (Not supported wheezy LTS) + [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/27186 (private) NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...) - redmine (bug #882547) - [wheezy] - redmine (Not supported wheezy LTS) + [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/27186 (private) NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...) - redmine (bug #882548) - [wheezy] - redmine (Not supported wheezy LTS) + [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/27186 (private) NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because ...) - redmine 3.4.2-1 - [wheezy] - redmine (Not supported wheezy LTS) + [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/25503 (private) NOTE: upstream fixed in 3.2.6 and 3.3.3 CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can ...) - redmine 3.4.2-1 - [wheezy] - redmine (Not supported wheezy LTS) + [wheezy] - redmine (Not supported in wheezy LTS) N
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1238-1 for awstats
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
558f3663 by Brian May at 2018-01-10T16:55:38+11:00
Reserve DLA-1238-1 for awstats
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[10 Jan 2018] DLA-1238-1 awstats - security update
+ {CVE-2017-1000501}
+ [wheezy] - awstats 7.0~dfsg-7+deb7u1
[09 Jan 2018] DLA-1237-1 plexus-utils2 - security update
{CVE-2017-1000487}
[wheezy] - plexus-utils2 2.0.5-1+deb7u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,8 +10,6 @@ this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-awstats (Brian May)
---
ca-certificates
NOTE: 20170719: maintainer will handle the upload, see
https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org
NOTE: 20171013: pinged maintainer:
https://lists.debian.org/87efpuc95w@curie.anarc.at (anarcat)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/558f366328a1036b915d853845fa213abd827e62
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/558f366328a1036b915d853845fa213abd827e62
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Adjust status for CVE-2018-4868/exiv2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8c54767 by Salvatore Bonaccorso at 2018-01-10T06:13:14+01:00 Adjust status for CVE-2018-4868/exiv2 The assessment with unimportant was incorrect after short discussion with team members. Rather since issue present, mark it as no-dsa still beeing a minor issue. Cf. as well the discussion from upstream in https://github.com/Exiv2/exiv2/issues/202 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -956,7 +956,9 @@ CVE-2018-4870 CVE-2018-4869 RESERVED CVE-2018-4868 (** DISPUTED ** The Exiv2::Jp2Image::readMetadata function in ...) - - exiv2 (unimportant) + - exiv2 + [stretch] - exiv2 (Minor issue) + [jessie] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/202 CVE-2017-1000500 (Keycloak SSO versions prior to 2.x are vulnerable to Host Header ...) NOT-FOR-US: Keycloak View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c54767c7f73d24cff312ebf56a10097fea8a71 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c54767c7f73d24cff312ebf56a10097fea8a71 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] redmine: RCE
Paul Wise pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ccd9c96 by Paul Wise at 2018-01-10T11:32:42+08:00 redmine: RCE - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,8 @@ +CVE-2018- [Remote command execution through mercurial adapter] + - redmine + [wheezy] - redmine (Not supported wheezy LTS) + NOTE: https://www.redmine.org/issues/27516 (private) + NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4 CVE-2018-5313 RESERVED CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ccd9c96f37e10afa078fc69dffcbea7879eb310 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ccd9c96f37e10afa078fc69dffcbea7879eb310 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Proces NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dbdd9eb3 by Salvatore Bonaccorso at 2018-01-09T22:15:51+01:00 Proces NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -76,13 +76,13 @@ CVE-2018-5285 (The ImageInject plugin 1.15 for WordPress has CSRF via ...) CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid ...) NOT-FOR-US: ImageInject plugin for WordPress CVE-2018-5283 (The Photos in Wifi application 1.0.1 for iOS has directory traversal ...) - TODO: check + NOT-FOR-US: Photos in Wifi application for iOS CVE-2018-5282 (Kentico 9.0 through 11.0 has a stack-based buffer overflow via the ...) TODO: check CVE-2018-5281 (SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices ...) - TODO: check + NOT-FOR-US: SonicWall SonicOS CVE-2018-5280 (SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices ...) - TODO: check + NOT-FOR-US: SonicWall SonicOS CVE-2018-5279 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...) NOT-FOR-US: Malwarebytes Premium CVE-2018-5278 (In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows ...) @@ -118,7 +118,7 @@ CVE-2018-5265 CVE-2018-5264 RESERVED CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before ...) - TODO: check + NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla! CVE-2018-5262 RESERVED CVE-2018-5261 @@ -221,7 +221,7 @@ CVE-2018-5223 CVE-2018-5222 RESERVED CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX ...) - TODO: check + NOT-FOR-US: BarCodeWiz BarCode CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...) NOT-FOR-US: K7 Antivirus CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbdd9eb37ded1b72e398821fafee5f6617c72375 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbdd9eb37ded1b72e398821fafee5f6617c72375 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-1000415/matrixssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 940c1dcf by Salvatore Bonaccorso at 2018-01-09T22:15:16+01:00 Add CVE-2017-1000415/matrixssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,8 @@ CVE-2018-5313 RESERVED CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...) - TODO: check + - matrixssl + [wheezy] - matrixssl (not supported in Wheezy) CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the ...) NOT-FOR-US: tabs-responsive plugin for WordPress CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/940c1dcffbf9ff3700b172cedc449b651dda77a6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/940c1dcffbf9ff3700b172cedc449b651dda77a6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1cfd0fd by security tracker role at 2018-01-09T21:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-5313
+ RESERVED
+CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range
validation ...)
+ TODO: check
CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the
...)
NOT-FOR-US: tabs-responsive plugin for WordPress
CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS
via the ...)
@@ -215,8 +219,8 @@ CVE-2018-5223
RESERVED
CVE-2018-5222
RESERVED
-CVE-2018-5221
- RESERVED
+CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7
ActiveX ...)
+ TODO: check
CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys)
allows local ...)
NOT-FOR-US: K7 Antivirus
CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys)
allows local ...)
@@ -235,8 +239,8 @@ CVE-2018-5213 (The Simple Download Monitor plugin before
3.5.4 for WordPress has
NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress
has XSS ...)
NOT-FOR-US: Simple Download Monitor plugin for WordPress
-CVE-2018-5211
- RESERVED
+CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based
attack ...)
+ TODO: check
CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos
chipsets, ...)
NOT-FOR-US: Samsung mobile devices
CVE-2018-5209
@@ -970,6 +974,7 @@ CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a SSO
plugin installed cou
CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS
XSS attack ...)
NOT-FOR-US: Mautic
CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command
injection because ...)
+ {DLA-1237-1 DLA-1236-1}
- plexus-utils 1:1.5.15-5
- plexus-utils2 3.0.22-1
NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
@@ -4426,15 +4431,15 @@ CVE-2018-3561
CVE-2018-3560
RESERVED
CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted
an ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by:
https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b
(v4.15-rc3)
CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel
before ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by:
https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1
(v4.15-rc4)
CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before
4.14.8 does ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: Fixed by:
https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS)
allows ...)
@@ -4624,7 +4629,7 @@ CVE-2017-17743
CVE-2017-17742
RESERVED
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7
allows ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
NOTE: https://www.spinics.net/lists/kvm/msg160796.html
CVE-2017-17740 (contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45,
when both ...)
@@ -7111,14 +7116,14 @@ CVE-2018-2365
RESERVED
CVE-2018-2364
RESERVED
-CVE-2018-2363
- RESERVED
-CVE-2018-2362
- RESERVED
-CVE-2018-2361
- RESERVED
-CVE-2018-2360
- RESERVED
+CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11,
7.30, ...)
+ TODO: check
+CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00,
could send ...)
+ TODO: check
+CVE-2018-2361 (In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the
...)
+ TODO: check
+CVE-2018-2360 (SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is
missing an ...)
+ TODO: check
CVE-2017-17701 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL
pointer ...)
NOT-FOR-US: K7 Antivirus
CVE-2017-17700 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL
pointer ...)
@@ -9443,7 +9448,7 @@ CVE-2017-17566 (An issue was discovered in Xen through
4.9.x allowing PV guest O
- xen
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in
drivers/usb/core/config.c in ...)
- {DSA-4073-1 DLA-1232-1}
+ {DSA-4082-1 DSA-4073-1 DLA-123
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1237-1 for plexus-utils2
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
404c by Markus Koschany at 2018-01-09T22:06:45+01:00
Reserve DLA-1237-1 for plexus-utils2
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[09 Jan 2018] DLA-1237-1 plexus-utils2 - security update
+ {CVE-2017-1000487}
+ [wheezy] - plexus-utils2 2.0.5-1+deb7u1
[09 Jan 2018] DLA-1236-1 plexus-utils - security update
{CVE-2017-1000487}
[wheezy] - plexus-utils 1:1.5.15-4+deb7u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -54,8 +54,6 @@ mupdf
--
opencv (Thorsten Alteholz)
--
-plexus-utils2 (Markus Koschany)
---
poco
NOTE: Is library; only reverse dependancy in wheezy is sitplus.
NOTE: 20180109: Maintainer working on it, see <20180109084423.GT17182@vis>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/404c8ee53ba10691a2b5605c14fe3973ed9b
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/404c8ee53ba10691a2b5605c14fe3973ed9b
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1236-1 for plexus-utils
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
78c699a8 by Markus Koschany at 2018-01-09T22:04:44+01:00
Reserve DLA-1236-1 for plexus-utils
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[09 Jan 2018] DLA-1236-1 plexus-utils - security update
+ {CVE-2017-1000487}
+ [wheezy] - plexus-utils 1:1.5.15-4+deb7u1
[09 Jan 2018] DLA-1234-2 gdk-pixbuf - regression update
[wheezy] - gdk-pixbuf 2.26.1-1+deb7u8
[08 Jan 2018] DLA-1235-1 opencv - security update
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -54,8 +54,6 @@ mupdf
--
opencv (Thorsten Alteholz)
--
-plexus-utils (Markus Koschany)
---
plexus-utils2 (Markus Koschany)
--
poco
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78c699a82380a40af069a587fb49959a616a4d03
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78c699a82380a40af069a587fb49959a616a4d03
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing version for CVE-2017-1000487/plexus-utils in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ef6629c7 by Salvatore Bonaccorso at 2018-01-09T22:02:05+01:00 Add fixing version for CVE-2017-1000487/plexus-utils in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -970,7 +970,7 @@ CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed cou CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack ...) NOT-FOR-US: Mautic CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command injection because ...) - - plexus-utils + - plexus-utils 1:1.5.15-5 - plexus-utils2 3.0.22-1 NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522 NOTE: https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef6629c72ef297742afc448b1b24dc570a1f5dad --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef6629c72ef297742afc448b1b24dc570a1f5dad You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1234-2 for gdk-pixbuf
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
553dd80c by Emilio Pozuelo Monfort at 2018-01-09T21:13:01+01:00
Reserve DLA-1234-2 for gdk-pixbuf
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,5 @@
+[09 Jan 2018] DLA-1234-2 gdk-pixbuf - regression update
+ [wheezy] - gdk-pixbuf 2.26.1-1+deb7u8
[08 Jan 2018] DLA-1235-1 opencv - security update
{CVE-2017-17760 CVE-2017-1000450}
[wheezy] - opencv 2.3.1-11+deb7u3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/553dd80c91071e0e22fda900ebfe85de0805789e
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/553dd80c91071e0e22fda900ebfe85de0805789e
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2016-1000013
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0c2da2b by Salvatore Bonaccorso at 2018-01-09T21:02:17+01:00 Track fixed version for CVE-2016-113 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -74809,7 +74809,7 @@ CVE-2016-114 REJECTED CVE-2016-113 RESERVED - - node-marked (unimportant) + - node-marked 0.3.6+dfsg-1 (unimportant) NOTE: https://nodesecurity.io/advisories/101 NOTE: nodejs not covered by security support CVE-2016-112 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0c2da2bfe4a08c82d61cfa3dd7f1306e087c955 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0c2da2bfe4a08c82d61cfa3dd7f1306e087c955 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2015-8854
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f9c48a92 by Salvatore Bonaccorso at 2018-01-09T21:00:21+01:00 Track fix for CVE-2015-8854 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -81896,7 +81896,7 @@ CVE-2015-8858 (The uglify-js package before 2.6.0 for Node.js allows attackers t NOTE: libv8 is not covered by security support NOTE: https://nodesecurity.io/advisories/48 CVE-2015-8854 (The marked package before 0.3.4 for Node.js allows attackers to cause ...) - - node-marked (unimportant) + - node-marked 0.3.6+dfsg-1 (unimportant) NOTE: https://nodesecurity.io/advisories/marked_redos NOTE: https://github.com/chjj/marked/issues/497 NOTE: libv8 is not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9c48a92fe937e631b2bf8319a585479194a0978 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9c48a92fe937e631b2bf8319a585479194a0978 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing version for CVE-2015-1370
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b9c0a46 by Salvatore Bonaccorso at 2018-01-09T20:53:25+01:00 Add fixing version for CVE-2015-1370 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -116269,7 +116269,7 @@ CVE-2015-1395 (Directory traversal vulnerability in GNU patch versions which sup NOTE: Upstream report: https://savannah.gnu.org/bugs/?44059 NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/2 CVE-2015-1370 (Incomplete blacklist vulnerability in marked 0.3.2 and earlier for ...) - - node-marked (unimportant) + - node-marked 0.3.6+dfsg-1 (unimportant) NOTE: https://nodesecurity.io/advisories/marked_vbscript_injection NOTE: https://github.com/chjj/marked/issues/492 NOTE: libv8 is not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b9c0a46259ec328d0bb059b4307951eecbe4453 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b9c0a46259ec328d0bb059b4307951eecbe4453 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Adding myself to front desk duties.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: b46ac19c by Ola Lundqvist at 2018-01-09T19:16:47+01:00 Adding myself to front desk duties. - - - - - 1 changed file: - org/lts-frontdesk.2018.txt Changes: = org/lts-frontdesk.2018.txt = --- a/org/lts-frontdesk.2018.txt +++ b/org/lts-frontdesk.2018.txt @@ -15,7 +15,7 @@ From 01-01 to 07-01:Chris Lamb From 08-01 to 14-01:Markus Koschany From 15-01 to 21-01:Guido Günther From 22-01 to 28-01:Thorsten Alteholz -From 29-01 to 04-02: +From 29-01 to 04-02:Ola Lundqvist From 05-02 to 11-02:Markus Koschany From 12-02 to 18-02:Guido Günther From 19-02 to 25-02:Chris Lamb @@ -23,13 +23,13 @@ From 26-02 to 04-03: From 05-03 to 11-03:Chris Lamb From 12-03 to 18-03:Thorsten Alteholz From 19-03 to 25-03:Markus Koschany -From 26-03 to 01-04: +From 26-03 to 01-04:Ola Lundqvist From 02-04 to 08-04:Chris Lamb From 09-04 to 15-04: From 16-04 to 22-04:Markus Koschany From 23-04 to 29-04:Thorsten Alteholz From 30-04 to 06-05:Guido Günther -From 07-05 to 13-05: +From 07-05 to 13-05:Ola Lundqvist From 14-05 to 20-05:Chris Lamb From 21-05 to 27-05:Markus Koschany From 28-05 to 03-06: @@ -48,13 +48,13 @@ From 20-08 to 26-08:Chris Lamb From 27-08 to 02-09: From 03-09 to 09-09:Chris Lamb From 10-09 to 16-09:Thorsten Alteholz -From 17-09 to 23-09: +From 17-09 to 23-09:Ola Lundqvist From 24-09 to 30-09:Guido Günther From 01-10 to 07-10:Chris Lamb From 08-10 to 14-10: From 15-10 to 21-10: From 22-10 to 28-10:Thorsten Alteholz -From 29-10 to 04-11: +From 29-10 to 04-11:Ola Lundqvist From 05-11 to 11-11:Chris Lamb From 12-11 to 18-11:Guido Günther From 19-11 to 25-11: View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b46ac19c9614bf5831a5666a22b9e00136bb1d0c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b46ac19c9614bf5831a5666a22b9e00136bb1d0c You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA for linux update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6361f14d by Salvatore Bonaccorso at 2018-01-09T16:31:16+01:00
Reserve DSA for linux update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[09 Jan 2018] DSA-4082-1 linux - security update
+ {CVE-2017-5754 CVE-2017-8824 CVE-2017-15868 CVE-2017-16538
CVE-2017-16939 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558
CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2017-1000407
CVE-2017-1000410}
+ [jessie] - linux 3.16.51-3+deb8u1
[08 Jan 2018] DSA-4081-1 php5 - security update
{CVE-2017-11142 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145
CVE-2017-11628 CVE-2017-12933 CVE-2017-16642}
[jessie] - php5 5.6.33+dfsg-0+deb8u1
=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -29,7 +29,7 @@ libvpx/oldstable
--
libxml2 (carnil)
--
-linux (carnil, bwh)
+linux
Wait until more issues have piled up
--
openjpeg2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6361f14d5d0651ffb4f7c98bf1bcf189f157f2d5
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6361f14d5d0651ffb4f7c98bf1bcf189f157f2d5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add and take poco from dsa-needed
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker Commits: bf0b4574 by Sébastien Delafond at 2018-01-09T14:31:00+01:00 Add and take poco from dsa-needed - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -42,6 +42,9 @@ phpmyadmin/oldstable -- pjproject -- +poco (seb) + 2018-08-01: Jochen Sprickerhof proposed stretch debdiff +-- qemu/oldstable -- redmine View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf0b4574d9eb22338b5efb28c647a06a5a27eb05 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf0b4574d9eb22338b5efb28c647a06a5a27eb05 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Update note for poco.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d728976 by Chris Lamb at 2018-01-09T17:05:42+05:30 data/dla-needed.txt: Update note for poco. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -60,6 +60,7 @@ plexus-utils2 (Markus Koschany) -- poco NOTE: Is library; only reverse dependancy in wheezy is sitplus. + NOTE: 20180109: Maintainer working on it, see <20180109084423.GT17182@vis> -- smarty3 (Chris Lamb) NOTE: 20180108: Maintainer will take care of it, but ping in 6d. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d72897677f3ace258c33782bf43638ca0b300a3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d72897677f3ace258c33782bf43638ca0b300a3 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-5309/libpodofo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d9be193 by Salvatore Bonaccorso at 2018-01-09T10:48:31+01:00 Add CVE-2018-5309/libpodofo - - - - - 834c4ac4 by Salvatore Bonaccorso at 2018-01-09T10:48:45+01:00 Add CVE-2018-5308/libpodofo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -5,9 +5,11 @@ CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS v CVE-2018-5310 (In the "Media from FTP" plugin before 9.85 for WordPress, Directory ...) NOT-FOR-US: "Media from FTP" plugin for WordPress CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...) - TODO: check + - libpodofo + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381 CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...) - TODO: check + - libpodofo + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532390 CVE-2018-5307 RESERVED CVE-2018-5306 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/517825bcc345ad80b9bf246483959e88046b12d6...834c4ac48924abd1b1f9c04c114d9d5ae18c152f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/517825bcc345ad80b9bf246483959e88046b12d6...834c4ac48924abd1b1f9c04c114d9d5ae18c152f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 517825bc by Salvatore Bonaccorso at 2018-01-09T10:44:53+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,9 +1,9 @@ CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the ...) - TODO: check + NOT-FOR-US: tabs-responsive plugin for WordPress CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the ...) - TODO: check + NOT-FOR-US: Easy Custom Auto Excerpt plugin for WordPress CVE-2018-5310 (In the "Media from FTP" plugin before 9.85 for WordPress, Directory ...) - TODO: check + NOT-FOR-US: "Media from FTP" plugin for WordPress CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...) TODO: check CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...) @@ -21,7 +21,7 @@ CVE-2018-5303 CVE-2018-5302 RESERVED CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...) - TODO: check + NOT-FOR-US: Magento CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote ...) TODO: check CVE-2017-18024 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/517825bcc345ad80b9bf246483959e88046b12d6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/517825bcc345ad80b9bf246483959e88046b12d6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0380f96f by security tracker role at 2018-01-09T09:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,33 @@
+CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the
...)
+ TODO: check
+CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS
via the ...)
+ TODO: check
+CVE-2018-5310 (In the "Media from FTP" plugin before 9.85 for
WordPress, Directory ...)
+ TODO: check
+CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
+ TODO: check
+CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the
...)
+ TODO: check
+CVE-2018-5307
+ RESERVED
+CVE-2018-5306
+ RESERVED
+CVE-2018-5305
+ RESERVED
+CVE-2018-5304
+ RESERVED
+CVE-2018-5303
+ RESERVED
+CVE-2018-5302
+ RESERVED
+CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10
and ...)
+ TODO: check
+CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows
remote ...)
+ TODO: check
+CVE-2017-18024
+ RESERVED
+CVE-2017-18023
+ RESERVED
CVE-2018- [Password protect the JSONRPC interface]
- electrum 3.0.5-1 (bug #886683)
NOTE: https://github.com/spesmilo/electrum/issues/3374
@@ -80,8 +110,8 @@ CVE-2018-5265
RESERVED
CVE-2018-5264
RESERVED
-CVE-2018-5263
- RESERVED
+CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension
before ...)
+ TODO: check
CVE-2018-5262
RESERVED
CVE-2018-5261
@@ -14918,6 +14948,7 @@ CVE-2017-16643 (The parse_hid_report_descriptor
function in drivers/input/tablet
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.51-1
CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before
7.1.11, an ...)
+ {DSA-4081-1 DSA-4080-1}
- php7.1 7.1.11-1
- php7.0 7.0.25-1
- php5
@@ -25550,18 +25581,20 @@ CVE-2017-12935 (The ReadMNGImage function in
coders/png.c in GraphicsMagick 1.3.
NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
NOTE: Fixed by:
http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
CVE-2017-12934 (ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21
and 7.1.x ...)
+ {DSA-4080-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
NOTE: Fixed in 7.1.7, 7.0.21
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74101
CVE-2017-12933 (The finish_nested_data function in
ext/standard/var_unserializer.re in ...)
- {DLA-1076-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1076-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
- php5
NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74111
CVE-2017-12932 (ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22
and 7.1.x ...)
+ {DSA-4080-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
NOTE: Fixed in 7.1.8, 7.0.22
@@ -29620,7 +29653,7 @@ CVE-2017-11630
(dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7
CVE-2017-11629 (dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS)
in ...)
NOT-FOR-US: FineCMS
CVE-2017-11628 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, a ...)
- {DLA-1066-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1066-1}
- php7.1 7.1.8-1 (low)
- php7.0 7.0.22-1 (low)
- php5 (low)
@@ -31083,7 +31116,7 @@ CVE-2017-11148 (Server-side request forgery (SSRF)
vulnerability in link preview
CVE-2017-11146
REJECTED
CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, an ...)
- {DLA-1034-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1034-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
- php5
@@ -31822,7 +31855,7 @@ CVE-2016-10397 (In PHP before 5.6.28 and 7.x before
7.0.13, incorrect handling o
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the ...)
- {DLA-1034-1}
+ {DSA-4081-1 DSA-4080-1 DLA-1034-1}
- php7.1 7.1.8-1
- php7.0 7.0.22-1
- php5
@@ -31833,7 +31866,7 @@ CVE-2017-11144 (In PHP before 5.6.31, 7.x before
7.0.21, and 7.1.x before 7.1.7,
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX
deserialization of ...)
- {DLA-1034-1}
+ {DSA-4081-1 DLA-1034-1}
