[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Three vague Android kernel issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0dcb764e by Moritz Muehlenhoff at 2018-01-23T09:45:43+01:00 Three vague Android kernel issues - - - - - f4a34134 by Moritz Muehlenhoff at 2018-01-23T09:46:03+01:00 Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -26550,11 +26550,15 @@ CVE-2017-13224 CVE-2017-13223 RESERVED CVE-2017-13222 (An information disclosure vulnerability in the Upstream kernel kernel. ...) - TODO: check + - linux + NOTE: No details/release available other than the description of 'upstream kernel' CVE-2017-13221 (An elevation of privilege vulnerability in the Upstream kernel wifi ...) - TODO: check + - linux + NOTE: No details/release available other than the description of 'upstream kernel wifi driver' CVE-2017-13220 (An elevation of privilege vulnerability in the Upstream kernel bluez. ...) - TODO: check + - linux + - bluez + NOTE: No details/release available other than the description of 'upstream kernel bluez' CVE-2017-13219 (A denial of service vulnerability in the Upstream kernel synaptics ...) TODO: check CVE-2017-13218 (Access to CNTVCT_EL0 could be used for side channel attacks. This ...) = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -56,8 +56,6 @@ redmine -- ruby2.1/oldstable -- -salt --- simplesamlphp -- sqlite3/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e2db9347564198d1044ded729fe46732c257a0ed...f4a3413475f7b27a0ab6e6750d69698e8fb75a84 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e2db9347564198d1044ded729fe46732c257a0ed...f4a3413475f7b27a0ab6e6750d69698e8fb75a84 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 72c1f08d by security tracker role at 2018-01-23T09:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,113 @@ +CVE-2018-6029 (The copy function in application/admin/controller/Article.php in ...) + TODO: check +CVE-2018-6028 + RESERVED +CVE-2018-6027 + RESERVED +CVE-2018-6026 + RESERVED +CVE-2018-6025 + RESERVED +CVE-2018-6024 + RESERVED +CVE-2018-6023 + RESERVED +CVE-2018-6022 (Directory traversal vulnerability in ...) + TODO: check +CVE-2018-6021 + RESERVED +CVE-2018-6020 + RESERVED +CVE-2018-6019 + RESERVED +CVE-2018-6018 + RESERVED +CVE-2018-6017 + RESERVED +CVE-2018-6016 + RESERVED +CVE-2018-6015 + RESERVED +CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...) + TODO: check +CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...) + TODO: check +CVE-2018-6012 + RESERVED +CVE-2018-6011 + RESERVED +CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain ...) + TODO: check +CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in ...) + TODO: check +CVE-2018-6008 + RESERVED +CVE-2018-6007 + RESERVED +CVE-2018-6006 + RESERVED +CVE-2018-6005 + RESERVED +CVE-2018-6004 + RESERVED +CVE-2017-18074 + RESERVED +CVE-2017-18073 + RESERVED +CVE-2017-18072 + RESERVED +CVE-2017-18071 + RESERVED +CVE-2017-18070 + RESERVED +CVE-2017-18069 + RESERVED +CVE-2017-18068 + RESERVED +CVE-2017-18067 + RESERVED +CVE-2017-18066 + RESERVED +CVE-2017-18065 + RESERVED +CVE-2017-18064 + RESERVED +CVE-2017-18063 + RESERVED +CVE-2017-18062 + RESERVED +CVE-2017-18061 + RESERVED +CVE-2017-18060 + RESERVED +CVE-2017-18059 + RESERVED +CVE-2017-18058 + RESERVED +CVE-2017-18057 + RESERVED +CVE-2017-18056 + RESERVED +CVE-2017-18055 + RESERVED +CVE-2017-18054 + RESERVED +CVE-2017-18053 + RESERVED +CVE-2017-18052 + RESERVED +CVE-2017-18051 + RESERVED +CVE-2017-18050 + RESERVED +CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before ...) + TODO: check +CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads ...) + TODO: check +CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic ...) + TODO: check +CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...) + TODO: check CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...) TODO: check CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has ...) @@ -717,7 +827,7 @@ CVE-2018-103 (Improper input validation bugs in DNSSEC validators components CVE-2018-102 (Improper input validation bugs in DNSSEC validators components in Knot ...) - knot-recursor 1.5.2-1 CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use ...) - {DLA-1253-1} + {DSA-4093-1 DLA-1253-1} - openocd 0.10.0-4 (bug #887488) NOTE: https://sourceforge.net/p/openocd/mailman/message/36188041/ NOTE: http://openocd.zylin.com/4330 @@ -2635,7 +2745,7 @@ CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site could set javascript in CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc1 sends ...) NOT-FOR-US: Plone CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...) - {DLA-1249-1} + {DSA-4094-1 DLA-1249-1} - smarty - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bug #886460) NOTE: https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61 @@ -12226,10 +12336,10 @@ CVE-2017-17409 (This vulnerability allows remote attackers to execute arbitrary NOT-FOR-US: Bitdefender Internet Security 2018 CVE-2017-17408 (This vulnerability allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Bitdefender Internet Security 2018 -CVE-2017-17407 - RESERVED -CVE-2017-17406 - RESERVED +CVE-2017-17407 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-17406 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...) {DLA-1222-1 DLA-1221-1} - ruby2.5 2.5.0~rc1-1 (bug #884437) @@ -13477,8
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] binutils fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b7e5db1d by Moritz Muehlenhoff at 2018-01-23T14:28:45+01:00 binutils fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -13130,7 +13130,7 @@ CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12 NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099 CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.29.1 ...) [experimental] - binutils 2.29.51.20171208-1 - - binutils + - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -13138,7 +13138,7 @@ CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.2 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8 CVE-2017-17125 (nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global ...) [experimental] - binutils 2.29.51.20171128-1 - - binutils + - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -13146,7 +13146,7 @@ CVE-2017-17125 (nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain glob NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4 CVE-2017-17124 (The _bfd_coff_read_string_table function in coffgen.c in the Binary ...) [experimental] - binutils 2.29.51.20171208-1 - - binutils + - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -13154,7 +13154,7 @@ CVE-2017-17124 (The _bfd_coff_read_string_table function in coffgen.c in the Bin NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c CVE-2017-17123 (The coff_slurp_reloc_table function in coffcode.h in the Binary File ...) [experimental] - binutils 2.29.51.20171208-1 - - binutils + - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -13162,7 +13162,7 @@ CVE-2017-17123 (The coff_slurp_reloc_table function in coffcode.h in the Binary NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543 CVE-2017-17122 (The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 ...) [experimental] - binutils 2.29.51.20171208-1 - - binutils + - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -13170,7 +13170,7 @@ CVE-2017-17122 (The dump_relocs_in_section function in objdump.c in GNU Binutils NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f CVE-2017-17121 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) [experimental] - binutils 2.29.51.20171208-1 - - binutils + - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -13894,7 +13894,7 @@ CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8 CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) [experimental] - binutils 2.29.51.20171128-1 - - binutils + - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -16352,7 +16352,7 @@ CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic ...) NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File ...) [experimental] - binutils 2.29.51.20171128-1 - - binutils + - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -16360,7 +16360,7 @@ CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b CVE-2017-16831 (coffgen.c in the Binary File Desc
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] pdns-recursor fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e5bdda8e by Moritz Muehlenhoff at 2018-01-23T14:31:04+01:00 pdns-recursor fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -819,7 +819,7 @@ CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user CVE-2018-5705 RESERVED CVE-2018-103 (Improper input validation bugs in DNSSEC validators components in ...) - - pdns-recursor + - pdns-recursor 4.1.1-1 [stretch] - pdns-recursor (Only affects 4.1) [jessie] - pdns-recursor (Only affects 4.1) [wheezy] - pdns-recursor (Only affects 4.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5bdda8ec66f2f81c09bae323c8a10a145ad7068 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e5bdda8ec66f2f81c09bae323c8a10a145ad7068 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] gcab fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0030fb18 by Moritz Muehlenhoff at 2018-01-23T19:50:17+01:00 gcab fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1643,8 +1643,8 @@ CVE-2018-101 [Libc Realpath Buffer Underflow] NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...) - - gcab (bug #887776) - TODO: Asked Red Hat if providing more information possible, https://bugzilla.redhat.com/show_bug.cgi?id=1527296#c6 + - gcab 0.7-7> (bug #887776) + NOTE: Asked Red Hat if providing more information possible, https://bugzilla.redhat.com/show_bug.cgi?id=1527296#c6 CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...) - linux [jessie] - linux (Vulnerability introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0030fb18149ba0a743f17c25e643848d9eebdc85 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0030fb18149ba0a743f17c25e643848d9eebdc85 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Cleanup gcab entry
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c3934aa by Salvatore Bonaccorso at 2018-01-23T20:23:39+01:00 Cleanup gcab entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1643,8 +1643,7 @@ CVE-2018-101 [Libc Realpath Buffer Underflow] NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...) - - gcab 0.7-7> (bug #887776) - NOTE: Asked Red Hat if providing more information possible, https://bugzilla.redhat.com/show_bug.cgi?id=1527296#c6 + - gcab 0.7-7 (bug #887776) CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...) - linux [jessie] - linux (Vulnerability introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c3934aa31f29e952eedf282137ca1b88ca7d26d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c3934aa31f29e952eedf282137ca1b88ca7d26d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-18045 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44565fa8 by Salvatore Bonaccorso at 2018-01-23T20:24:48+01:00 Mark CVE-2017-18045 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -225,7 +225,7 @@ CVE-2018-5952 CVE-2018-5951 RESERVED CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the email_ftp_password_change ...) - TODO: check + NOT-FOR-US: JBMC DirectAdmin CVE-2018-5950 RESERVED CVE-2018-5949 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44565fa8766880b9256bc1b42f2c735f55f18f7b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44565fa8766880b9256bc1b42f2c735f55f18f7b You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note for wordpress status on CVE-2018-5776
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c288c98a by Salvatore Bonaccorso at 2018-01-23T20:48:58+01:00 Add note for wordpress status on CVE-2018-5776 Tracking would have been actually enought to track 4.1+dfsg-1 as fixing version since that version removed the two problematic files, and those were never agin introduced (they are *not* present in 4.9.1+dfsg-1 for example, but upstream 4.9.2 then removed the whole problematic mediaelement part). - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -624,6 +624,10 @@ CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ... - wordpress 4.9.2+dfsg-1 (bug #887596) [stretch] - wordpress (Vulnerable files have been removed before) [jessie] - wordpress (Vulnerable files have been removed before) + NOTE: For jessie and stretch version the files silverlightmediaelement.xap and + NOTE: flashmediaelement.swf have been removed with the 4.1+dfsg-1 version. + NOTE: sid in version 4.9.1+dfsg-1 did as well *not* have the files but track here the + NOTE: final wordpress version 4.9.2 which finally removed the mediaelement files. NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850 CVE-2018-5772 (In Exiv2 0.26, there is a segmentation fault caused by uncontrolled ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c288c98a6bf62ba3cf772f85fbe436c095ab5842 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c288c98a6bf62ba3cf772f85fbe436c095ab5842 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Adjust source package name for knot-resolver and add reference
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1704cfe8 by Salvatore Bonaccorso at 2018-01-23T20:55:58+01:00 Adjust source package name for knot-resolver and add reference - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -829,7 +829,8 @@ CVE-2018-103 (Improper input validation bugs in DNSSEC validators components [wheezy] - pdns-recursor (Only affects 4.1) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html CVE-2018-102 (Improper input validation bugs in DNSSEC validators components in Knot ...) - - knot-recursor 1.5.2-1 + - knot-resolver 1.5.2-1 + NOTE: https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use ...) {DSA-4093-1 DLA-1253-1} - openocd 0.10.0-4 (bug #887488) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1704cfe85edc279148f533203ccd97b6ca7e7352 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1704cfe85edc279148f533203ccd97b6ca7e7352 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] libvirt 4.0.0 uploaded to unstable fixing CVE-2018-5748, #887700
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7b3dfe4 by Salvatore Bonaccorso at 2018-01-23T21:01:36+01:00 libvirt 4.0.0 uploaded to unstable fixing CVE-2018-5748, #887700 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -706,8 +706,7 @@ CVE-2018-5749 RESERVED CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method] RESERVED - [experimental] - libvirt 4.0.0~rc2-1 - - libvirt (bug #887700) + - libvirt 4.0.0-1 (bug #887700) [stretch] - libvirt (Minor issue) [jessie] - libvirt (Minor issue) [wheezy] - libvirt (Can be fixed in a later update) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7b3dfe47605ddda00d4c13f23bc5cbd30c70502 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7b3dfe47605ddda00d4c13f23bc5cbd30c70502 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6003/libtasn1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c98a821f by Salvatore Bonaccorso at 2018-01-23T21:17:10+01:00 Add CVE-2018-6003/libtasn1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -109,7 +109,11 @@ CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID compariso CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...) TODO: check CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...) - TODO: check + - libtasn1-6 4.13-2 + [jessie] - libtasn1-6 (Vulnerable code introduced in 4.3) + - libtasn1-3 (Vulnerable code introduced in 4.3) + NOTE: Affected function introduced in: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9 (libtasn1_4_3) + NOTE: Fixed by: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 (libtasn1_4_13) CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has ...) TODO: check CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c98a821f6f659d3d6b14eab875c7a82f7c9a5fcb --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c98a821f6f659d3d6b14eab875c7a82f7c9a5fcb You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-13716 as unfixed again
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 055651d5 by Salvatore Bonaccorso at 2018-01-23T21:27:08+01:00 Mark CVE-2017-13716 as unfixed again The changelog for binutils 2.29.90.20180122-1 mentions the CVE as fixed. But the issue is yet unresolved afaics, the upstream bug https://sourceware.org/bugzilla/show_bug.cgi?id=22009 has the respective discussion. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -25575,7 +25575,7 @@ CVE-2017-13718 CVE-2017-13717 RESERVED CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as ...) - - binutils 2.29.90.20180122-1 (low) + - binutils (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/055651d518b923c47aa4b728ed66b272442f812a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/055651d518b923c47aa4b728ed66b272442f812a You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c857635 by Salvatore Bonaccorso at 2018-01-23T21:49:18+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,5 @@ CVE-2018-6029 (The copy function in application/admin/controller/Article.php in ...) - TODO: check + NOT-FOR-US: NoneCms CVE-2018-6028 RESERVED CVE-2018-6027 @@ -13,7 +13,7 @@ CVE-2018-6024 CVE-2018-6023 RESERVED CVE-2018-6022 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: NoneCms CVE-2018-6021 RESERVED CVE-2018-6020 @@ -31,15 +31,15 @@ CVE-2018-6015 CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...) TODO: check CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...) - TODO: check + NOT-FOR-US: BigTree CMS CVE-2018-6012 RESERVED CVE-2018-6011 RESERVED CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain ...) - TODO: check + NOT-FOR-US: Yii Framework CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in ...) - TODO: check + NOT-FOR-US: Yii Framework CVE-2018-6008 RESERVED CVE-2018-6007 @@ -101,9 +101,9 @@ CVE-2017-18051 CVE-2017-18050 RESERVED CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before ...) - TODO: check + NOT-FOR-US: SilverStripe CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads ...) - TODO: check + NOT-FOR-US: Monstra CMS CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic ...) TODO: check CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...) @@ -115,13 +115,13 @@ CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function i NOTE: Affected function introduced in: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9 (libtasn1_4_3) NOTE: Fixed by: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 (libtasn1_4_13) CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has ...) - TODO: check + NOT-FOR-US: Soundy Background Music plugin for WordPress CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has ...) - TODO: check + NOT-FOR-US: Soundy Audio Playlist plugin for WordPress CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The ...) - TODO: check + NOT-FOR-US: AsusWRT CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the ...) - TODO: check + NOT-FOR-US: AsusWRT CVE-2018-5998 RESERVED CVE-2018-5997 @@ -197,27 +197,27 @@ CVE-2018-5964 CVE-2018-5963 RESERVED CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...) - TODO: check + NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...) - TODO: check + NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of ...) TODO: check CVE-2018-5959 RESERVED CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...) - TODO: check + NOT-FOR-US: Zillya! Antivirus CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...) - TODO: check + NOT-FOR-US: Zillya! Antivirus CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...) - TODO: check + NOT-FOR-US: Zillya! Antivirus CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled ...) TODO: check CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...) TODO: check CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 ...) - TODO: check + NOT-FOR-US: Dasan GPON ONT WiFi Router devices CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...) - TODO: check + NOT-FOR-US: pfSense CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of ...) TODO: check CVE-2018-5954 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c8576358eb3164e0ec4bfaab12f27a0494c48fb --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-1000417/matrixssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd83aaa3 by Salvatore Bonaccorso at 2018-01-23T21:49:56+01:00 Add CVE-2017-1000417/matrixssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -105,7 +105,7 @@ CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x be CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads ...) NOT-FOR-US: Monstra CMS CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic ...) - TODO: check + - matrixssl CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...) TODO: check CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd83aaa3ed59bd21385a6042c04d56857fbbb7fe --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd83aaa3ed59bd21385a6042c04d56857fbbb7fe You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2016-10708/openssh
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f1b865b by Salvatore Bonaccorso at 2018-01-23T21:53:22+01:00 Add CVE-2016-10708/openssh - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -219,7 +219,9 @@ CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...) NOT-FOR-US: pfSense CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of ...) - TODO: check + - openssh 1:7.4p1-1 + NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 + NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html CVE-2018-5954 RESERVED CVE-2018-5953 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f1b865ba6eef19822f07ab30fef52866767bb05 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f1b865ba6eef19822f07ab30fef52866767bb05 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2018-5345/gcab
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 979115d1 by Salvatore Bonaccorso at 2018-01-23T21:55:11+01:00 Reference fix for CVE-2018-5345/gcab - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1654,6 +1654,7 @@ CVE-2018-101 [Libc Realpath Buffer Underflow] NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...) - gcab 0.7-7 (bug #887776) + NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...) - linux [jessie] - linux (Vulnerability introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/979115d15c7e8eeb759ce241af73c329973d6b83 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/979115d15c7e8eeb759ce241af73c329973d6b83 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2017-9274/osc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d03457bc by Salvatore Bonaccorso at 2018-01-23T22:08:56+01:00 Add fixed version for CVE-2017-9274/osc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -38732,7 +38732,7 @@ CVE-2017-9275 RESERVED CVE-2017-9274 [osc executes spec code during "osc commit"] RESERVED - - osc (bug #887391) + - osc 0.162.1-1 (bug #887391) [stretch] - osc (Minor issue) [jessie] - osc (Minor issue) [wheezy] - osc (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d03457bc208d97cbb522b094748e6dc37e59940d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d03457bc208d97cbb522b094748e6dc37e59940d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0925bf6 by security tracker role at 2018-01-23T21:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,323 @@ +CVE-2018-6179 + RESERVED +CVE-2018-6178 + RESERVED +CVE-2018-6177 + RESERVED +CVE-2018-6176 + RESERVED +CVE-2018-6175 + RESERVED +CVE-2018-6174 + RESERVED +CVE-2018-6173 + RESERVED +CVE-2018-6172 + RESERVED +CVE-2018-6171 + RESERVED +CVE-2018-6170 + RESERVED +CVE-2018-6169 + RESERVED +CVE-2018-6168 + RESERVED +CVE-2018-6167 + RESERVED +CVE-2018-6166 + RESERVED +CVE-2018-6165 + RESERVED +CVE-2018-6164 + RESERVED +CVE-2018-6163 + RESERVED +CVE-2018-6162 + RESERVED +CVE-2018-6161 + RESERVED +CVE-2018-6160 + RESERVED +CVE-2018-6159 + RESERVED +CVE-2018-6158 + RESERVED +CVE-2018-6157 + RESERVED +CVE-2018-6156 + RESERVED +CVE-2018-6155 + RESERVED +CVE-2018-6154 + RESERVED +CVE-2018-6153 + RESERVED +CVE-2018-6152 + RESERVED +CVE-2018-6151 + RESERVED +CVE-2018-6150 + RESERVED +CVE-2018-6149 + RESERVED +CVE-2018-6148 + RESERVED +CVE-2018-6147 + RESERVED +CVE-2018-6146 + RESERVED +CVE-2018-6145 + RESERVED +CVE-2018-6144 + RESERVED +CVE-2018-6143 + RESERVED +CVE-2018-6142 + RESERVED +CVE-2018-6141 + RESERVED +CVE-2018-6140 + RESERVED +CVE-2018-6139 + RESERVED +CVE-2018-6138 + RESERVED +CVE-2018-6137 + RESERVED +CVE-2018-6136 + RESERVED +CVE-2018-6135 + RESERVED +CVE-2018-6134 + RESERVED +CVE-2018-6133 + RESERVED +CVE-2018-6132 + RESERVED +CVE-2018-6131 + RESERVED +CVE-2018-6130 + RESERVED +CVE-2018-6129 + RESERVED +CVE-2018-6128 + RESERVED +CVE-2018-6127 + RESERVED +CVE-2018-6126 + RESERVED +CVE-2018-6125 + RESERVED +CVE-2018-6124 + RESERVED +CVE-2018-6123 + RESERVED +CVE-2018-6122 + RESERVED +CVE-2018-6121 + RESERVED +CVE-2018-6120 + RESERVED +CVE-2018-6119 + RESERVED +CVE-2018-6118 + RESERVED +CVE-2018-6117 + RESERVED +CVE-2018-6116 + RESERVED +CVE-2018-6115 + RESERVED +CVE-2018-6114 + RESERVED +CVE-2018-6113 + RESERVED +CVE-2018-6112 + RESERVED +CVE-2018-6111 + RESERVED +CVE-2018-6110 + RESERVED +CVE-2018-6109 + RESERVED +CVE-2018-6108 + RESERVED +CVE-2018-6107 + RESERVED +CVE-2018-6106 + RESERVED +CVE-2018-6105 + RESERVED +CVE-2018-6104 + RESERVED +CVE-2018-6103 + RESERVED +CVE-2018-6102 + RESERVED +CVE-2018-6101 + RESERVED +CVE-2018-6100 + RESERVED +CVE-2018-6099 + RESERVED +CVE-2018-6098 + RESERVED +CVE-2018-6097 + RESERVED +CVE-2018-6096 + RESERVED +CVE-2018-6095 + RESERVED +CVE-2018-6094 + RESERVED +CVE-2018-6093 + RESERVED +CVE-2018-6092 + RESERVED +CVE-2018-6091 + RESERVED +CVE-2018-6090 + RESERVED +CVE-2018-6089 + RESERVED +CVE-2018-6088 + RESERVED +CVE-2018-6087 + RESERVED +CVE-2018-6086 + RESERVED +CVE-2018-6085 + RESERVED +CVE-2018-6084 + RESERVED +CVE-2018-6083 + RESERVED +CVE-2018-6082 + RESERVED +CVE-2018-6081 + RESERVED +CVE-2018-6080 + RESERVED +CVE-2018-6079 + RESERVED +CVE-2018-6078 + RESERVED +CVE-2018-6077 + RESERVED +CVE-2018-6076 + RESERVED +CVE-2018-6075 + RESERVED +CVE-2018-6074 + RESERVED +CVE-2018-6073 + RESERVED +CVE-2018-6072 + RESERVED +CVE-2018-6071 + RESERVED +CVE-2018-6070 + RESERVED +CVE-2018-6069 + RESERVED +CVE-2018-6068 + RESERVED +CVE-2018-6067 + RESERVED +CVE-2018-6066 + RESERVED +CVE-2018-6065 + RESERVED +CVE-2018-6064 + RESERVED +CVE-2018-6063 + RESERVED +CVE-2018-6062 + RESERVED +CVE-2018-6061 + RESERVED +CVE-2018-6060 + RESERVED +CVE-2018-6059 + RESERVED +CVE-2018-6058 + RESERVED +CVE-2018-6057 + RESERVED +CVE-2018-6056 + RESERVED +CVE-2018-6055 + RESERVED +CVE-2018-6054 + RESERVED +CVE-2018-6053 + RESERVED +CVE-2018-6052 + RESERVED +CVE-2018-6051 + RESERVED +CVE-2018-6050 + RESERVED +CVE-2018-6049 + RESERVED +CVE-2018-6048 + RESERVED +CVE-2018-6047 + RESERVED +CVE-2018-6046 + RESERVED +CVE-2018-6045 + RESERVED +CVE-2018-6044 + RESERVED +CVE-2018-6043 + RESERVED +CVE-2018-6042 + RESERVED +CVE-2018-6041 + RESERVED +CVE-2018-6040 + RESERVED +CVE-2018-6039 + RESERVED +CVE-2018-6038 + RESERVED +CVE-2018-6037 + RESERVED +CVE-2018-6036 + RESERVED +C
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-15107/dnsmasq
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 622fbcad by Salvatore Bonaccorso at 2018-01-23T22:19:46+01:00 Add CVE-2017-15107/dnsmasq - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -21618,7 +21618,9 @@ CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escap NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510864 CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dnsmasq ...) - TODO: check + - dnsmasq + NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html + NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 CVE-2017-15106 RESERVED CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/622fbcad5ad86f54cd7191ad7a13c91f4ab93198 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/622fbcad5ad86f54cd7191ad7a13c91f4ab93198 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-5950/mailman (specific possibly to 2.1.x series)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 99b84a09 by Salvatore Bonaccorso at 2018-01-23T22:23:07+01:00 Add CVE-2018-5950/mailman (specific possibly to 2.1.x series) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -553,7 +553,8 @@ CVE-2018-5951 CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the email_ftp_password_change ...) NOT-FOR-US: JBMC DirectAdmin CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in Mailman ...) - TODO: check + - mailman + NOTE: https://www.mail-archive.com/mailman-users@python.org/msg70375.html CVE-2018-5949 RESERVED CVE-2018-5948 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99b84a091ce00c85dab2588412069a4bfd4e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99b84a091ce00c85dab2588412069a4bfd4e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-15107
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 86f8ddd0 by Salvatore Bonaccorso at 2018-01-23T22:23:44+01:00 Add bug reference for CVE-2017-15107 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -21619,7 +21619,7 @@ CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escap NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510864 CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dnsmasq ...) - - dnsmasq + - dnsmasq (bug #888200) NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 CVE-2017-15106 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86f8ddd0c65e6cdcce63c94b94c94703f12886ff --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86f8ddd0c65e6cdcce63c94b94c94703f12886ff You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-5950/mailman
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae643866 by Salvatore Bonaccorso at 2018-01-23T22:28:19+01:00 Add bug reference for CVE-2018-5950/mailman - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -553,7 +553,7 @@ CVE-2018-5951 CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the email_ftp_password_change ...) NOT-FOR-US: JBMC DirectAdmin CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in Mailman ...) - - mailman + - mailman (bug #888201) NOTE: https://www.mail-archive.com/mailman-users@python.org/msg70375.html CVE-2018-5949 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae643866be9e5081a3130ced93f460e3a3c132fc --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae643866be9e5081a3130ced93f460e3a3c132fc You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-0486 fixed in xmltooling 1.6.3-1
Luciano Bello pushed to branch master at Debian Security Tracker / security-tracker Commits: d3406990 by Luciano Bello at 2018-01-23T21:20:14-05:00 CVE-2018-0486 fixed in xmltooling 1.6.3-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -14874,7 +14874,7 @@ CVE-2018-0487 RESERVED CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...) {DSA-4085-1 DLA-1242-1} - - xmltooling + - xmltooling 1.6.3-1 [stretch] - xmltooling (Xerces is configured to disallow DTD use) NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d34069901d262353bb400093ba73478fad8ffeeb --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d34069901d262353bb400093ba73478fad8ffeeb You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process two NFUs in Apache NiFi
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22c3c833 by Salvatore Bonaccorso at 2018-01-24T06:19:42+01:00 Process two NFUs in Apache NiFi - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -19884,6 +19884,7 @@ CVE-2017-15698 RESERVED CVE-2017-15697 RESERVED + NOT-FOR-US: Apache NiFi CVE-2017-15696 RESERVED CVE-2017-15695 @@ -29257,6 +29258,7 @@ CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 an NOT-FOR-US: Apache Camel CVE-2017-12632 RESERVED + NOT-FOR-US: Apache NiFi CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...) NOT-FOR-US: Apache CXF CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/22c3c833f04c769bae65d2f4a52a9397112346fe --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/22c3c833f04c769bae65d2f4a52a9397112346fe You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add firefox issues from mfsa2018-02
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee4735ba by Salvatore Bonaccorso at 2018-01-24T06:44:39+01:00 Add firefox issues from mfsa2018-02 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -2504,72 +2504,137 @@ CVE-2018-5123 RESERVED CVE-2018-5122 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5122 CVE-2018-5121 RESERVED + - firefox (Only affects Firefox on Mac OS X) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5121 CVE-2018-5120 RESERVED CVE-2018-5119 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5119 CVE-2018-5118 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118 CVE-2018-5117 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117 CVE-2018-5116 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5116 CVE-2018-5115 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5115 CVE-2018-5114 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5114 CVE-2018-5113 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5113 CVE-2018-5112 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112 CVE-2018-5111 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5111 CVE-2018-5110 RESERVED + - firefox (Only affects Firefox on Mac OS X) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5110 CVE-2018-5109 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109 CVE-2018-5108 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5108 CVE-2018-5107 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107 CVE-2018-5106 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106 CVE-2018-5105 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105 CVE-2018-5104 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104 CVE-2018-5103 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103 CVE-2018-5102 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102 CVE-2018-5101 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5101 CVE-2018-5100 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100 CVE-2018-5099 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099 CVE-2018-5098 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098 CVE-2018-5097 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097 CVE-2018-5096 RESERVED CVE-2018-5095 RESERVED + - firefox + - skia (bug #818180) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095 CVE-2018-5094 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5094 CVE-2018-5093 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5093 CVE-2018-5092 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092 CVE-2018-5091 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091 CVE-2018-5090 RESERVED + - firefox + NOTE: https://www.mozilla.org/en-US/secu
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2018-03
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: efb4b841 by Salvatore Bonaccorso at 2018-01-24T06:48:55+01:00 Add firefox-esr issues from mfsa2018-03 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -2523,7 +2523,9 @@ CVE-2018-5118 CVE-2018-5117 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117 CVE-2018-5116 RESERVED - firefox @@ -2575,15 +2577,21 @@ CVE-2018-5105 CVE-2018-5104 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104 CVE-2018-5103 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103 CVE-2018-5102 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102 CVE-2018-5101 RESERVED - firefox @@ -2595,22 +2603,32 @@ CVE-2018-5100 CVE-2018-5099 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099 CVE-2018-5098 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098 CVE-2018-5097 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097 CVE-2018-5096 RESERVED + - firefox-esr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096 CVE-2018-5095 RESERVED - firefox + - firefox-esr - skia (bug #818180) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095 CVE-2018-5094 RESERVED - firefox @@ -2626,7 +2644,9 @@ CVE-2018-5092 CVE-2018-5091 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091 CVE-2018-5090 RESERVED - firefox @@ -2634,7 +2654,9 @@ CVE-2018-5090 CVE-2018-5089 RESERVED - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089 CVE-2018-5088 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...) NOT-FOR-US: K7 AntiVirus CVE-2018-5087 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/efb4b84127ab06c273e7693aa8777669de6b20ad --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/efb4b84127ab06c273e7693aa8777669de6b20ad You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d78c41a0 by Salvatore Bonaccorso at 2018-01-24T06:54:15+01:00 Add firefox-esr to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -16,6 +16,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- chromium-browser/stable -- +firefox-esr +-- gcab (carnil) -- graphicsmagick View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d78c41a05316ea74ea51a8da09f9e3b4d33e147b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d78c41a05316ea74ea51a8da09f9e3b4d33e147b You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-1513{4, 5}/389-ds-base
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f21175a2 by Salvatore Bonaccorso at 2018-01-24T06:58:55+01:00 Add CVE-2017-1513{4,5}/389-ds-base - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -21579,10 +21579,12 @@ CVE-2017-15137 RESERVED CVE-2017-15136 RESERVED -CVE-2017-15135 +CVE-2017-15135 [Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c] RESERVED -CVE-2017-15134 + - 389-ds-base +CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c] RESERVED + - 389-ds-base CVE-2017-15133 RESERVED CVE-2017-15132 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f21175a236cd7a27f4f20cb10c83e607a1a4767c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f21175a236cd7a27f4f20cb10c83e607a1a4767c You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] take firefox
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2092186c by Moritz Muehlenhoff at 2018-01-24T07:40:14+01:00 take firefox add and take unbound - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -16,7 +16,7 @@ If needed, specify the release by adding a slash after the name of the source pa -- chromium-browser/stable -- -firefox-esr +firefox-esr (jmm) -- gcab (carnil) -- @@ -71,6 +71,8 @@ tomcat7/oldstable -- tomcat8 -- +unbound (jmm) +-- xen -- zendframework/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2092186c6e9143588f6c48264a8e9dadf7a96f90 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2092186c6e9143588f6c48264a8e9dadf7a96f90 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: afb3f34a by Moritz Muehlenhoff at 2018-01-24T07:41:26+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,5 @@ +CVE-2018-118 + NOT-FOR-US: ovirt-engine CVE-2018-6179 RESERVED CVE-2018-6178 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afb3f34adf0372ccf5578a8b81f16a2326bab7e7 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afb3f34adf0372ccf5578a8b81f16a2326bab7e7 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 398d5bc9 by Moritz Muehlenhoff at 2018-01-24T07:43:36+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -301,25 +301,25 @@ CVE-2018-6031 CVE-2018-6030 RESERVED CVE-2018-116 (Jenkins Ant Plugin 1.7 and earlier failed to escape tool names it ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2018-115 (On Jenkins instances with Authorize Project plugin, the authentication ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2018-114 (Jenkins Translation Assistance Plugin 1.15 and earlier did not require ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2018-113 (Jenkins Release Plugin 2.9 and earlier did not require form ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2018-112 (Jenkins Warnings Plugin 4.64 and earlier processes XML external ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2018-111 (Jenkins FindBugs Plugin 4.71 and earlier processes XML external ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2018-110 (Jenkins DRY Plugin 2.49 and earlier processes XML external entities in ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2018-109 (Jenkins Checkstyle Plugin 3.49 and earlier processes XML external ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2018-108 (Jenkins PMD Plugin 3.49 and earlier processes XML external entities in ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2015-1142857 (On multiple SR-IOV cars it is possible for VF's assigned to guests to ...) - TODO: check + NOT-FOR-US: SR-IOV cars CVE-2018-6029 (The copy function in application/admin/controller/Article.php in ...) NOT-FOR-US: NoneCms CVE-2018-6028 @@ -351,7 +351,7 @@ CVE-2018-6016 CVE-2018-6015 RESERVED CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...) - TODO: check + NOT-FOR-US: Subsonic CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...) NOT-FOR-US: BigTree CMS CVE-2018-6012 @@ -429,7 +429,7 @@ CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic ...) - matrixssl CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...) - TODO: check + NOT-FOR-US: axTLS CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...) - libtasn1-6 4.13-2 [jessie] - libtasn1-6 (Vulnerable code introduced in 4.3) @@ -523,7 +523,7 @@ CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel throu CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of ...) - TODO: check + NOT-FOR-US: Zenario CVE-2018-5959 RESERVED CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...) @@ -535,7 +535,7 @@ CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled ...) TODO: check CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...) - TODO: check + NOT-FOR-US: LabF nfsAxe CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 ...) NOT-FOR-US: Dasan GPON ONT WiFi Router devices CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...) @@ -988,7 +988,7 @@ CVE-2018-5763 CVE-2018-5762 RESERVED CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was found ...) - TODO: check + NOT-FOR-US: Rubrik CDM CVE-2018-5760 RESERVED CVE-2018-5759 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/398d5bc99cfc7dfca4eec0e4af797ea725e544a4 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/398d5bc99cfc7dfca4eec0e4af797ea725e544a4 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] spectre/meltdown also affects the Nvidia GPUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a3f14ce by Moritz Muehlenhoff at 2018-01-24T07:45:57+01:00 spectre/meltdown also affects the Nvidia GPUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -50323,6 +50323,8 @@ CVE-2017-5755 CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...) {DSA-4082-1 DSA-4078-1 DLA-1232-1} - linux 4.14.12-1 + - nvidia-graphics-drivers-legacy-340xx 340.106-1 + [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) NOTE: https://meltdownattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html @@ -50331,6 +50333,8 @@ CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and NOTE: https://01.org/security/advisories/intel-oss-10003 CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and ...) - linux + - nvidia-graphics-drivers-legacy-340xx 340.106-1 + [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html @@ -50430,6 +50434,8 @@ CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and - virtualbox 5.2.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) + - nvidia-graphics-drivers-legacy-340xx 340.106-1 + [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) CVE-2017-5714 RESERVED CVE-2017-5713 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a3f14cecfdc40b3508b7726dd7995e5e4918c51 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a3f14cecfdc40b3508b7726dd7995e5e4918c51 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add as well the nvidia-graphics-drivers and nvidia-graphics-drivers-legacy-304xx source packages
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a4b00460 by Salvatore Bonaccorso at 2018-01-24T08:03:13+01:00 Add as well the nvidia-graphics-drivers and nvidia-graphics-drivers-legacy-304xx source packages - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -50323,8 +50323,14 @@ CVE-2017-5755 CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...) {DSA-4082-1 DSA-4078-1 DLA-1232-1} - linux 4.14.12-1 + - nvidia-graphics-drivers 384.111-1 (bug #886852) + [stretch] - nvidia-graphics-drivers (Non-free not supported) + [jessie] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) NOTE: https://meltdownattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html @@ -50333,8 +50339,14 @@ CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and NOTE: https://01.org/security/advisories/intel-oss-10003 CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and ...) - linux + - nvidia-graphics-drivers 384.111-1 (bug #886852) + [stretch] - nvidia-graphics-drivers (Non-free not supported) + [jessie] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html @@ -50434,8 +50446,14 @@ CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and - virtualbox 5.2.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) + - nvidia-graphics-drivers 384.111-1 (bug #886852) + [stretch] - nvidia-graphics-drivers (Non-free not supported) + [jessie] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) CVE-2017-5714 RESERVED CVE-2017-5713 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4b0046020132d47ba7376b38fa94a2334e9014f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4b0046020132d47ba7376b38fa94a2334e9014f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record fixes in unstable for #876414
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6209458e by Salvatore Bonaccorso at 2018-01-24T08:05:07+01:00 Record fixes in unstable for #876414 The fixes were first landing in experimental, and then moved to unstable. Just for informational purposes still keep the [experimental] tagged entry, although not strictly needed. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -48900,7 +48900,7 @@ CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader NOT-FOR-US: NVIDIA ADSP Firmware CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) [experimental] - nvidia-graphics-drivers 384.90-1 - - nvidia-graphics-drivers (bug #876414) + - nvidia-graphics-drivers 384.98-2 (bug #876414) [stretch] - nvidia-graphics-drivers (Non-free not supported) [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) @@ -48920,7 +48920,7 @@ CVE-2017-6268 (NVIDIA Windows GPU Display Driver contains a vulnerability in the NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6267 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) [experimental] - nvidia-graphics-drivers 384.90-1 - - nvidia-graphics-drivers (bug #876414) + - nvidia-graphics-drivers 384.98-2 (bug #876414) [stretch] - nvidia-graphics-drivers (Non-free not supported) [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) @@ -48932,7 +48932,7 @@ CVE-2017-6267 (NVIDIA GPU Display Driver contains a vulnerability in the kernel NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) [experimental] - nvidia-graphics-drivers 384.90-1 - - nvidia-graphics-drivers (bug #876414) + - nvidia-graphics-drivers 384.98-2 (bug #876414) [stretch] - nvidia-graphics-drivers (Non-free not supported) [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6209458e073e7d917d47e80c9b82204b297abeee --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6209458e073e7d917d47e80c9b82204b297abeee You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1000005/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 493e516f by Salvatore Bonaccorso at 2018-01-24T08:15:57+01:00 Add CVE-2018-105/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1077,8 +1077,11 @@ CVE-2018-5733 RESERVED CVE-2018-5732 RESERVED -CVE-2018-105 +CVE-2018-105 [HTTP/2 trailer out-of-bounds read] RESERVED + - curl + NOTE: https://curl.haxx.se/docs/adv_2018-824a.html + NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch CVE-2018-5731 RESERVED CVE-2018-5730 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/493e516ff83e41bb287c85f7a75236840eb22aed --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/493e516ff83e41bb287c85f7a75236840eb22aed You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-17858/mupdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 50493a22 by Salvatore Bonaccorso at 2018-01-24T08:46:28+01:00 Add CVE-2017-17858/mupdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -6342,7 +6342,9 @@ CVE-2017-17860 (In Samsung Gear products, Bluetooth link key is updated to the . CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass ...) NOT-FOR-US: Samsung Internet Browser CVE-2017-17858 (Heap-based buffer overflow in the ensure_solid_xref function in ...) - TODO: check + - mupdf + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698819 (not public) + NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 CVE-2017-17851 RESERVED CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50493a221209d952bb3a387f3c5c64976efef6aa --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50493a221209d952bb3a387f3c5c64976efef6aa You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add further information for CVE-2018-1000005/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a05b0d0 by Salvatore Bonaccorso at 2018-01-24T08:23:45+01:00 Add further information for CVE-2018-105/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1083,7 +1083,11 @@ CVE-2018-5732 CVE-2018-105 [HTTP/2 trailer out-of-bounds read] RESERVED - curl + [jessie] - curl (Vulnerable code introduce later) + [wheezy] - curl (Vulnerable code introduce later) + NOTE: https://github.com/curl/curl/pull/2231 NOTE: https://curl.haxx.se/docs/adv_2018-824a.html + NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5 NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch CVE-2018-5731 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a05b0d09a1d490b66f5eda44670aea547be8bbd --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a05b0d09a1d490b66f5eda44670aea547be8bbd You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add curl to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09b8725a by Salvatore Bonaccorso at 2018-01-24T08:25:21+01:00 Add curl to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -16,6 +16,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- chromium-browser/stable -- +curl (ghedo) +-- firefox-esr (jmm) -- gcab (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09b8725a0442558f07126a6a41b17905224119a7 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09b8725a0442558f07126a6a41b17905224119a7 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1000007/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7754c3e by Salvatore Bonaccorso at 2018-01-24T08:17:12+01:00 Add CVE-2018-107/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -448,8 +448,11 @@ CVE-2018-5998 RESERVED CVE-2018-5997 RESERVED -CVE-2018-107 +CVE-2018-107 [HTTP authentication leak in redirects] RESERVED + - curl + NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html + NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch CVE-2018-5996 RESERVED CVE-2018-5995 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7754c3ea4f1515551ab1887715f9225a3eb0a6d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7754c3ea4f1515551ab1887715f9225a3eb0a6d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-104{2, 3, 4, 5}/moodle (removed)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a817835c by Salvatore Bonaccorso at 2018-01-24T08:47:48+01:00 Add CVE-2018-104{2,3,4,5}/moodle (removed) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -13036,13 +13036,13 @@ CVE-2018-1047 CVE-2018-1046 RESERVED CVE-2018-1045 (In Moodle 3.x, there is XSS via a calendar event name. ...) - TODO: check + - moodle CVE-2018-1044 (In Moodle 3.x, quiz web services allow students to see quiz results ...) - TODO: check + - moodle CVE-2018-1043 (In Moodle 3.x, the setting for blocked hosts list can be bypassed with ...) - TODO: check + - moodle CVE-2018-1042 (Moodle 3.x has Server Side Request Forgery in the filepicker. ...) - TODO: check + - moodle CVE-2018-1041 RESERVED CVE-2017-17380 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a817835c2154d5aefe2073e58eea147093aec0e2 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a817835c2154d5aefe2073e58eea147093aec0e2 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits