[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-3721
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f24cae94 by Salvatore Bonaccorso at 2018-02-16T07:29:06+01:00 Add bug reference for CVE-2018-3721 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -8757,7 +8757,7 @@ CVE-2018-3722 RESERVED CVE-2018-3721 [Prototype pollution in utilities function] RESERVED - - node-lodash (unimportant) + - node-lodash (unimportant; bug #890575) NOTE: https://snyk.io/vuln/npm:lodash:20180130 NOTE: https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a NOTE: nodejs not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f24cae945de0c69fa057288df8f06e3a7dfdc25d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f24cae945de0c69fa057288df8f06e3a7dfdc25d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-3728
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 49fb47e5 by Salvatore Bonaccorso at 2018-02-16T07:28:23+01:00 Add CVE-2018-3728 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -8738,8 +8738,11 @@ CVE-2018-3730 RESERVED CVE-2018-3729 RESERVED -CVE-2018-3728 +CVE-2018-3728 [Prototype pollution in utilities function] RESERVED + - node-hoek (unimportant) + NOTE: https://snyk.io/vuln/npm:hoek:20180212 + NOTE: nodejs not covered by security support CVE-2018-3727 RESERVED CVE-2018-3726 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49fb47e532dcde465010f5f4266d936007b09349 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49fb47e532dcde465010f5f4266d936007b09349 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-3721/node-lodash
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e68559a by Salvatore Bonaccorso at 2018-02-16T07:25:37+01:00 Add CVE-2018-3721/node-lodash - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -8752,8 +8752,12 @@ CVE-2018-3723 RESERVED CVE-2018-3722 RESERVED -CVE-2018-3721 +CVE-2018-3721 [Prototype pollution in utilities function] RESERVED + - node-lodash (unimportant) + NOTE: https://snyk.io/vuln/npm:lodash:20180130 + NOTE: https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a + NOTE: nodejs not covered by security support CVE-2018-3720 RESERVED CVE-2018-3719 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e68559aa8e8d2fb713e5ca5fcda30bb9a6f8b4e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e68559aa8e8d2fb713e5ca5fcda30bb9a6f8b4e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-100006{7, 8}/jenkins
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa74c67a by Salvatore Bonaccorso at 2018-02-16T07:20:48+01:00 Add CVE-2018-16{7,8}/jenkins - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,7 @@ +CVE-2018-168 + - jenkins +CVE-2018-167 + - jenkins CVE-2018-7172 RESERVED CVE-2018-7171 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa74c67ac24c1711be956613af411b907149f131 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa74c67ac24c1711be956613af411b907149f131 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18189/sox: #881121
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2d3ac76 by Salvatore Bonaccorso at 2018-02-16T07:18:02+01:00 Add CVE-2017-18189/sox: #881121 The fix was done in 14.4.2-1 uploaded to experimental and the first version in unstable containing the change thus 14.4.2-2 with the upload to unstable. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -255,7 +255,10 @@ CVE-2018-7050 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1. NOTE: https://irssi.org/security/irssi_sa_2018_02.txt NOTE: Fixed by: https://github.com/irssi/irssi/commit/e91da9e4098e449dc36eaa15354aff67650e7703 CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) through ...) - TODO: check + - sox 14.4.2-2 (bug #881121) + [stretch] - sox (Minor issue) + [jessie] - sox (Minor issue) + NOTE: https://public-inbox.org/sox-devel/20171109114554.16297-1-m...@mansr.com/raw CVE-2018-7049 RESERVED CVE-2018-7048 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2d3ac76d3370a0dc23579a9e8c39bb05bc0c0da --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2d3ac76d3370a0dc23579a9e8c39bb05bc0c0da You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-12161 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 89a4121a by Salvatore Bonaccorso at 2018-02-16T07:15:32+01:00 Mark CVE-2017-12161 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -33865,6 +33865,7 @@ CVE-2017-12162 RESERVED CVE-2017-12161 RESERVED + NOT-FOR-US: Keycloak CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated ...) NOT-FOR-US: Keycloak CVE-2017-12159 (It was found that the cookie used for CSRF prevention in Keycloak was ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89a4121a9ad6d9c7ea4f6b961d22f03ce08b170a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89a4121a9ad6d9c7ea4f6b961d22f03ce08b170a You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Tentatively prepare release for tomcat-native
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51c44b84 by Salvatore Bonaccorso at 2018-02-16T00:38:41+01:00 Tentatively prepare release for tomcat-native - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -81,7 +81,8 @@ squid3 (carnil) -- sssd/stable -- -tomcat-native +tomcat-native (carnil) + Markus prepared an update -- tomcat7/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51c44b84eeaf0ae467fcdbe97a2770dc4e0b53f6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51c44b84eeaf0ae467fcdbe97a2770dc4e0b53f6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference upstream commits for the four Quagga advisories
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44254fbd by Salvatore Bonaccorso at 2018-02-16T00:37:25+01:00 Reference upstream commits for the four Quagga advisories - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4696,14 +4696,17 @@ CVE-2018-5381 [fix infinite loop on certain invalid OPEN messages] RESERVED - quagga (bug #890563) NOTE: https://www.quagga.net/security/Quagga-2018-1975.txt + NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=ce07207c50a3d1f05d6dd49b5294282e59749787 CVE-2018-5380 [debug print of received NOTIFY data can over-read msg array] RESERVED - quagga (bug #890563) NOTE: https://www.quagga.net/security/Quagga-2018-1550.txt + NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=9e5251151894aefdf8e9392a2371615222119ad8 CVE-2018-5379 [Fix double free of unknown attribute] RESERVED - quagga (bug #890563) NOTE: https://www.quagga.net/security/Quagga-2018-1114.txt + NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=e69b535f92eafb599329bf725d9b4c6fd5d7fded CVE-2018-5378 [invalid attr length sends NOTIFY with data overrun] RESERVED - quagga (bug #890563) @@ -4711,6 +4714,7 @@ CVE-2018-5378 [invalid attr length sends NOTIFY with data overrun] [jessie] - quagga (Vulnerable code not present) [wheezy] - quagga (Vulnerable code not present) NOTE: https://www.quagga.net/security/Quagga-2018-0543.txt + NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=cc2e6770697e343f4af534114ab7e633d5beabec CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access ...) NOT-FOR-US: Discuz! DiscuzX CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44254fbd484b3f6f728f5f5d3610081227997f1f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/44254fbd484b3f6f728f5f5d3610081227997f1f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-53{78, 79, 80, 81}/quagga
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 198f9935 by Salvatore Bonaccorso at 2018-02-15T23:43:39+01:00 Add bug reference for CVE-2018-53{78,79,80,81}/quagga - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4694,19 +4694,19 @@ CVE-2018-5382 RESERVED CVE-2018-5381 [fix infinite loop on certain invalid OPEN messages] RESERVED - - quagga + - quagga (bug #890563) NOTE: https://www.quagga.net/security/Quagga-2018-1975.txt CVE-2018-5380 [debug print of received NOTIFY data can over-read msg array] RESERVED - - quagga + - quagga (bug #890563) NOTE: https://www.quagga.net/security/Quagga-2018-1550.txt CVE-2018-5379 [Fix double free of unknown attribute] RESERVED - - quagga + - quagga (bug #890563) NOTE: https://www.quagga.net/security/Quagga-2018-1114.txt CVE-2018-5378 [invalid attr length sends NOTIFY with data overrun] RESERVED - - quagga + - quagga (bug #890563) [stretch] - quagga 1.1.1-3+deb9u2 [jessie] - quagga (Vulnerable code not present) [wheezy] - quagga (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/198f993584edbc9e9b9d2a6fdc51146b1c4da73d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/198f993584edbc9e9b9d2a6fdc51146b1c4da73d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new quagga issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58ab2ef4 by Salvatore Bonaccorso at 2018-02-15T22:52:19+01:00 Add new quagga issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4692,14 +4692,24 @@ CVE-2018-5383 RESERVED CVE-2018-5382 RESERVED -CVE-2018-5381 +CVE-2018-5381 [fix infinite loop on certain invalid OPEN messages] RESERVED -CVE-2018-5380 + - quagga + NOTE: https://www.quagga.net/security/Quagga-2018-1975.txt +CVE-2018-5380 [debug print of received NOTIFY data can over-read msg array] RESERVED -CVE-2018-5379 + - quagga + NOTE: https://www.quagga.net/security/Quagga-2018-1550.txt +CVE-2018-5379 [Fix double free of unknown attribute] RESERVED -CVE-2018-5378 + - quagga + NOTE: https://www.quagga.net/security/Quagga-2018-1114.txt +CVE-2018-5378 [invalid attr length sends NOTIFY with data overrun] RESERVED + - quagga + [jessie] - quagga (Vulnerable code not present) + [wheezy] - quagga (Vulnerable code not present) + NOTE: https://www.quagga.net/security/Quagga-2018-0543.txt CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access ...) NOT-FOR-US: Discuz! DiscuzX CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58ab2ef4c04cbf3e9ce5f6d9fcd5c48713ce6c0a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58ab2ef4c04cbf3e9ce5f6d9fcd5c48713ce6c0a You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-17722, exiv2: Wheezy is not affected
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: be93f941 by Markus Koschany at 2018-02-15T23:07:32+01:00 CVE-2017-17722,exiv2: Wheezy is not affected The vulnerable code is not present. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -9874,6 +9874,7 @@ CVE-2017-17723 (In Exiv2 0.26, there is a heap-based buffer over-read in the ... TODO: check CVE-2017-17722 (In Exiv2 0.26, there is a reachable assertion in the readHeader ...) - exiv2 + [wheezy] - exiv2 (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524116 NOTE: https://github.com/Exiv2/exiv2/issues/228 TODO: check View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/be93f94161f112912f4d4628ad49ebabf7c5f3e7 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/be93f94161f112912f4d4628ad49ebabf7c5f3e7 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA number for quagga update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ca64a654 by Salvatore Bonaccorso at 2018-02-15T23:02:23+01:00 Reserve DSA number for quagga update - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4707,6 +4707,7 @@ CVE-2018-5379 [Fix double free of unknown attribute] CVE-2018-5378 [invalid attr length sends NOTIFY with data overrun] RESERVED - quagga + [stretch] - quagga 1.1.1-3+deb9u2 [jessie] - quagga (Vulnerable code not present) [wheezy] - quagga (Vulnerable code not present) NOTE: https://www.quagga.net/security/Quagga-2018-0543.txt = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,7 @@ +[15 Feb 2018] DSA-4115-1 quagga - security update + {CVE-2018-5379 CVE-2018-5380 CVE-2018-5381} + [jessie] - quagga 0.99.23.1-1+deb8u5 + [stretch] - quagga 1.1.1-3+deb9u2 [15 Feb 2018] DSA-4114-1 jackson-databind - security update {CVE-2017-17485 CVE-2018-5968} [jessie] - jackson-databind 2.4.2-2+deb8u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca64a65483a61e14874eb05213e3285614a7018c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca64a65483a61e14874eb05213e3285614a7018c You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 11407338 by Moritz Muehlenhoff at 2018-02-15T22:41:41+01:00 NFUs - - - - - 9c37f384 by Moritz Muehlenhoff at 2018-02-15T22:42:08+01:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -233,11 +233,11 @@ CVE-2018-7059 CVE-2018-7058 RESERVED CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName ...) - TODO: check + NOT-FOR-US: RoomWizard CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potentially ...) - TODO: check + NOT-FOR-US: RoomWizard CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the ...) - TODO: check + NOT-FOR-US: RoomWizard CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...) - irssi NOTE: https://irssi.org/security/irssi_sa_2018_02.txt @@ -1877,9 +1877,9 @@ CVE-2017-18090 CVE-2017-18089 RESERVED CVE-2017-18088 (Various plugin servlet resources in Atlassian Bitbucket Server before ...) - TODO: check + NOT-FOR-US: Atlassian Bitbucket Server CVE-2017-18087 (The download commit resource in Atlassian Bitbucket Server from ...) - TODO: check + NOT-FOR-US: Atlassian Bitbucket Server CVE-2017-18086 (Various resources in Atlassian Confluence Server before version 6.4.2 ...) NOT-FOR-US: Atlassian Confluence CVE-2017-18085 (The viewdefaultdecorator resource in Atlassian Confluence Server ...) @@ -4537,7 +4537,7 @@ CVE-2018-5461 CVE-2018-5460 RESERVED CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 Series ...) - TODO: check + NOT-FOR-US: WAGO PFC200 CVE-2018-5458 RESERVED CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire ...) @@ -4575,7 +4575,7 @@ CVE-2018-5442 (A Stack-based Buffer Overflow issue was discovered in Fuji Electr CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...) NOT-FOR-US: PHOENIX CONTACT mGuard firmware CVE-2018-5440 (A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS ...) - TODO: check + NOT-FOR-US: 3S-Smart CVE-2018-5439 RESERVED CVE-2018-5438 @@ -12448,7 +12448,7 @@ CVE-2018-2366 CVE-2018-2365 RESERVED CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, ...) NOT-FOR-US: SAP NetWeaver CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send ...) @@ -16244,45 +16244,45 @@ CVE-2017-17304 CVE-2017-17303 RESERVED CVE-2017-17302 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17301 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17300 (Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17299 (Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17298 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17297 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17296 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17295 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17294 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17293 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17292 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17291 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17290 (The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17289 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17288 (Huawei DP300 V500R002C00, RP200
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-7169/shadow as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1aadafc4 by Salvatore Bonaccorso at 2018-02-15T22:39:50+01:00 Mark CVE-2018-7169/shadow as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -6,6 +6,8 @@ CVE-2018-7170 RESERVED CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is ...) - shadow (bug #890557) + [stretch] - shadow (Minor issue) + [jessie] - shadow (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 NOTE: https://github.com/shadow-maint/shadow/pull/97 CVE-2018-7168 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1aadafc4dcf4e1c15f11ecc9d005eb77255e6305 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1aadafc4dcf4e1c15f11ecc9d005eb77255e6305 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: drop patch reference until confirmed by upstream, reporter and timeline don't match
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fd11973 by Moritz Muehlenhoff at 2018-02-15T22:33:44+01:00 drop patch reference until confirmed by upstream, reporter and timeline dont match - - - - - 738b6433 by Moritz Muehlenhoff at 2018-02-15T22:36:13+01:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -23754,7 +23754,6 @@ CVE-2017-15422 [integer overflow in icu] - icu NOTE: https://code.google.com/p/chromium/issues/detail?id=774382 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1523136 - NOTE: possible fix: https://ssl.icu-project.org/trac/changeset/40654 CVE-2017-15421 RESERVED CVE-2017-15420 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8d3d9b596d3dbc3c5cf2d025f2c01e9b178d5cd1...738b6433cddc1efb68568c5f1ed6d339d1632844 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8d3d9b596d3dbc3c5cf2d025f2c01e9b178d5cd1...738b6433cddc1efb68568c5f1ed6d339d1632844 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-7169/shadow: #890557
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d3d9b59 by Salvatore Bonaccorso at 2018-02-15T22:35:26+01:00 Add bug reference for CVE-2018-7169/shadow: #890557 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -5,7 +5,7 @@ CVE-2018-7171 CVE-2018-7170 RESERVED CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is ...) - - shadow + - shadow (bug #890557) NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 NOTE: https://github.com/shadow-maint/shadow/pull/97 CVE-2018-7168 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d3d9b596d3dbc3c5cf2d025f2c01e9b178d5cd1 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d3d9b596d3dbc3c5cf2d025f2c01e9b178d5cd1 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7169/shadow
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3bc294b9 by Salvatore Bonaccorso at 2018-02-15T22:16:16+01:00 Add CVE-2018-7169/shadow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -5,7 +5,9 @@ CVE-2018-7171 CVE-2018-7170 RESERVED CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is ...) - TODO: check + - shadow + NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 + NOTE: https://github.com/shadow-maint/shadow/pull/97 CVE-2018-7168 RESERVED CVE-2018-7167 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bc294b93811d3c68994ae321e8b86f5d4e06787 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bc294b93811d3c68994ae321e8b86f5d4e06787 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2018-7050
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e86eb0f by Salvatore Bonaccorso at 2018-02-15T22:09:02+01:00 Reference fix for CVE-2018-7050 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -24,6 +24,7 @@ CVE-2018-7050 [Null pointer dereference when an "empty" nick has been observed b RESERVED - irssi NOTE: https://irssi.org/security/irssi_sa_2018_02.txt + NOTE: Fixed by: https://github.com/irssi/irssi/commit/e91da9e4098e449dc36eaa15354aff67650e7703 CVE-2017-18189 RESERVED CVE-2018-7049 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e86eb0f359b83294fda3270bf31004e758f0c7c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e86eb0f359b83294fda3270bf31004e758f0c7c You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9949af02 by security tracker role at 2018-02-15T21:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,32 +1,257 @@ -CVE-2018-7057 +CVE-2018-7172 RESERVED -CVE-2018-7056 +CVE-2018-7171 RESERVED -CVE-2018-7055 +CVE-2018-7170 RESERVED -CVE-2018-7054 [Use after free when server is disconnected during netsplits] +CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is ...) + TODO: check +CVE-2018-7168 + RESERVED +CVE-2018-7167 + RESERVED +CVE-2018-7166 + RESERVED +CVE-2018-7165 + RESERVED +CVE-2018-7164 + RESERVED +CVE-2018-7163 + RESERVED +CVE-2018-7162 + RESERVED +CVE-2018-7161 + RESERVED +CVE-2018-7160 + RESERVED +CVE-2018-7159 + RESERVED +CVE-2018-7158 + RESERVED +CVE-2018-7157 + RESERVED +CVE-2018-7156 + RESERVED +CVE-2018-7155 + RESERVED +CVE-2018-7154 + RESERVED +CVE-2018-7153 + RESERVED +CVE-2018-7152 + RESERVED +CVE-2018-7151 + RESERVED +CVE-2018-7150 + RESERVED +CVE-2018-7149 + RESERVED +CVE-2018-7148 + RESERVED +CVE-2018-7147 + RESERVED +CVE-2018-7146 + RESERVED +CVE-2018-7145 + RESERVED +CVE-2018-7144 + RESERVED +CVE-2018-7143 + RESERVED +CVE-2018-7142 + RESERVED +CVE-2018-7141 + RESERVED +CVE-2018-7140 + RESERVED +CVE-2018-7139 + RESERVED +CVE-2018-7138 + RESERVED +CVE-2018-7137 + RESERVED +CVE-2018-7136 + RESERVED +CVE-2018-7135 + RESERVED +CVE-2018-7134 + RESERVED +CVE-2018-7133 + RESERVED +CVE-2018-7132 + RESERVED +CVE-2018-7131 + RESERVED +CVE-2018-7130 + RESERVED +CVE-2018-7129 + RESERVED +CVE-2018-7128 + RESERVED +CVE-2018-7127 + RESERVED +CVE-2018-7126 + RESERVED +CVE-2018-7125 + RESERVED +CVE-2018-7124 + RESERVED +CVE-2018-7123 + RESERVED +CVE-2018-7122 + RESERVED +CVE-2018-7121 + RESERVED +CVE-2018-7120 + RESERVED +CVE-2018-7119 + RESERVED +CVE-2018-7118 + RESERVED +CVE-2018-7117 + RESERVED +CVE-2018-7116 + RESERVED +CVE-2018-7115 + RESERVED +CVE-2018-7114 + RESERVED +CVE-2018-7113 + RESERVED +CVE-2018-7112 + RESERVED +CVE-2018-7111 + RESERVED +CVE-2018-7110 + RESERVED +CVE-2018-7109 + RESERVED +CVE-2018-7108 + RESERVED +CVE-2018-7107 + RESERVED +CVE-2018-7106 + RESERVED +CVE-2018-7105 + RESERVED +CVE-2018-7104 + RESERVED +CVE-2018-7103 + RESERVED +CVE-2018-7102 + RESERVED +CVE-2018-7101 + RESERVED +CVE-2018-7100 + RESERVED +CVE-2018-7099 + RESERVED +CVE-2018-7098 + RESERVED +CVE-2018-7097 RESERVED +CVE-2018-7096 + RESERVED +CVE-2018-7095 + RESERVED +CVE-2018-7094 + RESERVED +CVE-2018-7093 + RESERVED +CVE-2018-7092 + RESERVED +CVE-2018-7091 + RESERVED +CVE-2018-7090 + RESERVED +CVE-2018-7089 + RESERVED +CVE-2018-7088 + RESERVED +CVE-2018-7087 + RESERVED +CVE-2018-7086 + RESERVED +CVE-2018-7085 + RESERVED +CVE-2018-7084 + RESERVED +CVE-2018-7083 + RESERVED +CVE-2018-7082 + RESERVED +CVE-2018-7081 + RESERVED +CVE-2018-7080 + RESERVED +CVE-2018-7079 + RESERVED +CVE-2018-7078 + RESERVED +CVE-2018-7077 + RESERVED +CVE-2018-7076 + RESERVED +CVE-2018-7075 + RESERVED +CVE-2018-7074 + RESERVED +CVE-2018-7073 + RESERVED +CVE-2018-7072 + RESERVED +CVE-2018-7071 + RESERVED +CVE-2018-7070 + RESERVED +CVE-2018-7069 + RESERVED +CVE-2018-7068 + RESERVED +CVE-2018-7067 + RESERVED +CVE-2018-7066 + RESERVED +CVE-2018-7065 + RESERVED +CVE-2018-7064 + RESERVED +CVE-2018-7063 + RESERVED +CVE-2018-7062 + RESERVED +CVE-2018-7061 + RESERVED +CVE-2018-7060 + RESERVED +CVE-2018-7059 + RESERVED +CVE-2018-7058 + RESERVED +CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName ...) + TODO: check +CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potentially ...) + TODO: check +CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the ...) + TODO: check +CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...) - irssi NOTE: https://irssi.org/security/irssi_sa_2018_02.txt -CVE-2018-7053 [Use after free when SASL messages are received in unexpected order] - RESERVED +CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...) - irssi
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference upstream issue for CVE-2018-3836
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd9c7922 by Salvatore Bonaccorso at 2018-02-15T22:02:41+01:00 Reference upstream issue for CVE-2018-3836 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -7995,6 +7995,7 @@ CVE-2018-3836 [gplotMakeOutput Command Injection Vulnerability] RESERVED - leptonlib 1.75.3-1 (bug #889759) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516 + NOTE: https://github.com/DanBloomberg/leptonica/issues/303 CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in version 2.2 ...) NOT-FOR-US: Per Face Texture (PTEX) CVE-2018-3834 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd9c792235e00444ed51ad54bdefa032cb54b44a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd9c792235e00444ed51ad54bdefa032cb54b44a You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new irssi issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f2da741 by Salvatore Bonaccorso at 2018-02-15T21:55:24+01:00 Add new irssi issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4,16 +4,26 @@ CVE-2018-7056 RESERVED CVE-2018-7055 RESERVED -CVE-2018-7054 +CVE-2018-7054 [Use after free when server is disconnected during netsplits] RESERVED -CVE-2018-7053 + - irssi + NOTE: https://irssi.org/security/irssi_sa_2018_02.txt +CVE-2018-7053 [Use after free when SASL messages are received in unexpected order] RESERVED -CVE-2018-7052 + - irssi + NOTE: https://irssi.org/security/irssi_sa_2018_02.txt +CVE-2018-7052 [Null pointer dereference] RESERVED -CVE-2018-7051 + - irssi + NOTE: https://irssi.org/security/irssi_sa_2018_02.txt +CVE-2018-7051 [out of bounds access when printing theme strings] RESERVED -CVE-2018-7050 + - irssi + NOTE: https://irssi.org/security/irssi_sa_2018_02.txt +CVE-2018-7050 [Null pointer dereference when an "empty" nick has been observed by Irssi] RESERVED + - irssi + NOTE: https://irssi.org/security/irssi_sa_2018_02.txt CVE-2017-18189 RESERVED CVE-2018-7049 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f2da7413002de0634ac5d82b9624c0aa4d51cc5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f2da7413002de0634ac5d82b9624c0aa4d51cc5 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-3836 adressed in unstable with new upstream version
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f740cda by Salvatore Bonaccorso at 2018-02-15T21:44:48+01:00 CVE-2018-3836 adressed in unstable with new upstream version - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -7983,7 +7983,7 @@ CVE-2018-3837 RESERVED CVE-2018-3836 [gplotMakeOutput Command Injection Vulnerability] RESERVED - - leptonlib (bug #889759) + - leptonlib 1.75.3-1 (bug #889759) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516 CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in version 2.2 ...) NOT-FOR-US: Per Face Texture (PTEX) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f740cda2e3db16529b71eeb19ddba59fc02d886 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f740cda2e3db16529b71eeb19ddba59fc02d886 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mbedtls/2.7.0-2 uploaded to unstable adressing three CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d3e15857 by Salvatore Bonaccorso at 2018-02-15T21:42:19+01:00 mbedtls/2.7.0-2 uploaded to unstable adressing three CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -203,8 +203,7 @@ CVE-2018-6957 CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...) NOT-FOR-US: opentmpfiles CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...) - [experimental] - mbedtls 2.7.0-1 - - mbedtls + - mbedtls 2.7.0-2 - polarssl NOTE: https://github.com/ARMmbed/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28 CVE-2018-7032 (webcheckout in myrepos through 1.20171231 does not sanitize URLs that ...) @@ -17773,13 +17772,11 @@ CVE-2018-0490 CVE-2018-0489 RESERVED CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...) - [experimental] - mbedtls 2.7.0-1 - - mbedtls (bug #890287) + - mbedtls 2.7.0-2 (bug #890287) - polarssl NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01 CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...) - [experimental] - mbedtls 2.7.0-1 - - mbedtls (bug #890288) + - mbedtls 2.7.0-2 (bug #890288) - polarssl NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3e1585792f911e1ac5d4dd2fad0501f9f7d3ae4 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3e1585792f911e1ac5d4dd2fad0501f9f7d3ae4 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-5715 as fixed for unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b7391be0 by Salvatore Bonaccorso at 2018-02-15T15:38:15+01:00 Mark CVE-2017-5715 as fixed for unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -53459,7 +53459,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi CVE-2017-5716 REJECTED CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...) - - linux + - linux 4.14.17-1 NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7391be023a914e39c3a9e720bbfcd64ee249549 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7391be023a914e39c3a9e720bbfcd64ee249549 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record fixing versions for 4.14.17-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae774529 by Salvatore Bonaccorso at 2018-02-15T15:33:21+01:00 Record fixing versions for 4.14.17-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -330,7 +330,7 @@ CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion c NOTE: https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e NOTE: https://github.com/qpdf/qpdf/issues/51 CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel before ...) - - linux + - linux 4.14.17-1 NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...) NOT-FOR-US: MISP @@ -4571,7 +4571,7 @@ CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticate CVE-2018-5346 RESERVED CVE-2018-104 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...) - - linux + - linux 4.14.17-1 CVE-2018-101 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...) - glibc 2.26-4 (bug #887001) [stretch] - glibc (Minor issue, can be fixed along in next DSA or preferably point release) @@ -4586,7 +4586,7 @@ CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can - gcab 0.7-7 (bug #887776) NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...) - - linux + - linux 4.14.17-1 [jessie] - linux (Vulnerability introduced later) [wheezy] - linux (Vulnerability introduced later) NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 @@ -4624,10 +4624,10 @@ CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave f NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in ...) - - linux + - linux 4.14.17-1 NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737 CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() ...) - - linux + - linux 4.14.17-1 NOTE: Fixed by: https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c CVE-2017-1000441 REJECTED @@ -4729,7 +4729,7 @@ CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the de CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to the ...) NOT-FOR-US: Office Tracker CVE-2018-128 (Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, ...) - - linux + - linux 4.14.17-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) @@ -30024,7 +30024,7 @@ CVE-2017-13218 (Access to CNTVCT_EL0 could be used for side channel attacks. Thi CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds write ...) TODO: check CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to ...) - - linux (unimportant) + - linux 4.14.17-1 (unimportant) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae77452949518e75ce1247e561288db5204e5f28 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae77452949518e75ce1247e561288db5204e5f28 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-13166 does affect mainline Linux
Ben Hutchings pushed to branch master at Debian Security Tracker / security-tracker Commits: c9e18c10 by Ben Hutchings at 2018-02-15T14:19:55+00:00 CVE-2017-13166 does affect mainline Linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -30130,7 +30130,9 @@ CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi drive CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. ...) TODO: check CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video ...) - TODO: check + - linux + NOTE: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html + NOTE: https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a CVE-2017-13165 (An elevation of privilege vulnerability in the kernel file system. ...) TODO: check CVE-2017-13164 (An information disclosure vulnerability in the kernel binder driver. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9e18c1048f7dd9b77bddccf67cb5f2b55b86d4b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9e18c1048f7dd9b77bddccf67cb5f2b55b86d4b You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-1772{2, 3, 4, 5}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a78ab15 by Salvatore Bonaccorso at 2018-02-15T14:48:11+01:00 Add CVE-2017-1772{2,3,4,5} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -9605,12 +9605,25 @@ CVE-2017-17727 (DedeCMS through 5.6 allows arbitrary file upload and PHP code ex CVE-2017-17726 RESERVED CVE-2017-17725 (In Exiv2 0.26, there is an integer overflow leading to a heap-based ...) + - exiv2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1525055 + NOTE: https://github.com/Exiv2/exiv2/issues/188 + NOTE: https://github.com/Exiv2/exiv2/pull/193 TODO: check CVE-2017-17724 (In Exiv2 0.26, there is a heap-based buffer over-read in the ...) + - exiv2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524107 + NOTE: https://github.com/Exiv2/exiv2/issues/210 TODO: check CVE-2017-17723 (In Exiv2 0.26, there is a heap-based buffer over-read in the ...) + - exiv2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524104 + NOTE: https://github.com/Exiv2/exiv2/issues/229 TODO: check CVE-2017-17722 (In Exiv2 0.26, there is a reachable assertion in the readHeader ...) + - exiv2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524116 + NOTE: https://github.com/Exiv2/exiv2/issues/228 TODO: check CVE-2017-17721 (CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 ...) NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a78ab157da8931b02a44c830508642ca923a35f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a78ab157da8931b02a44c830508642ca923a35f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add one more pending CVE
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c4815d2e by Salvatore Bonaccorso at 2018-02-15T14:14:20+01:00 Add one more pending CVE - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -105,6 +105,8 @@ CVE-2017-12380 [stretch] - clamav 0.99.2+dfsg-6+deb9u1 CVE-2018-6560 [stretch] - flatpak 0.8.9-0+deb9u1 +CVE-2017-13216 + [stretch] - linux 4.9.80-1 CVE-2017-15129 [stretch] - linux 4.9.80-1 CVE-2017-16911 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4815d2e90f7d44b71bdb4e93ba164d542feb8b6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4815d2e90f7d44b71bdb4e93ba164d542feb8b6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] systemd spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 76834ccc by Moritz Muehlenhoff at 2018-02-15T14:12:15+01:00 systemd spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -131,3 +131,5 @@ CVE-2017-1000494 [stretch] - miniupnpd 1.8.20140523-4.1+deb9u1 CVE-2018-6758 [stretch] - uwsgi 2.0.14+20161117-3+deb9u1 +CVE-2017-15908 + [stretch] - systemd 232-25+deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76834ccce5bc5e8f26fd357d02d6945b39bcb5dc --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76834ccce5bc5e8f26fd357d02d6945b39bcb5dc You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: Claim gcc-4.6/gcc-4.6 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: b0534d8f by Roberto C. Sánchez at 2018-02-15T06:49:19-05:00 LTS: Claim gcc-4.6/gcc-4.6 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -15,13 +15,13 @@ dovecot (Thorsten Alteholz) NOTE: maintainer and security team are looking into this NOTE: probably no-dsa -- -gcc-4.6 +gcc-4.6 (Roberto C. Sánchez) NOTE: Backport the retpoline support for spectre mitigation. NOTE: Coordinate with jmm who started the work for gcc-4.9 in jessie. NOTE: This gcc version is used by the kernel build. Its update is NOTE: thus more important than the one of gcc-4.7. -- -gcc-4.7 +gcc-4.7 (Roberto C. Sánchez) NOTE: Backport the retpoline support for spectre mitigation. NOTE: Do we want/need it on this gcc version as well? -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0534d8f964766df5b642756264faee8d1e36783 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0534d8f964766df5b642756264faee8d1e36783 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Put gcc-4.6/gcc-4.7 update for retpoline support in our radar
Raphaël Hertzog pushed to branch master at Debian Security Tracker / security-tracker Commits: ebdf4656 by Raphaël Hertzog at 2018-02-15T12:16:05+01:00 Put gcc-4.6/gcc-4.7 update for retpoline support in our radar - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -15,6 +15,16 @@ dovecot (Thorsten Alteholz) NOTE: maintainer and security team are looking into this NOTE: probably no-dsa -- +gcc-4.6 + NOTE: Backport the retpoline support for spectre mitigation. + NOTE: Coordinate with jmm who started the work for gcc-4.9 in jessie. + NOTE: This gcc version is used by the kernel build. Its update is + NOTE: thus more important than the one of gcc-4.7. +-- +gcc-4.7 + NOTE: Backport the retpoline support for spectre mitigation. + NOTE: Do we want/need it on this gcc version as well? +-- icu (Thorsten Alteholz) NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebdf4656e9b85e8423d24c81b232edf16c2c2b89 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebdf4656e9b85e8423d24c81b232edf16c2c2b89 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1284-1 for leptonlib
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: b013b676 by Abhijith PA at 2018-02-15T14:56:43+05:30 Reserve DLA-1284-1 for leptonlib - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[15 Feb 2018] DLA-1284-1 leptonlib - security update + {CVE-2018-3836} + [wheezy] - leptonlib 1.69-3.1+deb7u1 [15 Feb 2018] DLA-1283-1 python-crypto - security update {CVE-2018-6594} [wheezy] - python-crypto 2.6-4+deb7u8 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -27,9 +27,6 @@ lame (Hugo Lefeuvre) NOTE: 20180125: Fabian showed interest in porting lame to libsndfile and submitted a patch draft for Jessie. NOTE: I'll test it, submit the update for Jessie and backport the result to Wheezy on time. -- -leptonlib (Abhijith PA) - NOTE: 20180214: CVE-2018-3836 is reproducible even after applying upstream patch. --- libav (Hugo Lefeuvre) NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop. NOTE: It is unlikely that he will start again in the next weeks. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b013b67635a3a052c866ed948fb62d61b9a887f0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b013b67635a3a052c866ed948fb62d61b9a887f0 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f03870f by security tracker role at 2018-02-15T09:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,21 @@ +CVE-2018-7057 + RESERVED +CVE-2018-7056 + RESERVED +CVE-2018-7055 + RESERVED +CVE-2018-7054 + RESERVED +CVE-2018-7053 + RESERVED +CVE-2018-7052 + RESERVED +CVE-2018-7051 + RESERVED +CVE-2018-7050 + RESERVED +CVE-2017-18189 + RESERVED CVE-2018-7049 RESERVED CVE-2018-7048 @@ -1218,6 +1236,7 @@ CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is CVE-2018-6595 RESERVED CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates ...) + {DLA-1283-1} - pycryptodome (bug #889998) - python-crypto (bug #88) NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253 @@ -1839,7 +1858,7 @@ CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for J NOT-FOR-US: Visual Calendar component for Joomla! CVE-2018-6394 RESERVED -CVE-2018-6393 (FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow ...) +CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...) NOT-FOR-US: FreePBX CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...) - ffmpeg 7:3.4.2-1 @@ -3053,6 +3072,7 @@ CVE-2018-5970 CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...) NOT-FOR-US: Photography CMS CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...) + {DSA-4114-1} - jackson-databind 2.9.4-1 (bug #888316) NOTE: https://github.com/FasterXML/jackson-databind/issues/1899 NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05 @@ -14499,19 +14519,19 @@ CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.1 CVE-2017-17559 RESERVED CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...) - {DLA-1230-1} + {DSA-4112-1 DLA-1230-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-251.html CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...) - {DLA-1230-1} + {DSA-4112-1 DLA-1230-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-250.html CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...) - {DLA-1230-1} + {DSA-4112-1 DLA-1230-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-249.html CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...) - {DLA-1230-1} + {DSA-4112-1 DLA-1230-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-248.html CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...) @@ -14847,6 +14867,7 @@ CVE-2017-17487 CVE-2017-17486 RESERVED CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 ...) + {DSA-4114-1} - jackson-databind 2.9.4-1 (bug #888318) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0 NOTE: https://github.com/FasterXML/jackson-databind/issues/1855 @@ -16772,106 +16793,106 @@ CVE-2018-0871 RESERVED CVE-2018-0870 RESERVED -CVE-2018-0869 - RESERVED +CVE-2018-0869 (SharePoint Server 2016 allows an elevation of privilege vulnerability ...) + TODO: check CVE-2018-0868 RESERVED CVE-2018-0867 RESERVED -CVE-2018-0866 - RESERVED +CVE-2018-0866 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + TODO: check CVE-2018-0865 RESERVED -CVE-2018-0864 - RESERVED +CVE-2018-0864 (SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 ...) + TODO: check CVE-2018-0863 RESERVED CVE-2018-0862 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...) NOT-FOR-US: Microsoft -CVE-2018-0861 - RESERVED -CVE-2018-0860 - RESERVED -CVE-2018-0859 - RESERVED -CVE-2018-0858 - RESERVED -CVE-2018-0857 - RESERVED -CVE-2018-0856 - RESERVED -CVE-2018-0855 - RESERVED +CVE-2018-0861 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + TODO: check +CVE-2018-0860 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...) + TODO: check +CVE-2018-0859 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...) + TODO: check +CVE-2018-0858 (ChakraCore allows remote code execution, due to