[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2018-580{0, 1, 2}/libraw
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f5cc762 by Salvatore Bonaccorso at 2018-03-09T08:24:42+01:00
Reference upstream commit for CVE-2018-580{0,1,2}/libraw
Note tha the upstream commit message is wrong saying 0.18.17 which
is
though defitively tagged as 0.18.7 and is after 0.18.6 release, the
changelog is as well refering to 0.18.7 thus deducing that the upstream
version 0.18.7 is correct to use.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6075,14 +6075,17 @@ CVE-2018-5802 [Out-of-bounds read in
kodak_radc_load_raw function internal/dcraw
RESERVED
- libraw 0.18.7-1
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function
src/libraw_cxx.cpp]
RESERVED
- libraw 0.18.7-1
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw
function in internal/dcraw_common.cpp]
RESERVED
- libraw 0.18.7-1
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-106 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10
and earlier, ...)
- electron (bug #842420)
NOTE: Linux is not affected
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5cc76218c6c29dc90fe5321b282f1a7241e921
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5cc76218c6c29dc90fe5321b282f1a7241e921
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7858/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4fd0a664 by Salvatore Bonaccorso at 2018-03-09T07:58:22+01:00 Add CVE-2018-7858/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -70,8 +70,11 @@ CVE-2018-7860 RESERVED CVE-2018-7859 RESERVED -CVE-2018-7858 +CVE-2018-7858 [cirrus: OOB access when updating vga display] RESERVED + - qemu + - qemu-kvm + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html CVE-2018-7857 RESERVED CVE-2018-7856 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4fd0a664ebf2d4ce2c6816832528c9c391fe1a90 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4fd0a664ebf2d4ce2c6816832528c9c391fe1a90 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-580{0, 1, 2}/libraw
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e4eb12a by Salvatore Bonaccorso at 2018-03-09T07:56:54+01:00
Add CVE-2018-580{0,1,2}/libraw
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6068,12 +6068,18 @@ CVE-2018-5803 [Missing length check of payload in
net/sctp/sm_make_chunk.c:_sctp
RESERVED
- linux
NOTE: Fixed by:
https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
-CVE-2018-5802
+CVE-2018-5802 [Out-of-bounds read in kodak_radc_load_raw function
internal/dcraw_common.cpp]
RESERVED
-CVE-2018-5801
+ - libraw 0.18.7-1
+ NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function
src/libraw_cxx.cpp]
RESERVED
-CVE-2018-5800
+ - libraw 0.18.7-1
+ NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw
function in internal/dcraw_common.cpp]
RESERVED
+ - libraw 0.18.7-1
+ NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
CVE-2018-106 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10
and earlier, ...)
- electron (bug #842420)
NOTE: Linux is not affected
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4eb12ade05d1817adf185f5f01d5ebba7009f4
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4eb12ade05d1817adf185f5f01d5ebba7009f4
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1071/zsh
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e4bbf08 by Salvatore Bonaccorso at 2018-03-09T07:52:37+01:00 Add CVE-2018-1071/zsh - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -18487,8 +18487,10 @@ CVE-2018-1073 RESERVED CVE-2018-1072 RESERVED -CVE-2018-1071 +CVE-2018-1071 [Stack-based buffer overflow in exec.c:hashcmd()] RESERVED + - zsh + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531 CVE-2018-1070 RESERVED CVE-2018-1069 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e4bbf08825aacc4890e5859699c9672361e7e4d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e4bbf08825aacc4890e5859699c9672361e7e4d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 4 commits: Triage mp4v2 for LTS
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 0be7f76b by Chris Lamb at 2018-03-08T18:02:23-08:00 Triage mp4v2 for LTS - - - - - caa95732 by Chris Lamb at 2018-03-08T18:02:45-08:00 Triage libcdio for LTS - - - - - b709121e by Chris Lamb at 2018-03-08T18:04:45-08:00 Triage exempi for LTS - - - - - 2a127017 by Chris Lamb at 2018-03-08T18:05:18-08:00 data/dla-needed.txt: Add comment for exempi. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -17,6 +17,9 @@ dovecot (Thorsten Alteholz) elinks NOTE: 20180226: maintainer is on the security team (jmm), no notice sent (anarcat) -- +exempi + NOTE: 20180308: Not all upstream patches apply cleanly (lamby) +-- gcc-4.6 (Roberto C. Sánchez) NOTE: Backport the retpoline support for spectre mitigation. NOTE: Coordinate with jmm who started the work for gcc-4.9 in jessie. @@ -51,6 +54,8 @@ libav (Hugo Lefeuvre) NOTE: I am currently working on CVE triage but I will not be able to process the whole backlog until May. NOTE: Help is welcome, feel free to mail Hugo. -- +libcdio +-- libgcrypt11 -- libmad (Kurt Roeckx) @@ -69,6 +74,8 @@ ming (Hugo Lefeuvre) -- mingw-w64 -- +mp4v2 +-- mupdf (Hugo Lefeuvre) -- opencv (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0c791ef14632dff4cb4f32cf210e308db6e5205c...2a127017a6dc5efaf56540ff37ab78520b9a700a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0c791ef14632dff4cb4f32cf210e308db6e5205c...2a127017a6dc5efaf56540ff37ab78520b9a700a You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0c791ef1 by Salvatore Bonaccorso at 2018-03-08T22:40:07+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -7367,7 +7367,7 @@ CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 NOTE: https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4 CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on Rapid ...) - TODO: check + NOT-FOR-US: Rapid Scada CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...) - matrixssl [wheezy] - matrixssl (not supported in Wheezy) @@ -8648,11 +8648,11 @@ CVE-2018-4842 CVE-2018-4841 RESERVED CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2018-4838 (A vulnerability has been identified in Siemens EN100 Ethernet module ...) - TODO: check + NOT-FOR-US: Siemens CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic ...) NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic ...) @@ -16802,9 +16802,9 @@ CVE-2018-1445 CVE-2018-1444 RESERVED CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single sign-on ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1441 RESERVED CVE-2018-1440 @@ -16914,7 +16914,7 @@ CVE-2018-1389 CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...) NOT-FOR-US: IBM WebSphere MQ CVE-2018-1387 (IBM Application Performance Management for Monitoring Diagnostics ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1386 RESERVED CVE-2018-1385 @@ -17983,17 +17983,17 @@ CVE-2018-1222 CVE-2018-1221 RESERVED CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...) - TODO: check + NOT-FOR-US: EMC RSA Archer CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...) - TODO: check + NOT-FOR-US: EMC RSA Archer CVE-2018-1218 RESERVED CVE-2018-1217 RESERVED CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager ...) - TODO: check + NOT-FOR-US: EMC CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager ...) - TODO: check + NOT-FOR-US: EMC CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...) NOT-FOR-US: EMC CVE-2018-1213 @@ -18063,7 +18063,7 @@ CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines CVE-2018-1183 RESERVED CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle ...) - TODO: check + NOT-FOR-US: EMC CVE-2018-1181 RESERVED CVE-2017-17447 @@ -50107,13 +50107,13 @@ CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileg CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) - TODO: check + NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) - TODO: check + NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7639 RESERVED CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) - TODO: check + NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7637 RESERVED CVE-2017-7636 @@ -50121,7 +50121,7 @@ CVE-2017-7636 CVE-2017-7635 RESERVED CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...) - TODO: check + NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...) NOT-FOR-US: QNAP CVE-2017-7632 @@ -55023,7 +55023,7 @@ CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 CVE-2017-6153 RESERVED CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...) - TODO: check +
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add several new ming issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61b46756 by Salvatore Bonaccorso at 2018-03-08T22:31:55+01:00 Add several new ming issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -21,29 +21,41 @@ CVE-2018-7879 CVE-2018-7878 RESERVED CVE-2018-7877 (There is a heap-based buffer overflow in the getString function of ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/110 CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in the ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/109 CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/112 CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext in ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/115 CVE-2018-7873 (There is a heap-based buffer overflow in the getString function of ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/111 CVE-2018-7872 (An invalid memory address dereference was discovered in the function ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/114 CVE-2018-7871 (There is a heap-based buffer over-read in the getName function of ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/120 CVE-2018-7870 (An invalid memory address dereference was discovered in getString in ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/117 CVE-2018-7869 (There is a memory leak triggered in the function dcinit of ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/119 CVE-2018-7868 (There is a heap-based buffer over-read in the getName function of ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/113 CVE-2018-7867 (There is a heap-based buffer overflow in the getString function of ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/116 CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...) - TODO: check + - ming + NOTE: https://github.com/libming/libming/issues/118 CVE-2018-7865 RESERVED CVE-2018-7864 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61b46756e619554abdcc54d603bbb84e7995ed89 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61b46756e619554abdcc54d603bbb84e7995ed89 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7757/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8035ac8 by Salvatore Bonaccorso at 2018-03-08T22:23:56+01:00 Add CVE-2018-7757/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -261,7 +261,8 @@ CVE-2018-7759 CVE-2018-7758 RESERVED CVE-2018-7757 (Memory leak in the sas_smp_get_phy_events function in ...) - TODO: check + - linux + NOTE: Fixed by: https://git.kernel.org/linus/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 (4.16-rc1) CVE-2017-18222 (In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does ...) - linux 4.12.6-1 NOTE: Fixed by: https://git.kernel.org/linus/412b65d15a7f8a93794653968308fc100f2aa87c View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8035ac8229862071fe88a2c760d96de23d77e86 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8035ac8229862071fe88a2c760d96de23d77e86 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18222/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddf6d8fd by Salvatore Bonaccorso at 2018-03-08T22:18:48+01:00 Add CVE-2017-18222/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -263,7 +263,8 @@ CVE-2018-7758 CVE-2018-7757 (Memory leak in the sas_smp_get_phy_events function in ...) TODO: check CVE-2017-18222 (In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does ...) - TODO: check + - linux 4.12.6-1 + NOTE: Fixed by: https://git.kernel.org/linus/412b65d15a7f8a93794653968308fc100f2aa87c CVE-2018-7756 RESERVED CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ddf6d8fd2c807de2e47b11d958b4c0712026c0ee --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ddf6d8fd2c807de2e47b11d958b4c0712026c0ee You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fdbd0d2 by security tracker role at 2018-03-08T21:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,269 @@ +CVE-2018-7888 + RESERVED +CVE-2018-7887 + RESERVED +CVE-2018-7886 + RESERVED +CVE-2018-7885 + RESERVED +CVE-2018-7884 + RESERVED +CVE-2018-7883 + RESERVED +CVE-2018-7882 + RESERVED +CVE-2018-7881 + RESERVED +CVE-2018-7880 + RESERVED +CVE-2018-7879 + RESERVED +CVE-2018-7878 + RESERVED +CVE-2018-7877 (There is a heap-based buffer overflow in the getString function of ...) + TODO: check +CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in the ...) + TODO: check +CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ...) + TODO: check +CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext in ...) + TODO: check +CVE-2018-7873 (There is a heap-based buffer overflow in the getString function of ...) + TODO: check +CVE-2018-7872 (An invalid memory address dereference was discovered in the function ...) + TODO: check +CVE-2018-7871 (There is a heap-based buffer over-read in the getName function of ...) + TODO: check +CVE-2018-7870 (An invalid memory address dereference was discovered in getString in ...) + TODO: check +CVE-2018-7869 (There is a memory leak triggered in the function dcinit of ...) + TODO: check +CVE-2018-7868 (There is a heap-based buffer over-read in the getName function of ...) + TODO: check +CVE-2018-7867 (There is a heap-based buffer overflow in the getString function of ...) + TODO: check +CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...) + TODO: check +CVE-2018-7865 + RESERVED +CVE-2018-7864 + RESERVED +CVE-2018-7863 + RESERVED +CVE-2018-7862 + RESERVED +CVE-2018-7861 + RESERVED +CVE-2018-7860 + RESERVED +CVE-2018-7859 + RESERVED +CVE-2018-7858 + RESERVED +CVE-2018-7857 + RESERVED +CVE-2018-7856 + RESERVED +CVE-2018-7855 + RESERVED +CVE-2018-7854 + RESERVED +CVE-2018-7853 + RESERVED +CVE-2018-7852 + RESERVED +CVE-2018-7851 + RESERVED +CVE-2018-7850 + RESERVED +CVE-2018-7849 + RESERVED +CVE-2018-7848 + RESERVED +CVE-2018-7847 + RESERVED +CVE-2018-7846 + RESERVED +CVE-2018-7845 + RESERVED +CVE-2018-7844 + RESERVED +CVE-2018-7843 + RESERVED +CVE-2018-7842 + RESERVED +CVE-2018-7841 + RESERVED +CVE-2018-7840 + RESERVED +CVE-2018-7839 + RESERVED +CVE-2018-7838 + RESERVED +CVE-2018-7837 + RESERVED +CVE-2018-7836 + RESERVED +CVE-2018-7835 + RESERVED +CVE-2018-7834 + RESERVED +CVE-2018-7833 + RESERVED +CVE-2018-7832 + RESERVED +CVE-2018-7831 + RESERVED +CVE-2018-7830 + RESERVED +CVE-2018-7829 + RESERVED +CVE-2018-7828 + RESERVED +CVE-2018-7827 + RESERVED +CVE-2018-7826 + RESERVED +CVE-2018-7825 + RESERVED +CVE-2018-7824 + RESERVED +CVE-2018-7823 + RESERVED +CVE-2018-7822 + RESERVED +CVE-2018-7821 + RESERVED +CVE-2018-7820 + RESERVED +CVE-2018-7819 + RESERVED +CVE-2018-7818 + RESERVED +CVE-2018-7817 + RESERVED +CVE-2018-7816 + RESERVED +CVE-2018-7815 + RESERVED +CVE-2018-7814 + RESERVED +CVE-2018-7813 + RESERVED +CVE-2018-7812 + RESERVED +CVE-2018-7811 + RESERVED +CVE-2018-7810 + RESERVED +CVE-2018-7809 + RESERVED +CVE-2018-7808 + RESERVED +CVE-2018-7807 + RESERVED +CVE-2018-7806 + RESERVED +CVE-2018-7805 + RESERVED +CVE-2018-7804 + RESERVED +CVE-2018-7803 + RESERVED +CVE-2018-7802 + RESERVED +CVE-2018-7801 + RESERVED +CVE-2018-7800 + RESERVED +CVE-2018-7799 + RESERVED +CVE-2018-7798 + RESERVED +CVE-2018-7797 + RESERVED +CVE-2018-7796 + RESERVED +CVE-2018-7795 + RESERVED +CVE-2018-7794 + RESERVED +CVE-2018-7793 + RESERVED +CVE-2018-7792 + RESERVED +CVE-2018-7791 + RESERVED +CVE-2018-7790 + RESERVED +CVE-2018-7789 + RESERVED +CVE-2018-7788 + RESERVED +CVE-2018-7787 + RESERVED +CVE-2018-7786 + RESERVED +CVE-2018-7785 + RESERVED +CVE-2018-7784 + RESERVED +CVE-2018-7783 + RESERVED +CVE-2018-7782 + RESERVED +CVE-2018-7781 + RESERVED +CVE-2018-7780 + RESERVED +CVE-2018-7779 + RESERVED +CVE-2018-7778 + RESERVED +CVE-2018- + RESERVED +CVE-2018-7776 + RESERVED +CVE-2018-7775 + RESERVED +CVE-2018-7774 + RESERVED +CVE-2018-7773 +
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2015-8855
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 42c2802c by Salvatore Bonaccorso at 2018-03-08T22:08:51+01:00 Add fixed version for CVE-2015-8855 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -119310,7 +119310,7 @@ CVE-2015-3011 (Multiple cross-site scripting (XSS) vulnerabilities in the contac NOTE: owncloud-contacts fixed in 0.3.0.18+8.0.0+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-001 CVE-2015-8855 (The semver package before 4.3.2 for Node.js allows attackers to cause ...) - - node-semver (unimportant) + - node-semver 5.3.0-1 (unimportant) NOTE: https://nodesecurity.io/advisories/semver_redos NOTE: https://github.com/npm/npm/releases/tag/v2.7.5 NOTE: libv8 is not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42c2802ceb865bedfef91a7431f50dfe2b5fa489 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42c2802ceb865bedfef91a7431f50dfe2b5fa489 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7290, NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7251faa by Salvatore Bonaccorso at 2018-03-08T22:01:45+01:00 Add CVE-2018-7290, NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1479,8 +1479,9 @@ CVE-2018-7292 RESERVED CVE-2018-7291 RESERVED -CVE-2018-7290 +CVE-2018-7290 [Stored XSS vulnerability] RESERVED + NOT-FOR-US: Tiki CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...) NOT-FOR-US: Armadito CVE-2018-7288 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7251faab0ad42cddae0df8edd30567c2c4aac20 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7251faab0ad42cddae0df8edd30567c2c4aac20 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update reference for CVE-2018-7550
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 933990d8 by Salvatore Bonaccorso at 2018-03-08T21:58:15+01:00 Update reference for CVE-2018-7550 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -668,7 +668,7 @@ CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that le CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ...) - qemu (bug #892041) - qemu-kvm - NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg01885.html CVE-2018-7549 (In params.c in zsh through 5.4.2, there is a crash during a copy of an ...) - zsh (unimportant) NOTE: https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/933990d8b6bbcc192c4e1c4f96b5da11b121ab6f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/933990d8b6bbcc192c4e1c4f96b5da11b121ab6f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Fix note for CVE-2017-7427
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f41ca59 by Salvatore Bonaccorso at 2018-03-08T21:57:32+01:00 Fix note for CVE-2017-7427 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -50702,7 +50702,7 @@ CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 8.8. CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...) NOT-FOR-US: NetIQ iManager CVE-2017-7427 (Multiple cross site scripting attacks were found in the Identity ...) -0 NOT-FOR-US: NetIQ Identity Manager Plug-in, + NOT-FOR-US: NetIQ Identity Manager Plug-in CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML ...) NOT-FOR-US: NetIQ Identity Manager Plugins CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f41ca598e92201f43d7b5d7e51d8592690ec6ce --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f41ca598e92201f43d7b5d7e51d8592690ec6ce You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f3127a92 by Moritz Muehlenhoff at 2018-03-08T21:46:00+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -592,7 +592,7 @@ CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kerne [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 CVE-2017-18207 (** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py ...) - TODO: check + NOTE: Nonsense report for Python CVE-2018-1000103 - jenkins CVE-2018-1000102 @@ -1838,7 +1838,7 @@ CVE-2018-7208 (In the coff_pointerize_aux function in coffgen.c in the Binary Fi CVE-2018-7207 REJECTED CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthenticator ...) - TODO: check + NOT-FOR-US: JupyterHub CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ...) NOT-FOR-US: Kentico CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...) @@ -26264,7 +26264,7 @@ CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2. NOTE: https://github.com/radare/radare2/issues/8673 NOTE: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515 CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection ...) - TODO: check + NOT-FOR-US: Bacula-Web CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...) NOT-FOR-US: Thornberry NDoc CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...) @@ -50702,7 +50702,7 @@ CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 8.8. CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...) NOT-FOR-US: NetIQ iManager CVE-2017-7427 (Multiple cross site scripting attacks were found in the Identity ...) - TODO: check +0 NOT-FOR-US: NetIQ Identity Manager Plug-in, CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML ...) NOT-FOR-US: NetIQ Identity Manager Plugins CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager ...) @@ -54391,9 +54391,9 @@ CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does ...) NOT-FOR-US: MikroTik RouterOS CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2017-6294 RESERVED CVE-2017-6293 @@ -54415,11 +54415,11 @@ CVE-2017-6286 CVE-2017-6285 RESERVED CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2017-6281 RESERVED CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerability due ...) @@ -54431,7 +54431,7 @@ CVE-2017-6278 CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal Driver, ...) NOT-FOR-US: NVIDIA components for Android CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal Driver, ...) @@ -67790,7 +67790,7 @@ CVE-2017-1656 CVE-2017-1655 RESERVED CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...) NOT-FOR-US: IBM Jazz Foundation CVE-2017-1652 @@ -130639,7 +130639,7 @@ CVE-2014-8782 CVE-2014-8781 RESERVED CVE-2014-8780 (Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote ...) - TODO: check + NOT-FOR-US: Jease CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different ...) NOT-FOR-US: Pexip Infinity CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] exempi, libcdio, python-crypto, mp4v2 no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ca2d576 by Moritz Muehlenhoff at 2018-03-08T21:38:37+01:00
exempi, libcdio, python-crypto, mp4v2 no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -71,21 +71,28 @@ CVE-2018-7733 (An issue was discovered in YxtCMF 3.1.
RbacController.class.php h
CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in
...)
NOT-FOR-US: YxtCMF
CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...)
- - exempi
+ - exempi (low)
+ [stretch] - exempi (Minor issue)
[jessie] - exempi (Vulnerable code introduced later)
[wheezy] - exempi (Vulnerable code introduced later)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105247
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f5
CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case
of a ...)
- - exempi
+ - exempi (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105204
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b
CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a
stack-based ...)
- - exempi
+ - exempi (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105206
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c
CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...)
- - exempi
+ - exempi (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105205
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f
CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory
leak ...)
@@ -991,10 +998,14 @@ CVE-2018-7445
CVE-2018-7444
RESERVED
CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows
remote ...)
- - libcdio 1.0.0-1
+ - libcdio 1.0.0-1 (low)
+ [stretch] - libcdio (Minor issue)
+ [jessie] - libcdio (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?52264
CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before
1.0.0 allows ...)
- - libcdio 1.0.0-1
+ - libcdio 1.0.0-1 (low)
+ [stretch] - libcdio (Minor issue)
+ [jessie] - libcdio (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?52265
CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the
...)
{DLA-1299-1}
@@ -1252,7 +1263,9 @@ CVE-2018-7341
CVE-2018-7340
RESERVED
CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0
mishandles ...)
- - mp4v2
+ - mp4v2 (low)
+ [stretch] - mp4v2 (Minor issue)
+ [jessie] - mp4v2 (Minor issue)
NOTE: https://github.com/pingsuewim/libmp4_bof
CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the
signup ...)
NOT-FOR-US: HamayeshNegar CMS
@@ -1523,6 +1536,8 @@ CVE-2018-186
CVE-2018-185 [Out-of-bounds heap read in XAR parser]
RESERVED
- clamav 0.99.3~beta1+dfsg-1
+ [stretch] - clamav (clamav is updated via -updates)
+ [jessie] - clamav (clamav is updated via -updates)
NOTE:
https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
CVE-2018-184
@@ -3468,6 +3483,8 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in
PyCrypto through 2.6.1 generat
{DLA-1283-1}
- pycryptodome 3.4.11-1 (bug #889998)
- python-crypto (bug #88)
+ [stretch] - python-crypto (Minor issue)
+ [jessie] - python-crypto (Minor issue)
NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
NOTE: The issue is found as well in pycryptodome (fork from
python-crypto)
NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ca2d576c37ef6b5f56ec136fea4a3cde1e78852
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ca2d576c37ef6b5f56ec136fea4a3cde1e78852
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Triage CVE-2018-7726 & CVE-2018-7727 (zziplib) for wheezy.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 4684c467 by Chris Lamb at 2018-03-08T07:08:54-08:00 Triage CVE-2018-7726 CVE-2018-7727 (zziplib) for wheezy. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -92,11 +92,13 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory lea - zziplib (low) [stretch] - zziplib (Minor issue) [jessie] - zziplib (Minor issue) + [wheezy] - zziplib (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/40 CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused ...) - zziplib (low) [stretch] - zziplib (Minor issue) [jessie] - zziplib (Minor issue) + [wheezy] - zziplib (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/41 CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address ...) - zziplib (low) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4684c4676f63df8a10eba562685a67241cd9e96f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4684c4676f63df8a10eba562685a67241cd9e96f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add upstream issue link note for CVE-2018-7712, CVE-2018-7713, CVE-2018-7714/opencv
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: 090d6ca6 by Santiago R.R at 2018-03-08T14:35:20+01:00 Add upstream issue link note for CVE-2018-7712,CVE-2018-7713,CVE-2018-7714/opencv Signed-off-by: Santiago R.R santiag...@riseup.net - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -147,14 +147,17 @@ CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalat CVE-2018-7714 (The validateInputImageSize function in ...) - opencv NOTE: https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert + NOTE: https://github.com/opencv/opencv/issues/10998 TODO: check CVE-2018-7713 (The validateInputImageSize function in ...) - opencv NOTE: https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert + NOTE: https://github.com/opencv/opencv/issues/10998 TODO: check CVE-2018-7712 (The validateInputImageSize function in ...) - opencv NOTE: https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert + NOTE: https://github.com/opencv/opencv/issues/10998 TODO: check CVE-2018-7710 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/090d6ca689b397b0b77e127a26de073f6090f9da --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/090d6ca689b397b0b77e127a26de073f6090f9da You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new adminer issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 52c94b09 by Moritz Muehlenhoff at 2018-03-08T12:04:48+01:00 new adminer issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -265,7 +265,7 @@ CVE-2018-7669 CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read arbitrary ...) NOT-FOR-US: TestLink CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...) - TODO: check + - adminer CVE-2018-7666 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL ...) NOT-FOR-US: ClipBucket CVE-2018-7665 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. A ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52c94b09b6685f4017ca041b9209986a11296ae8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52c94b09b6685f4017ca041b9209986a11296ae8 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f629490 by Moritz Muehlenhoff at 2018-03-08T11:38:12+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -237,7 +237,7 @@ CVE-2018-7677
CVE-2018-7676
RESERVED
CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into
the ...)
- TODO: check
+ NOT-FOR-US: NetIQ Sentinel
CVE-2018-7674
RESERVED
CVE-2018-7673
@@ -907,7 +907,7 @@ CVE-2018-7475
CVE-2018-7474
RESERVED
CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot
web ...)
- TODO: check
+ NOT-FOR-US: SO Connect SO WIFI
CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: INVT Studio
CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage
API read ...)
@@ -1647,7 +1647,7 @@ CVE-2018-7266
CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file
that ...)
NOT-FOR-US: Shimmie
CVE-2018-7264 (The Pictview image processing library embedded in the ActivePDF
...)
- TODO: check
+ NOT-FOR-US: ActivePDF
CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b
...)
- libid3tag 0.15.1b-5 (bug #304913)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
@@ -1822,7 +1822,7 @@ CVE-2018-7206 (An issue was discovered in Project Jupyter
JupyterHub OAuthentica
CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in
...)
NOT-FOR-US: Kentico
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2
for ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-7203
RESERVED
CVE-2018-7202
@@ -2448,7 +2448,7 @@ CVE-2018-6949
CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can
cause a ...)
NOT-FOR-US: CCN-lite 2
CVE-2018-6947 (An uninitialised stack variable in the nxfuse component that is
part ...)
- TODO: check
+ NOT-FOR-US: DokanFS
CVE-2018-6946
RESERVED
CVE-2018-6945
@@ -3184,7 +3184,7 @@ CVE-2018-6655 (PHP Scripts Mall Doctor Search Script
1.0.2 has Stored XSS via an
CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows
remote ...)
NOT-FOR-US: Grammarly extension for Chrome
CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as
used in ...)
- TODO: check
+ NOT-FOR-US: comforte SWAP
CVE-2018-6652
RESERVED
CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before
0.07, as ...)
@@ -3473,7 +3473,7 @@ CVE-2018-6593 (An issue was discovered in MalwareFox
AntiMalware 2.74.0.150. Imp
CVE-2018-6592 (Unisys Stealth Windows endpoints before 3.3.016.1 allow local
users to ...)
NOT-FOR-US: Unisys Stealth Windows endpoints
CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers
to obtain ...)
- TODO: check
+ NOT-FOR-US: Converse.js
CVE-2018-6590
RESERVED
CVE-2018-6589
@@ -6680,7 +6680,7 @@ CVE-2018-5454
CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue
was ...)
NOT-FOR-US: Moxa
CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson
Process ...)
- TODO: check
+ NOT-FOR-US: Emerson Process Management ControlWave Micro Process
Automation Controller
CVE-2018-5451
RESERVED
CVE-2018-5450
@@ -17053,7 +17053,7 @@ CVE-2018-1345
CVE-2018-1344
RESERVED
CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can
upload ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2018-1341
@@ -17400,7 +17400,7 @@ CVE-2018-1318
CVE-2018-1317
RESERVED
CVE-2018-1316 (The ODE process deployment web service was sensible to
deployment ...)
- TODO: check
+ NOT-FOR-US: Apache ODE
CVE-2018-1315
RESERVED
CVE-2018-1314
@@ -21374,7 +21374,7 @@ CVE-2017-16924 (Remote Information Disclosure and
Escalation of Privileges in ..
CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen
Tenda ...)
NOT-FOR-US: Shenzhen Tenda
CVE-2017-16922 (In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in
Wowza ...)
- TODO: check
+ NOT-FOR-US: Wowza
CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and
including ...)
{DSA-4066-1 DLA-1212-1}
- otrs2 6.0.2-1 (bug #883774)
@@ -25703,7 +25703,7 @@ CVE-2017-15521
CVE-2017-15520
REJECTED
CVE-2017-15519 (Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated
remote ...)
- TODO: check
+ NOT-FOR-US: SnapCenter
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7755/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d18c59b1 by Salvatore Bonaccorso at 2018-03-08T10:58:27+01:00 Add CVE-2018-7755/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,8 @@ CVE-2018-7756 RESERVED CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...) - TODO: check + - linux + NOTE: https://lkml.org/lkml/2018/3/7/1116 CVE-2018-7754 RESERVED CVE-2018-7751 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d18c59b1f9b211415318b434bb9cbd0922b8771d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d18c59b1f9b211415318b434bb9cbd0922b8771d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 692d1840 by Moritz Muehlenhoff at 2018-03-08T10:39:48+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -18769,33 +18769,33 @@ CVE-2017-17146 CVE-2017-17145 RESERVED CVE-2017-17144 (Backup feature of SIP module in Huawei DP300 V500R002C00; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17143 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17142 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17141 (Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17140 (Huawei Enjoy 5s and Y6 Pro smartphones with software the versions ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17139 (Huawei Mate 9 and Mate 9 pro smart phones with software the versions ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17138 (PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17137 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17136 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17135 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17134 (XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17133 (Huawei VP9660 V500R002C10 has a null pointer reference vulnerability ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17132 (Huawei VP9660 V500R002C10 has a uncontrolled format string ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17131 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in ...) - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1100 @@ -20878,41 +20878,41 @@ CVE-2018-0226 CVE-2018-0225 RESERVED CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system for ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0223 (A vulnerability in DesktopServlet in the web-based management interface ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0222 RESERVED CVE-2018-0221 (A vulnerability in specific CLI commands for the Cisco Identity ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0220 (A vulnerability in the web-based management interface of Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0219 (A vulnerability in the web-based management interface of Cisco Unified ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0218 (A vulnerability in the web-based user interface of the Cisco Secure ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0217 (A vulnerability in the CLI of the Cisco StarOS operating system for ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0216 (A vulnerability in the web-based management interface of Cisco Identity ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0215 (A vulnerability in the web-based management interface of Cisco Identity ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0214 (A vulnerability in certain CLI commands of Cisco Identity Services ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0213 (A vulnerability in the credential reset functionality for Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0212 (A vulnerability in the web-based management interface of Cisco Identity ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0211 (A vulnerability in specific CLI commands for the Cisco Identity ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0210 (A vulnerability in the web-based management interface of Cisco Data ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0209 (A vulnerability in the Simple Network Management Protocol (SNMP) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0208 (A vulnerability in the web-based management interface of the (cloud ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0207 (A vulnerability in the web-based user interface of the Cisco Secure ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US:
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4528b518 by security tracker role at 2018-03-08T09:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-7756
+ RESERVED
+CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
+ TODO: check
+CVE-2018-7754
+ RESERVED
CVE-2018-7751
RESERVED
CVE-2018-7750
@@ -28,7 +34,7 @@ CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap
corruption vulnerabilit
NOTE:
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
NOTE: Same patch/commit as #788964 (as used for fixing CVE-2015-5621)
NOTE: adresses CVE-2018-1000116 as well.
-CVE-2018-7753 [URI values with character entities not properly sanitized]
+CVE-2018-7753 (An issue was discovered in Bleach 2.1.x before 2.1.3.
Attributes that ...)
- python-bleach 2.1.3-1 (bug #892252)
[stretch] - python-bleach (Vulnerable code introduced
later)
[jessie] - python-bleach (Vulnerable code introduced
later)
@@ -109,7 +115,7 @@ CVE-2018-7720 (A cross-site request forgery (CSRF)
vulnerability exists in Weste
NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7719
RESERVED
-CVE-2018-7752 [Stack buffer overflow in avc_parsers.c]
+CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the
gf_media_avc_read_sps ...)
- gpac
NOTE: https://github.com/gpac/gpac/issues/997
NOTE:
https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
@@ -229,8 +235,8 @@ CVE-2018-7677
RESERVED
CVE-2018-7676
RESERVED
-CVE-2018-7675
- RESERVED
+CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into
the ...)
+ TODO: check
CVE-2018-7674
RESERVED
CVE-2018-7673
@@ -713,10 +719,12 @@ CVE-2018-7644 (The XmlSecLibs library as used in the
saml2 library in SimpleSAML
NOTE: Fixed by:
https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
CVE-2018-7537 [Denial-of-service possibility in truncatechars_html and
truncatewords_html template filters]
RESERVED
+ {DLA-1303-1}
- python-django 1:1.11.11-1
NOTE:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
CVE-2018-7536 [Denial-of-service possibility in urlize and urlizetrunc
template filters]
RESERVED
+ {DLA-1303-1}
- python-django 1:1.11.11-1
NOTE:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
CVE-2018-7535
@@ -1933,7 +1941,7 @@ CVE-2018-7172 (In index.php in WonderCMS before 2.4.1,
remote attackers can dele
NOT-FOR-US: WonderCMS
CVE-2018-7171
RESERVED
-CVE-2018-7170 (nptd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows
...)
+CVE-2018-7170 (ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows
...)
- ntp
- ntpsec (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
@@ -6009,6 +6017,7 @@ CVE-2018-5734 [A malformed request can trigger an
assertion failure in badcache.
NOTE: https://kb.isc.org/article/AA-01562/74/CVE-2018-5734
CVE-2018-5733 [A malicious client can overflow a reference counter in ISC
dhcpd]
RESERVED
+ {DSA-4133-1}
- isc-dhcp 4.3.5-3.1 (bug #891785)
NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733
NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140
@@ -6016,6 +6025,7 @@ CVE-2018-5733 [A malicious client can overflow a
reference counter in ISC dhcpd]
NOTE: Fixes for 4.3.6p1:
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-5732 [A specially constructed response from a malicious server can
cause a buffer overflow in dhclient]
RESERVED
+ {DSA-4133-1}
- isc-dhcp 4.3.5-3.1 (bug #891786)
NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139
@@ -20867,42 +20877,42 @@ CVE-2018-0226
RESERVED
CVE-2018-0225
RESERVED
-CVE-2018-0224
- RESERVED
-CVE-2018-0223
- RESERVED
+CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system
for ...)
+ TODO: check
+CVE-2018-0223 (A vulnerability in DesktopServlet in the web-based management
interface ...)
+ TODO: check
CVE-2018-0222
RESERVED
-CVE-2018-0221
- RESERVED
-CVE-2018-0220
- RESERVED
-CVE-2018-0219
- RESERVED
-CVE-2018-0218
- RESERVED
-CVE-2018-0217
- RESERVED
-CVE-2018-0216
- RESERVED
-CVE-2018-0215
- RESERVED
-CVE-2018-0214
- RESERVED
-CVE-2018-0213
- RESERVED
-CVE-2018-0212
-
