[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] unify error message generation: librelp and rsyslog
Luciano Bello pushed to branch master at Debian Security Tracker / security-tracker Commits: fbf74ec9 by Luciano Bello at 2018-03-22T21:12:54-04:00 unify error message generation: librelp and rsyslog - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -355,6 +355,10 @@ CVE-2018-8778 RESERVED CVE-2018-8777 RESERVED +CVE-2018- [unify error message generation] + - librelp + - rsyslog + NOTE: Patch https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf CVE-2018- [Multiple vulnerabilities in CiviCRM] - civicrm 4.7.30+dfsg-1 (bug #887330) NOTE: https://civicrm.org/blog/dev-team/security-release-civicrm-4726-and-4633-monthly-release-4727 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbf74ec90c9a2412b7514b55d2302e3daf4b2ce0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbf74ec90c9a2412b7514b55d2302e3daf4b2ce0 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Claim freeplane in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 90174779 by Markus Koschany at 2018-03-22T23:50:06+01:00 Claim freeplane in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -24,6 +24,8 @@ elinks -- firefox-esr -- +freeplane (Markus Koschany) +-- gcc-4.6 (Roberto C. Sánchez) NOTE: Backport the retpoline support for spectre mitigation. NOTE: Coordinate with jmm who started the work for gcc-4.9 in jessie. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/901747795567fb3e0a44680433630d7f34657b55 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/901747795567fb3e0a44680433630d7f34657b55 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1000069, freeplane: Link to patch
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 80713b31 by Markus Koschany at 2018-03-22T23:42:10+01:00 CVE-2018-169,freeplane: Link to patch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4347,6 +4347,7 @@ CVE-2018-170 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or a CVE-2018-169 (FreePlane version 1.5.9 and earlier contains a XML External Entity ...) - freeplane 1.6.6-1 (bug #893663) NOTE: https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser + NOTE: https://github.com/freeplane/freeplane/commit/a5dce7f9f CVE-2018-7279 (A remote code execution issue was discovered in AlienVault USM and ...) NOT-FOR-US: AlienVault CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80713b318b194062f6d635981c1961f46f4dc1a3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80713b318b194062f6d635981c1961f46f4dc1a3 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 65727d38 by Moritz Muehlenhoff at 2018-03-22T23:14:55+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -9,19 +9,19 @@ CVE-2018-8938 CVE-2018-8937 RESERVED CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...) - TODO: check + NOT-FOR-US: AMD CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...) - TODO: check + NOT-FOR-US: AMD CVE-2018-8934 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...) - TODO: check + NOT-FOR-US: AMD CVE-2018-8933 (The AMD EPYC Server processor chips have insufficient access control ...) - TODO: check + NOT-FOR-US: AMD CVE-2018-8932 (The AMD Ryzen and Ryzen Pro processor chips have insufficient access ...) - TODO: check + NOT-FOR-US: AMD CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have ...) - TODO: check + NOT-FOR-US: AMD CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...) - TODO: check + NOT-FOR-US: AMD CVE-2018-8929 RESERVED CVE-2018-8928 @@ -3454,7 +3454,7 @@ CVE-2018-7534 CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI ...) NOT-FOR-US: OSIsoft PI CVE-2018-7532 (Unauthentication vulnerabilities have been identified in Geutebruck ...) - TODO: check + NOT-FOR-US: IP Geutebruck and Topline IP cameras CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI Data ...) NOT-FOR-US: OSIsoft PI CVE-2018-7530 @@ -3462,7 +3462,7 @@ CVE-2018-7530 CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in OSIsoft PI ...) NOT-FOR-US: OSIsoft PI CVE-2018-7528 (An SQL injection vulnerability has been identified in Geutebruck ...) - TODO: check + NOT-FOR-US: IP Geutebruck and Topline IP cameras CVE-2018-7527 RESERVED CVE-2018-7526 @@ -3470,7 +3470,7 @@ CVE-2018-7526 CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in ...) - TODO: check + NOT-FOR-US: IP Geutebruck and Topline IP cameras CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7522 @@ -3478,7 +3478,7 @@ CVE-2018-7522 CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7520 (An improper access control vulnerability has been identified in ...) - TODO: check + NOT-FOR-US: IP Geutebruck and Topline IP cameras CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7518 @@ -3486,7 +3486,7 @@ CVE-2018-7518 CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7516 (A server-side request forgery vulnerability has been identified in ...) - TODO: check + NOT-FOR-US: IP Geutebruck and Topline IP cameras CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7514 @@ -3494,7 +3494,7 @@ CVE-2018-7514 CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7512 (A cross-site scripting vulnerability has been identified in Geutebruck ...) - TODO: check + NOT-FOR-US: IP Geutebruck and Topline IP cameras CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases ...) NOT-FOR-US: Eaton ELCSoft CVE-2018-7510 @@ -6628,7 +6628,7 @@ CVE-2017-18096 CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...) NOT-FOR-US: Atlassian Crucible CVE-2017-18094 (Various resources in Atlassian Fisheye and Crucible before version ...) - TODO: check + NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2017-18093 (Various resources in Atlassian Fisheye and Crucible before version ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2017-18092 (The print snippet resource in Atlassian Crucible before version 4.4.3 ...) @@ -8815,7 +8815,7 @@ CVE-2018-105 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5 NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch CVE-2018-5731 (An issue was discove
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] kamailio, plexus-utils2 DSAs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e502dc8 by Moritz Muehlenhoff at 2018-03-22T23:05:06+01:00
kamailio, plexus-utils2 DSAs
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,10 @@
+[22 Mar 2018] DSA-4149-1 plexus-utils2 - security update
+ {CVE-2017-1000487}
+ [jessie] - plexus-utils2 3.0.15-1+deb8u1
+[22 Mar 2018] DSA-4148-1 kamailio - security update
+ {CVE-2018-8828}
+ [jessie] - kamailio 4.2.0-2+deb8u3
+ [stretch] - kamailio 4.4.4-2+deb9u1
[21 Mar 2018] DSA-4147-1 polarssl - security update
{CVE-2017-18187 CVE-2018-0487 CVE-2018-0488}
[jessie] - polarssl 1.3.9-2.1+deb8u3
=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -65,8 +65,6 @@ phpmyadmin/oldstable (abhijith)
--
pjproject
--
-plexus-utils2/oldstable (jmm)
---
python-django (luciano)
Brian May proposed a debdiff for jessie-security, needs review and ack.
stretch-security update needed as well to be done.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e502dc83ab6f4b45281c8a961d7b330deb58162
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e502dc83ab6f4b45281c8a961d7b330deb58162
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] exempi, obs no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
456db781 by Moritz Muehlenhoff at 2018-03-22T23:02:42+01:00
exempi, obs no-dsa
zsh undetermined
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -498,32 +498,44 @@ CVE-2018-8727
RESERVED
CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...)
{DLA-1310-1}
- - exempi 2.4.4-1
+ - exempi 2.4.4-1 (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102483
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331
CVE-2017-18237 (An issue was discovered in Exempi before 2.4.3. The ...)
- - exempi 2.4.3-1
+ - exempi 2.4.3-1 (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
[wheezy] - exempi (vulnerable code not present)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101914
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048
CVE-2017-18236 (An issue was discovered in Exempi before 2.4.4. The ...)
{DLA-1310-1}
- - exempi 2.4.4-1
+ - exempi 2.4.4-1 (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102484
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806
CVE-2017-18235 (An issue was discovered in Exempi before 2.4.3. The VPXChunk
class in ...)
- - exempi 2.4.3-1
+ - exempi 2.4.3-1 (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
[wheezy] - exempi (vulnerable code not present)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101913
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4
CVE-2017-18234 (An issue was discovered in Exempi before 2.4.3. It allows
remote ...)
{DLA-1310-1}
- - exempi 2.4.3-1
+ - exempi 2.4.3-1 (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100397
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c
CVE-2017-18233 (An issue was discovered in Exempi before 2.4.4. Integer
overflow in the ...)
{DLA-1310-1}
- - exempi 2.4.4-1
+ - exempi 2.4.4-1 (low)
+ [stretch] - exempi (Minor issue)
+ [jessie] - exempi (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102151
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260
CVE-2018-8726
@@ -21052,8 +21064,9 @@ CVE-2018-1073
CVE-2018-1072
RESERVED
CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer
...)
- - zsh
+ - zsh
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
+ NOTE: No actionable information at this point
CVE-2018-1070
RESERVED
CVE-2018-1069 (Red Hat OpenShift Enterprise version 3.7 is vulnerable to
access ...)
@@ -47594,7 +47607,8 @@ CVE-2017-9270 (In cryptctl before version 2.0 a
malicious server could send RPC
CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM
repositories ...)
- libzypp
CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and
rebuild ...)
- - open-build-service
+ - open-build-service (low)
+ [stretch] - open-build-service (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1045519
CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not
...)
NOT-FOR-US: Novell eDirectory
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/456db7819d8f2eed0f2bf58726df14c6407440fe
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/456db7819d8f2eed0f2bf58726df14c6407440fe
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1313-1 for isc-dhcp
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e90aae1 by Thorsten Alteholz at 2018-03-22T22:16:11+01:00
Reserve DLA-1313-1 for isc-dhcp
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[22 Mar 2018] DLA-1313-1 isc-dhcp - security update
+ {CVE-2018-5732 CVE-2018-5733}
+ [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u9
[22 Mar 2018] DLA-1312-1 libvorbisidec - security update
{CVE-2018-5147}
[wheezy] - libvorbisidec 1.0.2+svn18153-0.2+deb7u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -50,8 +50,6 @@ ipython
NOTE: with untrusted content and upgrade to Jessie. Please double-check all
NOTE: this.
--
-isc-dhcp (Thorsten Alteholz)
---
jruby (Santiago R.R.)
--
krb5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e90aae168202f7faef701c76c029f44afb5c031
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e90aae168202f7faef701c76c029f44afb5c031
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1312-1 for libvorbisidec
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18f9f814 by Thorsten Alteholz at 2018-03-22T22:13:43+01:00
Reserve DLA-1312-1 for libvorbisidec
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[22 Mar 2018] DLA-1312-1 libvorbisidec - security update
+ {CVE-2018-5147}
+ [wheezy] - libvorbisidec 1.0.2+svn18153-0.2+deb7u1
[22 Mar 2018] DLA-1311-1 adminer - security update
{CVE-2018-7667}
[wheezy] - adminer 3.3.3-1+deb7u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -87,8 +87,6 @@ libvorbis
NOTE: Underlying reason for CVE-2017-14160 yet unclear, no upstream feedback
on this issue.
NOTE: Fixes for other CVEs applied upstream and in sid.
--
-libvorbisidec (Thorsten Alteholz)
---
linux
--
mercurial
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18f9f8145b76a36814fe261cbef8df5ba4f5b21a
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18f9f8145b76a36814fe261cbef8df5ba4f5b21a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ea636f4 by security tracker role at 2018-03-22T21:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,67 @@
+CVE-2018-8941
+ RESERVED
+CVE-2018-8940
+ RESERVED
+CVE-2018-8939
+ RESERVED
+CVE-2018-8938
+ RESERVED
+CVE-2018-8937
+ RESERVED
+CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile
processor chips ...)
+ TODO: check
+CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro
platforms, ...)
+ TODO: check
+CVE-2018-8934 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro
platforms, ...)
+ TODO: check
+CVE-2018-8933 (The AMD EPYC Server processor chips have insufficient access
control ...)
+ TODO: check
+CVE-2018-8932 (The AMD Ryzen and Ryzen Pro processor chips have insufficient
access ...)
+ TODO: check
+CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have
...)
+ TODO: check
+CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile
processor chips ...)
+ TODO: check
+CVE-2018-8929
+ RESERVED
+CVE-2018-8928
+ RESERVED
+CVE-2018-8927
+ RESERVED
+CVE-2018-8926
+ RESERVED
+CVE-2018-8925
+ RESERVED
+CVE-2018-8924
+ RESERVED
+CVE-2018-8923
+ RESERVED
+CVE-2018-8922
+ RESERVED
+CVE-2018-8921
+ RESERVED
+CVE-2018-8920
+ RESERVED
+CVE-2018-8919
+ RESERVED
+CVE-2018-8918
+ RESERVED
+CVE-2018-8917
+ RESERVED
+CVE-2018-8916
+ RESERVED
+CVE-2018-8915
+ RESERVED
+CVE-2018-8914
+ RESERVED
+CVE-2018-8913
+ RESERVED
+CVE-2018-8912
+ RESERVED
+CVE-2018-8911
+ RESERVED
+CVE-2018-8910
+ RESERVED
CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows
attackers to ...)
NOT-FOR-US: Wire application for Android
CVE-2018-8908
@@ -2865,6 +2929,7 @@ CVE-2018-7669
CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read
arbitrary ...)
NOT-FOR-US: TestLink
CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
+ {DLA-1311-1}
- adminer 4.5.0-1 (bug #893668)
[stretch] - adminer (Minor issue, issue can be mitigated by
upfront application firewalling)
[jessie] - adminer (Minor issue, issue can be mitigated by
upfront application firewalling)
@@ -3376,48 +3441,48 @@ CVE-2018-7534
RESERVED
CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in
OSIsoft PI ...)
NOT-FOR-US: OSIsoft PI
-CVE-2018-7532
- RESERVED
+CVE-2018-7532 (Unauthentication vulnerabilities have been identified in
Geutebruck ...)
+ TODO: check
CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI
Data ...)
NOT-FOR-US: OSIsoft PI
CVE-2018-7530
RESERVED
CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in
OSIsoft PI ...)
NOT-FOR-US: OSIsoft PI
-CVE-2018-7528
- RESERVED
+CVE-2018-7528 (An SQL injection vulnerability has been identified in
Geutebruck ...)
+ TODO: check
CVE-2018-7527
RESERVED
CVE-2018-7526
RESERVED
CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7524
- RESERVED
+CVE-2018-7524 (A cross-site request forgery vulnerability has been identified
in ...)
+ TODO: check
CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7522
RESERVED
CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free
...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7520
- RESERVED
+CVE-2018-7520 (An improper access control vulnerability has been identified in
...)
+ TODO: check
CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7518
RESERVED
CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7516
- RESERVED
+CVE-2018-7516 (A server-side request forgery vulnerability has been identified
in ...)
+ TODO: check
CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7514
RESERVED
CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7512
- RESERVED
+CVE-2018-7512 (A cross-site scripting vulnerability has been identified in
Geutebruck ...)
+ TODO: check
CVE-2018-7511 (In Eaton ELCS
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-8905/tiff
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e37134d by Salvatore Bonaccorso at 2018-03-22T17:11:23+01:00 Add bug reference for CVE-2018-8905/tiff - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -7,7 +7,8 @@ CVE-2018-8907 CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...) NOT-FOR-US: dsmall CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...) - - tiff + - tiff (bug #893806) + - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780 CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) NOT-FOR-US: Windows Optimization Master View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e37134d86b632c9726056df09773d6344041cb4 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0e37134d86b632c9726056df09773d6344041cb4 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2017-11333 for DSA-4113-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eb901a44 by Salvatore Bonaccorso at 2018-03-22T16:55:15+01:00
Add CVE-2017-11333 for DSA-4113-1
- - - - -
1c89a1f7 by Salvatore Bonaccorso at 2018-03-22T16:55:56+01:00
Mark CVE-2017-11333 already fixed with the NMU from Guido
Upstream considers it fixed by limiting the channels to 256 channels.
Details in https://gitlab.xiph.org/xiph/vorbis/issues/2332
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41391,8 +41391,7 @@ CVE-2017-11334 (The address_space_write_continue
function in exec.c in QEMU (aka
NOTE:
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece
NOTE:
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
libvorbis ...)
- - libvorbis 1.3.6-1 (low; bug #870341)
- [stretch] - libvorbis (Minor issue, can be revisited once
fixed upstream)
+ - libvorbis 1.3.5-4.1 (low; bug #870341)
[jessie] - libvorbis (Minor issue, can be revisited once
fixed upstream)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -121,7 +121,7 @@
[jessie] - jackson-databind 2.4.2-2+deb8u3
[stretch] - jackson-databind 2.8.6-1+deb9u3
[14 Feb 2018] DSA-4113-1 libvorbis - security update
- {CVE-2017-14632 CVE-2017-14633}
+ {CVE-2017-11333 CVE-2017-14632 CVE-2017-14633}
[stretch] - libvorbis 1.3.5-4+deb9u1
[14 Feb 2018] DSA-4112-1 xen - security update
{CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/79078ddaf22047a54a188a32093d43b5499f2858...1c89a1f79e24f0563f4972ffe9d23cac237af982
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/79078ddaf22047a54a188a32093d43b5499f2858...1c89a1f79e24f0563f4972ffe9d23cac237af982
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-11333 as fixed with libvorbis unstable upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79078dda by Salvatore Bonaccorso at 2018-03-22T16:50:03+01:00
Mark CVE-2017-11333 as fixed with libvorbis unstable upload
The commit used by upstream is to adress CVE-2017-16433, but it adresses
at the same time CVE-2017-11333 by limiting the number of channels to
no more than 256 channels.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41391,11 +41391,12 @@ CVE-2017-11334 (The address_space_write_continue
function in exec.c in QEMU (aka
NOTE:
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece
NOTE:
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
libvorbis ...)
- - libvorbis (low; bug #870341)
+ - libvorbis 1.3.6-1 (low; bug #870341)
[stretch] - libvorbis (Minor issue, can be revisited once
fixed upstream)
[jessie] - libvorbis (Minor issue, can be revisited once
fixed upstream)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
+ NOTE: Fixed by:
https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2
allows ...)
{DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/79078ddaf22047a54a188a32093d43b5499f2858
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/79078ddaf22047a54a188a32093d43b5499f2858
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-1001001/pluxml as fixed via unstable upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 894fd08c by Salvatore Bonaccorso at 2018-03-22T16:43:28+01:00 Mark CVE-2017-1001001/pluxml as fixed via unstable upload Upstream has not yet properly fixed it, but the Debian package with the 5.6-1 uploads adds a mitigation for CVE-2017-1001001 and sets explicitly session.cookie_httponly to true. Details: https://github.com/pluxml/PluXml/issues/253 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -26228,9 +26228,9 @@ CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overf NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185 NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting ...) - - pluxml (bug #881796) - [jessie] - pluxml (Minor issue) + - pluxml 5.6-1 (bug #881796) [stretch] - pluxml (Minor issue) + [jessie] - pluxml (Minor issue) NOTE: https://github.com/pluxml/PluXml/issues/253 CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF ...) NOT-FOR-US: Jenkins plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/894fd08cec9990f82fb9983e0945e9479586def3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/894fd08cec9990f82fb9983e0945e9479586def3 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Record proposed update for adminer for jessie-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4fe90aba by Salvatore Bonaccorso at 2018-03-22T16:31:57+01:00 Record proposed update for adminer for jessie-pu - - - - - dd558547 by Salvatore Bonaccorso at 2018-03-22T16:32:16+01:00 Record proposed update for adminer via stretch-pu - - - - - 2 changed files: - data/next-oldstable-point-update.txt - data/next-point-update.txt Changes: = data/next-oldstable-point-update.txt = --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -85,3 +85,5 @@ CVE-2017-16612 [jessie] - wayland 1.6.0-2+deb8u1 CVE-2017-18190 [jessie] - cups 1.7.5-11+deb8u3 +CVE-2818-7667 + [jessie] - adminer 3.3.3-1+deb8u1 = data/next-point-update.txt = --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -51,3 +51,5 @@ CVE-2017-16612 [stretch] - wayland 1.12.0-1+deb9u1 CVE-2017-14804 [stretch] - obs-build 20160921-1+deb9u1 +CVE-2018-7667 + [stretch] - adminer 4.2.5-3+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/51552d7f0e939a20c5f533ca80dfde07c3ccb4cd...dd5585475bd0d96340e0d255a32b928c80b6c0fe --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/51552d7f0e939a20c5f533ca80dfde07c3ccb4cd...dd5585475bd0d96340e0d255a32b928c80b6c0fe You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51552d7f by Salvatore Bonaccorso at 2018-03-22T16:24:13+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -143114,7 +143114,7 @@ CVE-2014-4916 CVE-2014-4915 RESERVED CVE-2014-4912 (An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to ...) - TODO: check + NOT-FOR-US: Frog CMS CVE-2014-4906 (The Brisbane & Queensland Alert (aka com.queensland.alert) application ...) NOT-FOR-US: Brisbane & Queensland Alert (aka com.queensland.alert) application for Android CVE-2014-4905 (The Clean Internet Browser (aka com.cleantab.browsesecure) application ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51552d7f0e939a20c5f533ca80dfde07c3ccb4cd --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51552d7f0e939a20c5f533ca80dfde07c3ccb4cd You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] ruby-loofah fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b38f1bb2 by Moritz Muehlenhoff at 2018-03-22T16:19:21+01:00 ruby-loofah fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1918,7 +1918,7 @@ CVE-2018-8049 RESERVED CVE-2018-8048 [XSS vulnerability] RESERVED - - ruby-loofah (bug #893596) + - ruby-loofah 2.2.1-1 (bug #893596) NOTE: https://github.com/flavorjones/loofah/issues/144 NOTE: https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7 CVE-2018-8047 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b38f1bb29b4ebbaade0d23df5ed85969061efbc9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b38f1bb29b4ebbaade0d23df5ed85969061efbc9 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] node-ssri fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c119732a by Moritz Muehlenhoff at 2018-03-22T16:18:29+01:00 node-ssri fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -2924,7 +2924,7 @@ CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regula NOTE: https://nodesecurity.io/advisories/532 NOTE: nodejs not covered by security support CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to a ...) - - node-ssri (unimportant; bug #891980) + - node-ssri 5.2.4-1 (unimportant; bug #891980) NOTE: fixed in 5.2.2 NOTE: https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d NOTE: https://github.com/zkat/ssri/issues/10 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c119732aff89f6bd35008096c508d1c2c797ad2e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c119732aff89f6bd35008096c508d1c2c797ad2e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-8768: Lowercase source package name
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 97c3b7a1 by Salvatore Bonaccorso at 2018-03-22T16:09:26+01:00 CVE-2018-8768: Lowercase source package name - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -375,7 +375,7 @@ CVE-2017-18239 (A time-sensitive equality check on the JWT signature in the ...) CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file ...) - jupyter-notebook (bug #893436) - ipython 5.1.0-2 - [wheezy] - Ipython (requires implementation of sanitization first, see NOTES) + [wheezy] - ipython (requires implementation of sanitization first, see NOTES) NOTE: After the reupload of ipython to Debian as 4.1.2-1 via experimental NOTE: src:ipython does not provide anymore the Notebook NOTE: http://www.openwall.com/lists/oss-security/2018/03/15/2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97c3b7a1a150eecfb3b3b475b6d7cf19b80dd175 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97c3b7a1a150eecfb3b3b475b6d7cf19b80dd175 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add one more yii CVE
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60d01741 by Salvatore Bonaccorso at 2018-03-22T16:08:12+01:00 Add one more yii CVE - - - - - 5d7cb9c7 by Salvatore Bonaccorso at 2018-03-22T16:08:13+01:00 Rename source package tracking from yii-framework to the itp'ed choosed one yii (later) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4291,7 +4291,7 @@ CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In install/install.php CVE-2018-7270 RESERVED CVE-2018-7269 (The findByCondition function in framework/db/ActiveRecord.php in Yii ...) - TODO: check + - yii (bug #597899) CVE-2018-7268 RESERVED CVE-2018-7267 @@ -54172,7 +54172,7 @@ CVE-2017-7274 (The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 NOTE: https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf NOTE: https://github.com/radare/radare2/issues/7152 CVE-2017-7271 (Reflected Cross-site scripting (XSS) vulnerability in Yii Framework ...) - - yii-framework (bug #597899) + - yii (bug #597899) CVE-2017-7270 RESERVED CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux ...) @@ -120377,7 +120377,7 @@ CVE-2015-3399 CVE-2015-3398 RESERVED CVE-2015-3397 (Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 ...) - - yii-framework (bug #597899) + - yii (bug #597899) CVE-2015-3396 RESERVED CVE-2015-3395 (The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2402043f8470d208c2743e22f979ba5c56225371...5d7cb9c77dc5c47e4efaff47c75f54f759c3f2dc --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2402043f8470d208c2743e22f979ba5c56225371...5d7cb9c77dc5c47e4efaff47c75f54f759c3f2dc You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1311-1 for adminer
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2402043f by Chris Lamb at 2018-03-22T11:07:52-04:00
Reserve DLA-1311-1 for adminer
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[22 Mar 2018] DLA-1311-1 adminer - security update
+ {CVE-2018-7667}
+ [wheezy] - adminer 3.3.3-1+deb7u1
[21 Mar 2018] DLA-1310-1 exempi - security update
{CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238
CVE-2018-7728 CVE-2018-7730}
[wheezy] - exempi 2.2.0-1+deb7u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,12 +10,6 @@ this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-adminer (Chris Lamb)
- NOTE: 20180316: Taking package as maintainer in unstable (lamby)
- NOTE: 20180316: No patch/upstream info for CVE-2018-7667 yet. (lamby)
- NOTE: 20180319: Still no patch/upstream info for CVE-2018-7667. (lamby)
- NOTE: 20180322: Packages ready to go, awaiting ACK from security team for
non-LTS uploads; will do all at once (lamby)
---
calibre
NOTE: Instead of replacing pickle with json, maybe disable bookmarking
NOTE: completely and invest the time to fix the Jessie version instead?
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2402043f8470d208c2743e22f979ba5c56225371
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2402043f8470d208c2743e22f979ba5c56225371
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] gitlab fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c046169b by Moritz Muehlenhoff at 2018-03-22T16:03:27+01:00
gitlab fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13715,7 +13715,7 @@ CVE-2018-3711
NOTE: https://nodesecurity.io/advisories/564
CVE-2018-3710 (Gitlab Community and Enterprise Editions version 10.3.3 is
vulnerable ...)
{DSA-4145-1}
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow
remote ...)
NOT-FOR-US: Muviko
@@ -72088,27 +72088,27 @@ CVE-2017-0929
CVE-2017-0928
RESERVED
CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an
improper ...)
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
[stretch] - gitlab (Doesn't affect 8.x)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0926 (Gitlab Community Edition version 10.3 is vulnerable to an
improper ...)
{DSA-4145-1}
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0925 (Gitlab Enterprise Edition version 10.1.0 is vulnerable to an
...)
{DSA-4145-1}
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0924 (Gitlab Community Edition version 10.2.4 is vulnerable to lack
of input ...)
- - gitlab
+ - gitlab 10.5.5+dfsg-1
[stretch] - gitlab (Only affects 9.0 and later)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0923 (Gitlab Community Edition version 9.1 is vulnerable to lack of
input ...)
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
[stretch] - gitlab (Doesn't affect 8.x)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...)
- - gitlab
+ - gitlab 10.5.5+dfsg-1
[stretch] - gitlab (Only affects 9.1 and later)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0921
@@ -72119,23 +72119,23 @@ CVE-2017-0919
RESERVED
CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path
...)
{DSA-4145-1}
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0917 (Gitlab Community Edition version 10.2.4 is vulnerable to lack
of input ...)
{DSA-4145-1}
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0916 (Gitlab Community Edition version 10.3 is vulnerable to a lack
of input ...)
{DSA-4145-1}
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
NOTE:
https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
CVE-2017-0915 (Gitlab Community Edition version 10.2.4 is vulnerable to a lack
of ...)
{DSA-4145-1}
- - gitlab (bug #888508)
+ - gitlab 10.5.5+dfsg-1 (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2,
and ...)
- - gitlab
+ - gitlab 10.5.5+dfsg-1
[stretch] - gitlab (Only affects 9.4 and later)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0913
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c046169ba51fb0d9fee3f3c88c3970e2d74548b4
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c046169ba51fb0d9fee3f3c88c3970e2d74548b4
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-807{3, 4}/yii, itp'ed: #597899
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18abcf02 by Salvatore Bonaccorso at 2018-03-22T16:01:11+01:00
Add CVE-2018-807{3,4}/yii, itp'ed: #597899
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1852,9 +1852,9 @@ CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a
type confusion vulnerabili
CVE-2018-8075
RESERVED
CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject
unintended ...)
- TODO: check
+ - yii (bug #597899)
CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute
arbitrary LUA ...)
- TODO: check
+ - yii (bug #597899)
CVE-2018-8072
RESERVED
CVE-2018-8071
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18abcf02a8a49699264119f3600c0c2b8f5a4daa
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18abcf02a8a49699264119f3600c0c2b8f5a4daa
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-18241: Use shortcut URL (and as used for kernel-sec fixes trackings)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e76ba3a3 by Salvatore Bonaccorso at 2018-03-22T15:59:08+01:00 CVE-2017-18241: Use shortcut URL (and as used for kernel-sec fixes trackings) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -53,7 +53,7 @@ CVE-2018-1000136 RESERVED CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...) - linux 4.13.4-1 - NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 + NOTE: https://git.kernel.org/linus/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 CVE-2016-10717 (A vulnerability in the encryption and permission implementation of ...) NOT-FOR-US: Malwarebytes Anti-Malware CVE-2018-8884 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e76ba3a3a384e4be1155f09ba52f3744c4df6d7e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e76ba3a3a384e4be1155f09ba52f3744c4df6d7e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] claim mupdf
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 10856248 by Thorsten Alteholz at 2018-03-22T15:50:40+01:00 claim mupdf - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -113,7 +113,7 @@ mingw-w64 -- mp4v2 -- -mupdf +mupdf (Thorsten Alteholz) -- opencv -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1085624819685583bc92c50049f3e09644e3cb24 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1085624819685583bc92c50049f3e09644e3cb24 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] claim libvorbisidec
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: edc9d78b by Thorsten Alteholz at 2018-03-22T15:29:01+01:00 claim libvorbisidec - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -93,7 +93,7 @@ libvorbis NOTE: Underlying reason for CVE-2017-14160 yet unclear, no upstream feedback on this issue. NOTE: Fixes for other CVEs applied upstream and in sid. -- -libvorbisidec +libvorbisidec (Thorsten Alteholz) -- linux -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/edc9d78bc405e41820ac47f546cac028798c87ef --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/edc9d78bc405e41820ac47f546cac028798c87ef You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Use YYYYMMDD, not YYYDDMM (!!)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: d790ec70 by Chris Lamb at 2018-03-22T09:50:25-04:00 data/dla-needed.txt: Use MMDD, not YYYDDMM (!!) - - - - - 7090eb7b by Chris Lamb at 2018-03-22T09:51:20-04:00 data/dla-needed.txt: Update status of adminer - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -11,9 +11,10 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- adminer (Chris Lamb) - NOTE: 20181603: Taking package as maintainer in unstable (lamby) - NOTE: 20181603: No patch/upstream info for CVE-2018-7667 yet. (lamby) - NOTE: 20181903: Still patch/upstream info for CVE-2018-7667. (lamby) + NOTE: 20180316: Taking package as maintainer in unstable (lamby) + NOTE: 20180316: No patch/upstream info for CVE-2018-7667 yet. (lamby) + NOTE: 20180319: Still no patch/upstream info for CVE-2018-7667. (lamby) + NOTE: 20180322: Packages ready to go, awaiting ACK from security team for non-LTS uploads; will do all at once (lamby) -- calibre NOTE: Instead of replacing pickle with json, maybe disable bookmarking View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d96fa587f1182f7864b3aa668d8c3821f8ba0127...7090eb7bee8f251e04873eae9e3da30a7e8ead37 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d96fa587f1182f7864b3aa668d8c3821f8ba0127...7090eb7bee8f251e04873eae9e3da30a7e8ead37 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d96fa587 by Moritz Muehlenhoff at 2018-03-22T12:13:58+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3390,31 +3390,31 @@ CVE-2018-7527 CVE-2018-7526 RESERVED CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-7524 RESERVED CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-7522 RESERVED CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-7520 RESERVED CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-7518 RESERVED CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-7516 RESERVED CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-7514 RESERVED CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) - TODO: check + NOT-FOR-US: Omron CX-Supervisor CVE-2018-7512 RESERVED CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases ...) @@ -13891,7 +13891,7 @@ CVE-2018-3628 CVE-2018-3627 RESERVED CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and ...) - TODO: check + NOT-FOR-US: Intel CVE-2018-3625 RESERVED CVE-2018-3624 @@ -14750,7 +14750,7 @@ CVE-2017-17745 (Cross-site scripting (XSS) vulnerability in system_name_set.cgi CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plugin ...) NOT-FOR-US: custom-map plugin for WordPress CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...) - TODO: check + NOT-FOR-US: UCOPIA Wireless Appliance CVE-2017-17742 RESERVED CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...) @@ -19827,13 +19827,13 @@ CVE-2018-1349 CVE-2018-1348 RESERVED CVE-2018-1347 (The administrative web interface in NetIQ iManager, versions prior to ...) - TODO: check + NOT-FOR-US: NetIQ CVE-2018-1346 (Addresses denial of service attack to eDirectory versions prior to ...) - TODO: check + NOT-FOR-US: NetIQ CVE-2018-1345 (NetIQ iManager, versions prior to 3.1, under some circumstances could ...) - TODO: check + NOT-FOR-US: NetIQ CVE-2018-1344 (Addresses potential communication downgrade attack in NetIQ iManager ...) - TODO: check + NOT-FOR-US: NetIQ CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...) NOT-FOR-US: NetIQ CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload ...) @@ -20459,9 +20459,9 @@ CVE-2018-1232 CVE-2018-1231 RESERVED CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2018-1229 (Pivotal Spring Batch Admin, all versions, contains a stored XSS ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2018-1228 RESERVED CVE-2018-1227 (Pivotal Concourse after 2018-03-05 might allow remote attackers to ...) @@ -20527,7 +20527,7 @@ CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before CVE-2018-1198 RESERVED CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside ...) - TODO: check + NOT-FOR-US: Windows Stemcells CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to ...) NOT-FOR-US: Spring Boot CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versions ...) @@ -20734,7 +20734,7 @@ CVE-2018-1143 CVE-2018-1142 RESERVED CVE-2018-1141 (When installing Nessus to a directory outside of the default location, ...) - TODO: check + NOT-FOR-US: Nessus CVE-2017-17425 (This vulnerability allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Quest NetVault Backup CVE-2017-17424 (This vulnerability allows remote attackers to execute arbitrary code ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d96fa587f1182f7864b3aa668d8c3821f8ba0127 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new linux issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 75ca6991 by Moritz Muehlenhoff at 2018-03-22T12:09:19+01:00 new linux issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -52,7 +52,8 @@ CVE-2018-8885 CVE-2018-1000136 RESERVED CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...) - TODO: check + - linux 4.13.4-1 + NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 CVE-2016-10717 (A vulnerability in the encryption and permission implementation of ...) NOT-FOR-US: Malwarebytes Anti-Malware CVE-2018-8884 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75ca6991125076ae7466e80ea80e594bbfdbbcd0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75ca6991125076ae7466e80ea80e594bbfdbbcd0 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new tiff issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f2ea6164 by Moritz Muehlenhoff at 2018-03-22T11:52:46+01:00 new tiff issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -7,7 +7,8 @@ CVE-2018-8907 CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...) NOT-FOR-US: dsmall CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...) - TODO: check + - tiff + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780 CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) NOT-FOR-US: Windows Optimization Master CVE-2018-8903 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2ea6164abdaf5e3446c11f8494ce63d0cb44501 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2ea6164abdaf5e3446c11f8494ce63d0cb44501 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 26bcc4c1 by Moritz Muehlenhoff at 2018-03-22T11:43:05+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,15 +1,15 @@ CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...) - TODO: check + NOT-FOR-US: Wire application for Android CVE-2018-8908 RESERVED CVE-2018-8907 RESERVED CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...) TODO: check CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) - TODO: check + NOT-FOR-US: Windows Optimization Master CVE-2018-8903 RESERVED CVE-2018-8902 @@ -19,17 +19,17 @@ CVE-2018-8901 CVE-2018-8900 RESERVED CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...) - TODO: check + NOT-FOR-US: IdentityServer CVE-2018-8898 RESERVED CVE-2018-8897 RESERVED CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...) - TODO: check + NOT-FOR-US: 2345 Security Guard CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...) - TODO: check + NOT-FOR-US: 2345 Security Guard CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows ...) - TODO: check + NOT-FOR-US: 2345 Security Guard CVE-2018-8893 RESERVED CVE-2018-8892 @@ -53,7 +53,7 @@ CVE-2018-1000136 CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...) TODO: check CVE-2016-10717 (A vulnerability in the encryption and permission implementation of ...) - TODO: check + NOT-FOR-US: Malwarebytes Anti-Malware CVE-2018-8884 RESERVED CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...) @@ -162,7 +162,7 @@ CVE-2018-8834 CVE-2018-8833 RESERVED CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable ...) - TODO: check + NOT-FOR-US: enhavo CVE-2018-8831 RESERVED CVE-2018-8830 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26bcc4c116387314d5d311986a363f007ff5c964 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26bcc4c116387314d5d311986a363f007ff5c964 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d473e824 by security tracker role at 2018-03-22T09:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,37 @@ +CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...) + TODO: check +CVE-2018-8908 + RESERVED +CVE-2018-8907 + RESERVED +CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...) + TODO: check +CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...) + TODO: check +CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-8903 + RESERVED +CVE-2018-8902 + RESERVED +CVE-2018-8901 + RESERVED +CVE-2018-8900 + RESERVED +CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...) + TODO: check +CVE-2018-8898 + RESERVED +CVE-2018-8897 + RESERVED +CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...) + TODO: check +CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...) + TODO: check +CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows ...) + TODO: check +CVE-2018-8893 + RESERVED CVE-2018-8892 RESERVED CVE-2018-8891 @@ -18,8 +52,8 @@ CVE-2018-1000136 RESERVED CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...) TODO: check -CVE-2016-10717 - RESERVED +CVE-2016-10717 (A vulnerability in the encryption and permission implementation of ...) + TODO: check CVE-2018-8884 RESERVED CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...) @@ -14713,8 +14747,8 @@ CVE-2017-17745 (Cross-site scripting (XSS) vulnerability in system_name_set.cgi NOT-FOR-US: TP-Link CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plugin ...) NOT-FOR-US: custom-map plugin for WordPress -CVE-2017-17743 - RESERVED +CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...) + TODO: check CVE-2017-17742 RESERVED CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...) @@ -143077,8 +143111,8 @@ CVE-2014-4916 NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf CVE-2014-4915 RESERVED -CVE-2014-4912 - RESERVED +CVE-2014-4912 (An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to ...) + TODO: check CVE-2014-4906 (The Brisbane & Queensland Alert (aka com.queensland.alert) application ...) NOT-FOR-US: Brisbane & Queensland Alert (aka com.queensland.alert) application for Android CVE-2014-4905 (The Clean Internet Browser (aka com.cleantab.browsesecure) application ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d473e8249311795e3f4f6cd135b126c6f963a07b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d473e8249311795e3f4f6cd135b126c6f963a07b You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
