Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c9ad896c by Salvatore Bonaccorso at 2019-01-01T21:29:34Z Reference gcc (libiberty) upstream fix for CVE-2018-12641 - - - - - f4715e6e by Salvatore Bonaccorso at 2019-01-01T21:34:03Z Reference upstream gcc (libiberty) fix for upstream bug 85454 Adresses the CVEs CVE-2018-12697, CVE-2018-12698, CVE-2018-12699 and CVE-2018-12700 for binutils. Cf. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 - - - - - 7af3d1f6 by Salvatore Bonaccorso at 2019-01-01T21:37:58Z CVE-2018-12934: Add additional upstream bug reference The upstream issue https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453 was actually a duplicate report of https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 . - - - - - 28b23596 by Salvatore Bonaccorso at 2019-01-01T21:48:22Z Track fix for CVE-2018-1735{8,9}/binutils in experimental version The fix is present in the experimentalversion since the import of 2.31.51.20181022 from trunk. - - - - - 5c952362 by Salvatore Bonaccorso at 2019-01-01T21:53:05Z Track fixed version for CVE-2018-17360/binutils via experimental The fix landed in experimental via the import of the new upstream version 2.31.51.20181022 based on trunk. - - - - - 32a1a728 by Salvatore Bonaccorso at 2019-01-01T21:57:25Z Reference gcc (libiberty) fix for various CVEs CVE-2018-18701, CVE-2018-18700, CVE-2018-18484, CVE-2018-17985 and CVE-2018-17794 for binutils all refer to the same upstream fix in the underlying libibierty issue fixed by https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 .. - - - - - dcb45789 by Salvatore Bonaccorso at 2019-01-01T22:01:37Z CVE-2018-18309/binutils fixed in experimental The new upstream version 2.31.51.20181022 imported to experimental adressed CVE-2018-18309. - - - - - b73b0707 by Salvatore Bonaccorso at 2019-01-01T22:06:20Z CVE-2018-18605/binutils fixed in experimental - - - - - 469bd6cf by Salvatore Bonaccorso at 2019-01-01T22:07:44Z CVE-2018-18606/binutils fixed in experimental - - - - - 5a888b98 by Salvatore Bonaccorso at 2019-01-01T22:08:47Z CVE-2018-18607/binutils fixed in experimental - - - - - c9979e88 by Salvatore Bonaccorso at 2019-01-01T22:11:43Z CVE-2018-19931/binutils fixed in experimental with 2.31.51.20181204-1 - - - - - 6aea9d29 by Salvatore Bonaccorso at 2019-01-01T22:12:46Z CVE-2018-19932/binutils fixed in experimental via 2.31.51.20181204-1 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5850,12 +5850,14 @@ CVE-2018-19935 (ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remot NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77020 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=648fc1e369fc05fb9200a42c7938912236b2a318 CVE-2018-19932 (An issue was discovered in the Binary File Descriptor (BFD) library ...) + [experimental] - binutils 2.31.51.20181204-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23932 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7 CVE-2018-19931 (An issue was discovered in the Binary File Descriptor (BFD) library ...) + [experimental] - binutils 2.31.51.20181204-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) @@ -11957,11 +11959,13 @@ CVE-2018-18701 (An issue was discovered in cp-demangle.c in GNU libiberty, as .. [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-18700 (An issue was discovered in cp-demangle.c in GNU libiberty, as ...) - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-18699 (An issue was discovered in GoPro gpmf-parser 1.2.1. There is an ...) NOT-FOR-US: GoPro gpmf-parser CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1 ...) @@ -12193,18 +12197,21 @@ CVE-2018-18609 CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined ...) NOT-FOR-US: DedeCMS CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in the ...) + [experimental] - binutils 2.31.51.20181204-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23805 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a CVE-2018-18606 (An issue was discovered in the merge_strings function in merge.c in the ...) + [experimental] - binutils 2.31.51.20181204-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23806 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc CVE-2018-18605 (A heap-based buffer over-read issue was discovered in the function ...) + [experimental] - binutils 2.31.51.20181204-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) @@ -12527,6 +12534,7 @@ CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as .. [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as distributed ...) - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) @@ -13001,6 +13009,7 @@ CVE-2018-18310 (An invalid memory address dereference was discovered in ...) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) library ...) + [experimental] - binutils 2.31.51.20181022-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) @@ -13938,6 +13947,7 @@ CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as .. [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 ...) NOT-FOR-US: ISPConfig CVE-2018-17982 @@ -14428,6 +14438,7 @@ CVE-2018-17794 (An issue was discovered in cplus-dem.c in GNU libiberty, as dist [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2015-9268 (Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe ...) {DLA-1602-1} - nsis 2.50-1 @@ -15417,18 +15428,21 @@ CVE-2018-17362 CVE-2018-17361 (Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers ...) NOT-FOR-US: WeaselCMS CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD) library ...) + [experimental] - binutils 2.31.51.20181022-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23685 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf93e9c2cf8f8b2566f8fc86e961592b51b5980d CVE-2018-17359 (An issue was discovered in the Binary File Descriptor (BFD) library ...) + [experimental] - binutils 2.31.51.20181022-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102 CVE-2018-17358 (An issue was discovered in the Binary File Descriptor (BFD) library ...) + [experimental] - binutils 2.31.51.20181022-1 - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) @@ -26483,6 +26497,7 @@ CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed i [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453 + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23059 CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...) - wine 4.0~rc1-1 (low) @@ -27051,24 +27066,28 @@ CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in d [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a ...) - binutils <unfixed> (low) [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as distributed in ...) - binutils <unfixed> (low) [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) ...) - binutils <unfixed> (low) [stretch] - binutils <ignored> (Minor issue) [jessie] - binutils <ignored> (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-12696 (mao10cms 6 allows XSS via the article page. ...) NOT-FOR-US: mao10cms CVE-2018-12695 (mao10cms 6 allows XSS via the m=bbs&a=index page. ...) @@ -27194,6 +27213,7 @@ CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libibert NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099 NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23058 + NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 CVE-2018-12640 (The webService binary on Insteon HD IP Camera White 2864-222 devices ...) NOT-FOR-US: Insteon CVE-2018-12639 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/50c003f1579227bebe54f027310e939356156379...6aea9d298a872b2ac5d05c75803c8cd65df783df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/50c003f1579227bebe54f027310e939356156379...6aea9d298a872b2ac5d05c75803c8cd65df783df You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits