Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a0925bf6 by security tracker role at 2018-01-23T21:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,323 @@ +CVE-2018-6179 + RESERVED +CVE-2018-6178 + RESERVED +CVE-2018-6177 + RESERVED +CVE-2018-6176 + RESERVED +CVE-2018-6175 + RESERVED +CVE-2018-6174 + RESERVED +CVE-2018-6173 + RESERVED +CVE-2018-6172 + RESERVED +CVE-2018-6171 + RESERVED +CVE-2018-6170 + RESERVED +CVE-2018-6169 + RESERVED +CVE-2018-6168 + RESERVED +CVE-2018-6167 + RESERVED +CVE-2018-6166 + RESERVED +CVE-2018-6165 + RESERVED +CVE-2018-6164 + RESERVED +CVE-2018-6163 + RESERVED +CVE-2018-6162 + RESERVED +CVE-2018-6161 + RESERVED +CVE-2018-6160 + RESERVED +CVE-2018-6159 + RESERVED +CVE-2018-6158 + RESERVED +CVE-2018-6157 + RESERVED +CVE-2018-6156 + RESERVED +CVE-2018-6155 + RESERVED +CVE-2018-6154 + RESERVED +CVE-2018-6153 + RESERVED +CVE-2018-6152 + RESERVED +CVE-2018-6151 + RESERVED +CVE-2018-6150 + RESERVED +CVE-2018-6149 + RESERVED +CVE-2018-6148 + RESERVED +CVE-2018-6147 + RESERVED +CVE-2018-6146 + RESERVED +CVE-2018-6145 + RESERVED +CVE-2018-6144 + RESERVED +CVE-2018-6143 + RESERVED +CVE-2018-6142 + RESERVED +CVE-2018-6141 + RESERVED +CVE-2018-6140 + RESERVED +CVE-2018-6139 + RESERVED +CVE-2018-6138 + RESERVED +CVE-2018-6137 + RESERVED +CVE-2018-6136 + RESERVED +CVE-2018-6135 + RESERVED +CVE-2018-6134 + RESERVED +CVE-2018-6133 + RESERVED +CVE-2018-6132 + RESERVED +CVE-2018-6131 + RESERVED +CVE-2018-6130 + RESERVED +CVE-2018-6129 + RESERVED +CVE-2018-6128 + RESERVED +CVE-2018-6127 + RESERVED +CVE-2018-6126 + RESERVED +CVE-2018-6125 + RESERVED +CVE-2018-6124 + RESERVED +CVE-2018-6123 + RESERVED +CVE-2018-6122 + RESERVED +CVE-2018-6121 + RESERVED +CVE-2018-6120 + RESERVED +CVE-2018-6119 + RESERVED +CVE-2018-6118 + RESERVED +CVE-2018-6117 + RESERVED +CVE-2018-6116 + RESERVED +CVE-2018-6115 + RESERVED +CVE-2018-6114 + RESERVED +CVE-2018-6113 + RESERVED +CVE-2018-6112 + RESERVED +CVE-2018-6111 + RESERVED +CVE-2018-6110 + RESERVED +CVE-2018-6109 + RESERVED +CVE-2018-6108 + RESERVED +CVE-2018-6107 + RESERVED +CVE-2018-6106 + RESERVED +CVE-2018-6105 + RESERVED +CVE-2018-6104 + RESERVED +CVE-2018-6103 + RESERVED +CVE-2018-6102 + RESERVED +CVE-2018-6101 + RESERVED +CVE-2018-6100 + RESERVED +CVE-2018-6099 + RESERVED +CVE-2018-6098 + RESERVED +CVE-2018-6097 + RESERVED +CVE-2018-6096 + RESERVED +CVE-2018-6095 + RESERVED +CVE-2018-6094 + RESERVED +CVE-2018-6093 + RESERVED +CVE-2018-6092 + RESERVED +CVE-2018-6091 + RESERVED +CVE-2018-6090 + RESERVED +CVE-2018-6089 + RESERVED +CVE-2018-6088 + RESERVED +CVE-2018-6087 + RESERVED +CVE-2018-6086 + RESERVED +CVE-2018-6085 + RESERVED +CVE-2018-6084 + RESERVED +CVE-2018-6083 + RESERVED +CVE-2018-6082 + RESERVED +CVE-2018-6081 + RESERVED +CVE-2018-6080 + RESERVED +CVE-2018-6079 + RESERVED +CVE-2018-6078 + RESERVED +CVE-2018-6077 + RESERVED +CVE-2018-6076 + RESERVED +CVE-2018-6075 + RESERVED +CVE-2018-6074 + RESERVED +CVE-2018-6073 + RESERVED +CVE-2018-6072 + RESERVED +CVE-2018-6071 + RESERVED +CVE-2018-6070 + RESERVED +CVE-2018-6069 + RESERVED +CVE-2018-6068 + RESERVED +CVE-2018-6067 + RESERVED +CVE-2018-6066 + RESERVED +CVE-2018-6065 + RESERVED +CVE-2018-6064 + RESERVED +CVE-2018-6063 + RESERVED +CVE-2018-6062 + RESERVED +CVE-2018-6061 + RESERVED +CVE-2018-6060 + RESERVED +CVE-2018-6059 + RESERVED +CVE-2018-6058 + RESERVED +CVE-2018-6057 + RESERVED +CVE-2018-6056 + RESERVED +CVE-2018-6055 + RESERVED +CVE-2018-6054 + RESERVED +CVE-2018-6053 + RESERVED +CVE-2018-6052 + RESERVED +CVE-2018-6051 + RESERVED +CVE-2018-6050 + RESERVED +CVE-2018-6049 + RESERVED +CVE-2018-6048 + RESERVED +CVE-2018-6047 + RESERVED +CVE-2018-6046 + RESERVED +CVE-2018-6045 + RESERVED +CVE-2018-6044 + RESERVED +CVE-2018-6043 + RESERVED +CVE-2018-6042 + RESERVED +CVE-2018-6041 + RESERVED +CVE-2018-6040 + RESERVED +CVE-2018-6039 + RESERVED +CVE-2018-6038 + RESERVED +CVE-2018-6037 + RESERVED +CVE-2018-6036 + RESERVED +CVE-2018-6035 + RESERVED +CVE-2018-6034 + RESERVED +CVE-2018-6033 + RESERVED +CVE-2018-6032 + RESERVED +CVE-2018-6031 + RESERVED +CVE-2018-6030 + RESERVED +CVE-2018-1000016 (Jenkins Ant Plugin 1.7 and earlier failed to escape tool names it ...) + TODO: check +CVE-2018-1000015 (On Jenkins instances with Authorize Project plugin, the authentication ...) + TODO: check +CVE-2018-1000014 (Jenkins Translation Assistance Plugin 1.15 and earlier did not require ...) + TODO: check +CVE-2018-1000013 (Jenkins Release Plugin 2.9 and earlier did not require form ...) + TODO: check +CVE-2018-1000012 (Jenkins Warnings Plugin 4.64 and earlier processes XML external ...) + TODO: check +CVE-2018-1000011 (Jenkins FindBugs Plugin 4.71 and earlier processes XML external ...) + TODO: check +CVE-2018-1000010 (Jenkins DRY Plugin 2.49 and earlier processes XML external entities in ...) + TODO: check +CVE-2018-1000009 (Jenkins Checkstyle Plugin 3.49 and earlier processes XML external ...) + TODO: check +CVE-2018-1000008 (Jenkins PMD Plugin 3.49 and earlier processes XML external entities in ...) + TODO: check +CVE-2015-1142857 (On multiple SR-IOV cars it is possible for VF's assigned to guests to ...) + TODO: check CVE-2018-6029 (The copy function in application/admin/controller/Article.php in ...) NOT-FOR-US: NoneCms CVE-2018-6028 @@ -232,8 +552,8 @@ CVE-2018-5951 RESERVED CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the email_ftp_password_change ...) NOT-FOR-US: JBMC DirectAdmin -CVE-2018-5950 - RESERVED +CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in Mailman ...) + TODO: check CVE-2018-5949 RESERVED CVE-2018-5948 @@ -708,8 +1028,8 @@ CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 NOT-FOR-US: Jira-importers-plugin in Atlassian Jira CVE-2018-5750 RESERVED -CVE-2018-5749 - RESERVED +CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...) + TODO: check CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method] RESERVED - libvirt 4.0.0-1 (bug #887700) @@ -902,15 +1222,13 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ... - libav <removed> NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110 TODO: check -CVE-2018-5683 [Out-of-bounds read in vga_draw_text routine] - RESERVED +CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...) - qemu <unfixed> (bug #887392) [wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA) - qemu-kvm <removed> [wheezy] - qemu-kvm <postponed> (Minor issue, can be fixed along in next DLA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02131.html -CVE-2017-18030 [Out-of-bounds access in cirrus_invalidate_region routine] - RESERVED +CVE-2017-18030 (The cirrus_invalidate_region function in hw/display/cirrus_vga.c in ...) - qemu 1:2.8+dfsg-4 [wheezy] - qemu 1.1.2+dfsg-6+deb7u22 - qemu-kvm <removed> @@ -1605,8 +1923,8 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ... NOTE: Isue demostrated in tiff via a vector through graphicsmagick, cf. NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/ TODO: claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue -CVE-2018-5359 - RESERVED +CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be ...) + TODO: check CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...) - imagemagick <unfixed> (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/939 @@ -5090,8 +5408,8 @@ CVE-2016-10704 (Magento Community Edition and Enterprise Edition before 2.0.10 a NOT-FOR-US: Magento CVE-2017-18000 RESERVED -CVE-2017-17999 - RESERVED +CVE-2017-17999 (SQL injection vulnerability in RISE Ultimate Project Manager 1.9 ...) + TODO: check CVE-2017-17998 RESERVED CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL ...) @@ -19931,8 +20249,8 @@ CVE-2017-15533 RESERVED CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a ...) NOT-FOR-US: Symantec -CVE-2017-15531 - RESERVED +CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.x prior to 10.2 does not ...) + TODO: check CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...) NOT-FOR-US: Norton CVE-2017-15529 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...) @@ -20040,169 +20358,169 @@ CVE-2017-15537 (The x86/fpu (Floating Point Unit) subsystem in the Linux kernel [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/814fb7bb7db5433757d76f4c4502c96fc53b0b5e (v4.14-rc3) CVE-2017-15513 - RESERVED + REJECTED CVE-2017-15512 - RESERVED + REJECTED CVE-2017-15511 - RESERVED + REJECTED CVE-2017-15510 - RESERVED + REJECTED CVE-2017-15509 - RESERVED + REJECTED CVE-2017-15508 - RESERVED + REJECTED CVE-2017-15507 - RESERVED + REJECTED CVE-2017-15506 - RESERVED + REJECTED CVE-2017-15505 - RESERVED + REJECTED CVE-2017-15504 - RESERVED + REJECTED CVE-2017-15503 - RESERVED + REJECTED CVE-2017-15502 - RESERVED + REJECTED CVE-2017-15501 - RESERVED + REJECTED CVE-2017-15500 - RESERVED + REJECTED CVE-2017-15499 - RESERVED + REJECTED CVE-2017-15498 - RESERVED + REJECTED CVE-2017-15497 - RESERVED + REJECTED CVE-2017-15496 - RESERVED + REJECTED CVE-2017-15495 - RESERVED + REJECTED CVE-2017-15494 - RESERVED + REJECTED CVE-2017-15493 - RESERVED + REJECTED CVE-2017-15492 - RESERVED + REJECTED CVE-2017-15491 - RESERVED + REJECTED CVE-2017-15490 - RESERVED + REJECTED CVE-2017-15489 - RESERVED + REJECTED CVE-2017-15488 - RESERVED + REJECTED CVE-2017-15487 - RESERVED + REJECTED CVE-2017-15486 - RESERVED + REJECTED CVE-2017-15485 - RESERVED + REJECTED CVE-2017-15484 - RESERVED + REJECTED CVE-2017-15483 - RESERVED + REJECTED CVE-2017-15482 - RESERVED + REJECTED CVE-2017-15481 - RESERVED + REJECTED CVE-2017-15480 - RESERVED + REJECTED CVE-2017-15479 - RESERVED + REJECTED CVE-2017-15478 - RESERVED + REJECTED CVE-2017-15477 - RESERVED + REJECTED CVE-2017-15476 - RESERVED + REJECTED CVE-2017-15475 - RESERVED + REJECTED CVE-2017-15474 - RESERVED + REJECTED CVE-2017-15473 - RESERVED + REJECTED CVE-2017-15472 - RESERVED + REJECTED CVE-2017-15471 - RESERVED + REJECTED CVE-2017-15470 - RESERVED + REJECTED CVE-2017-15469 - RESERVED + REJECTED CVE-2017-15468 - RESERVED + REJECTED CVE-2017-15467 - RESERVED + REJECTED CVE-2017-15466 - RESERVED + REJECTED CVE-2017-15465 - RESERVED + REJECTED CVE-2017-15464 - RESERVED + REJECTED CVE-2017-15463 - RESERVED + REJECTED CVE-2017-15462 - RESERVED + REJECTED CVE-2017-15461 - RESERVED + REJECTED CVE-2017-15460 - RESERVED + REJECTED CVE-2017-15459 - RESERVED + REJECTED CVE-2017-15458 - RESERVED + REJECTED CVE-2017-15457 - RESERVED + REJECTED CVE-2017-15456 - RESERVED + REJECTED CVE-2017-15455 - RESERVED + REJECTED CVE-2017-15454 - RESERVED + REJECTED CVE-2017-15453 - RESERVED + REJECTED CVE-2017-15452 - RESERVED + REJECTED CVE-2017-15451 - RESERVED + REJECTED CVE-2017-15450 - RESERVED + REJECTED CVE-2017-15449 - RESERVED + REJECTED CVE-2017-15448 - RESERVED + REJECTED CVE-2017-15447 - RESERVED + REJECTED CVE-2017-15446 - RESERVED + REJECTED CVE-2017-15445 - RESERVED + REJECTED CVE-2017-15444 - RESERVED + REJECTED CVE-2017-15443 - RESERVED + REJECTED CVE-2017-15442 - RESERVED + REJECTED CVE-2017-15441 - RESERVED + REJECTED CVE-2017-15440 - RESERVED + REJECTED CVE-2017-15439 - RESERVED + REJECTED CVE-2017-15438 - RESERVED + REJECTED CVE-2017-15437 - RESERVED + REJECTED CVE-2017-15436 - RESERVED + REJECTED CVE-2017-15435 - RESERVED + REJECTED CVE-2017-15434 - RESERVED + REJECTED CVE-2017-15433 - RESERVED + REJECTED CVE-2017-15432 - RESERVED + REJECTED CVE-2017-15431 RESERVED CVE-2017-15430 @@ -21299,12 +21617,11 @@ CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escap [wheezy] - spice-vdagent <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510864 -CVE-2017-15107 - RESERVED +CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dnsmasq ...) + TODO: check CVE-2017-15106 RESERVED -CVE-2017-15105 [NSEC processing vulnerability] - RESERVED +CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...) - unbound <unfixed> (bug #887733) NOTE: https://unbound.net/downloads/CVE-2017-15105.txt NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff @@ -21370,40 +21687,35 @@ CVE-2017-15095 [Incomplete fixes for CVE-2017-7525] NOTE: NO_DESER_CLASS_NAMES as of: NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43 NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3 -CVE-2017-15094 [Memory leak in DNSSEC parsing] - RESERVED +CVE-2017-15094 (An issue has been found in the DNSSEC parsing code of PowerDNS ...) - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor 4.0.4-1+deb9u2 [jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0) [wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html NOTE: https://downloads.powerdns.com/patches/2017-07/ -CVE-2017-15093 [Configuration file injection in the API] - RESERVED +CVE-2017-15093 (When api-config-dir is set to a non-empty value, which is not the case ...) - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor 4.0.4-1+deb9u2 [jessie] - pdns-recursor 3.6.2-2+deb8u4 [wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced later) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html NOTE: https://downloads.powerdns.com/patches/2017-06/ -CVE-2017-15092 [Cross-Site Scripting in the web interface] - RESERVED +CVE-2017-15092 (A cross-site scripting issue has been found in the web interface of ...) - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor 4.0.4-1+deb9u2 [jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0) [wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html NOTE: https://downloads.powerdns.com/patches/2017-05/ -CVE-2017-15091 [Missing check on API operations] - RESERVED +CVE-2017-15091 (An issue has been found in the API component of PowerDNS Authoritative ...) - pdns 4.0.5-1 [stretch] - pdns 4.0.3-1+deb9u2 [jessie] - pdns 3.4.1-4+deb8u8 [wheezy] - pdns <not-affected> (Vulnerable code not present) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html NOTE: https://downloads.powerdns.com/patches/2017-04/ -CVE-2017-15090 [Insufficient validation of DNSSEC signatures] - RESERVED +CVE-2017-15090 (An issue has been found in the DNSSEC validation component of PowerDNS ...) - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor 4.0.4-1+deb9u2 [jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0) @@ -59334,28 +59646,28 @@ CVE-2017-2752 RESERVED CVE-2017-2751 RESERVED -CVE-2017-2750 - RESERVED +CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential ...) + TODO: check CVE-2017-2749 RESERVED CVE-2017-2748 RESERVED -CVE-2017-2747 - RESERVED -CVE-2017-2746 - RESERVED -CVE-2017-2745 - RESERVED -CVE-2017-2744 - RESERVED -CVE-2017-2743 - RESERVED -CVE-2017-2742 - RESERVED -CVE-2017-2741 - RESERVED -CVE-2017-2740 - RESERVED +CVE-2017-2747 (HP has identified a potential security vulnerability before ...) + TODO: check +CVE-2017-2746 (Potential security vulnerabilities have been identified with HP ...) + TODO: check +CVE-2017-2745 (Potential security vulnerabilities have been identified with HP ...) + TODO: check +CVE-2017-2744 (The vulnerability allows attacker to extract binaries into protected ...) + TODO: check +CVE-2017-2743 (HP has identified a potential security vulnerability with HP ...) + TODO: check +CVE-2017-2742 (A potential security vulnerability has been identified with HP Web ...) + TODO: check +CVE-2017-2741 (A potential security vulnerability has been identified with HP ...) + TODO: check +CVE-2017-2740 (A potential security vulnerability has been identified with the ...) + TODO: check CVE-2017-2739 (The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 ...) NOT-FOR-US: Huawei CVE-2017-2738 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0925bf6b8924fb7d5f71ea395007d0208fb8211 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0925bf6b8924fb7d5f71ea395007d0208fb8211 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits