Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 40704c01 by security tracker role at 2018-02-09T09:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,19 @@ +CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descriptor ...) + TODO: check +CVE-2018-6871 (LibreOffice through 6.0.1 allows remote attackers to read arbitrary ...) + TODO: check +CVE-2018-6870 + RESERVED +CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...) + TODO: check +CVE-2018-6868 + RESERVED +CVE-2018-6867 + RESERVED +CVE-2018-6866 + RESERVED +CVE-2016-10712 (In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of ...) + TODO: check CVE-2018-6865 RESERVED CVE-2018-6864 @@ -170,8 +186,7 @@ CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. .. NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938 TODO: check kde-workspace -CVE-2018-6789 [buffer overflow] - RESERVED +CVE-2018-6789 (An issue was discovered in the SMTP listener in Exim 4.90 and earlier. ...) - exim4 <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2018/02/07/2 NOTE: https://exim.org/static/doc/security/CVE-2018-6789.txt @@ -477,8 +492,7 @@ CVE-2018-6646 RESERVED CVE-2018-6645 RESERVED -CVE-2018-6644 - RESERVED +CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) ...) - sblim-sfcb <itp> (bug #754493) CVE-2018-6643 RESERVED @@ -876,10 +890,12 @@ CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in ...) NOT-FOR-US: Monstra CMS CVE-2017-18122 (A signature-validation bypass issue was discovered in SimpleSAMLphp ...) + {DLA-1273-1} - simplesamlphp 1.15.0-1 (bug #889286) NOTE: https://simplesamlphp.org/security/201710-01 NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca (v1.14.17) CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable ...) + {DLA-1273-1} - simplesamlphp 1.15.0-1 (bug #889286) NOTE: https://simplesamlphp.org/security/201709-01 NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/34e1bdb7660c0c9b627f8e5f0ca224a6afe641a8 (v1.14.16) @@ -977,6 +993,7 @@ CVE-2017-18120 (A double-free bug in the read_gif function in gifread.c in gifsi NOTE: https://github.com/kohler/gifsicle/issues/117 NOTE: https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909 CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...) + {DLA-1273-1} - simplesamlphp 1.15.2-1 [stretch] - simplesamlphp <no-dsa> (Minor issue) [jessie] - simplesamlphp <no-dsa> (Minor issue) @@ -1937,8 +1954,8 @@ CVE-2018-6182 RESERVED CVE-2018-6181 RESERVED -CVE-2018-6180 - RESERVED +CVE-2018-6180 (A flaw in the profile section of Online Voting System 1.0 allows an ...) + TODO: check CVE-2018-1000017 REJECTED CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...) @@ -2612,6 +2629,7 @@ CVE-2018-5951 CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the email_ftp_password_change ...) NOT-FOR-US: JBMC DirectAdmin CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in Mailman ...) + {DSA-4108-1 DLA-1272-1} - mailman 1:2.1.26-1 (bug #888201) NOTE: https://mail.python.org/pipermail/mailman-users/2018-February/083011.html NOTE: Patch: https://launchpadlibrarian.net/355686141/options.patch @@ -21741,8 +21759,8 @@ CVE-2017-15916 RESERVED CVE-2017-15915 RESERVED -CVE-2017-15914 - RESERVED +CVE-2017-15914 (Incorrect implementation of access controls allows remote users to ...) + TODO: check CVE-2017-15913 (The Installer in Whale allows DLL hijacking. ...) NOT-FOR-US: Installer in Whale CVE-2017-15912 @@ -51431,12 +51449,12 @@ CVE-2017-6229 RESERVED CVE-2017-6228 RESERVED -CVE-2017-6227 - RESERVED +CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN ...) + TODO: check CVE-2017-6226 RESERVED -CVE-2017-6225 - RESERVED +CVE-2017-6225 (Cross-site scripting (XSS) vulnerability in the web-based management ...) + TODO: check CVE-2017-6224 (Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ...) NOT-FOR-US: Ruckus CVE-2017-6223 (Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ...) @@ -117762,8 +117780,8 @@ CVE-2015-2749 (Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x bef [squeeze] - drupal6 <end-of-life> NOTE: https://www.drupal.org/SA-CORE-2015-001 NOTE: http://www.openwall.com/lists/oss-security/2015/03/19/5 -CVE-2015-2329 - RESERVED +CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...) + TODO: check CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...) - mongodb <unfixed> (unimportant) NOTE: CVE for bundled version of pcre3 in mongodb @@ -127071,8 +127089,8 @@ CVE-2014-8986 (Cross-site scripting (XSS) vulnerability in the selection list in [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) NOTE: https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40 NOTE: https://github.com/mantisbt/mantisbt/commit/e326b73a (1.2.x) -CVE-2014-8985 - RESERVED +CVE-2014-8985 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check CVE-2014-8984 REJECTED CVE-2014-8983 @@ -139000,8 +139018,8 @@ CVE-2014-4147 REJECTED CVE-2014-4146 REJECTED -CVE-2014-4145 - RESERVED +CVE-2014-4145 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check CVE-2014-4144 REJECTED CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -139066,8 +139084,8 @@ CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, NOT-FOR-US: Microsoft CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft -CVE-2014-4112 - RESERVED +CVE-2014-4112 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4110 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -139158,8 +139176,8 @@ CVE-2014-4068 (The Response Group Service in Microsoft Lync Server 2010 and 2013 NOT-FOR-US: Microsoft Lync Server CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2014-4066 - RESERVED +CVE-2014-4066 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check CVE-2014-4065 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4064 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) @@ -160257,10 +160275,10 @@ CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshar NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html CVE-2013-3554 RESERVED -CVE-2013-3553 - RESERVED -CVE-2013-3552 - RESERVED +CVE-2013-3553 (Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier ...) + TODO: check +CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier ...) + TODO: check CVE-2013-3551 RESERVED {DSA-2696-1} @@ -161993,8 +162011,8 @@ CVE-2013-2832 (The Buffer::Set function in core/cross/buffer.cc in the O3D plug- NOT-FOR-US: Google Chrome OS CVE-2013-2831 RESERVED -CVE-2013-2830 - RESERVED +CVE-2013-2830 (Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 ...) + TODO: check CVE-2013-2829 (MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote ...) NOT-FOR-US: MatrikonOPC SCADA DNP3 OPC Server CVE-2013-2828 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...) @@ -173188,21 +173206,19 @@ CVE-2012-5363 CVE-2012-5362 RESERVED NOT-FOR-US: Microsoft Windows -CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to cause a ...) +CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.5-1 (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 NOTE: upstream needs a proper sample to reproduce the issue -CVE-2012-5360 - RESERVED +CVE-2012-5360 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.5-1 (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 NOTE: upstream needs a proper sample to reproduce the issue -CVE-2012-5359 - RESERVED +CVE-2012-5359 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.5-1 (bug #694483) @@ -178825,8 +178841,8 @@ CVE-2012-3333 (CRLF injection vulnerability in IBM Maximo Asset Management 7.x b NOT-FOR-US: IBM Maximo Asset Management and others CVE-2012-3332 RESERVED -CVE-2012-3331 - RESERVED +CVE-2012-3331 (IBM Sametime allows remote attackers to obtain sensitive information ...) + TODO: check CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3329 (IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 ...) @@ -181767,8 +181783,8 @@ CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0 NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2167 (The IBM XIV Storage System Gen3 before 11.1.0.a allows remote ...) NOT-FOR-US: IBM XIV Storage System Gen3 -CVE-2012-2166 - RESERVED +CVE-2012-2166 (IBM XIV Storage System 2810-A14 and 2812-A14 devices before level ...) + TODO: check CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x ...) @@ -184757,8 +184773,8 @@ CVE-2012-0943 (debian/guest-account in Light Display Manager (lightdm) 1.0.x bef - lightdm <not-affected> (Ubuntu-specific script) CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix ...) NOT-FOR-US: RealNetworks Helix -CVE-2012-0941 - RESERVED +CVE-2012-0941 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...) + TODO: check CVE-2012-0940 RESERVED CVE-2012-0939 (Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier ...) @@ -187184,8 +187200,8 @@ CVE-2011-4891 RESERVED CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows ...) NOT-FOR-US: IBM solidDB -CVE-2011-4889 - RESERVED +CVE-2011-4889 (The javax.naming.directory.AttributeInUseException class in the ...) + TODO: check CVE-2011-4888 RESERVED CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations Table in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/40704c01b7ad6dc09313d9e4d02478ee741a6ab5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/40704c01b7ad6dc09313d9e4d02478ee741a6ab5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits