Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c867cbc by Moritz Muehlenhoff at 2018-02-10T14:32:29+01:00
NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20,7 +20,7 @@ CVE-2018-6878 (Cross Site Scripting (XSS) exists in the
review section in PHP Sc
CVE-2018-6877
RESERVED
CVE-2018-6876 (THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as
used in ...)
- TODO: check
+ NOT-FOR-US: libfpx
CVE-2018-6875
RESERVED
CVE-2018-6874
@@ -596,17 +596,17 @@ CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a
Use After Free vulnera
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698873
NOTE: Fixed by:
http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384
CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a
Buffer ...)
- TODO: check
+ NOT-FOR-US: Sean Barrett stb_vorbis
CVE-2018-1000049 (nanopool Claymore Dual Miner version 7.3 and earlier
contains a Remote ...)
- TODO: check
+ NOT-FOR-US: nanopool Claymore Dual Miner
CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502
...)
- TODO: check
+ NOT-FOR-US: NASA RtRetrievalFramework
CVE-2018-1000047 (NASA Kodiak version v1.0 contains a CWE-502 vulnerability in
Kodiak ...)
- TODO: check
+ NOT-FOR-US: NASA Kodiak
CVE-2018-1000046 (NASA Pyblock version v1.0 - v1.3 contains a CWE-502
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: NASA Pyblock
CVE-2018-1000045 (NASA Singledop version v1.0 contains a CWE-502 vulnerability
in NASA ...)
- TODO: check
+ NOT-FOR-US: NASA Singledop
CVE-2018-1000044 (Security Onion Solutions Squert version 1.1.1 through 1.6.7
contains a ...)
NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000043 (Security Onion Solutions Squert version 1.0.1 through 1.6.7
contains a ...)
@@ -944,7 +944,6 @@ CVE-2018-6548 (A use-after-free issue was discovered in
libwebm through 2018-02-
[wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS)
NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493
NOTE:
https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md
- TODO: check
CVE-2018-6547
RESERVED
CVE-2018-6546
@@ -1381,7 +1380,6 @@ CVE-2018-6406 (The function ParseVP9SuperFrameIndex in
common/libwebm_util.cc in
[wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS)
NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
NOTE:
https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
- TODO: check
CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick
before ...)
[experimental] - imagemagick 8:6.9.9.34+dfsg-1
- imagemagick <unfixed> (unimportant)
@@ -1491,9 +1489,9 @@ CVE-2018-1000026 (Linux Linux kernel version at least
v4.8 onwards, probably wel
NOTE:
https://git.kernel.org/linus/8914a595110a6eca69a5e275b323f5d09e18f4f9
NOTE:
https://git.kernel.org/linus/2b16f048729bf35e6c28a40cbfad07239f9dcd90
CVE-2018-1000025 (Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0
to 3.8.0 ...)
- TODO: check
+ NOT-FOR-US: Jerome Gamez Firebase Admin SDK for PHP
CVE-2018-1000023 (Bitpay/insight-api Insight-api version 5.0.0 and earlier
contains a ...)
- TODO: check
+ NOT-FOR-US: Bitpay/insight-api Insight-api
CVE-2018-1000021 (GIT version 2.15.1 and earlier contains a Input Validation
Error ...)
- git <unfixed> (unimportant; bug #889680)
NOTE:
http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
@@ -1510,7 +1508,7 @@ CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross
Site Scripting (XSS) .
CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross
Site ...)
NOT-FOR-US: Invoice Plane
CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a Cross Site Scripting
(XSS) ...)
- TODO: check
+ NOT-FOR-US: Canvs Canvas
CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site
Scripting ...)
NOT-FOR-US: Mautic
CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted
headers, a ...)
@@ -22691,7 +22689,7 @@ CVE-2017-15587 (An integer overflow was discovered in
pdf_read_new_xref_section
CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of
ILIAS before ...)
NOT-FOR-US: ILIAS
CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench
(CDSW) 1.x ...)
- TODO: check
+ NOT-FOR-US: Cloudera Data Science Workbench
CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...)
- mongodb <not-affected> (wire protocol compression introduced in 3.4.x
and disabled by default)
NOTE: https://jira.mongodb.org/browse/SERVER-31273
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c867cbcea1ce57a39c62740c211a321534f94fd
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c867cbcea1ce57a39c62740c211a321534f94fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
