Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cd1b40e8 by security tracker role at 2018-03-27T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,84 @@ -CVE-2017-18249 [f2fs: fix race condition in between free nid allocator/initializer] +CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable assertion in the ...) + TODO: check +CVE-2018-9054 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9053 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9052 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9051 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9050 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9049 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9048 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9047 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9046 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9045 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...) + TODO: check +CVE-2018-9044 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) + TODO: check +CVE-2018-9043 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) + TODO: check +CVE-2018-9042 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) + TODO: check +CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) + TODO: check +CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...) + TODO: check +CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, ...) + TODO: check +CVE-2018-9038 + RESERVED +CVE-2018-9037 + RESERVED +CVE-2018-9036 + RESERVED +CVE-2018-9035 + RESERVED +CVE-2018-9034 + RESERVED +CVE-2018-9033 + RESERVED +CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...) + TODO: check +CVE-2018-9031 + RESERVED +CVE-2018-9030 + RESERVED +CVE-2018-9029 + RESERVED +CVE-2018-9028 + RESERVED +CVE-2018-9027 + RESERVED +CVE-2018-9026 + RESERVED +CVE-2018-9025 + RESERVED +CVE-2018-9024 + RESERVED +CVE-2018-9023 + RESERVED +CVE-2018-9022 + RESERVED +CVE-2018-9021 + RESERVED +CVE-2017-18254 (An issue was discovered in ImageMagick 7.0.7. A memory leak ...) + TODO: check +CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer ...) + TODO: check +CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList ...) + TODO: check +CVE-2017-18251 (An issue was discovered in ImageMagick 7.0.7. A memory leak ...) + TODO: check +CVE-2017-18250 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer ...) + TODO: check +CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel before ...) - linux 4.12.6-1 NOTE: Fixed by: https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3 CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when ...) @@ -170,6 +250,7 @@ CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Acc - i-librarian <itp> (bug #649291) NOTE: https://github.com/mkucej/i-librarian/issues/124 CVE-2018-1000140 (rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow ...) + {DSA-4151-1} - librelp 1.2.15-1 [wheezy] - librelp <not-affected> (vulnerable code not present) NOTE: https://www.rsyslog.com/cve-2018-1000140/ @@ -544,8 +625,8 @@ CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025 CVE-2018-8803 RESERVED -CVE-2018-8802 - RESERVED +CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal ...) + TODO: check CVE-2018-8801 RESERVED - gitlab 10.5.6+dfsg-1 (bug #893905) @@ -3228,8 +3309,8 @@ CVE-2018-7711 (HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.1 NOTE: failure mode hard to trigger for an attacker, signing of redirect binding in many cases not that important NOTE: https://simplesamlphp.org/security/201803-01 NOTE: https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d -CVE-2018-7658 - RESERVED +CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 ...) + TODO: check CVE-2018-7657 RESERVED CVE-2018-7656 @@ -3811,7 +3892,7 @@ CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking ...) CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the ...) {DSA-4142-1} - uwsgi 2.0.15-10.4 (bug #891639) - [wheezy] - uwsgi <not-affected> (plugin package introduced in jessie) + [wheezy] - uwsgi <not-affected> (plugin package introduced in jessie) NOTE: Fixed in 2.0.17 upstream NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/ @@ -10548,7 +10629,7 @@ CVE-2018-5148 [Use-after-free in compositor] NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/ CVE-2018-5147 [out-of-bound write] RESERVED - {DSA-4143-1 DSA-4141-1 DLA-1312-1} + {DSA-4143-1 DSA-4141-1 DLA-1319-1 DLA-1312-1} - firefox 59.0.1-1 - firefox-esr 52.7.2esr-1 - libvorbisidec 1.2.1+git20180316-1 (bug #893132) @@ -10556,7 +10637,7 @@ CVE-2018-5147 [out-of-bound write] NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ CVE-2018-5146 [out-of-bound write] RESERVED - {DSA-4143-1 DSA-4140-1} + {DSA-4143-1 DSA-4140-1 DLA-1319-1} - firefox 59.0.1-1 - firefox-esr 52.7.2esr-1 - thunderbird 1:52.7.0-1 @@ -37480,8 +37561,8 @@ CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of NOT-FOR-US: Kaspersky Internet Security for Android CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...) NOT-FOR-US: Kaspersky Internet Security for Android -CVE-2017-12815 - RESERVED +CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet ...) + TODO: check CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in ...) - perl <not-affected> (Windows specific issue) NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public) @@ -38687,8 +38768,8 @@ CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-depend NOT-FOR-US: CCN-lite CVE-2017-12411 RESERVED -CVE-2017-12410 - RESERVED +CVE-2017-12410 (It is possible to exploit a Time of Check & Time of Use (TOCTOU) ...) + TODO: check CVE-2017-12409 RESERVED CVE-2017-12408 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd1b40e88519a11b848038f836ad4007f2056f11 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd1b40e88519a11b848038f836ad4007f2056f11 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits