Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f5ae5cd8 by security tracker role at 2018-03-31T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,5 @@ +CVE-2018-9152 + RESERVED CVE-2018-9151 (A NULL pointer dereference bug in the function ...) TODO: check CVE-2018-9150 @@ -3892,8 +3894,7 @@ CVE-2018-7567 (** DISPUTED ** In the Admin Package Manager in Open Ticket Reques NOTE: Admin Package Manager works as designed and warns if a package is beeing NOTE: installed which is not verified by the OTRS Group. Responsiblity of the NOTE: respective admin to check packages before installation. -CVE-2018-7566 [ALSA: seq: Fix racy pool initializations] - RESERVED +CVE-2018-7566 (The Linux kernel 4.15 has a Buffer Overflow via an ...) - linux 4.15.11-1 NOTE: Fixed by: https://git.kernel.org/linus/d15d662e89fc667b90cd294b0eb45694e33144da CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...) @@ -5140,8 +5141,8 @@ CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in .. NOT-FOR-US: Kentico CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...) NOT-FOR-US: Wordpress plugin -CVE-2018-7203 - RESERVED +CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 ...) + TODO: check CVE-2018-7202 RESERVED CVE-2018-7201 @@ -5266,8 +5267,8 @@ CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins vers - jenkins <removed> CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can delete ...) NOT-FOR-US: WonderCMS -CVE-2018-7171 - RESERVED +CVE-2018-7171 (Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 ...) + TODO: check CVE-2018-7170 (ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows ...) - ntp 1:4.2.8p11+dfsg-1 [stretch] - ntp <no-dsa> (Minor issue) @@ -9503,8 +9504,8 @@ CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16 CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. ...) - krb5 <unfixed> (bug #889684) NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow -CVE-2018-5708 - RESERVED +CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on ...) + TODO: check CVE-2018-5707 RESERVED CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...) @@ -13907,22 +13908,18 @@ CVE-2018-3824 RESERVED CVE-2018-3823 RESERVED -CVE-2018-3822 - RESERVED -CVE-2018-3821 - RESERVED +CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a ...) + TODO: check +CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a ...) - kibana <itp> (bug #700337) -CVE-2018-3820 - RESERVED +CVE-2018-3820 (Kibana versions after 6.1.0 and before 6.1.3 had a cross-site ...) - kibana <itp> (bug #700337) -CVE-2018-3819 - RESERVED +CVE-2018-3819 (The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security ...) - kibana <itp> (bug #700337) -CVE-2018-3818 - RESERVED +CVE-2018-3818 (Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting ...) - kibana <itp> (bug #700337) -CVE-2018-3817 - RESERVED +CVE-2018-3817 (When logging warnings regarding deprecated settings, Logstash before ...) + TODO: check CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the ...) - linux 4.11.6-1 [stretch] - linux 4.9.47-1 @@ -15351,21 +15348,18 @@ CVE-2017-17773 (In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mob NOT-FOR-US: Android Qualcomm closed-source components CVE-2017-17772 RESERVED -CVE-2017-17771 - RESERVED +CVE-2017-17771 (In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-17770 RESERVED NOT-FOR-US: Android Linux component (source code not availalable, so probably Android-specific) -CVE-2017-17769 - RESERVED +CVE-2017-17769 (Information leakage in Android for MSM, Firefox OS for MSM, and QRD ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-17768 RESERVED CVE-2017-17767 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android -CVE-2017-17766 - RESERVED +CVE-2017-17766 (In wma_peer_info_event_handler() in Android for MSM, Firefox OS for ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-17765 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android @@ -21181,12 +21175,12 @@ CVE-2018-1236 RESERVED CVE-2018-1235 RESERVED -CVE-2018-1234 - RESERVED -CVE-2018-1233 - RESERVED -CVE-2018-1232 - RESERVED +CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is ...) + TODO: check +CVE-2018-1233 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...) + TODO: check +CVE-2018-1232 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...) + TODO: check CVE-2018-1231 (Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper ...) TODO: check CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site ...) @@ -26274,8 +26268,8 @@ CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing function NOT-FOR-US: pyanyapi CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...) NOT-FOR-US: MLAlchemy -CVE-2017-16614 - RESERVED +CVE-2017-16614 (SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows ...) + TODO: check CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through ...) {DSA-4044-1} - swauth 1.2.0-4 (bug #882314) @@ -28524,8 +28518,7 @@ CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using th NOT-FOR-US: Qualcomm components for Android CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-15859 - RESERVED +CVE-2017-15859 (While processing the ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15858 RESERVED @@ -28540,8 +28533,7 @@ CVE-2017-15854 RESERVED CVE-2017-15853 RESERVED -CVE-2017-15852 - RESERVED +CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, Firefox ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15851 RESERVED @@ -28553,8 +28545,7 @@ CVE-2017-15848 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An NOT-FOR-US: Qualcomm components for Android CVE-2017-15847 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-15846 - RESERVED +CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android for ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android @@ -28594,15 +28585,13 @@ CVE-2017-15828 RESERVED CVE-2017-15827 RESERVED -CVE-2017-15826 - RESERVED +CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Firefox OS ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15825 RESERVED CVE-2017-15824 RESERVED -CVE-2017-15823 - RESERVED +CVE-2017-15823 (In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15822 RESERVED @@ -31485,11 +31474,9 @@ CVE-2017-14894 RESERVED CVE-2017-14893 RESERVED -CVE-2017-14892 - RESERVED +CVE-2017-14892 (In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for ...) NOT-FOR-US: Qualcomm component for Android -CVE-2017-14891 - RESERVED +CVE-2017-14891 (In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14890 RESERVED @@ -31505,27 +31492,23 @@ CVE-2017-14885 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An NOT-FOR-US: Qualcomm component for Android CVE-2017-14884 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm component for Android -CVE-2017-14883 - RESERVED +CVE-2017-14883 (In the function wma_unified_power_debug_stats_event_handler() in ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android -CVE-2017-14881 - RESERVED +CVE-2017-14881 (While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in ...) + TODO: check CVE-2017-14880 RESERVED CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14878 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android -CVE-2017-14877 - RESERVED +CVE-2017-14877 (While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD ...) NOT-FOR-US: Qualcomm component for Android -CVE-2017-14876 - RESERVED +CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, ...) NOT-FOR-US: Qualcomm component for Android -CVE-2017-14875 - RESERVED +CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14874 RESERVED @@ -43012,8 +42995,7 @@ CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all An NOT-FOR-US: Qualcomm components for Android CVE-2017-11088 RESERVED -CVE-2017-11087 - RESERVED +CVE-2017-11087 (libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-11086 RESERVED @@ -46828,8 +46810,7 @@ CVE-2017-9725 (In all Qualcomm products with Android releases from CAF using the NOT-FOR-US: Qualcomm driver for Android CVE-2017-9724 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-9723 - RESERVED +CVE-2017-9723 (The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android @@ -46887,17 +46868,13 @@ CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all And NOT-FOR-US: Qualcomm components for Android CVE-2017-9695 RESERVED -CVE-2017-9694 - RESERVED +CVE-2017-9694 (While parsing Netlink attributes in ...) NOT-FOR-US: Google drivers for Android -CVE-2017-9693 - RESERVED +CVE-2017-9693 (The length of attribute value for STA_EXT_CAPABILITY in ...) NOT-FOR-US: Google drivers for Android -CVE-2017-9692 - RESERVED +CVE-2017-9692 (When an atomic commit is issued on a writeback panel with a NULL ...) NOT-FOR-US: Google drivers for Android -CVE-2017-9691 - RESERVED +CVE-2017-9691 (There is a race condition in Android for MSM, Firefox OS for MSM, and ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android @@ -74931,7 +74908,7 @@ CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2 NOTE: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt NOTE: Fixed by: https://git.kernel.org/linus/a0ac402cfcdc904f9772e1762b3fda112dcc56a0 (v4.9) -CVE-2016-9575 (Ipa before version 4.4.0-14 did not properly check the user's ...) +CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not ...) - freeipa 4.4.4-1 (bug #849950) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311 NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5ae5cd8572a18e8c29d86fe8f5d82b0021d6fc9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5ae5cd8572a18e8c29d86fe8f5d82b0021d6fc9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits