Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b504ebdb by Moritz Muehlenhoff at 2018-03-31T21:30:42+02:00
ruby fixed
- - - - -
816b9175 by Moritz Muehlenhoff at 2018-03-31T21:41:27+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,15 +1,15 @@
CVE-2018-9152
RESERVED
CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
- TODO: check
+ NOT-FOR-US: Kingsoft Internet Security
CVE-2018-9150
RESERVED
CVE-2018-9149
RESERVED
CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the
session ...)
- TODO: check
+ NOT-FOR-US: Western Digital WD My Cloud
CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of
Gespage ...)
- TODO: check
+ NOT-FOR-US: Gespage
CVE-2018-9146 (In Exiv2 0.26, there is an out-of-bounds read in ...)
TODO: check
CVE-2018-9145 (In Exiv2 0.26, there is a reachable assertion abort in the
function ...)
@@ -17,21 +17,21 @@ CVE-2018-9145 (In Exiv2 0.26, there is a reachable
assertion abort in the functi
CVE-2018-9144 (In Exiv2 0.26, there is an out-of-bounds read in ...)
TODO: check
CVE-2018-9143 (On Samsung mobile devices with M(6.0) and N(7.x) software, a
heap ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9142 (On Samsung mobile devices with N(7.x) software, attackers can
install ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9141 (On Samsung mobile devices with L(5.x), M(6.0), and N(7.x)
software, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9140 (On Samsung mobile devices with M(6.0) software, the Email
application ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9139 (On Samsung mobile devices with N(7.x) software, a buffer
overflow in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9138 (An issue was discovered in cplus-dem.c in GNU libiberty, as
distributed ...)
TODO: check
CVE-2018-9137
RESERVED
CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Jungo
CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer
over-read in ...)
TODO: check
CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an
fmdo=rename ...)
@@ -43,7 +43,7 @@ CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference
in the getInt functi
CVE-2018-9131
RESERVED
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
- TODO: check
+ NOT-FOR-US: IBOS
CVE-2018-9129
RESERVED
CVE-2018-9128
@@ -69,9 +69,9 @@ CVE-2018-9119
CVE-2018-9118
RESERVED
CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a
remote ...)
- TODO: check
+ NOT-FOR-US: WireMock
CVE-2018-9116 (An XXE vulnerability within WireMock before 2.16.0 allows a
remote ...)
- TODO: check
+ NOT-FOR-US: WireMock
CVE-2018-9115
RESERVED
CVE-2018-9114
@@ -807,7 +807,7 @@ CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and
earlier contains a Inf
CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows
attackers ...)
NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
CVE-2018-8820 (An issue was discovered in Square 9 GlobalForms 6.2.x. A Time
Based ...)
- TODO: check
+ NOT-FOR-US: Square 9
CVE-2018-8819
RESERVED
CVE-2018-8818
@@ -903,28 +903,28 @@ CVE-2018-8781
RESERVED
CVE-2018-8780 [ruby: Unintentional directory traversal by poisoned NUL byte in
Dir]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
CVE-2018-8779 [ruby: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
CVE-2018-8778 [ruby: Buffer under-read in String#unpack]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
CVE-2018-8777 [ruby: DoS by large request in WEBrick]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -5159,7 +5159,7 @@ CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site
Scripting vulnerability in ..
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2
for ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server
7.0.11 ...)
- TODO: check
+ NOT-FOR-US: Twonky Server
CVE-2018-7202
RESERVED
CVE-2018-7201
@@ -5933,7 +5933,7 @@ CVE-2018-6915
RESERVED
CVE-2018-6914 [Unintentional file and directory creation with directory
traversal in tempfile and tmpdir]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -9192,7 +9192,7 @@ CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3
and earlier, 1.7.10 and
NOTE: https://electronjs.org/blog/protocol-handler-fix
NOTE: https://nodesecurity.io/advisories/563
CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue
allows ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-5798
RESERVED
CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless
WiNG 5.x ...)
@@ -9522,7 +9522,7 @@ CVE-2018-5709 (An issue was discovered in MIT Kerberos 5
(aka krb5) through 1.16
- krb5 <unfixed> (bug #889684)
NOTE:
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices.
Being on ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-5707
RESERVED
CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any
user with ...)
@@ -10745,9 +10745,9 @@ CVE-2018-5226
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version
4.13.0 ...)
NOT-FOR-US: Atlassian Bitbucket Server
CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial
repository ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-5223 (Fisheye and Crucible did not correctly check if a configured
Mercurial ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-5222
RESERVED
CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7
ActiveX ...)
@@ -11848,7 +11848,7 @@ CVE-2018-4843 (A vulnerability has been identified in
SIMATIC CP 343-1 Advanced
CVE-2018-4842
RESERVED
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All
versions < ...)
- TODO: check
+ NOT-FOR-US: TIM
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All
versions < ...)
@@ -13926,7 +13926,7 @@ CVE-2018-3824
CVE-2018-3823
RESERVED
CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable
to a ...)
- TODO: check
+ NOT-FOR-US: Elastic X-Pack Security
CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a
...)
- kibana <itp> (bug #700337)
CVE-2018-3820 (Kibana versions after 6.1.0 and before 6.1.3 had a cross-site
...)
@@ -15481,7 +15481,7 @@ CVE-2017-17743 (Improper input sanitization within the
restricted administration
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 [ruby: HTTP response splitting in WEBrick]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -20121,7 +20121,7 @@ CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4
and 3.1.0 for ACH Service
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH
Services for ...)
NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1389
RESERVED
CVE-2018-1388 (GSKit V7 may disclose side channel information via
discrepancies ...)
@@ -20133,7 +20133,7 @@ CVE-2018-1386 (IBM Tivoli Workload Automation for AIX
(IBM Workload Scheduler 8.
CVE-2018-1385
RESERVED
CVE-2018-1384 (IBM Business Process Manager 8.6 is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1,
7.1, and ...)
NOT-FOR-US: AIX
CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting.
This ...)
@@ -21127,9 +21127,9 @@ CVE-2018-1269
CVE-2018-1268
RESERVED
CVE-2018-1267 (Cloud Foundry Silk CNI plugin, versions prior to 0.2.0,
contains an ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1266 (Cloud Foundry Cloud Controller, versions prior to 1.52.0,
contains ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1265
RESERVED
CVE-2018-1264
@@ -21193,13 +21193,13 @@ CVE-2018-1236
CVE-2018-1235
RESERVED
CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for
IIS is ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Agent
CVE-2018-1233 (RSA Authentication Agent version 8.0.1 and earlier for Web for
both ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Agent
CVE-2018-1232 (RSA Authentication Agent version 8.0.1 and earlier for Web for
both ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Agent
CVE-2018-1231 (Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an
improper ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain
cross site ...)
NOT-FOR-US: Pivotal
CVE-2018-1229 (Pivotal Spring Batch Admin, all versions, contains a stored XSS
...)
@@ -21282,7 +21282,7 @@ CVE-2018-1193
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285;
...)
NOT-FOR-US: Cloud Foundry
CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains
an ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry
products: all ...)
NOT-FOR-US: Pivotal
CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 -
8.0.1.2, ...)
@@ -21475,7 +21475,7 @@ CVE-2018-1144
CVE-2018-1143
RESERVED
CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to
...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2018-1141 (When installing Nessus to a directory outside of the default
location, ...)
NOT-FOR-US: Nessus
CVE-2017-17425 (This vulnerability allows remote attackers to execute
arbitrary code ...)
@@ -25218,7 +25218,7 @@ CVE-2017-16875 (An issue was discovered in Teluu
pjproject (pjlib and pjlib-util
CVE-2017-16874
RESERVED
CVE-2017-16873 (It is possible to exploit an unsanitized PATH in the suid
binary that ...)
- TODO: check
+ NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-1000233
REJECTED
CVE-2017-1000222
@@ -25645,7 +25645,7 @@ CVE-2017-16840 (The VC-2 Video Compression encoder in
FFmpeg 3.4 allows remote .
- ffmpeg 7:3.4.1-1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to
steal root ...)
- TODO: check
+ NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-16838
RESERVED
CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through
1.9.6 are not ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/73413d29be9df9efb4896dc52e0989aeb18a1ff1...816b9175eb6e9415cfe46b4adac1e9ec3f14dae7
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/73413d29be9df9efb4896dc52e0989aeb18a1ff1...816b9175eb6e9415cfe46b4adac1e9ec3f14dae7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
