Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8d680181 by Moritz Muehlenhoff at 2018-03-31T22:35:27+02:00 new logstash issue - - - - - 19fcf524 by Moritz Muehlenhoff at 2018-03-31T22:38:52+02:00 new imagemagick issue NFU - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -61,9 +61,11 @@ CVE-2018-9137 CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...) NOT-FOR-US: Jungo CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...) - TODO: check + - imagemagick <unfixed> (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f7196b0b7539b113f2580b6a77aa496813d8899 + NOTE: webp support not enabled, see #806425 CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...) TODO: check CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...) @@ -13965,7 +13967,7 @@ CVE-2018-3819 (The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack sec CVE-2018-3818 (Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting ...) - kibana <itp> (bug #700337) CVE-2018-3817 (When logging warnings regarding deprecated settings, Logstash before ...) - TODO: check + - logstash <itp> (bug #664841) CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the ...) - linux 4.11.6-1 [stretch] - linux 4.9.47-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bbdb925e2ca9d81aa80cb0cf744d22b6453a0242...19fcf524572347bbed5e253bdbb37fd08a0ed6c9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bbdb925e2ca9d81aa80cb0cf744d22b6453a0242...19fcf524572347bbed5e253bdbb37fd08a0ed6c9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits