[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 4 08:10:31 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b8b4a47 by security tracker role at 2018-04-04T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,6 +1,88 @@
-CVE-2018-9234
+CVE-2018-9274 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c ...)
+ TODO: check
+CVE-2018-9273 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ TODO: check
+CVE-2018-9272 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ TODO: check
+CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ TODO: check
+CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a ...)
+ TODO: check
+CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ TODO: check
+CVE-2018-9268 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ TODO: check
+CVE-2018-9267 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ TODO: check
+CVE-2018-9266 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ TODO: check
+CVE-2018-9265 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ TODO: check
+CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector ...)
+ TODO: check
+CVE-2018-9263 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector ...)
+ TODO: check
+CVE-2018-9262 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector ...)
+ TODO: check
+CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector ...)
+ TODO: check
+CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 ...)
+ TODO: check
+CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector ...)
+ TODO: check
+CVE-2018-9258 (In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was ...)
+ TODO: check
+CVE-2018-9257 (In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an ...)
+ TODO: check
+CVE-2018-9256 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector ...)
+ TODO: check
+CVE-2018-9255
+ RESERVED
+CVE-2018-9254
RESERVED
-CVE-2018-9240 [Crash in chat screen when another client sends a long line]
+CVE-2018-9253
+ RESERVED
+CVE-2018-9252 (JasPer 2.0.14 allows denial of service via a reachable assertion in the ...)
+ TODO: check
+CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is ...)
+ TODO: check
+CVE-2018-9250
+ RESERVED
+CVE-2018-9249
+ RESERVED
+CVE-2018-9248
+ RESERVED
+CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in ...)
+ TODO: check
+CVE-2018-9246
+ RESERVED
+CVE-2018-9245
+ RESERVED
+CVE-2018-9244
+ RESERVED
+CVE-2018-9243
+ RESERVED
+CVE-2018-9242
+ RESERVED
+CVE-2018-9241
+ RESERVED
+CVE-2018-9239
+ RESERVED
+CVE-2018-9238 (proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName ...)
+ TODO: check
+CVE-2018-9237 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site ...)
+ TODO: check
+CVE-2018-9236 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site ...)
+ TODO: check
+CVE-2018-9235 (iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query ...)
+ TODO: check
+CVE-2017-18256 (Brave Browser before 0.13.0 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2016-10718 (Brave Browser before 0.13.0 allows a tab to close itself even if the ...)
+ TODO: check
+CVE-2018-9234 (GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ...)
+ TODO: check
+CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a ...)
- ncmpc <unfixed> (low; bug #894724)
[stretch] - ncmpc <no-dsa> (Minor issue)
[jessie] - ncmpc <no-dsa> (Minor issue)
@@ -732,8 +814,8 @@ CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c in
- libav <removed> (low)
[jessie] - libav <no-dsa> (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1093
-CVE-2018-8941
- RESERVED
+CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmware EU ...)
+ TODO: check
CVE-2018-8940
RESERVED
CVE-2018-8939
@@ -1109,29 +1191,25 @@ CVE-2018-8782
RESERVED
CVE-2018-8781
RESERVED
-CVE-2018-8780 [ruby: Unintentional directory traversal by poisoned NUL byte in Dir]
- RESERVED
+CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
-CVE-2018-8779 [ruby: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket]
- RESERVED
+CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
-CVE-2018-8778 [ruby: Buffer under-read in String#unpack]
- RESERVED
+CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
-CVE-2018-8777 [ruby: DoS by large request in WEBrick]
- RESERVED
+CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -1177,6 +1255,7 @@ CVE-2018-8764 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3
NOTE: https://www.ldap-account-manager.org/lamcms/node/354
NOTE: https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688
CVE-2018-8763 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has ...)
+ {DSA-4165-1}
- ldap-account-manager 6.3-1
NOTE: https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
NOTE: https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
@@ -2787,8 +2866,8 @@ CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka
- afflib 3.7.16-3 (unimportant; bug #892599)
NOTE: https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c
NOTE: Negligable security impact
-CVE-2018-8049
- RESERVED
+CVE-2018-8049 (The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before ...)
+ TODO: check
CVE-2018-8048 (In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML ...)
- ruby-loofah 2.2.1-1 (bug #893596)
NOTE: https://github.com/flavorjones/loofah/issues/144
@@ -6169,8 +6248,7 @@ CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...)
NOTE: kfreebsd not covered by security support
CVE-2018-6915
RESERVED
-CVE-2018-6914 [Unintentional file and directory creation with directory traversal in tempfile and tmpdir]
- RESERVED
+CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -8145,7 +8223,7 @@ CVE-2018-6255
RESERVED
CVE-2018-6254
RESERVED
-CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in DirectX and ...)
+CVE-2018-6253 (An exploitable denial-of-service vulnerability exists in the Nvidia ...)
- nvidia-graphics-drivers <unfixed> (bug #894338)
[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -8158,7 +8236,7 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in DirectX and
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA Windows driver
-CVE-2018-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX ...)
+CVE-2018-6251 (An exploitable heap memory corruption vulnerability exists in the ...)
NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6250 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA Windows driver
@@ -14823,22 +14901,22 @@ CVE-2018-3647
RESERVED
CVE-2018-3646
RESERVED
-CVE-2018-3645
- RESERVED
+CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
+ TODO: check
CVE-2018-3644
RESERVED
CVE-2018-3643
RESERVED
CVE-2018-3642
RESERVED
-CVE-2018-3641
- RESERVED
+CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
+ TODO: check
CVE-2018-3640
RESERVED
CVE-2018-3639
RESERVED
-CVE-2018-3638
- RESERVED
+CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
+ TODO: check
CVE-2018-3637
RESERVED
CVE-2018-3636
@@ -15718,8 +15796,7 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu
NOT-FOR-US: custom-map plugin for WordPress
CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
NOT-FOR-US: UCOPIA Wireless Appliance
-CVE-2017-17742 [ruby: HTTP response splitting in WEBrick]
- RESERVED
+CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -17626,7 +17703,7 @@ CVE-2018-2680 (Vulnerability in the Java VM component of Oracle Database Server.
CVE-2018-2679 (Vulnerability in the Oracle Financial Services Profitability ...)
NOT-FOR-US: Oracle Financial Services Applications
CVE-2018-2678 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17634,7 +17711,7 @@ CVE-2018-2678 (Vulnerability in the Java SE, Java SE Embedded, JRockit component
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2677 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17678,7 +17755,7 @@ CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2664 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
CVE-2018-2663 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17737,7 +17814,7 @@ CVE-2018-2643 (Vulnerability in the Oracle Argus Safety component of Oracle Heal
CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
NOT-FOR-US: Oracle
CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
[experimental] - openjdk-7 7u171-2.6.13-1
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
@@ -17756,7 +17833,7 @@ CVE-2018-2638 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2637 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17768,7 +17845,7 @@ CVE-2018-2636 (Vulnerability in the Oracle Hospitality Simphony component of Ora
CVE-2018-2635 (Vulnerability in the Oracle Application Object Library component of ...)
NOT-FOR-US: Oracle
CVE-2018-2634 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17776,7 +17853,7 @@ CVE-2018-2634 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2633 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17790,7 +17867,7 @@ CVE-2018-2631 (Vulnerability in the Oracle Transportation Management component o
CVE-2018-2630 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
NOT-FOR-US: Oracle
CVE-2018-2629 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
- openjdk-7 <removed>
@@ -17821,7 +17898,7 @@ CVE-2018-2620 (Vulnerability in the Primavera Unifier component of Oracle ...)
CVE-2018-2619 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2618 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17859,7 +17936,7 @@ CVE-2018-2605 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
CVE-2018-2604 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
NOT-FOR-US: Oracle
CVE-2018-2603 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17867,7 +17944,7 @@ CVE-2018-2603 (Vulnerability in the Java SE, Java SE Embedded, JRockit component
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17881,7 +17958,7 @@ CVE-2018-2600 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2599 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17913,7 +17990,7 @@ CVE-2018-2590 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2589 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2588 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -17948,7 +18025,7 @@ CVE-2018-2581 (Vulnerability in the Java SE component of Oracle Java SE ...)
CVE-2018-2580 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2579 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-4144-1}
+ {DSA-4144-1 DLA-1339-1}
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
[experimental] - openjdk-7 7u171-2.6.13-1
@@ -59911,8 +59988,8 @@ CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine
NOT-FOR-US: Intel
CVE-2017-5704
RESERVED
-CVE-2017-5703
- RESERVED
+CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel ...)
+ TODO: check
CVE-2017-5702
RESERVED
CVE-2017-5701 (Insecure platform configuration in system firmware for Intel ...)
@@ -65068,8 +65145,8 @@ CVE-2017-4030
REJECTED
CVE-2017-4029
REJECTED
-CVE-2017-4028
- RESERVED
+CVE-2017-4028 (Maliciously misconfigured registry vulnerability in all Microsoft ...)
+ TODO: check
CVE-2017-4027
REJECTED
CVE-2017-4026
@@ -65180,8 +65257,8 @@ CVE-2017-3974
REJECTED
CVE-2017-3973
REJECTED
-CVE-2017-3972
- RESERVED
+CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web interface ...)
+ TODO: check
CVE-2017-3971
RESERVED
CVE-2017-3970
@@ -125972,8 +126049,8 @@ CVE-2015-1977 (Directory traversal vulnerability in the Web Administration tool
NOT-FOR-US: IBM
CVE-2015-1976 (IBM Security Directory Server could allow an authenticated user to ...)
NOT-FOR-US: IBM
-CVE-2015-1975
- RESERVED
+CVE-2015-1975 (The web administration tool in IBM Tivoli Security Directory Server ...)
+ TODO: check
CVE-2015-1974 (The web administration tool in IBM Tivoli Security Directory Server ...)
NOT-FOR-US: IBM
CVE-2015-1973
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b8b4a47b0fc742ce7d6afa1a6fabc9e569fc4c4
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b8b4a47b0fc742ce7d6afa1a6fabc9e569fc4c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180404/0bdb1798/attachment.html>
More information about the Secure-testing-commits
mailing list