[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 1 09:10:23 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6329b4db by security tracker role at 2018-08-01T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-14776 (Click Studios Passwordstate before 8.3 Build 8397 allows XSS by ...)
+ TODO: check
+CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a ...)
+ TODO: check
+CVE-2018-14774
+ RESERVED
+CVE-2018-14773
+ RESERVED
+CVE-2018-14772
+ RESERVED
+CVE-2018-14771
+ RESERVED
+CVE-2018-14770
+ RESERVED
+CVE-2018-14769
+ RESERVED
+CVE-2018-14768
+ RESERVED
CVE-2018-1999025
NOT-FOR-US: Jenkins plugin
CVE-2018-1999026
@@ -1267,158 +1285,158 @@ CVE-2018-14318
RESERVED
CVE-2018-14317
RESERVED
-CVE-2018-14316
- RESERVED
-CVE-2018-14315
- RESERVED
-CVE-2018-14314
- RESERVED
-CVE-2018-14313
- RESERVED
-CVE-2018-14312
- RESERVED
-CVE-2018-14311
- RESERVED
-CVE-2018-14310
- RESERVED
-CVE-2018-14309
- RESERVED
-CVE-2018-14308
- RESERVED
-CVE-2018-14307
- RESERVED
-CVE-2018-14306
- RESERVED
-CVE-2018-14305
- RESERVED
-CVE-2018-14304
- RESERVED
-CVE-2018-14303
- RESERVED
-CVE-2018-14302
- RESERVED
-CVE-2018-14301
- RESERVED
-CVE-2018-14300
- RESERVED
-CVE-2018-14299
- RESERVED
-CVE-2018-14298
- RESERVED
-CVE-2018-14297
- RESERVED
-CVE-2018-14296
- RESERVED
-CVE-2018-14295
- RESERVED
-CVE-2018-14294
- RESERVED
-CVE-2018-14293
- RESERVED
-CVE-2018-14292
- RESERVED
-CVE-2018-14291
- RESERVED
-CVE-2018-14290
- RESERVED
-CVE-2018-14289
- RESERVED
-CVE-2018-14288
- RESERVED
-CVE-2018-14287
- RESERVED
-CVE-2018-14286
- RESERVED
-CVE-2018-14285
- RESERVED
-CVE-2018-14284
- RESERVED
-CVE-2018-14283
- RESERVED
-CVE-2018-14282
- RESERVED
-CVE-2018-14281
- RESERVED
-CVE-2018-14280
- RESERVED
-CVE-2018-14279
- RESERVED
-CVE-2018-14278
- RESERVED
-CVE-2018-14277
- RESERVED
-CVE-2018-14276
- RESERVED
-CVE-2018-14275
- RESERVED
-CVE-2018-14274
- RESERVED
-CVE-2018-14273
- RESERVED
-CVE-2018-14272
- RESERVED
-CVE-2018-14271
- RESERVED
-CVE-2018-14270
- RESERVED
-CVE-2018-14269
- RESERVED
-CVE-2018-14268
- RESERVED
-CVE-2018-14267
- RESERVED
-CVE-2018-14266
- RESERVED
-CVE-2018-14265
- RESERVED
-CVE-2018-14264
- RESERVED
-CVE-2018-14263
- RESERVED
-CVE-2018-14262
- RESERVED
-CVE-2018-14261
- RESERVED
-CVE-2018-14260
- RESERVED
-CVE-2018-14259
- RESERVED
-CVE-2018-14258
- RESERVED
-CVE-2018-14257
- RESERVED
-CVE-2018-14256
- RESERVED
-CVE-2018-14255
- RESERVED
-CVE-2018-14254
- RESERVED
-CVE-2018-14253
- RESERVED
-CVE-2018-14252
- RESERVED
-CVE-2018-14251
- RESERVED
-CVE-2018-14250
- RESERVED
-CVE-2018-14249
- RESERVED
-CVE-2018-14248
- RESERVED
-CVE-2018-14247
- RESERVED
-CVE-2018-14246
- RESERVED
-CVE-2018-14245
- RESERVED
-CVE-2018-14244
- RESERVED
-CVE-2018-14243
- RESERVED
-CVE-2018-14242
- RESERVED
-CVE-2018-14241
- RESERVED
+CVE-2018-14316 (This vulnerability allows remote attackers to disclose sensitive ...)
+ TODO: check
+CVE-2018-14315 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14314 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14313 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14312 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14311 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14310 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14309 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14308 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14307 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14306 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14305 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14304 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14303 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14302 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14301 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14300 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14299 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14298 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14297 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14296 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14295 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14294 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14293 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14292 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14291 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14290 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14289 (This vulnerability allows remote attackers to disclose sensitive ...)
+ TODO: check
+CVE-2018-14288 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14287 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14286 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14285 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14284 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14283 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14282 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14281 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14280 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14279 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14278 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14277 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14276 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14275 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14274 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14273 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14272 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14271 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14270 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14269 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14268 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14267 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14266 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14265 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14264 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14263 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14262 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14261 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14260 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14259 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14258 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14257 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14256 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14255 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14254 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14253 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14252 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14251 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14250 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14249 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14248 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14247 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14246 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14245 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14244 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14243 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14242 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-14241 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant memory ...)
- mp4v2 <unfixed> (bug #904900)
[stretch] - mp4v2 <no-dsa> (Minor issue)
@@ -7852,20 +7870,20 @@ CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/172d82afe89d3499ef0cab06dc58d380cc1ab946
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1149
-CVE-2018-11623
- RESERVED
-CVE-2018-11622
- RESERVED
-CVE-2018-11621
- RESERVED
-CVE-2018-11620
- RESERVED
-CVE-2018-11619
- RESERVED
-CVE-2018-11618
- RESERVED
-CVE-2018-11617
- RESERVED
+CVE-2018-11623 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-11622 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-11621 (This vulnerability allows remote attackers to disclose sensitive ...)
+ TODO: check
+CVE-2018-11620 (This vulnerability allows remote attackers to disclose sensitive ...)
+ TODO: check
+CVE-2018-11619 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-11618 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-11617 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
CVE-2018-11616
RESERVED
CVE-2018-11615
@@ -9362,8 +9380,8 @@ CVE-2018-11052 (Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authenticat
NOT-FOR-US: EMC
CVE-2018-11051 (RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 ...)
NOT-FOR-US: RSA Certificate Manager
-CVE-2018-11050
- RESERVED
+CVE-2018-11050 (Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, ...)
+ TODO: check
CVE-2018-11049 (RSA Identity Governance and Lifecycle, RSA Via Lifecycle and ...)
NOT-FOR-US: RSA
CVE-2018-11048
@@ -15175,7 +15193,7 @@ CVE-2018-8781 (The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the L
NOTE: https://patchwork.freedesktop.org/patch/211845/
NOTE: Fixed by: https://git.kernel.org/linus/3b82a4db8eaccce735dffd50b4d4e1578099b8e8
CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -15186,7 +15204,7 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -15198,7 +15216,7 @@ CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10)
NOTE: ruby1.8: test examples from hackerone doesn't work. ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -15209,7 +15227,7 @@ CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
NOTE: Fixed by: https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19356,7 +19374,7 @@ CVE-2018-1000081 (Ajenti version version 2 contains a Input Validation vulnerabi
CVE-2018-1000080 (Ajenti version version 2 contains a Insecure Permissions vulnerability ...)
- ajenti <itp> (bug #792019)
CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1421-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1421-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19371,7 +19389,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19382,7 +19400,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19393,7 +19411,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19404,7 +19422,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19415,7 +19433,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1352-1}
+ {DSA-4259-1 DSA-4219-1 DLA-1352-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19428,7 +19446,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1}
+ {DSA-4259-1 DSA-4219-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -50166,7 +50184,7 @@ CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell ..
NOT-FOR-US: Rockwell Automation FactoryTalk Alarms and Events
CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...)
NOT-FOR-US: Korenix
-CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in ...)
+CVE-2017-14020 (In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) ...)
NOT-FOR-US: AutomationDirect
CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...)
NOT-FOR-US: Progea Movicon
@@ -90820,8 +90838,7 @@ CVE-2016-9574 (nss before version 3.30 is vulnerable to a remote denial of servi
NOTE: The CVE is specific to the segfault resulting from the reproducing steps
NOTE: as per buzilla entry, and https://bugzilla.redhat.com/show_bug.cgi?id=1397482
NOTE: https://hg.mozilla.org/projects/nss/rev/7385cd821735
-CVE-2016-9573
- RESERVED
+CVE-2016-9573 (An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in ...)
{DSA-3768-1}
- openjpeg2 2.1.2-1.1 (bug #851422)
NOTE: https://github.com/uclouvain/openjpeg/issues/863
@@ -94108,8 +94125,7 @@ CVE-2016-8632 (The tipc_msg_build function in net/tipc/msg.c in the Linux kernel
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.17-rc1)
NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3de81b758853f0b29c61e246679d20b513c4cfec (v4.9-rc8)
-CVE-2016-8631
- RESERVED
+CVE-2016-8631 (The OpenShift Enterprise 3 router does not properly sort routes when ...)
NOT-FOR-US: OpenShift Enterprise
CVE-2016-8630 (The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux ...)
- linux 4.8.7-1
@@ -94119,8 +94135,7 @@ CVE-2016-8630 (The x86_decode_insn function in arch/x86/kvm/emulate.c in the Lin
NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
CVE-2016-8629 (Red Hat Keycloak before version 2.4.0 did not correctly check ...)
NOT-FOR-US: Keycloak
-CVE-2016-8628
- RESERVED
+CVE-2016-8628 (Ansible before version 2.2.0 fails to properly sanitize fact variables ...)
- ansible 2.2.0.0-1 (bug #842985)
[jessie] - ansible <not-affected> (Vulnerable code not present)
NOTE: Fixed upstream in v2.2.0.0-1
@@ -94131,102 +94146,88 @@ CVE-2016-8626 (A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Ob
- ceph 10.2.5-1 (bug #844200)
[jessie] - ceph 0.80.7-2+deb8u2
NOTE: http://tracker.ceph.com/issues/17635
-CVE-2016-8625
- RESERVED
+CVE-2016-8625 (curl before version 7.51.0 uses outdated IDNA 2003 standard to handle ...)
- curl 7.51.0-1
[jessie] - curl <no-dsa> (the fix is too invasive)
[wheezy] - curl <no-dsa> (the fix is too invasive)
NOTE: https://github.com/curl/curl/commit/9c91ec778104ae3b744b39444d544e82d5ee9ece
NOTE: https://curl.haxx.se/docs/adv_20161102K.html
NOTE: https://curl.haxx.se/CVE-2016-8625.patch
-CVE-2016-8624
- RESERVED
+CVE-2016-8624 (curl before version 7.51.0 doesn't parse the authority component of ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/3bb273db7e40ebc284cff45f3ce3f0475c8339c2
NOTE: https://curl.haxx.se/docs/adv_20161102J.html
NOTE: https://curl.haxx.se/CVE-2016-8624.patch
-CVE-2016-8623
- RESERVED
+CVE-2016-8623 (A flaw was found in curl before version 7.51.0. The way curl handles ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5
NOTE: https://curl.haxx.se/docs/adv_20161102I.html
NOTE: https://curl.haxx.se/CVE-2016-8623.patch
-CVE-2016-8622
- RESERVED
+CVE-2016-8622 (The URL percent-encoding decode function in libcurl before 7.51.0 is ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/53e71e47d6b81650d26ec33a58d0dca24c7ffb2c
NOTE: https://curl.haxx.se/docs/adv_20161102H.html
NOTE: https://curl.haxx.se/CVE-2016-8622.patch
-CVE-2016-8621
- RESERVED
+CVE-2016-8621 (The `curl_getdate` function in curl before version 7.51.0 is ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/96a80b5a262fb6dd2ddcea7987296f3b9a405618
NOTE: https://curl.haxx.se/docs/adv_20161102G.html
NOTE: https://curl.haxx.se/CVE-2016-8621.patch
-CVE-2016-8620
- RESERVED
+CVE-2016-8620 (The 'globbing' feature in curl before version 7.51.0 has a flaw that ...)
{DSA-3705-1}
- curl 7.51.0-1
[wheezy] - curl <not-affected> (Vulnerable code introduced in 7.34.0)
NOTE: https://github.com/curl/curl/commit/fbb5f1aa0326d485d5a7ac643b48481897ca667f
NOTE: https://curl.haxx.se/docs/adv_20161102F.html
NOTE: https://curl.haxx.se/CVE-2016-8620.patch
-CVE-2016-8619
- RESERVED
+CVE-2016-8619 (The function `read_data()` in security.c in curl before version 7.51.0 ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/3d6460edeee21d7d790ec570d0887bed1f4366dd
NOTE: https://curl.haxx.se/docs/adv_20161102E.html
NOTE: https://curl.haxx.se/CVE-2016-8619.patch
-CVE-2016-8618
- RESERVED
+CVE-2016-8618 (The libcurl API function called `curl_maprintf()` before version ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/8732ec40db652c53fa58cd13e2acb8eab6e40874
NOTE: https://curl.haxx.se/docs/adv_20161102D.html
NOTE: https://curl.haxx.se/CVE-2016-8618.patch
-CVE-2016-8617
- RESERVED
+CVE-2016-8617 (The base64 encode function in curl before version 7.51.0 is prone to a ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/efd24d57426bd77c9b5860e6b297904703750412
NOTE: https://curl.haxx.se/docs/adv_20161102C.html
NOTE: https://curl.haxx.se/CVE-2016-8617.patch
-CVE-2016-8616
- RESERVED
+CVE-2016-8616 (A flaw was found in curl before version 7.51.0 When re-using a ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/b3ee26c5df75d97f6895e6ec4538894ebaf76e48
NOTE: https://curl.haxx.se/docs/adv_20161102B.html
NOTE: https://curl.haxx.se/CVE-2016-8616.patch
-CVE-2016-8615
- RESERVED
+CVE-2016-8615 (A flaw was found in curl before version 7.51. If cookie state is ...)
{DSA-3705-1 DLA-711-1}
- curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/cff89bc088b7884098ea0c5378bbda3d49c437bc
NOTE: https://curl.haxx.se/docs/adv_20161102A.html
NOTE: https://curl.haxx.se/CVE-2016-8615.patch
-CVE-2016-8614
- RESERVED
+CVE-2016-8614 (A flaw was found in Ansible before version 2.2.0. The apt_key module ...)
- ansible 2.2.0.0-1 (bug #842984)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: Fixed upstream in v2.2.0.0-1
NOTE: https://github.com/ansible/ansible-modules-core/issues/5237
NOTE: https://github.com/ansible/ansible-modules-core/pull/5353
NOTE: https://github.com/ansible/ansible-modules-core/pull/5357
-CVE-2016-8613
- RESERVED
+CVE-2016-8613 (A flaw was found in foreman 1.5.1. The remote execution plugin runs ...)
- foreman <itp> (bug #663101)
NOTE: http://projects.theforeman.org/issues/17066/
NOTE: https://github.com/theforeman/foreman_remote_execution/pull/208
CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is ...)
- libapache2-mod-cluster <itp> (bug #731410)
-CVE-2016-8611 [Glance Image service v1 and v2 api image-create vulnerability]
- RESERVED
+CVE-2016-8611 (A vulnerability was found in Openstack Glance. No limits are enforced ...)
- glance <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16
CVE-2016-8610 (A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6329b4db8c6774856019ab7e57d0404cddefe805
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6329b4db8c6774856019ab7e57d0404cddefe805
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180801/2f375196/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list