[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Aug 22 21:10:44 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd04f976 by security tracker role at 2018-08-22T20:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,85 @@
+CVE-2018-15726
+	RESERVED
+CVE-2018-15725
+	RESERVED
+CVE-2018-15724
+	RESERVED
+CVE-2018-15723
+	RESERVED
+CVE-2018-15722
+	RESERVED
+CVE-2018-15721
+	RESERVED
+CVE-2018-15720
+	RESERVED
+CVE-2018-15719
+	RESERVED
+CVE-2018-15718
+	RESERVED
+CVE-2018-15717
+	RESERVED
+CVE-2018-15716
+	RESERVED
+CVE-2018-15715
+	RESERVED
+CVE-2018-15714
+	RESERVED
+CVE-2018-15713
+	RESERVED
+CVE-2018-15712
+	RESERVED
+CVE-2018-15711
+	RESERVED
+CVE-2018-15710
+	RESERVED
+CVE-2018-15709
+	RESERVED
+CVE-2018-15708
+	RESERVED
+CVE-2018-15707
+	RESERVED
+CVE-2018-15706
+	RESERVED
+CVE-2018-15705
+	RESERVED
+CVE-2018-15704
+	RESERVED
+CVE-2018-15703
+	RESERVED
+CVE-2018-15702
+	RESERVED
+CVE-2018-15701
+	RESERVED
+CVE-2018-15700
+	RESERVED
+CVE-2018-15699
+	RESERVED
+CVE-2018-15698
+	RESERVED
+CVE-2018-15697
+	RESERVED
+CVE-2018-15696
+	RESERVED
+CVE-2018-15695
+	RESERVED
+CVE-2018-15694
+	RESERVED
+CVE-2018-15693
+	RESERVED
+CVE-2018-15692
+	RESERVED
+CVE-2018-15691
+	RESERVED
+CVE-2018-15690
+	RESERVED
+CVE-2018-15689
+	RESERVED
+CVE-2018-15688
+	RESERVED
+CVE-2018-15687
+	RESERVED
+CVE-2018-15686
+	RESERVED
 CVE-2018-15685
 	RESERVED
 CVE-2018-15684
@@ -1952,12 +2034,12 @@ CVE-2018-14803
 	RESERVED
 CVE-2018-14802
 	RESERVED
-CVE-2018-14801
-	RESERVED
+CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...)
+	TODO: check
 CVE-2018-14800
 	RESERVED
-CVE-2018-14799
-	RESERVED
+CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all ...)
+	TODO: check
 CVE-2018-14798
 	RESERVED
 CVE-2018-14797
@@ -1976,12 +2058,12 @@ CVE-2018-14791
 	RESERVED
 CVE-2018-14790
 	RESERVED
-CVE-2018-14789
-	RESERVED
+CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...)
+	TODO: check
 CVE-2018-14788
 	RESERVED
-CVE-2018-14787
-	RESERVED
+CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version ...)
+	TODO: check
 CVE-2018-14786
 	RESERVED
 CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
@@ -9596,8 +9678,8 @@ CVE-2018-11778
 	RESERVED
 CVE-2018-11777
 	RESERVED
-CVE-2018-11776
-	RESERVED
+CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from ...)
+	TODO: check
 CVE-2018-11775
 	RESERVED
 CVE-2018-11774
@@ -11919,13 +12001,11 @@ CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot 
 	- knot-resolver <unfixed> (bug #905325)
 	NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
-CVE-2018-10919
-	RESERVED
+CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an ...)
 	{DSA-4271-1}
 	- samba 2:4.8.4+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html
-CVE-2018-10918
-	RESERVED
+CVE-2018-10918 (A null pointer dereference flaw was found in the way samba checked ...)
 	- samba 2:4.8.4+dfsg-1
 	[stretch] - samba <not-affected> (Only affects Samba 4.7.0 onwards)
 	[jessie] - samba <not-affected> (Only affects Samba 4.7.0 onwards)
@@ -12062,8 +12142,7 @@ CVE-2018-10886
 	NOTE: scope of the assigning CNA.
 CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy ...)
 	NOT-FOR-US: atomic-openshift
-CVE-2018-10884
-	RESERVED
+CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2018-10883 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...)
 	{DLA-1423-1}
@@ -12166,8 +12245,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypti
 	[stretch] - git-annex 6.20170101-1+deb9u2
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
 	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
-CVE-2018-10858
-	RESERVED
+CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients processed ...)
 	{DSA-4271-1}
 	- samba 2:4.8.4+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
@@ -12215,20 +12293,17 @@ CVE-2018-10847 (prosody before versions 0.10.2, 0.9.14 is vulnerable to an ...)
 	NOTE: https://blog.prosody.im/prosody-0-10-2-security-release/
 	NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.10.1.patch (0.10.1)
 	NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.9.patch (0.9.x)
-CVE-2018-10846 ["Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery]
-	RESERVED
+CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads to ...)
 	- gnutls28 <unfixed>
 	- gnutls26 <removed>
 	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
 	NOTE: https://eprint.iacr.org/2018/747
-CVE-2018-10845 [HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant]
-	RESERVED
+CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 was ...)
 	- gnutls28 <unfixed>
 	- gnutls26 <removed>
 	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
 	NOTE: https://eprint.iacr.org/2018/747
-CVE-2018-10844 [HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls]
-	RESERVED
+CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 was ...)
 	- gnutls28 <unfixed>
 	- gnutls26 <removed>
 	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
@@ -19264,10 +19339,12 @@ CVE-2018-8022
 CVE-2018-8021
 	RESERVED
 CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw ...)
+	{DLA-1475-1}
 	- tomcat-native 1.2.17-1
 	[stretch] - tomcat-native <no-dsa> (Minor issue)
 	NOTE: https://svn.apache.org/r1832863
 CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and ...)
+	{DLA-1475-1}
 	- tomcat-native 1.2.17-1
 	[stretch] - tomcat-native <no-dsa> (Minor issue)
 	NOTE: https://svn.apache.org/r1832832
@@ -28168,14 +28245,14 @@ CVE-2018-5240 (The Inventory Plugin for Symantec Management Agent prior to 7.6 P
 	NOT-FOR-US: Inventory Plugin for Symantec Management Agent
 CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass ...)
 	NOT-FOR-US: Norton
-CVE-2018-5238
-	RESERVED
+CVE-2018-5238 (Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) ...)
+	TODO: check
 CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 ...)
 	NOT-FOR-US: Symantec
 CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may ...)
 	NOT-FOR-US: Symantec
-CVE-2018-5235
-	RESERVED
+CVE-2018-5235 (Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL ...)
+	TODO: check
 CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a command ...)
 	NOT-FOR-US: Norton Core router
 CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
@@ -37721,8 +37798,8 @@ CVE-2018-1601
 	RESERVED
 CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...)
 	NOT-FOR-US: IBM
-CVE-2018-1599
-	RESERVED
+CVE-2018-1599 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker ...)
+	TODO: check
 CVE-2018-1598
 	RESERVED
 CVE-2018-1597
@@ -39664,14 +39741,12 @@ CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest us
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
-CVE-2018-1140
-	RESERVED
+CVE-2018-1140 (A missing input sanitization flaw was found in the implementation of ...)
 	- samba 2:4.8.4+dfsg-1
 	[stretch] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
 	[jessie] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
 	NOTE: https://www.samba.org/samba/security/CVE-2018-1140.html
-CVE-2018-1139
-	RESERVED
+CVE-2018-1139 (A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the ...)
 	- samba 2:4.8.4+dfsg-1
 	[stretch] - samba <not-affected> (Issue introduced in 4.7.0)
 	[jessie] - samba <not-affected> (Issue introduced in 4.7.0)
@@ -72369,8 +72444,7 @@ CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnera
 	- nginx 1.13.3-1 (bug #868109)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
 	NOTE: Fixed in 1.13.3, 1.12.1.
-CVE-2017-7528
-	RESERVED
+CVE-2017-7528 (Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2017-7527
 	RESERVED
@@ -72458,8 +72532,7 @@ CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled .
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-7514 (A cross-site scripting (XSS) flaw was found in how the failed action ...)
 	NOT-FOR-US: Red Hat Satellite
-CVE-2017-7513
-	RESERVED
+CVE-2017-7513 (It was found that Satellite 5 configured with SSL/TLS for the ...)
 	NOT-FOR-US: Red Hat Satellite
 CVE-2017-7512 (Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before ...)
 	NOT-FOR-US: Red Hat 3scale
@@ -87541,8 +87614,7 @@ CVE-2017-2664 (CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2017-2663 (It was found that subscription-manager's DBus interface before 1.19.4 ...)
 	NOT-FOR-US: candlepin / subscription-manager
-CVE-2017-2662
-	RESERVED
+CVE-2017-2662 (A flaw was found in Foreman's katello plugin version 3.4.5. After ...)
 	- foreman <itp> (bug #663101)
 CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site ...)
 	- pcs 0.9.155+dfsg-2 (bug #858379)
@@ -87655,8 +87727,7 @@ CVE-2017-2629 (curl before 7.53.0 has an incorrect TLS Certificate Status Reques
 	NOTE: https://curl.haxx.se/docs/adv_20170222.html
 CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version ...)
 	- curl <not-affected> (Red Hat specific backport issue)
-CVE-2017-2627 [openstack-tripleo-common: sudoers file is too permissive]
-	RESERVED
+CVE-2017-2627 (A flaw was found in openstack-tripleo-common as shipped with Red Hat ...)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917
 	NOT-FOR-US: RHEL packaging flaw for openstack
 CVE-2017-2626 (It was discovered that libICE before 1.0.9-8 used a weak entropy to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd04f976f17eb98ddfdeac463d44c832774e7e0a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd04f976f17eb98ddfdeac463d44c832774e7e0a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180822/7b1dd99f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list