[Git][security-tracker-team/security-tracker][master] new ATS issues
Moritz Muehlenhoff
jmm at debian.org
Wed Aug 29 10:04:33 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd88a17e by Moritz Muehlenhoff at 2018-08-29T09:04:02Z
new ATS issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -20096,6 +20096,9 @@ CVE-2018-8041
NOT-FOR-US: Apache Camel Mail component
CVE-2018-8040
RESERVED
+ - trafficserver 7.1.4+ds-1
+ NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/2
+ NOTE: https://github.com/apache/trafficserver/pull/3926
CVE-2018-8039 (It is possible to configure Apache CXF to use the com.sun.net.ssl ...)
NOT-FOR-US: Apache CXF
CVE-2018-8038 (Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable ...)
@@ -20158,6 +20161,10 @@ CVE-2018-8023
RESERVED
CVE-2018-8022
RESERVED
+ - trafficserver 7.0.0-1
+ NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/1
+ NOTE: Only affects 6.x, marking 7.0 as the fixed version
+ NOTE: https://github.com/apache/trafficserver/pull/2147
CVE-2018-8021
RESERVED
CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw ...)
@@ -20238,8 +20245,18 @@ CVE-2018-8006 [Cross-site scripting (XSS) via QueueFilter parameter]
NOTE: Fixed in 5.15.5, 5.16.0
CVE-2018-8005
RESERVED
+ - trafficserver 7.1.4+ds-1
+ NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/4
+ NOTE: https://github.com/apache/trafficserver/pull/3106
+ NOTE: https://github.com/apache/trafficserver/pull/3124
CVE-2018-8004
RESERVED
+ - trafficserver 7.1.4+ds-1
+ NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/5
+ NOTE: https://github.com/apache/trafficserver/pull/3192
+ NOTE: https://github.com/apache/trafficserver/pull/3201
+ NOTE: https://github.com/apache/trafficserver/pull/3231
+ NOTE: https://github.com/apache/trafficserver/pull/3251
CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory ...)
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in ...)
@@ -39876,6 +39893,9 @@ CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that ca
NOT-FOR-US: Apache Allura
CVE-2018-1318
RESERVED
+ - trafficserver 7.1.4+ds-1
+ NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/3
+ NOTE: https://github.com/apache/trafficserver/pull/3195
CVE-2018-1317
RESERVED
CVE-2018-1316 (The ODE process deployment web service was sensible to deployment ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -86,5 +86,7 @@ sympa (carnil)
--
thunderbird (jmm)
--
+trafficserver
+--
wesnoth-1.12
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd88a17e6fe3cba0eaca5b27fce7e73c6da453df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd88a17e6fe3cba0eaca5b27fce7e73c6da453df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180829/40d01d58/attachment.html>
More information about the debian-security-tracker-commits
mailing list