[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Dec 4 15:46:44 GMT 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f342447a by Moritz Muehlenhoff at 2018-12-04T15:46:08Z
NFUs
tiff updates

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9730,7 +9730,8 @@ CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-b
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/f1b94e8a3ba49febdd3361c0214a1d1149251577
 CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
 	{DLA-1557-1}
-	- tiff 4.0.9+git181026-1 (bug #909038)
+	- tiff 4.0.9+git181026-1 (low; bug #909038)
+	[stretch] - tiff <postponed> (Minor issue)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
@@ -9973,6 +9974,7 @@ CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS ..
 	NOT-FOR-US: RICOH
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...)
 	- tiff <unfixed> (bug #908778)
+	[stretch] - tiff <postponed> (Minor issue)
 	- tiff3 <removed>
 	[jessie] - tiff <postponed> (Can be fixed along in future DLA)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2811
@@ -36203,15 +36205,15 @@ CVE-2018-7118
 CVE-2018-7117
 	RESERVED
 CVE-2018-7116 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2018-7115 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2018-7114 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2018-7113 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2018-7112 (The HPE-provided Windows firmware installer for certain Gen9, Gen8, ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2018-7111 (A remote unauthorized access vulnerability was identified in HPE UIoT ...)
 	NOT-FOR-US: HPE
 CVE-2018-7110 (A remote unauthorized disclosure of information vulnerability was ...)
@@ -38296,9 +38298,9 @@ CVE-2018-6442 (A vulnerability in the Brocade Webtools firmware update section o
 CVE-2018-6441 (A vulnerability in Secure Shell implementation of Brocade Fabric OS ...)
 	NOT-FOR-US: Brocade
 CVE-2018-6440 (A vulnerability in the proxy service of Brocade Fabric OS versions ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2018-6439 (A Vulnerability in the configdownload command of Brocade Fabric OS ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2018-6438 (A Vulnerability in the supportsave command of Brocade Fabric OS ...)
 	NOT-FOR-US: Brocade
 CVE-2018-6437 (A Vulnerability in the help command of Brocade Fabric OS command line ...)
@@ -45187,11 +45189,11 @@ CVE-2018-4022 (A use-after-free vulnerability exists in the way MKVToolNix MKVIN
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694
 	NOTE: https://gitlab.com/mbunkus/mkvtoolnix/commit/43021d16c7bcd3f9f70214827755a5163782b633
 CVE-2018-4021 (An exploitable command injection vulnerability exists in the way ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2018-4020 (An exploitable command injection vulnerability exists in the way ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2018-4019 (An exploitable command injection vulnerability exists in the way ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2018-4018
 	RESERVED
 CVE-2018-4017
@@ -45531,7 +45533,7 @@ CVE-2018-3856 (An exploitable vulnerability exists in the smart cameras RTSP ...
 CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
 	NOT-FOR-US: Hyland Perceptive Document Filters
 CVE-2018-3854 (An exploitable information disclosure vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: Quicken
 CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3852 (An exploitable denial of service vulnerability exists in the Ocularis ...)
@@ -51465,7 +51467,7 @@ CVE-2018-1842 (IBM Cognos Analytics 11 Configuration tool, under certain ...)
 CVE-2018-1841 (IBM Cloud Private 2.1.0 could allow a local user to obtain the CA ...)
 	NOT-FOR-US: IBM
 CVE-2018-1840 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1839
 	RESERVED
 CVE-2018-1838 (IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -30,9 +30,6 @@ libphp-phpmailer (carnil)
 --
 libspring-java
 --
-libxml2 (carnil)
-  Re-evaluate situation for unstable first, risky to expose some fixes directly
---
 linux
   Wait until more issues have piled up
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f342447ae67c68a4326e68ca71d9a1d53d86798f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f342447ae67c68a4326e68ca71d9a1d53d86798f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181204/c426cddd/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list