[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 3 09:10:55 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9cb9f35 by security tracker role at 2018-07-03T08:10:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,12 +1,120 @@
+CVE-2018-13100 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
+ TODO: check
+CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux kernel through ...)
+ TODO: check
+CVE-2018-13098 (An issue was discovered in fs/f2fs/inode.c in the Linux kernel through ...)
+ TODO: check
+CVE-2018-13097 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
+ TODO: check
+CVE-2018-13096 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
+ TODO: check
+CVE-2018-13095 (An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux ...)
+ TODO: check
+CVE-2018-13094 (An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux ...)
+ TODO: check
+CVE-2018-13093 (An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel ...)
+ TODO: check
+CVE-2018-13092 (The mintToken function of a smart contract implementation for Reimburse ...)
+ TODO: check
+CVE-2018-13091 (The mintToken function of a smart contract implementation for sumocoin ...)
+ TODO: check
+CVE-2018-13090 (The mintToken function of a smart contract implementation for ...)
+ TODO: check
+CVE-2018-13089 (The mintToken function of a smart contract implementation for Universal ...)
+ TODO: check
+CVE-2018-13088 (The mintToken function of a smart contract implementation for Futures ...)
+ TODO: check
+CVE-2018-13087 (The mintToken function of a smart contract implementation for Coinstar ...)
+ TODO: check
+CVE-2018-13086 (The mintToken function of a smart contract implementation for IADOWR ...)
+ TODO: check
+CVE-2018-13085 (The mintToken function of a smart contract implementation for FreeCoin ...)
+ TODO: check
+CVE-2018-13084 (The mintToken function of a smart contract implementation for Good Time ...)
+ TODO: check
+CVE-2018-13083 (The mintToken function of a smart contract implementation for Plaza ...)
+ TODO: check
+CVE-2018-13082 (The mintToken function of a smart contract implementation for MODI ...)
+ TODO: check
+CVE-2018-13081 (The mintToken function of a smart contract implementation for GZS Token ...)
+ TODO: check
+CVE-2018-13080 (The mintToken function of a smart contract implementation for Goutex ...)
+ TODO: check
+CVE-2018-13079 (The mintToken function of a smart contract implementation for GoodTo ...)
+ TODO: check
+CVE-2018-13078 (The mintToken function of a smart contract implementation for Jitech ...)
+ TODO: check
+CVE-2018-13077 (The mintToken function of a smart contract implementation for CTB, an ...)
+ TODO: check
+CVE-2018-13076 (The mintToken function of a smart contract implementation for Betcash ...)
+ TODO: check
+CVE-2018-13075 (The mintToken function of a smart contract implementation for Carbon ...)
+ TODO: check
+CVE-2018-13074 (The mintToken function of a smart contract implementation for FIBToken ...)
+ TODO: check
+CVE-2018-13073 (The mintToken function of a smart contract implementation for ...)
+ TODO: check
+CVE-2018-13072 (The mintToken function of a smart contract implementation for ...)
+ TODO: check
+CVE-2018-13071 (The mintToken function of a smart contract implementation for CCindex10 ...)
+ TODO: check
+CVE-2018-13070 (The mintToken function of a smart contract implementation for ...)
+ TODO: check
+CVE-2018-13069 (The mintToken function of a smart contract implementation for DYchain ...)
+ TODO: check
+CVE-2018-13068 (The mintToken function of a smart contract implementation for ...)
+ TODO: check
+CVE-2018-13067 (/upload/catalog/controller/account/password.php in OpenCart through ...)
+ TODO: check
+CVE-2018-13066 (There is a memory leak in util/parser.c in libming 0.4.8, which will ...)
+ TODO: check
+CVE-2018-13065
+ RESERVED
+CVE-2018-13064
+ RESERVED
+CVE-2018-13063
+ RESERVED
+CVE-2018-13062
+ RESERVED
+CVE-2018-13061
+ RESERVED
+CVE-2018-13060
+ RESERVED
+CVE-2018-13059
+ RESERVED
+CVE-2018-13058
+ RESERVED
+CVE-2018-13057
+ RESERVED
+CVE-2018-13056 (An issue was discovered on zzcms 8.3. There is a vulnerability at ...)
+ TODO: check
+CVE-2018-13055
+ RESERVED
+CVE-2018-13053 (The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the ...)
+ TODO: check
+CVE-2018-13052
+ RESERVED
+CVE-2018-13051
+ RESERVED
+CVE-2018-13050 (A SQL Injection vulnerability exists in Zoho ManageEngine Applications ...)
+ TODO: check
+CVE-2018-13048
+ RESERVED
+CVE-2018-13047
+ RESERVED
+CVE-2018-13046
+ RESERVED
+CVE-2018-13045
+ RESERVED
CVE-2018-XXXX [accountservice: insufficient path check in user_change_icon_file_authorized_cb()]
- accountsservice <unfixed> (low)
[stretch] - accountsservice <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/02/2
-CVE-2018-13054 [possible symlink attack in cinnamon-settings-users.py]
+CVE-2018-13054 (An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The ...)
- cinnamon <unfixed>
NOTE: https://github.com/linuxmint/Cinnamon/pull/7683
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1083067
-CVE-2018-13049 [SQL Injection in inc/search.class.php]
+CVE-2018-13049 (The constructSQL function in inc/search.class.php in GLPI 9.2.x through ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/issues/4270
NOTE: https://github.com/trasher/glpi/commit/5c58d4c57be7b1e0c1de925b97f22d4468291d41
@@ -344,25 +452,22 @@ CVE-2018-12898
RESERVED
CVE-2018-12897
RESERVED
-CVE-2018-12896
- RESERVED
+CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An Integer ...)
+ TODO: check
CVE-2018-12895 (WordPress through 4.9.6 allows Author users to execute arbitrary code ...)
- wordpress <unfixed> (bug #902876)
NOTE: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
CVE-2018-12894
RESERVED
-CVE-2018-12893
- RESERVED
+CVE-2018-12893 (An issue was discovered in Xen through 4.10.x. One of the fixes in ...)
{DSA-4236-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-265.html
-CVE-2018-12892
- RESERVED
+CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass ...)
{DSA-4236-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-266.html
-CVE-2018-12891
- RESERVED
+CVE-2018-12891 (An issue was discovered in Xen through 4.10.x. Certain PV MMU ...)
{DSA-4236-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-264.html
@@ -1247,14 +1352,14 @@ CVE-2018-12579
CVE-2018-12578 (There is a heap-based buffer overflow in bmp_compress1_row in ...)
- sam2p <removed>
NOTE: https://github.com/pts/sam2p/issues/39
-CVE-2018-12577
- RESERVED
-CVE-2018-12576
- RESERVED
-CVE-2018-12575
- RESERVED
-CVE-2018-12574
- RESERVED
+CVE-2018-12577 (The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 ...)
+ TODO: check
+CVE-2018-12576 (TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 ...)
+ TODO: check
+CVE-2018-12575 (On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 ...)
+ TODO: check
+CVE-2018-12574 (CSRF exists for all actions in the web interface on TP-Link TL-WR841N ...)
+ TODO: check
CVE-2018-12573
RESERVED
CVE-2018-12572
@@ -1385,10 +1490,10 @@ CVE-2018-12531 (An issue was discovered in MetInfo 6.0.0. install\index.php allo
NOT-FOR-US: MetInfo
CVE-2018-12530 (An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php ...)
NOT-FOR-US: MetInfo
-CVE-2018-12529
- RESERVED
-CVE-2018-12528
- RESERVED
+CVE-2018-12529 (An issue was discovered on Intex N150 devices. The router firmware ...)
+ TODO: check
+CVE-2018-12528 (An issue was discovered on Intex N150 devices. The backup/restore ...)
+ TODO: check
CVE-2018-12527
RESERVED
CVE-2018-12526 (Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default ...)
@@ -1445,8 +1550,8 @@ CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...)
NOT-FOR-US: Nagios Fusion
CVE-2018-12500
RESERVED
-CVE-2018-12499
- RESERVED
+CVE-2018-12499 (The Motorola MBP853 firmware does not correctly validate server ...)
+ TODO: check
CVE-2018-12498 (spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id ...)
NOT-FOR-US: iCMS
CVE-2018-12497
@@ -1712,8 +1817,8 @@ CVE-2018-12428
RESERVED
CVE-2018-12427
RESERVED
-CVE-2018-12426
- RESERVED
+CVE-2018-12426 (The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is ...)
+ TODO: check
CVE-2018-12425
RESERVED
CVE-2018-12424
@@ -3136,7 +3241,7 @@ CVE-2018-1002200 [arbitrary file write vulnerability / arbitrary code execution
- plexus-archiver 3.6.0-1 (bug #900953)
NOTE: https://github.com/codehaus-plexus/plexus-archiver/pull/87
NOTE: https://github.com/codehaus-plexus/plexus-archiver/commit/58bc24e465c0842981692adbf6d75680298989de
-CVE-2018-1000204 (Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl ...)
+CVE-2018-1000204 (** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles ...)
- linux 4.16.12-1
NOTE: Fixed by: https://git.kernel.org/linus/a45b599ad808c3c982fdcdc12b0b8611c2f92824
CVE-2018-1000203 (Soar Labs Soar Coin version up to and including git commit ...)
@@ -5396,6 +5501,7 @@ CVE-2018-10965
CVE-2018-10964
RESERVED
CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF ...)
+ {DLA-1411-1}
- tiff 4.0.9-6 (bug #898348)
[stretch] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
@@ -5620,8 +5726,7 @@ CVE-2018-10875
RESERVED
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596533
-CVE-2018-10874
- RESERVED
+CVE-2018-10874 (In ansible it was found that inventory variables are loaded from ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596528
CVE-2018-10873
@@ -5675,11 +5780,9 @@ CVE-2018-10857
- git-annex 6.20180626-1
NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
-CVE-2018-10856
- RESERVED
+CVE-2018-10856 (It has been discovered that podman before version 0.6.1 does not drop ...)
NOT-FOR-US: Podman
-CVE-2018-10855 [Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs]
- RESERVED
+CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the ...)
- ansible 2.5.5+dfsg-1
[jessie] - ansible <not-affected> (vulnerable code not present)
NOTE: https://github.com/ansible/ansible/pull/41414
@@ -5716,8 +5819,7 @@ CVE-2018-10845
RESERVED
CVE-2018-10844
RESERVED
-CVE-2018-10843
- RESERVED
+CVE-2018-10843 (source-to-image component of Openshift Container Platform before ...)
NOT-FOR-US: source-to-image in OpenShift
CVE-2018-10842
RESERVED
@@ -6336,8 +6438,8 @@ CVE-2018-10598
RESERVED
CVE-2018-10597 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
-CVE-2018-10596
- RESERVED
+CVE-2018-10596 (Medtronic 2090 CareLink Programmer all versions The affected product ...)
+ TODO: check
CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows an ...)
NOT-FOR-US: BD Kiestra and InoqulA systems
CVE-2018-10594 (Delta Industrial Automation COMMGR from Delta Electronics versions ...)
@@ -7691,10 +7793,10 @@ CVE-2018-10078 (Cross-site scripting (XSS) vulnerability in Geist WatchDog Conso
NOT-FOR-US: Geist WatchDog Console
CVE-2018-10077 (XML external entity (XXE) vulnerability in Geist WatchDog Console ...)
NOT-FOR-US: Geist WatchDog Console
-CVE-2018-10076
- RESERVED
-CVE-2018-10075
- RESERVED
+CVE-2018-10076 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. ...)
+ TODO: check
+CVE-2018-10075 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog ...)
+ TODO: check
CVE-2018-10073 (joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword ...)
NOT-FOR-US: joyplus-cms
CVE-2018-10072 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
@@ -9474,8 +9576,8 @@ CVE-2018-9278
RESERVED
CVE-2018-9277
RESERVED
-CVE-2018-9276
- RESERVED
+CVE-2018-9276 (An issue was discovered in PRTG Network Monitor before 18.2.39. An ...)
+ TODO: check
CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) ...)
- yubico-pam <unfixed> (bug #896491)
[stretch] - yubico-pam <no-dsa> (Minor issue)
@@ -10543,7 +10645,7 @@ CVE-2018-8907
CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
NOT-FOR-US: dsmall
CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...)
- {DLA-1378-1 DLA-1377-1}
+ {DLA-1411-1 DLA-1378-1 DLA-1377-1}
- tiff 4.0.9-6 (bug #893806)
[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
- tiff3 <removed>
@@ -10644,12 +10746,12 @@ CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware vers
NOT-FOR-US: Schneider
CVE-2018-8871 (In Delta Electronics Automation TPEditor version 1.89 or prior, ...)
NOT-FOR-US: Delta Electronics Automation TPEditor
-CVE-2018-8870
- RESERVED
+CVE-2018-8870 (Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all ...)
+ TODO: check
CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for ...)
NOT-FOR-US: Lantech
-CVE-2018-8868
- RESERVED
+CVE-2018-8868 (Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all ...)
+ TODO: check
CVE-2018-8867 (In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 ...)
NOT-FOR-US: GE PACSystems
CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an ...)
@@ -12620,8 +12722,7 @@ CVE-2018-8041
RESERVED
CVE-2018-8040
RESERVED
-CVE-2018-8039
- RESERVED
+CVE-2018-8039 (It is possible to configure Apache CXF to use the com.sun.net.ssl ...)
NOT-FOR-US: Apache CXF
CVE-2018-8038
RESERVED
@@ -14390,7 +14491,7 @@ CVE-2018-7458
CVE-2018-7457
RESERVED
CVE-2018-7456 (A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in ...)
- {DLA-1347-1 DLA-1346-1}
+ {DLA-1411-1 DLA-1347-1 DLA-1346-1}
- tiff 4.0.9-5 (bug #891288)
[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
- tiff3 <removed>
@@ -19823,7 +19924,7 @@ CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an ...)
- openjpeg2 <unfixed> (low; bug #888533)
NOTE: https://github.com/uclouvain/openjpeg/issues/1057
CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...)
- {DLA-1391-1}
+ {DLA-1411-1 DLA-1391-1}
- tiff 4.0.9-4 (bug #890441)
[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
- tiff3 <removed>
@@ -32256,8 +32357,8 @@ CVE-2018-1251
RESERVED
CVE-2018-1250
RESERVED
-CVE-2018-1249
- RESERVED
+CVE-2018-1249 (Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use ...)
+ TODO: check
CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and ...)
NOT-FOR-US: RSA Authentication Mamager
CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier, ...)
@@ -32266,10 +32367,10 @@ CVE-2018-1246
RESERVED
CVE-2018-1245
RESERVED
-CVE-2018-1244
- RESERVED
-CVE-2018-1243
- RESERVED
+CVE-2018-1244 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 ...)
+ TODO: check
+CVE-2018-1243 (Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior ...)
+ TODO: check
CVE-2018-1242 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
NOT-FOR-US: Dell
CVE-2018-1241 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
@@ -32330,8 +32431,8 @@ CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Win
NOT-FOR-US: EMC
CVE-2018-1213 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...)
NOT-FOR-US: Dell
-CVE-2018-1212
- RESERVED
+CVE-2018-1212 (The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic ...)
+ TODO: check
CVE-2018-1211 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path ...)
NOT-FOR-US: Dell EMC iDRAC7/iDRAC8
CVE-2018-1210
@@ -32791,8 +32892,7 @@ CVE-2018-1114 [File descriptor leak caused by JarURLConnection.getLastModified()
NOTE: https://issues.jboss.org/browse/UNDERTOW-1338
NOTE: https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
NOTE: https://bugs.openjdk.java.net/browse/JDK-6956385
-CVE-2018-1113
- RESERVED
+CVE-2018-1113 (setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise ...)
NOT-FOR-US: Red Hat specific CVE assignment for Red Hat / Fedora setups (nologin listed in /etc/shells violates security expectations)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1571094
CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when ...)
@@ -32936,8 +33036,7 @@ CVE-2018-1082 (A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a u
- moodle <removed>
CVE-2018-1081 (A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, ...)
- moodle <removed>
-CVE-2018-1080 [Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access]
- RESERVED
+CVE-2018-1080 (Dogtag PKI, through version 10.6.1, has a vulnerability in ...)
[experimental] - dogtag-pki 10.6.0-2
- dogtag-pki <unfixed> (bug #893690)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1556657
@@ -33280,10 +33379,10 @@ CVE-2017-17319 (Huawei P9 smartphones with the versions before EVA-AL10C00B399SP
NOT-FOR-US: Huawei
CVE-2017-17318 (Huawei MBB (Mobile Broadband) products E5771h-937 with the versions ...)
NOT-FOR-US: Huawei
-CVE-2017-17317
- RESERVED
-CVE-2017-17316
- RESERVED
+CVE-2017-17317 (Common Open Policy Service Protocol (COPS) module in Huawei USG6300 ...)
+ TODO: check
+CVE-2017-17316 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...)
+ TODO: check
CVE-2017-17315 (Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; ...)
NOT-FOR-US: Huawei
CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...)
@@ -33564,8 +33663,8 @@ CVE-2017-17177
RESERVED
CVE-2017-17176
RESERVED
-CVE-2017-17175
- RESERVED
+CVE-2017-17175 (Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones ...)
+ TODO: check
CVE-2017-17174
RESERVED
CVE-2017-17173 (Due to insufficient parameters verification GPU driver of Mate 9 Pro ...)
@@ -35090,8 +35189,7 @@ CVE-2018-0501
RESERVED
CVE-2018-0500
RESERVED
-CVE-2018-0499 [Incomplete HTML escaping by Xapian::MSet::snippet()]
- RESERVED
+CVE-2018-0499 (A cross-site scripting vulnerability in ...)
- xapian-core 1.4.6-1 (bug #902886)
NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
CVE-2018-0498
@@ -52695,7 +52793,7 @@ CVE-2017-11615 (A sandbox escape in the Lua interface in Wube Factorio before 0.
CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for ...)
NOT-FOR-US: MEDHOST Connex
CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in the ...)
- {DLA-1391-1}
+ {DLA-1411-1 DLA-1391-1}
- tiff 4.0.9-5 (low; bug #869823)
[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
- tiff3 <removed>
@@ -80666,8 +80764,7 @@ CVE-2017-2616 [Sending SIGKILL to other processes with root privileges via su]
- coreutils 8.20-1 (unimportant)
NOTE: Coreutils: Removed from source in https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=928dd737
NOTE: and not installed by default since 2007.
-CVE-2017-2615 [display: cirrus: oob access while doing bitblt copy backward mode]
- RESERVED
+CVE-2017-2615 (Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator ...)
{DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (low; bug #854731)
NOTE: Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106)
@@ -190647,7 +190744,7 @@ CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Wind
NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
-CVE-2012-5575 (Apache CFX 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x ...)
+CVE-2012-5575 (Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x ...)
NOT-FOR-US: Apache CXF
CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote ...)
NOT-FOR-US: Symfony
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9cb9f3537eee1847353f8fa7f5324cbb9cb4b7c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9cb9f3537eee1847353f8fa7f5324cbb9cb4b7c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180703/2ccbae3d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list