[Git][security-tracker-team/security-tracker][master] new node-macaddress issue

Tue Jul 10 10:32:39 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d8ddfc1 by Moritz Muehlenhoff at 2018-07-10T11:32:14+02:00
new node-macaddress issue
one ntp bug ref

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-XXXX [node macaddress command injection]
+	- node-macaddress 0.2.9-1 (unimportant)
+	NOTE: https://github.com/scravy/node-macaddress/pull/20
+	NOTE: nodejs not covered by security support
 CVE-2018-13795 (Gravity before 0.5.1 does not support a maximum recursion depth. ...)
 	TODO: check
 CVE-2018-13794 (A heap-based buffer overflow exists in stbi__bmp_load_cont in ...)
@@ -17115,6 +17119,7 @@ CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before upda
 	NOTE: http://www.kb.cert.org/vuls/id/961909
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a76f46bK1M87GD1tJounOczC-5Zow
 CVE-2018-7183 (Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 ...)
 	- ntp 1:4.2.8p11+dfsg-1 (low)
 	[stretch] - ntp <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d8ddfc1eeee622a9f9bc0ec21a8f8317f329a86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d8ddfc1eeee622a9f9bc0ec21a8f8317f329a86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180710/19fac60b/attachment-0001.html>
