[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 13 21:10:30 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7fdcca8 by security tracker role at 2018-07-13T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,53 @@
-CVE-2018-14054 [double free in MP4v2]
+CVE-2018-14053
+ RESERVED
+CVE-2018-14052 (An issue has been found in libwav through 2017-04-20. It is a SEGV in ...)
+ TODO: check
+CVE-2018-14051 (The function wav_read in libwav.c in libwav through 2017-04-20 has an ...)
+ TODO: check
+CVE-2018-14050 (An issue has been found in libwav through 2017-04-20. It is a SEGV in ...)
+ TODO: check
+CVE-2018-14049 (An issue has been found in libwav through 2017-04-20. It is a SEGV in ...)
+ TODO: check
+CVE-2018-14048 (An issue has been found in libpng 1.6.34. It is a SEGV in the function ...)
+ TODO: check
+CVE-2018-14047 (** DISPUTED ** An issue has been found in PNGwriter 0.7.0. It is a SEGV ...)
+ TODO: check
+CVE-2018-14046 (Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks ...)
+ TODO: check
+CVE-2018-14045 (The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in ...)
+ TODO: check
+CVE-2018-14044 (The RateTransposer::setChannels function in RateTransposer.cpp in ...)
+ TODO: check
+CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file ...)
+ TODO: check
+CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container ...)
+ TODO: check
+CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
+ TODO: check
+CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
+ TODO: check
+CVE-2018-14039
+ RESERVED
+CVE-2018-14038
+ RESERVED
+CVE-2018-14037
+ RESERVED
+CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
+ TODO: check
+CVE-2018-1000210 (YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object ...)
+ TODO: check
+CVE-2018-1000209 (Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a ...)
+ TODO: check
+CVE-2018-1000208 (MODX Revolution version <=2.6.4 contains a Directory Traversal ...)
+ TODO: check
+CVE-2018-1000207 (MODX Revolution version <=2.6.4 contains a Incorrect Access Control ...)
+ TODO: check
+CVE-2018-1000206 (JFrog Artifactory version since 5.11 contains a Cross ite Request ...)
+ TODO: check
+CVE-2018-14054 (A double free exists in the MP4StringProperty class in mp4property.cpp ...)
- mp4v2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1
-CVE-2018-14036 [accountservice: insufficient path check in user_change_icon_file_authorized_cb()]
+CVE-2018-14036 (Directory Traversal with ../ sequences occurs in AccountsService before ...)
- accountsservice <unfixed> (low)
[stretch] - accountsservice <no-dsa> (Minor issue)
[jessie] - accountsservice <ignored> (Minor issue)
@@ -2133,6 +2179,7 @@ CVE-2018-13046
CVE-2018-13045
RESERVED
CVE-2018-13054 (An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The ...)
+ {DLA-1420-1}
- cinnamon <unfixed> (bug #903201)
[stretch] - cinnamon <no-dsa> (Minor issue)
NOTE: https://github.com/linuxmint/Cinnamon/pull/7683
@@ -3975,14 +4022,17 @@ CVE-2018-12375
RESERVED
CVE-2018-12374
RESERVED
+ {DSA-4244-1}
- thunderbird 1:52.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12374
CVE-2018-12373
RESERVED
+ {DSA-4244-1}
- thunderbird 1:52.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12373
CVE-2018-12372
RESERVED
+ {DSA-4244-1}
- thunderbird 1:52.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
CVE-2018-12371
@@ -4011,7 +4061,7 @@ CVE-2018-12367
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
CVE-2018-12366
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4244-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:52.9.0-1
@@ -4020,7 +4070,7 @@ CVE-2018-12366
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12366
CVE-2018-12365
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4244-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:52.9.0-1
@@ -4029,7 +4079,7 @@ CVE-2018-12365
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12365
CVE-2018-12364
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4244-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:52.9.0-1
@@ -4038,7 +4088,7 @@ CVE-2018-12364
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12364
CVE-2018-12363
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4244-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:52.9.0-1
@@ -4047,7 +4097,7 @@ CVE-2018-12363
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12363
CVE-2018-12362
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4244-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:52.9.0-1
@@ -4060,7 +4110,7 @@ CVE-2018-12361
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
CVE-2018-12360
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4244-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:52.9.0-1
@@ -4069,7 +4119,7 @@ CVE-2018-12360
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12360
CVE-2018-12359
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4244-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:52.9.0-1
@@ -8504,8 +8554,8 @@ CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version ..
NOT-FOR-US: Universal Robots
CVE-2018-10632
RESERVED
-CVE-2018-10631
- RESERVED
+CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
+ TODO: check
CVE-2018-10630
RESERVED
CVE-2018-10629
@@ -9868,8 +9918,8 @@ CVE-2018-10103
RESERVED
CVE-2018-10099
RESERVED
-CVE-2018-10098
- RESERVED
+CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business ...)
+ TODO: check
CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php ...)
NOT-FOR-US: Domain Trader
CVE-2018-1000171
@@ -10100,8 +10150,8 @@ CVE-2018-9991 (Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username
NOT-FOR-US: Frog CMS
CVE-2018-9990 (In Zulip Server versions before 1.7.2, there was an XSS issue with ...)
- zulip-server <itp> (bug #800052)
-CVE-2018-10018
- RESERVED
+CVE-2018-10018 (The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA ...)
+ TODO: check
CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before ...)
- libopenmpt 0.3.8-1 (bug #895406)
[stretch] - libopenmpt <no-dsa> (Minor issue)
@@ -12355,14 +12405,14 @@ CVE-2018-9072
RESERVED
CVE-2018-9071
RESERVED
-CVE-2018-9070
- RESERVED
+CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than ...)
+ TODO: check
CVE-2018-9069
RESERVED
CVE-2018-9068
RESERVED
-CVE-2018-9067
- RESERVED
+CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had ...)
+ TODO: check
CVE-2018-9066
RESERVED
CVE-2018-9065
@@ -12959,8 +13009,8 @@ CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician .
NOT-FOR-US: Medtronic
CVE-2018-8848
RESERVED
-CVE-2018-8847
- RESERVED
+CVE-2018-8847 (Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer ...)
+ TODO: check
CVE-2018-8846
RESERVED
CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
@@ -13144,7 +13194,7 @@ CVE-2018-8781 (The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the L
NOTE: https://patchwork.freedesktop.org/patch/211845/
NOTE: Fixed by: https://git.kernel.org/linus/3b82a4db8eaccce735dffd50b4d4e1578099b8e8
CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1359-1 DLA-1358-1}
+ {DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -13155,7 +13205,7 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1359-1 DLA-1358-1}
+ {DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -13167,7 +13217,7 @@ CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10)
NOTE: ruby1.8: test examples from hackerone doesn't work. ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1359-1 DLA-1358-1}
+ {DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -13178,7 +13228,7 @@ CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
NOTE: Fixed by: https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1359-1 DLA-1358-1}
+ {DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -16432,8 +16482,8 @@ CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before .
- python-django 1:1.11.11-1
NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
NOTE: Patch https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
-CVE-2018-7535
- RESERVED
+CVE-2018-7535 (An issue was discovered in TotalAV v4.1.7. An unprivileged user could ...)
+ TODO: check
CVE-2018-7534 (In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth ...)
NOT-FOR-US: Stealth Authorization Server
CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI ...)
@@ -17300,7 +17350,7 @@ CVE-2018-1000081 (Ajenti version version 2 contains a Input Validation vulnerabi
CVE-2018-1000080 (Ajenti version version 2 contains a Insecure Permissions vulnerability ...)
- ajenti <itp> (bug #792019)
CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1}
+ {DSA-4219-1 DLA-1421-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -17315,7 +17365,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -17326,7 +17376,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -17337,7 +17387,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -17348,7 +17398,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
- {DSA-4219-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
+ {DSA-4219-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -18212,8 +18262,8 @@ CVE-2018-6971
RESERVED
CVE-2018-6970
RESERVED
-CVE-2018-6969
- RESERVED
+CVE-2018-6969 (VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds ...)
+ TODO: check
CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent ...)
NOT-FOR-US: VMware AirWatch Agent
CVE-2018-6967 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x ...)
@@ -18421,7 +18471,7 @@ CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...)
CVE-2018-6915
RESERVED
CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the ...)
- {DLA-1359-1 DLA-1358-1}
+ {DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -23796,7 +23846,7 @@ CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to ca
NOT-FOR-US: Jungo Windriver
CVE-2018-5188
RESERVED
- {DSA-4235-1 DLA-1406-1}
+ {DSA-4244-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:52.9.0-1
@@ -28454,7 +28504,7 @@ CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the markup_clean_hre
CVE-2017-17791
RESERVED
CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...)
- {DLA-1222-1 DLA-1221-1}
+ {DLA-1421-1 DLA-1222-1 DLA-1221-1}
- ruby2.5 2.5.0-1 (bug #884878)
- ruby2.3 <removed> (bug #884879)
[stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in future DSA)
@@ -28611,7 +28661,7 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu
CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- {DLA-1359-1 DLA-1358-1}
+ {DLA-1421-1 DLA-1359-1 DLA-1358-1}
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -34558,8 +34608,8 @@ CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x p
NOTE: https://pivotal.io/security/cve-2018-1257
CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
NOT-FOR-US: Spring Cloud SSO Connector
-CVE-2018-1255
- RESERVED
+CVE-2018-1255 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 ...)
+ TODO: check
CVE-2018-1254 (RSA Authentication Manager Security Console, versions 8.3 P1 and ...)
NOT-FOR-US: RSA Authentication Manager Security Console
CVE-2018-1253 (RSA Authentication Manager Operation Console, versions 8.3 P1 and ...)
@@ -34578,8 +34628,8 @@ CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earl
NOT-FOR-US: RSA Authentication Manager
CVE-2018-1246
RESERVED
-CVE-2018-1245
- RESERVED
+CVE-2018-1245 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 ...)
+ TODO: check
CVE-2018-1244 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 ...)
NOT-FOR-US: EMC
CVE-2018-1243 (Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior ...)
@@ -34937,7 +34987,7 @@ CVE-2017-17407 (This vulnerability allows remote attackers to execute arbitrary
CVE-2017-17406 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: NetGain
CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...)
- {DLA-1222-1 DLA-1221-1}
+ {DLA-1421-1 DLA-1222-1 DLA-1221-1}
- ruby2.5 2.5.0~rc1-1 (bug #884437)
- ruby2.3 2.3.6-1 (bug #884438)
[stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in a future update)
@@ -47770,7 +47820,7 @@ CVE-2017-14066
CVE-2017-14065
RESERVED
CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can ...)
- {DSA-3966-1 DLA-1114-1}
+ {DSA-3966-1 DLA-1421-1 DLA-1114-1}
- ruby2.3 2.3.3-1+deb9u1 (bug #873906)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -47880,7 +47930,7 @@ CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec,
NOT-FOR-US: libbpg
NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1
CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
- {DSA-4031-1 DLA-1114-1}
+ {DSA-4031-1 DLA-1421-1 DLA-1114-1}
- ruby2.3 2.3.5-1 (bug #875928)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -57644,7 +57694,7 @@ CVE-2017-10786
CVE-2017-10785
RESERVED
CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...)
- {DSA-4031-1 DLA-1114-1 DLA-1113-1}
+ {DSA-4031-1 DLA-1421-1 DLA-1114-1 DLA-1113-1}
- ruby2.3 2.3.5-1 (bug #875931)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -61068,7 +61118,7 @@ CVE-2017-9553 (A design flaw in SYNO.API.Encryption in Synology DiskStation Mana
CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 ...)
NOT-FOR-US: Synology Photo Station
CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...)
- {DSA-3966-1}
+ {DSA-3966-1 DLA-1421-1}
- ruby2.3 2.3.3-1+deb9u1 (bug #864860)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -85600,8 +85650,8 @@ CVE-2017-1397
RESERVED
CVE-2017-1396
RESERVED
-CVE-2017-1395
- RESERVED
+CVE-2017-1395 (IBM Security Identity Governance and Intelligence Virtual Appliance ...)
+ TODO: check
CVE-2017-1394
RESERVED
CVE-2017-1393
@@ -85656,8 +85706,8 @@ CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
NOT-FOR-US: IBM
CVE-2017-1368
RESERVED
-CVE-2017-1367
- RESERVED
+CVE-2017-1367 (IBM Security Identity Governance and Intelligence Virtual Appliance ...)
+ TODO: check
CVE-2017-1366
RESERVED
CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle ...)
@@ -86621,7 +86671,7 @@ CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3
CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable to a ...)
NOT-FOR-US: private_address_check ruby gem
CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...)
- {DSA-4031-1}
+ {DSA-4031-1 DLA-1421-1}
- ruby2.3 2.3.5-1 (bug #879231)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -86632,7 +86682,7 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ..
NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
NOTE: Fixed by: https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking ...)
- {DSA-3966-1}
+ {DSA-3966-1 DLA-1421-1}
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -86644,7 +86694,7 @@ CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijack
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification ...)
- {DSA-3966-1 DLA-1114-1 DLA-1112-1}
+ {DSA-3966-1 DLA-1421-1 DLA-1114-1 DLA-1112-1}
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -86654,7 +86704,7 @@ CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specificati
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
- {DSA-3966-1 DLA-1114-1 DLA-1112-1}
+ {DSA-3966-1 DLA-1421-1 DLA-1114-1 DLA-1112-1}
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -86664,7 +86714,7 @@ CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
- {DSA-3966-1 DLA-1114-1}
+ {DSA-3966-1 DLA-1421-1 DLA-1114-1}
- ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802)
- ruby2.1 <removed> (unimportant)
- ruby1.9.1 <removed> (unimportant)
@@ -86675,7 +86725,7 @@ CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there
CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious ...)
- {DSA-4031-1 DLA-1114-1 DLA-1113-1}
+ {DSA-4031-1 DLA-1421-1 DLA-1114-1 DLA-1113-1}
- ruby2.3 2.3.5-1 (bug #875936)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -94833,7 +94883,7 @@ CVE-2016-7799 (MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote
NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector (IV) in ...)
- {DSA-3966-1}
+ {DSA-3966-1 DLA-1421-1}
- ruby2.3 2.3.3-1+deb9u1 (bug #842432)
- ruby2.1 <removed> (bug #842544)
NOTE: https://github.com/ruby/openssl/issues/49
@@ -103774,7 +103824,7 @@ CVE-2016-5159 (Multiple integer overflows in OpenJPEG, as used in PDFium in Goog
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
NOTE: https://github.com/uclouvain/openjpeg/commit/9a07ccb3d0f076388e4da684a3bfd4327125c721
CVE-2016-5158 (Multiple integer overflows in the opj_tcd_init_tile function in tcd.c ...)
- {DSA-3660-1}
+ {DSA-3768-1 DSA-3660-1}
- openjpeg2 2.1.2-1
- chromium-browser 53.0.2785.89-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -112281,6 +112331,7 @@ CVE-2016-2341
CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows ...)
NOT-FOR-US: Granite
CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the ...)
+ {DLA-1421-1}
- ruby2.3 2.3.0-1
- ruby2.1 <removed> (bug #851161)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0034/
@@ -115166,7 +115217,7 @@ CVE-2016-1627 (The Developer Tools (aka DevTools) subsystem in Google Chrome bef
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1626 (The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in ...)
- {DSA-3486-1}
+ {DSA-4013-1 DSA-3486-1}
- openjpeg <removed>
[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7fdcca8148c58549ac664d6d5564a97cb415c62
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7fdcca8148c58549ac664d6d5564a97cb415c62
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180713/a11757d7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list