[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 26 21:10:31 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
137808f0 by security tracker role at 2018-07-26T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2017-18344 (The timer_create syscall implementation in kernel/time/posix-timers.c ...)
+ TODO: check
CVE-2018-14597
RESERVED
CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversal, ...)
@@ -9286,12 +9288,10 @@ CVE-2018-10903 [GCM tag forgery via truncated tag in finalize_with_tag API]
NOTE: https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
CVE-2018-10902
RESERVED
-CVE-2018-10901 [kvm: vmx: host GDT.LIMIT corruption]
- RESERVED
+CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem. The ...)
- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
NOTE: https://git.kernel.org/linus/3444d7da1839b851eefedd372978d8a982316c36 (2.6.36-rc1)
-CVE-2018-10900 [local privilege escalation]
- RESERVED
+CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before version ...)
{DSA-4253-1}
- network-manager-vpnc 1.2.6-1 (bug #904255)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
@@ -9376,8 +9376,7 @@ CVE-2018-10882
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200069
-CVE-2018-10881
- RESERVED
+CVE-2018-10881 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...)
{DLA-1423-1}
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
@@ -9387,14 +9386,12 @@ CVE-2018-10880 (Linux kernel is vulnerable to a stack-out-of-bounds write in the
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200005
-CVE-2018-10879
- RESERVED
+CVE-2018-10879 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...)
{DLA-1423-1}
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596806
-CVE-2018-10878
- RESERVED
+CVE-2018-10878 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...)
{DLA-1423-1}
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
@@ -9404,8 +9401,7 @@ CVE-2018-10877 (Linux kernel ext4 filesystem is vulnerable to an out-of-bound ac
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199417
-CVE-2018-10876
- RESERVED
+CVE-2018-10876 (A flaw was found in Linux kernel in the ext4 filesystem code. A ...)
{DLA-1423-1}
- linux 4.17.3-1
[stretch] - linux 4.9.110-1
@@ -9767,6 +9763,7 @@ CVE-2018-10760 (Unrestricted file upload vulnerability in the Files plugin in ..
CVE-2018-10759 (PHP remote file inclusion vulnerability in public/patch/patch.php in ...)
NOT-FOR-US: Project Pier
CVE-2018-11319 (Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle ...)
+ {DLA-1444-1}
- vim-syntastic 3.9.0-1 (bug #894736)
NOTE: https://github.com/vim-syntastic/syntastic/issues/2170
NOTE: https://github.com/vim-syntastic/syntastic/commit/6d7c0b394e001233dd09ec473fbea2002c72632f
@@ -13935,8 +13932,8 @@ CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than
NOT-FOR-US: Lenovo
CVE-2018-9069
RESERVED
-CVE-2018-9068
- RESERVED
+CVE-2018-9068 (The IMM2 First Failure Data Capture function collects management ...)
+ TODO: check
CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had ...)
NOT-FOR-US: Lenovo
CVE-2018-9066
@@ -36129,8 +36126,7 @@ CVE-2018-1290 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incuba
NOT-FOR-US: Apache Fineract
CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
NOT-FOR-US: Apache Fineract
-CVE-2018-1288 [Authenticated Kafka clients may interfere with data replication]
- RESERVED
+CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to ...)
- kafka <itp> (bug #786460)
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ...)
- jakarta-jmeter <unfixed> (low)
@@ -38885,16 +38881,15 @@ CVE-2018-0624
RESERVED
CVE-2018-0623
RESERVED
-CVE-2018-0622
- RESERVED
-CVE-2018-0621
- RESERVED
-CVE-2018-0620
- RESERVED
-CVE-2018-0619
- RESERVED
-CVE-2018-0618
- RESERVED
+CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier does not ...)
+ TODO: check
+CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY ...)
+ TODO: check
+CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software versions ...)
+ TODO: check
+CVE-2018-0619 (Untrusted search path vulnerability in the installer of Glarysoft ...)
+ TODO: check
+CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier ...)
{DSA-4246-1 DLA-1442-1}
- mailman 1:2.1.27-1
NOTE: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
@@ -38903,16 +38898,16 @@ CVE-2018-0618
NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1754
NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783
NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785
-CVE-2018-0617
- RESERVED
+CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to ...)
+ TODO: check
CVE-2018-0616
RESERVED
CVE-2018-0615
RESERVED
-CVE-2018-0614
- RESERVED
-CVE-2018-0613
- RESERVED
+CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and ...)
+ TODO: check
+CVE-2018-0613 (NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 ...)
+ TODO: check
CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen converter ...)
NOT-FOR-US: 5000 trillion yen converter
CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify X.509 ...)
@@ -38924,8 +38919,8 @@ CVE-2018-0609 (Untrusted search path vulnerability in LINE for Windows versions
CVE-2018-0608 (Buffer overflow in H2O version 2.2.4 and earlier allows remote ...)
- h2o 2.2.5+dfsg1-1
NOTE: https://github.com/h2o/h2o/issues/1775
-CVE-2018-0607
- RESERVED
+CVE-2018-0607 (SQL injection vulnerability in the Notifications application in the ...)
+ TODO: check
CVE-2018-0606 (SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows ...)
NOT-FOR-US: Pixelpost
CVE-2018-0605 (Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier ...)
@@ -53983,8 +53978,7 @@ CVE-2017-12611 (In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, us
[wheezy] - libstruts1.2-java <ignored> (Minor issue)
NOTE: Only a problem if the application programmer has made a security mistake.
NOTE: https://struts.apache.org/docs/s2-053.html
-CVE-2017-12610 [Authenticated Kafka clients may impersonate other users]
- RESERVED
+CVE-2017-12610 (In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, ...)
- kafka <itp> (bug #786460)
CVE-2017-12609
REJECTED
@@ -55158,8 +55152,7 @@ CVE-2017-12176 (xorg-x11-server before 1.19.5 was missing extra length validatio
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81
-CVE-2017-12175
- RESERVED
+CVE-2017-12175 (Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule ...)
NOT-FOR-US: Red Hat Satellite
CVE-2017-12174 (It was found that when Artemis and HornetQ before 2.4.0 are configured ...)
NOT-FOR-US: Artemis and HornetQ
@@ -55181,8 +55174,7 @@ CVE-2017-12172 (PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code not installed)
NOTE: Issue in sample init-scirpt as provided by postgresql project, but not installed
-CVE-2017-12171 [httpd: # character matches all IPs]
- RESERVED
+CVE-2017-12171 (A regression was found in the Red Hat Enterprise Linux 6.9 version of ...)
- apache2 <not-affected> (Introduced by Red Hat RHEL 6.9 specific non-security patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1493056
CVE-2017-12170 (Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was ...)
@@ -55196,8 +55188,7 @@ CVE-2017-12168 (The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in t
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9e3f7a29694049edd728e2400ab57ad7553e5aa9 (4.9-rc6)
-CVE-2017-12167
- RESERVED
+CVE-2017-12167 (It was found in EAP 7 before 7.0.9 that properties based files of the ...)
NOT-FOR-US: Red Hat JBoss EAP
CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...)
- openvpn 2.4.4-1 (bug #877089)
@@ -55216,16 +55207,14 @@ CVE-2017-12165 [improper whitespace parsing leading to potential HTTP request sm
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490301
NOTE: Fix likely included in the same commit as the fix for CVE-2017-7559
NOTE: https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2
-CVE-2017-12164 [lock screen can be circumvented when autologin is set]
- RESERVED
+CVE-2017-12164 (A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer ...)
- gdm3 3.26.0-1
[stretch] - gdm3 <not-affected> (Vulnerable code not present)
[jessie] - gdm3 <not-affected> (Vulnerable code not present)
[wheezy] - gdm3 <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490417
NOTE: Introduced in https://git.gnome.org/browse/gdm/commit/?id=ff98b28
-CVE-2017-12163 [Server memory information leak over SMB1]
- RESERVED
+CVE-2017-12163 (An information leak flaw was found in the way SMB1 protocol was ...)
{DSA-3983-1 DLA-1110-1}
- samba 2:4.6.7+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html
@@ -55266,8 +55255,7 @@ CVE-2017-12151 [SMB3 connections don't keep encryption across DFS redirects]
- samba 2:4.6.7+dfsg-2
[wheezy] - samba <not-affected> (Vulnerable code introduced later)
NOTE: https://www.samba.org/samba/security/CVE-2017-12151.html
-CVE-2017-12150 [SMB1/2/3 connections may not require signing where they should]
- RESERVED
+CVE-2017-12150 (It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x ...)
{DSA-3983-1 DLA-1110-1}
- samba 2:4.6.7+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html
@@ -69246,8 +69234,7 @@ CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7
- ming <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/1
NOTE: https://github.com/libming/libming/issues/68
-CVE-2017-7562 [Make certauth eku module restrictive-only]
- RESERVED
+CVE-2017-7562 (An authentication bypass flaw was found in the way krb5's certauth ...)
- krb5 <not-affected> (Vulnerable code introduced later, cf. #873281)
NOTE: https://github.com/krb5/krb5/pull/694
NOTE: https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2
@@ -69272,8 +69259,7 @@ CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, a
NOTE: https://issues.jboss.org/browse/UNDERTOW-1295
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7
NOTE: Fixed by https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2
-CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()]
- RESERVED
+CVE-2017-7558 (A kernel data leak due to an out-of-bound read was found in the Linux ...)
- linux 4.12.13-1
[stretch] - linux 4.9.30-2+deb9u5
[jessie] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported)
@@ -69335,8 +69321,7 @@ CVE-2017-7546 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
NOTE: https://www.postgresql.org/about/news/1772/
-CVE-2017-7545
- RESERVED
+CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 ...)
NOT-FOR-US: jbpm-designer / jBPM
CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read ...)
- libexif 0.6.21-2.1 (bug #876466)
@@ -69344,8 +69329,7 @@ CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read .
[jessie] - libexif <no-dsa> (Minor issue)
[wheezy] - libexif <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libexif/bugs/130/
-CVE-2017-7543 [iptables not active after update]
- RESERVED
+CVE-2017-7543 (A race-condition flaw was discovered in openstack-neutron before ...)
- neutron <not-affected> (Specific to Red Hat packaging)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792
CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux ...)
@@ -69359,17 +69343,14 @@ CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...)
NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c
CVE-2017-7540 (rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are ...)
NOT-FOR-US: Safemode ruby gem
-CVE-2017-7539 [qemu-nbd crashes due to undefined I/O coroutine]
- RESERVED
+CVE-2017-7539 (An assertion-failure flaw was found in Qemu before 2.10.1, in the ...)
- qemu <not-affected> (Vulnerable code introduced in v2.9.0-rc0)
- qemu-kvm <not-affected> (Vulnerable code introduced in v2.9.0-rc0)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19
-CVE-2017-7538
- RESERVED
+CVE-2017-7538 (A cross-site scripting (XSS) flaw was found in how an organization ...)
NOT-FOR-US: Red Hat Satellite
-CVE-2017-7537
- RESERVED
+CVE-2017-7537 (It was found that a mock CMC authentication plugin with a hardcoded ...)
- dogtag-pki 10.3.5+12-5 (bug #869261)
NOTE: https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470817
@@ -69380,8 +69361,7 @@ CVE-2017-7536 (In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x
[wheezy] - libhibernate-validator-java <not-affected> (Vulnerable code introduced in 4.3)
NOTE: https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465573
-CVE-2017-7535
- RESERVED
+CVE-2017-7535 (foreman before version 1.16.0 is vulnerable to a stored XSS in ...)
- foreman <itp> (bug #663101)
CVE-2017-7534 (OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the ...)
NOT-FOR-US: OpenShift
@@ -69397,8 +69377,7 @@ CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default
CVE-2017-7531 (In Moodle 3.3, the course overview block reveals activities in hidden ...)
- moodle <not-affected> (Only affects 3.3)
NOTE: https://moodle.org/mod/forum/discuss.php?d=355555
-CVE-2017-7530
- RESERVED
+CVE-2017-7530 (In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable ...)
{DSA-3908-1 DLA-1024-1}
@@ -69410,8 +69389,7 @@ CVE-2017-7528
NOT-FOR-US: Ansible Tower
CVE-2017-7527
RESERVED
-CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key recovery]
- RESERVED
+CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-channel ...)
{DSA-3960-1 DSA-3901-1 DLA-1080-1 DLA-1015-1}
- libgcrypt20 1.7.8-1
- libgcrypt11 <removed>
@@ -69511,8 +69489,7 @@ CVE-2017-7511 (poppler since version 0.17.3 has been vulnerable to NULL pointer
NOTE: Crash in CLI tool, no security implications
CVE-2017-7510
RESERVED
-CVE-2017-7509
- RESERVED
+CVE-2017-7509 (An input validation error was found in Red Hat Certificate System's ...)
NOT-FOR-US: Red Hat Certificate System
CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...)
{DSA-3900-1}
@@ -84587,8 +84564,7 @@ CVE-2017-2666
NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
CVE-2017-2665 (The skyring-setup command creates random password for mongodb skyring ...)
NOT-FOR-US: Red Hat Storage / skyring
-CVE-2017-2664
- RESERVED
+CVE-2017-2664 (CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2017-2663
RESERVED
@@ -84669,8 +84645,7 @@ CVE-2017-2639
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-2638 (It was found that the REST API in Infinispan before version 9.0.0 did ...)
NOT-FOR-US: infinispan
-CVE-2017-2637
- RESERVED
+CVE-2017-2637 (A design flaw issue was found in the Red Hat OpenStack Platform ...)
NOT-FOR-US: Red Hat OpenStack Platform director
CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through ...)
{DSA-3804-1 DLA-849-1}
@@ -84872,8 +84847,7 @@ CVE-2017-2590 [Insufficient permission check for ca-del, ca-disable and ca-enabl
NOTE: https://pagure.io/freeipa/issue/6713
NOTE: Fixed by (master): https://pagure.io/freeipa/c/b81ac59640f0b76fa9f53cf8be441f085a7089c4?branch=master
NOTE: Fixed by (ipa-4.4): https://pagure.io/freeipa/c/1aa314c79648c442473f19344387bfe11ec2141b?branch=ipa-4-4
-CVE-2017-2589
- RESERVED
+CVE-2017-2589 (It was discovered that the hawtio servlet 1.4 uses a single HttpClient ...)
NOT-FOR-US: hawtio
CVE-2017-2588
RESERVED
@@ -84900,8 +84874,7 @@ CVE-2017-2583 (The load_segment_descriptor implementation in arch/x86/kvm/emulat
- linux 4.9.6-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3
-CVE-2017-2582
- RESERVED
+CVE-2017-2582 (It was found that while parsing the SAML messages the StaxParserUtil ...)
NOT-FOR-US: Keycloak
CVE-2017-2581
RESERVED
@@ -93592,8 +93565,7 @@ CVE-2016-8649 (lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an att
CVE-2016-8648
RESERVED
NOT-FOR-US: Karaf container uses by Red Hat products
-CVE-2016-8647 [in some circumstances the mysql_user module may fail to correctly change a password]
- RESERVED
+CVE-2016-8647 (An input validation vulnerability was found in Ansible's mysql_user ...)
- ansible 2.2.0.0-4 (bug #844691)
[jessie] - ansible <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ansible/ansible-modules-core/pull/5388
@@ -123864,7 +123836,8 @@ CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti
[squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS)
NOTE: http://www.ocert.org/advisories/ocert-2015-012.html
NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c
-CVE-2015-9261 [busybox: pointer misuse unziping files]
+CVE-2015-9261 (huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before ...)
+ {DLA-337-1}
- busybox 1:1.27.2-1 (bug #803097)
[stretch] - busybox <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/25/3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/137808f0de8bf75c65bab662a04b0d7ab296f2c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/137808f0de8bf75c65bab662a04b0d7ab296f2c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180726/ce2ef36a/attachment.html>
More information about the debian-security-tracker-commits
mailing list