[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 27 09:10:25 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d764ddd2 by security tracker role at 2018-07-27T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,51 @@
-CVE-2018-14606 [Persistent XSS Milestone Promotion]
+CVE-2018-14617 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
+ TODO: check
+CVE-2018-14616 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
+ TODO: check
+CVE-2018-14615 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
+ TODO: check
+CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
+ TODO: check
+CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
+ TODO: check
+CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
+ TODO: check
+CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
+ TODO: check
+CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
+ TODO: check
+CVE-2018-14609 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
+ TODO: check
+CVE-2018-14608 (Thomson Reuters UltraTax CS 2017 on Windows has a password protection ...)
+ TODO: check
+CVE-2018-14607 (Thomson Reuters UltraTax CS 2017 on Windows, in a client/server ...)
+ TODO: check
+CVE-2018-14600
+ RESERVED
+CVE-2018-14599
+ RESERVED
+CVE-2018-14598
+ RESERVED
+CVE-2018-14606 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Only affects 10.6 and later)
NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
-CVE-2018-14605 [Persistent XSS in Branch Name via Web IDE]
+CVE-2018-14605 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Only affects 10.7 and later)
NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
-CVE-2018-14604 [Persistent XSS Pipeline Tooltip]
+CVE-2018-14604 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Only affects 10.7 and later)
NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
-CVE-2018-14603 [CSRF in System Hooks]
+CVE-2018-14603 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
-CVE-2018-14602 [Information Disclosure Prometheus Metrics]
+CVE-2018-14602 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Affects 9.0 and later only)
NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
-CVE-2018-14601 [Markdown DoS]
+CVE-2018-14601 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <not-affected> (11.1.0 specific regression)
NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2017-18344 (The timer_create syscall implementation in kernel/time/posix-timers.c ...)
@@ -4703,6 +4731,7 @@ CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerabi
CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling ...)
NOT-FOR-US: aaugustin websockets
CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit ...)
+ {DLA-1445-1}
- busybox 1:1.27.2-3 (low; bug #902724)
[stretch] - busybox <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
@@ -22333,78 +22362,97 @@ CVE-2018-1000018 (An information disclosure in ovirt-hosted-engine-setup prior t
NOT-FOR-US: ovirt-engine
CVE-2018-6179
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6178
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6177
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6176
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6175
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6174
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6173
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6172
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6171
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6170
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6169
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6168
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6167
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6166
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6165
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6164
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6163
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6162
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6161
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6160
@@ -22412,42 +22460,52 @@ CVE-2018-6160
- chromium-browser <not-affected> (Only affects Chrome on iOS)
CVE-2018-6159
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6158
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6157
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6156
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6155
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6154
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6153
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6152
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6151
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6150
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6149
@@ -23066,6 +23124,7 @@ CVE-2018-6045
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6044
RESERVED
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6043
@@ -28048,6 +28107,7 @@ CVE-2018-4118 (An issue was discovered in certain Apple products. iOS before 11.
NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
NOTE: Not covered by security support
CVE-2018-4117 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
+ {DSA-4256-1}
- chromium-browser 68.0.3440.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
- webkit2gtk 2.20.0-2 (unimportant)
@@ -29410,12 +29470,13 @@ CVE-2018-3642
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
NOT-FOR-US: Intel
CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and that ...)
+ {DLA-1446-1}
- intel-microcode 3.20180703.1
NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
NOTE: No software mitigations planned to be implemented in src:linux
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...)
- {DSA-4210-1 DLA-1423-1}
+ {DSA-4210-1 DLA-1446-1 DLA-1423-1}
- intel-microcode 3.20180703.1
- linux 4.16.12-1
[stretch] - linux 4.9.107-1
@@ -41893,6 +41954,7 @@ CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.
NOTE: the severity of the wheezy version is low even though the vulnerable code is still present.
NOTE: The patch is trivial so it may be worth fixing in combination with some other fix.
CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through ...)
+ {DLA-1445-1}
- busybox 1:1.27.2-2 (bug #882258)
[stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release)
[wheezy] - busybox <no-dsa> (Minor issue)
@@ -43972,6 +44034,7 @@ CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an
NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0
NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b
CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2.c ...)
+ {DLA-1445-1}
- busybox 1:1.27.2-2 (bug #879732)
[stretch] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
@@ -73819,21 +73882,21 @@ CVE-2017-6179
CVE-2017-6178 (The IofCallDriver function in USBPcap 1.1.0.0 allows local users to ...)
NOT-FOR-US: USBPcap
CVE-2017-6177
- RESERVED
+ REJECTED
CVE-2017-6176
- RESERVED
+ REJECTED
CVE-2017-6175
- RESERVED
+ REJECTED
CVE-2017-6174
- RESERVED
+ REJECTED
CVE-2017-6173
- RESERVED
+ REJECTED
CVE-2017-6172
- RESERVED
+ REJECTED
CVE-2017-6171
- RESERVED
+ REJECTED
CVE-2017-6170
- RESERVED
+ REJECTED
CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...)
@@ -73877,13 +73940,13 @@ CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gatewa
CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6149
- RESERVED
+ REJECTED
CVE-2017-6148 (Responses to SOCKS proxy requests made through F5 BIG-IP version ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6147 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6146
- RESERVED
+ REJECTED
CVE-2017-6145 (iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type ...)
@@ -91797,15 +91860,15 @@ CVE-2016-9262 (Multiple integer overflows in the (1) jas_realloc function in ...
NOTE: present in the 1.900.1 based versions. Still ok to mark as not-affected
NOTE: https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
CVE-2016-9258
- RESERVED
+ REJECTED
CVE-2016-9257 (In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be ...)
NOT-FOR-US: F5
CVE-2016-9256 (In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl ...)
NOT-FOR-US: F5
CVE-2016-9255
- RESERVED
+ REJECTED
CVE-2016-9254
- RESERVED
+ REJECTED
CVE-2016-9253 (In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic ...)
NOT-FOR-US: F5
CVE-2016-9252 (The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 ...)
@@ -91817,11 +91880,11 @@ CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12
CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server ...)
NOT-FOR-US: F5
CVE-2016-9248
- RESERVED
+ REJECTED
CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual server ...)
NOT-FOR-US: F5
CVE-2016-9246
- RESERVED
+ REJECTED
CVE-2016-9245 (In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to ...)
NOT-FOR-US: F5
CVE-2016-9244 (A BIG-IP virtual server configured with a Client SSL profile that has ...)
@@ -97340,13 +97403,13 @@ CVE-2016-7475
CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may allow a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2016-7473
- RESERVED
+ REJECTED
CVE-2016-7472 (F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to ...)
NOT-FOR-US: F5 BIG-IP
CVE-2016-7471
- RESERVED
+ REJECTED
CVE-2016-7470
- RESERVED
+ REJECTED
CVE-2016-7469 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...)
NOT-FOR-US: BIG-IP
CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on ...)
@@ -114858,11 +114921,13 @@ CVE-2016-2150 (SPICE allows local guest OS users to read from or write to arbitr
CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to ...)
NOT-FOR-US: OpenShift
CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox ...)
+ {DLA-1445-1}
- busybox 1:1.27.2-1 (bug #818497)
[stretch] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...)
+ {DLA-1445-1}
- busybox 1:1.27.2-1 (bug #818499)
[stretch] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
@@ -123869,7 +123934,7 @@ CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti
NOTE: http://www.ocert.org/advisories/ocert-2015-012.html
NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c
CVE-2015-9261 (huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before ...)
- {DLA-337-1}
+ {DLA-1445-1 DLA-337-1}
- busybox 1:1.27.2-1 (bug #803097)
[stretch] - busybox <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/25/3
@@ -130850,6 +130915,7 @@ CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Serv
CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...)
NOT-FOR-US: GE Healthcare Centricity PACS
CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
+ {DLA-1445-1}
- busybox 1:1.27.2-1 (bug #802702)
[stretch] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
@@ -143318,6 +143384,7 @@ CVE-2014-9644 (The Crypto API in the Linux kernel before 3.18.5 allows local use
[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2 (v3.19-rc1)
CVE-2014-9645 (The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ...)
+ {DLA-1445-1}
- busybox 1:1.22.0-15 (low; bug #776186)
[wheezy] - busybox <no-dsa> (Minor issue)
[squeeze] - busybox <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d764ddd2f0dc8d4ffd68a9a5c0cd8dd5cad470a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d764ddd2f0dc8d4ffd68a9a5c0cd8dd5cad470a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180727/2022d95c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list