[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jul 28 21:10:28 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b879886 by security tracker role at 2018-07-28T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,4 @@
-CVE-2018-14678 [XSA-274: Uninitialized state in PV syscall return path]
+CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11, as used in ...)
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-274.html
 CVE-2018-14677
@@ -22,18 +22,22 @@ CVE-2018-14669
 CVE-2018-14668
 	RESERVED
 CVE-2018-14679 [off-by-one error in CHM PMGI/PMGL chunk number validity checks]
+	RESERVED
 	- libmspack <unfixed> (bug #904802)
 	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14680 [libmspack now rejects blank CHM filenames]
+	RESERVED
 	- libmspack <unfixed> (bug #904801)
 	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14682 [Fix off-by-one error in chmd TOLOWER() fallback]
+	RESERVED
 	- libmspack <unfixed> (bug #904800)
 	NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14681 [kwaj_read_headers(): fix handling of non-terminated strings]
+	RESERVED
 	- libmspack <unfixed> (bug #904799)
 	NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
@@ -9493,6 +9497,7 @@ CVE-2018-10908
 CVE-2018-10907
 	RESERVED
 CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is ...)
+	{DSA-4257-1}
 	- fuse3 <itp> (bug #904216)
 	- fuse 2.9.8-1 (bug #904439)
 	NOTE: https://github.com/libfuse/libfuse/pull/268
@@ -39393,13 +39398,11 @@ CVE-2018-0499 (A cross-site scripting vulnerability in ...)
 	[stretch] - xapian-core 1.4.3-2+deb9u1
 	[jessie] - xapian-core <not-affected> (vulnerable code not present)
 	NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
-CVE-2018-0498 [Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel]
-	RESERVED
+CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
 	- mbedtls 2.12.0-1 (bug #904821)
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
-CVE-2018-0497 [Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel]
-	RESERVED
+CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
 	- mbedtls 2.12.0-1 (bug #904821)
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b879886d671cfe07427b87e100bf8774f03b2bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b879886d671cfe07427b87e100bf8774f03b2bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180728/7e7c59a2/attachment.html>
