[Git][security-tracker-team/security-tracker][master] Further fixed verified for inclusion in 8.11

Sat Jun 23 10:30:12 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b701757 by Salvatore Bonaccorso at 2018-06-23T11:29:44+02:00
Further fixed verified for inclusion in 8.11

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6247,7 +6247,7 @@ CVE-2018-10242
 CVE-2014-10073 (The create_response function in server/server.c in Psensor before 1.1.4 ...)
 	{DLA-1361-1}
 	- psensor 1.1.5-1 (low; bug #896195)
-	[jessie] - psensor <no-dsa> (Minor issue)
+	[jessie] - psensor 1.1.3-2+deb8u1
 	NOTE: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
 CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 ...)
 	NOT-FOR-US: SolarWinds Serv-U
@@ -12642,7 +12642,7 @@ CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
 	{DLA-1311-1}
 	- adminer 4.5.0-1 (bug #893668)
 	[stretch] - adminer <no-dsa> (Minor issue, issue can be mitigated by upfront application firewalling)
-	[jessie] - adminer <no-dsa> (Minor issue, issue can be mitigated by upfront application firewalling)
+	[jessie] - adminer 3.3.3-1+deb8u1
 	NOTE: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
 	NOTE: https://github.com/vrana/adminer/commit/0fae40fb611b5c8167fa2b8d40bf576a8935a380
 	NOTE: adminer 4.4.0 disallows connecting to privileged ports, and thus not "enumerating"
@@ -13060,7 +13060,7 @@ CVE-2018-7555
 CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that leads to a ...)
 	{DLA-1340-1}
 	- sam2p <removed>
-	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
+	[jessie] - sam2p 0.49.2-3+deb8u2
 	NOTE: https://github.com/pts/sam2p/issues/29
 	NOTE: https://github.com/pts/sam2p/commit/a6621e996f976912252018be8a8836ee6a966ee3
 	NOTE: https://github.com/pts/sam2p/commit/118cb8102b767df4100d8a14184e44b33a822861
@@ -13070,18 +13070,18 @@ CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that leads 
 CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster function of ...)
 	{DLA-1340-1}
 	- sam2p <removed>
-	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
+	[jessie] - sam2p 0.49.2-3+deb8u2
 	NOTE: https://github.com/pts/sam2p/issues/32
 CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp ...)
 	{DLA-1340-1}
 	- sam2p <removed>
-	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
+	[jessie] - sam2p 0.49.2-3+deb8u2
 	NOTE: https://github.com/pts/sam2p/issues/30
 	NOTE: CVE-2018-7554 patches will address this issue too.
 CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that leads to ...)
 	{DLA-1340-1}
 	- sam2p <removed>
-	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
+	[jessie] - sam2p 0.49.2-3+deb8u2
 	NOTE: https://github.com/pts/sam2p/issues/28
 CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ...)
 	{DSA-4213-1 DLA-1351-1 DLA-1350-1}
@@ -13297,7 +13297,7 @@ CVE-2018-7488
 CVE-2018-7487 (There is a heap-based buffer overflow in the LoadPCX function of ...)
 	{DLA-1340-1}
 	- sam2p <removed>
-	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
+	[jessie] - sam2p 0.49.2-3+deb8u2
 	NOTE: https://github.com/pts/sam2p/issues/18
 CVE-2018-7486 (Blue River Mura CMS before v7.0.7029 supports inline function calls ...)
 	NOT-FOR-US: Blue River Mura CMS
@@ -48779,7 +48779,7 @@ CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing o
 	{DLA-1328-1}
 	- xerces-c 3.2.1+debian-1 (bug #894050)
 	[stretch] - xerces-c <no-dsa> (Minor issue; can be fixed via point release)
-	[jessie] - xerces-c <no-dsa> (Minor issue; can be fixed via point release)
+	[jessie] - xerces-c 3.1.1-5.1+deb8u4
 	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
 	NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
 CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to Denial ...)
@@ -137731,7 +137731,7 @@ CVE-2018-1000156 (GNU Patch version 2.7.6 contains an input validation vulnerabi
 	{DLA-1348-1}
 	- patch 2.7.6-2 (bug #894993)
 	[stretch] - patch <no-dsa> (Can be fixed via point release)
-	[jessie] - patch <no-dsa> (Can be fixed via point release)
+	[jessie] - patch 2.7.5-1+deb8u1
 	NOTE: Upstream bug: https://savannah.gnu.org/bugs/?53566
 	NOTE: https://rachelbythebay.com/w/2018/04/05/bangpatch/
 	NOTE: https://twitter.com/kurtseifried/status/982028968877436928


=====================================
data/next-oldstable-point-update.txt
=====================================
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -1,21 +1,3 @@
-CVE-2818-7667
-	[jessie] - adminer 3.3.3-1+deb8u1
-CVE-2018-7487
-	[jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-7551
-	[jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-7552
-	[jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-7553
-	[jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-7554
-	[jessie] - sam2p 0.49.2-3+deb8u2
-CVE-2018-1000156
-	[jessie] - patch 2.7.5-1+deb8u1
-CVE-2017-12627
-	[jessie] - xerces-c 3.1.1-5.1+deb8u4
-CVE-2014-10073
-	[jessie] - psensor 1.1.3-2+deb8u1
 CVE-2017-9218
 	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9219



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b701757bb8f385b699a535b09f9b9a68b10c68b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b701757bb8f385b699a535b09f9b9a68b10c68b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180623/b36e5e61/attachment-0001.html>
