[Git][security-tracker-team/security-tracker][master] 6 commits: follow security team for binutils

Thorsten Alteholz alteholz at debian.org
Wed Jun 27 14:04:04 BST 2018 

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e58a341d by Thorsten Alteholz at 2018-06-27T14:59:53+02:00
follow security team for binutils

- - - - -
695f3274 by Thorsten Alteholz at 2018-06-27T14:59:56+02:00
follow security team for devscripts

- - - - -
bbc6501c by Thorsten Alteholz at 2018-06-27T14:59:58+02:00
follow security team for exempi

- - - - -
05f0e8ac by Thorsten Alteholz at 2018-06-27T15:00:01+02:00
follow security team for libpff

- - - - -
c873a81a by Thorsten Alteholz at 2018-06-27T15:00:04+02:00
follow security team for libquazip

- - - - -
27c9acad by Thorsten Alteholz at 2018-06-27T15:00:07+02:00
follow security team for libtomcrypt

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -47,6 +47,7 @@ CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerabil
 CVE-2018-XXXX [grep-excuses: uses YAML::Syck in a unsafe way]
 	- devscripts <unfixed> (low; bug #902409)
 	[stretch] - devscripts <no-dsa> (Minor issue)
+	[jessie] - devscripts <no-dsa> (Minor issue)
 CVE-2018-1000610 (A exposure of sensitive information vulnerability exists in Jenkins ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000609 (A exposure of sensitive information vulnerability exists in Jenkins ...)
@@ -450,21 +451,25 @@ CVE-2018-12701
 CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...)
 	- binutils <unfixed> (low)
 	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a ...)
 	- binutils <unfixed> (low)
 	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as distributed in ...)
 	- binutils <unfixed> (low)
 	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) ...)
 	- binutils <unfixed> (low)
 	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 CVE-2018-12696 (mao10cms 6 allows XSS via the article page. ...)
@@ -567,6 +572,7 @@ CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php in
 CVE-2018-12648 (The WEBP::GetLE32 function in ...)
 	- exempi <unfixed> (low; bug #902175)
 	[stretch] - exempi <no-dsa> (Minor issue)
+	[jessie] - exempi <no-dsa> (Minor issue)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106981
 CVE-2018-12647
 	RESERVED
@@ -1297,6 +1303,7 @@ CVE-2018-12438 (The Elliptic Curve Cryptography library (aka sunec or libsunec) 
 CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ...)
 	- libtomcrypt <unfixed> (low; bug #901626)
 	[stretch] - libtomcrypt <no-dsa> (Minor issue)
+	[jessie] - libtomcrypt <no-dsa> (Minor issue)
 	NOTE: https://github.com/libtom/libtomcrypt/issues/407
 CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a ...)
 	- wolfssl <unfixed> (bug #901627)
@@ -2718,6 +2725,7 @@ CVE-2018-12066 (BIRD Internet Routing Daemon before 1.6.4 allows local users to 
 CVE-2018-1002209 [arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file]
 	- libquazip <unfixed>
 	[stretch] - libquazip <no-dsa> (Minor issue)
+	[jessie] - libquazip <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1593011
 	TODO: further checks, should be fixedin 0.7.6
 CVE-2018-1002204 [nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file]
@@ -2993,6 +3001,7 @@ CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 all
 CVE-2018-11723 (The libpff_name_to_id_map_entry_read function in ...)
 	- libpff <unfixed> (low; bug #901967)
 	[stretch] - libpff <no-dsa> (Minor issue)
+	[jessie] - libpff <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2018/Jun/15
 CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' ...)
 	NOT-FOR-US: WUZHI CMS



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/37355e969e44181fc94ed383319757b56924c2fb...27c9acadf5e47dd4e02cce91595b398582d405ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/37355e969e44181fc94ed383319757b56924c2fb...27c9acadf5e47dd4e02cce91595b398582d405ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180627/ae003546/attachment.html>

More information about the debian-security-tracker-commits mailing list