[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update first entries included in 9.4

Salvatore Bonaccorso carnil at debian.org
Sat Mar 10 09:42:38 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7867a173 by Salvatore Bonaccorso at 2018-03-10T10:42:30+01:00
Update first entries included in 9.4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6622,7 +6622,7 @@ CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 
 	NOT-FOR-US: Minecraft Servers List Lite
 CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of ...)
 	- libvirt 4.0.0-1 (bug #887700)
-	[stretch] - libvirt <no-dsa> (Minor issue)
+	[stretch] - libvirt 3.0.0-4+deb9u2
 	[jessie] - libvirt <no-dsa> (Minor issue)
 	[wheezy] - libvirt <postponed> (Can be fixed in a later update)
 	NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
@@ -8414,7 +8414,7 @@ CVE-2018-5079 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows 
 	NOT-FOR-US: K7 AntiVirus
 CVE-2017-18021 (It was discovered that QtPass before 1.2.1, when using the built-in ...)
 	- qtpass 1.2.1-1
-	[stretch] - qtpass <no-dsa> (default setup in Debian is not affected)
+	[stretch] - qtpass 1.1.6-1+deb9u1
 	NOTE: https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html
 	NOTE: https://github.com/IJHack/QtPass/issues/338
 CVE-2017-18020 (On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and ...)
@@ -11120,7 +11120,7 @@ CVE-2017-1000427 (marked version 0.3.6 and earlier is vulnerable to an XSS attac
 	NOTE: nodejs not covered by security support
 CVE-2017-1000426 (MapProxy version 1.10.3 and older is vulnerable to a Cross Site ...)
 	- mapproxy 1.10.4-1 (low)
-	[stretch] - mapproxy <no-dsa> (Minor issue)
+	[stretch] - mapproxy 1.9.0-3+deb9u1
 	NOTE: https://github.com/mapproxy/mapproxy/issues/322
 	NOTE: https://github.com/mapproxy/mapproxy/commit/2e102843203c11b02c002daa08ca59d05d5eff5a (master)
 	NOTE: https://github.com/mapproxy/mapproxy/commit/87faa667007b00ef11ee09b16707aa9ad2e8da28 (1.10.x)
@@ -17728,6 +17728,7 @@ CVE-2017-17532 (examples/framework/news/news3.py in Kiwi 1.9.22 does not validat
 	NOTE: Only in examples code, negligible impact
 CVE-2017-17531 (gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before ...)
 	- global 6.6.1-1 (unimportant; bug #884912)
+	[stretch] - global 6.5.6-2+deb9u1
 	NOTE: https://sources.debian.org/src/global/4.8.6-2/gozilla/gozilla.c/#L269
 CVE-2017-17530 (common/help.c in Geomview 1.9.5 does not validate strings before ...)
 	- geomview <unfixed> (unimportant)
@@ -17826,7 +17827,7 @@ CVE-2017-17512 (sensible-browser in sensible-utils before 0.0.11 does not valida
 CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching the program ...)
 	{DLA-1210-1}
 	- kildclient 3.2.0-1 (bug #885007)
-	[stretch] - kildclient <no-dsa> (Minor issue)
+	[stretch] - kildclient 3.1.0-1+deb9u1
 	[jessie] - kildclient <no-dsa> (Minor issue)
 	NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159
 	NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/prefs.c/?hl=324#L324
@@ -22242,7 +22243,7 @@ CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser 
 	NOTE: https://github.com/Exiv2/exiv2/issues/175
 CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in ...)
 	- ncurses 6.0+20171125-1 (bug #882620)
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u2
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: PoC https://packetstormsecurity.com/files/download/145045/tic-overflow.tgz
@@ -29094,13 +29095,13 @@ CVE-2017-14697
 	RESERVED
 CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and ...)
 	- salt 2016.11.8+dfsg1-1 (bug #879090)
-	[stretch] - salt <no-dsa> (Minor issue)
+	[stretch] - salt 2016.11.2+ds-1+deb9u1
 	[jessie] - salt <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/89e084bda356739de645c15e7d1968afebdcc56e (2016.11)
 CVE-2017-14695 (Directory traversal vulnerability in minion id validation in SaltStack ...)
 	- salt 2016.11.8+dfsg1-1 (bug #879089)
-	[stretch] - salt <no-dsa> (Minor issue)
+	[stretch] - salt 2016.11.2+ds-1+deb9u1
 	[jessie] - salt <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/206ae23f15cb7ec95a07dee4cbe9802da84f9c42 (2016.11)
@@ -29339,7 +29340,7 @@ CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97
 CVE-2017-14623 (In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker ...)
 	- golang-github-go-ldap-ldap 2.5.1-1 (low; bug #876404)
-	[stretch] - golang-github-go-ldap-ldap <no-dsa> (Minor issue)
+	[stretch] - golang-github-go-ldap-ldap 2.4.1-1+deb9u1
 	NOTE: https://github.com/go-ldap/ldap/pull/126
 	NOTE: https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66
 CVE-2017-14622 (Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon ...)
@@ -34955,7 +34956,7 @@ CVE-2017-12792 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ne
 	NOT-FOR-US: NexusPHP
 CVE-2017-12791 (Directory traversal vulnerability in minion id validation in SaltStack ...)
 	- salt 2016.11.8+dfsg1-1 (bug #872399)
-	[stretch] - salt <no-dsa> (Minor issue)
+	[stretch] - salt 2016.11.2+ds-1+deb9u1
 	[jessie] - salt <no-dsa> (Minor issue)
 	NOTE: https://github.com/saltstack/salt/pull/42944
 	NOTE: https://github.com/saltstack/salt/commit/6366e05d0d70bd709cc4233c3faf32a759d0173a
@@ -36839,7 +36840,7 @@ CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c
 	NOTE: https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0 (v4.13-rc6)
 CVE-2017-12133 (The DNS stub resolver in the GNU C Library (glibc) before version ...)
 	- glibc 2.24-15 (bug #870648)
-	[stretch] - glibc <no-dsa> (Minor issue)
+	[stretch] - glibc 2.24-11+deb9u2
 	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -41660,7 +41661,7 @@ CVE-2017-9869 (The II_step_one function in layer2.c in mpglib, as used in ...)
 CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is ...)
 	{DLA-1146-1}
 	- mosquitto 1.4.14-1 (bug #865959)
-	[stretch] - mosquitto <no-dsa> (Minor issue)
+	[stretch] - mosquitto 1.4.10-3+deb9u1
 	[jessie] - mosquitto <no-dsa> (Minor issue)
 	NOTE: https://github.com/eclipse/mosquitto/issues/468
 	NOTE: https://github.com/eclipse/mosquitto/commit/09cb1b61c8f48284d9c42bd911faa7525cc689c7
@@ -45349,17 +45350,17 @@ CVE-2017-9261 (In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/p
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/01d522e990aa57cbe67d222dd5e8f7196cc6d199
 CVE-2017-9260 (The TDStretchSSE::calcCrossCorr function in ...)
 	- soundtouch 1.9.2-3 (low; bug #870857)
-	[stretch] - soundtouch <no-dsa> (Minor issue)
+	[stretch] - soundtouch 1.9.2-2+deb9u1
 	[jessie] - soundtouch <no-dsa> (Minor issue)
 	[wheezy] - soundtouch <no-dsa> (Minor issue)
 CVE-2017-9259 (The TDStretch::acceptNewOverlapLength function in ...)
 	- soundtouch 1.9.2-3 (low; bug #870856)
-	[stretch] - soundtouch <no-dsa> (Minor issue)
+	[stretch] - soundtouch 1.9.2-2+deb9u1
 	[jessie] - soundtouch <no-dsa> (Minor issue)
 	[wheezy] - soundtouch <no-dsa> (Minor issue)
 CVE-2017-9258 (The TDStretch::processSamples function in ...)
 	- soundtouch 1.9.2-3 (low; bug #870854)
-	[stretch] - soundtouch <no-dsa> (Minor issue)
+	[stretch] - soundtouch 1.9.2-2+deb9u1
 	[jessie] - soundtouch <no-dsa> (Minor issue)
 	[wheezy] - soundtouch <no-dsa> (Minor issue)
 CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware ...)
@@ -50862,7 +50863,7 @@ CVE-2017-7537
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470817
 CVE-2017-7536 (In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it ...)
 	- libhibernate-validator-java 4.3.3-4 (bug #885577)
-	[stretch] - libhibernate-validator-java <no-dsa> (Minor issue)
+	[stretch] - libhibernate-validator-java 4.3.3-1+deb9u1
 	[jessie] - libhibernate-validator-java <not-affected> (Vulnerable code introduced in 4.3)
 	[wheezy] - libhibernate-validator-java <not-affected> (Vulnerable code introduced in 4.3)
 	NOTE: https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7867a173d0348da7341b40c9459898b9e1ecc6c5

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7867a173d0348da7341b40c9459898b9e1ecc6c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180310/15c8f242/attachment.html>

More information about the Secure-testing-commits mailing list