[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 12 21:10:33 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fddd323a by security tracker role at 2018-03-12T21:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-8084
+ RESERVED
+CVE-2018-8083
+ RESERVED
+CVE-2018-8082
+ RESERVED
+CVE-2018-8081
+ RESERVED
+CVE-2018-8080
+ RESERVED
+CVE-2018-8079
+ RESERVED
+CVE-2018-8078
+ RESERVED
+CVE-2018-8077
+ RESERVED
+CVE-2018-8076
+ RESERVED
+CVE-2018-8075
+ RESERVED
+CVE-2018-8074
+ RESERVED
+CVE-2018-8073
+ RESERVED
+CVE-2018-8072
+ RESERVED
+CVE-2018-8071
+ RESERVED
CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
NOT-FOR-US: QCMS
CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...)
@@ -704,8 +732,8 @@ CVE-2018-7751
RESERVED
CVE-2018-7750
RESERVED
-CVE-2018-7749
- RESERVED
+CVE-2018-7749 (The SSH server implementation of AsyncSSH before 1.12.1 does not ...)
+ TODO: check
CVE-2018-7748
RESERVED
CVE-2018-7747
@@ -4231,7 +4259,7 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generat
NOTE: See further discussion as per https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
NOT-FOR-US: MalwareFox AntiMalware
-CVE-2018-6592 (Unisys Stealth Windows endpoints before 3.3.016.1 allow local users to ...)
+CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local ...)
NOT-FOR-US: Unisys Stealth Windows endpoints
CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers to obtain ...)
NOT-FOR-US: Converse.js
@@ -18160,8 +18188,8 @@ CVE-2018-1325
RESERVED
CVE-2018-1324
RESERVED
-CVE-2018-1323
- RESERVED
+CVE-2018-1323 (The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector ...)
+ TODO: check
CVE-2018-1322
RESERVED
CVE-2018-1321
@@ -18483,8 +18511,8 @@ CVE-2018-1208
RESERVED
CVE-2018-1207
RESERVED
-CVE-2018-1206
- RESERVED
+CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...)
+ TODO: check
CVE-2018-1205
RESERVED
CVE-2018-1204
@@ -26022,8 +26050,8 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP me
NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15720
RESERVED
-CVE-2017-15719
- RESERVED
+CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and ...)
+ TODO: check
CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the ...)
- hadoop <itp> (bug #793644)
CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
@@ -55160,22 +55188,22 @@ CVE-2017-6290
RESERVED
CVE-2017-6289
RESERVED
-CVE-2017-6288
- RESERVED
-CVE-2017-6287
- RESERVED
-CVE-2017-6286
- RESERVED
-CVE-2017-6285
- RESERVED
+CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2017-6286 (NVIDIA libnvomx contains a possible out of bounds write due to a ...)
+ TODO: check
+CVE-2017-6285 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
+ TODO: check
CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic ...)
NOT-FOR-US: NVIDIA
CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function ...)
NOT-FOR-US: NVIDIA
CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...)
NOT-FOR-US: NVIDIA
-CVE-2017-6281
- RESERVED
+CVE-2017-6281 (NVIDIA libnvomx contains a possible out of bounds write due to a ...)
+ TODO: check
CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerability due ...)
NOT-FOR-US: Nvidia component for Android
CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
@@ -66235,8 +66263,7 @@ CVE-2017-2668 [Remote crash via crafted LDAP messages]
- 389-ds-base 1.3.5.17-1 (bug #860125)
NOTE: CentOS fix: https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1436575
-CVE-2017-2667
- RESERVED
+CVE-2017-2667 (Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not ...)
- foreman <itp> (bug #663101)
CVE-2017-2666
RESERVED
@@ -66256,8 +66283,7 @@ CVE-2017-2663
CVE-2017-2662
RESERVED
- foreman <itp> (bug #663101)
-CVE-2017-2661 [Improper node name field validation when creating clusters leads to XSS]
- RESERVED
+CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site ...)
- pcs 0.9.155+dfsg-2 (bug #858379)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1428948
NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f
@@ -66380,8 +66406,7 @@ CVE-2017-2629 [SSL_VERIFYSTATUS ignored]
NOTE: https://github.com/curl/curl/commit/ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0
NOTE: Patch: https://curl.haxx.se/CVE-2017-2629.patch
NOTE: https://curl.haxx.se/docs/adv_20170222.html
-CVE-2017-2628
- RESERVED
+CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version ...)
- curl <not-affected> (Red Hat specific backport issue)
CVE-2017-2627 [openstack-tripleo-common: sudoers file is too permissive]
RESERVED
@@ -66430,8 +66455,7 @@ CVE-2017-2620 [display: cirrus: out-of-bounds access issue while in cirrus_bitbl
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://xenbits.xen.org/xsa/advisory-209.html
NOTE: Qemu upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
-CVE-2017-2619
- RESERVED
+CVE-2017-2619 (Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a ...)
{DSA-3816-1 DLA-894-1}
- samba 2:4.5.6+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2017-2619.html
@@ -66571,8 +66595,7 @@ CVE-2017-2586
- netpbm-free <not-affected> (vulnerable code not present)
NOTE: Debian uses an old fork of netpbm
NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328
-CVE-2017-2585
- RESERVED
+CVE-2017-2585 (Red Hat Keycloak before version 2.5.1 has an implementation of HMAC ...)
NOT-FOR-US: Keycloak
CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local ...)
{DSA-3791-1}
@@ -71953,8 +71976,7 @@ CVE-2016-9601 [Heap-buffer overflow due to Integer overflow in jbig2_image_new f
- jbig2dec 0.13-4 (bug #850497)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
-CVE-2016-9600 [Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder]
- RESERVED
+CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer ...)
- jasper <removed> (unimportant)
NOTE: https://github.com/mdadams/jasper/issues/109
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846
@@ -71993,8 +72015,7 @@ CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in
CVE-2016-9590
RESERVED
- puppet-module-swift 9.4.4-1 (bug #851293)
-CVE-2016-9589
- RESERVED
+CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable ...)
NOT-FOR-US: Red Hat specific use of undertow in Wildfly
CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP ...)
{DSA-3804-1 DLA-849-1}
@@ -75414,8 +75435,7 @@ CVE-2016-8630 (The x86_decode_insn function in arch/x86/kvm/emulate.c in the Lin
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4)
NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
-CVE-2016-8629
- RESERVED
+CVE-2016-8629 (Red Hat Keycloak before version 2.4.0 did not correctly check ...)
NOT-FOR-US: Keycloak
CVE-2016-8628
RESERVED
@@ -113293,7 +113313,7 @@ CVE-2015-5206 (Unspecified vulnerability in the HTTP/2 experimental feature in A
- trafficserver 6.0.0-1
[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
CVE-2015-5205
- RESERVED
+ REJECTED
CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File Transfer ...)
NOT-FOR-US: Apache Cordova Android File Transfer Plugin
CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fddd323aedc0c251861dc121b389fe7413900e4f
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fddd323aedc0c251861dc121b389fe7413900e4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180312/811a5e20/attachment-0001.html>
More information about the Secure-testing-commits
mailing list