[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 31 08:10:21 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5ae5cd8 by security tracker role at 2018-03-31T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-9152
+ RESERVED
CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
TODO: check
CVE-2018-9150
@@ -3892,8 +3894,7 @@ CVE-2018-7567 (** DISPUTED ** In the Admin Package Manager in Open Ticket Reques
NOTE: Admin Package Manager works as designed and warns if a package is beeing
NOTE: installed which is not verified by the OTRS Group. Responsiblity of the
NOTE: respective admin to check packages before installation.
-CVE-2018-7566 [ALSA: seq: Fix racy pool initializations]
- RESERVED
+CVE-2018-7566 (The Linux kernel 4.15 has a Buffer Overflow via an ...)
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/d15d662e89fc667b90cd294b0eb45694e33144da
CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
@@ -5140,8 +5141,8 @@ CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ..
NOT-FOR-US: Kentico
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...)
NOT-FOR-US: Wordpress plugin
-CVE-2018-7203
- RESERVED
+CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 ...)
+ TODO: check
CVE-2018-7202
RESERVED
CVE-2018-7201
@@ -5266,8 +5267,8 @@ CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins vers
- jenkins <removed>
CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can delete ...)
NOT-FOR-US: WonderCMS
-CVE-2018-7171
- RESERVED
+CVE-2018-7171 (Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 ...)
+ TODO: check
CVE-2018-7170 (ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows ...)
- ntp 1:4.2.8p11+dfsg-1
[stretch] - ntp <no-dsa> (Minor issue)
@@ -9503,8 +9504,8 @@ CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16
CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. ...)
- krb5 <unfixed> (bug #889684)
NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
-CVE-2018-5708
- RESERVED
+CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on ...)
+ TODO: check
CVE-2018-5707
RESERVED
CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...)
@@ -13907,22 +13908,18 @@ CVE-2018-3824
RESERVED
CVE-2018-3823
RESERVED
-CVE-2018-3822
- RESERVED
-CVE-2018-3821
- RESERVED
+CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a ...)
+ TODO: check
+CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a ...)
- kibana <itp> (bug #700337)
-CVE-2018-3820
- RESERVED
+CVE-2018-3820 (Kibana versions after 6.1.0 and before 6.1.3 had a cross-site ...)
- kibana <itp> (bug #700337)
-CVE-2018-3819
- RESERVED
+CVE-2018-3819 (The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security ...)
- kibana <itp> (bug #700337)
-CVE-2018-3818
- RESERVED
+CVE-2018-3818 (Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting ...)
- kibana <itp> (bug #700337)
-CVE-2018-3817
- RESERVED
+CVE-2018-3817 (When logging warnings regarding deprecated settings, Logstash before ...)
+ TODO: check
CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the ...)
- linux 4.11.6-1
[stretch] - linux 4.9.47-1
@@ -15351,21 +15348,18 @@ CVE-2017-17773 (In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mob
NOT-FOR-US: Android Qualcomm closed-source components
CVE-2017-17772
RESERVED
-CVE-2017-17771
- RESERVED
+CVE-2017-17771 (In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17770
RESERVED
NOT-FOR-US: Android Linux component (source code not availalable, so probably Android-specific)
-CVE-2017-17769
- RESERVED
+CVE-2017-17769 (Information leakage in Android for MSM, Firefox OS for MSM, and QRD ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17768
RESERVED
CVE-2017-17767 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-17766
- RESERVED
+CVE-2017-17766 (In wma_peer_info_event_handler() in Android for MSM, Firefox OS for ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17765 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm component for Android
@@ -21181,12 +21175,12 @@ CVE-2018-1236
RESERVED
CVE-2018-1235
RESERVED
-CVE-2018-1234
- RESERVED
-CVE-2018-1233
- RESERVED
-CVE-2018-1232
- RESERVED
+CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is ...)
+ TODO: check
+CVE-2018-1233 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...)
+ TODO: check
+CVE-2018-1232 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...)
+ TODO: check
CVE-2018-1231 (Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper ...)
TODO: check
CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site ...)
@@ -26274,8 +26268,8 @@ CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing function
NOT-FOR-US: pyanyapi
CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...)
NOT-FOR-US: MLAlchemy
-CVE-2017-16614
- RESERVED
+CVE-2017-16614 (SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows ...)
+ TODO: check
CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through ...)
{DSA-4044-1}
- swauth 1.2.0-4 (bug #882314)
@@ -28524,8 +28518,7 @@ CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using th
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15859
- RESERVED
+CVE-2017-15859 (While processing the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15858
RESERVED
@@ -28540,8 +28533,7 @@ CVE-2017-15854
RESERVED
CVE-2017-15853
RESERVED
-CVE-2017-15852
- RESERVED
+CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, Firefox ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15851
RESERVED
@@ -28553,8 +28545,7 @@ CVE-2017-15848 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15847 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15846
- RESERVED
+CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android for ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
@@ -28594,15 +28585,13 @@ CVE-2017-15828
RESERVED
CVE-2017-15827
RESERVED
-CVE-2017-15826
- RESERVED
+CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Firefox OS ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15825
RESERVED
CVE-2017-15824
RESERVED
-CVE-2017-15823
- RESERVED
+CVE-2017-15823 (In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15822
RESERVED
@@ -31485,11 +31474,9 @@ CVE-2017-14894
RESERVED
CVE-2017-14893
RESERVED
-CVE-2017-14892
- RESERVED
+CVE-2017-14892 (In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-14891
- RESERVED
+CVE-2017-14891 (In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14890
RESERVED
@@ -31505,27 +31492,23 @@ CVE-2017-14885 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14884 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-14883
- RESERVED
+CVE-2017-14883 (In the function wma_unified_power_debug_stats_event_handler() in ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-14881
- RESERVED
+CVE-2017-14881 (While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in ...)
+ TODO: check
CVE-2017-14880
RESERVED
CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14878 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-14877
- RESERVED
+CVE-2017-14877 (While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-14876
- RESERVED
+CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-14875
- RESERVED
+CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14874
RESERVED
@@ -43012,8 +42995,7 @@ CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11088
RESERVED
-CVE-2017-11087
- RESERVED
+CVE-2017-11087 (libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-11086
RESERVED
@@ -46828,8 +46810,7 @@ CVE-2017-9725 (In all Qualcomm products with Android releases from CAF using the
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9724 (In all Qualcomm products with Android releases from CAF using the ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-9723
- RESERVED
+CVE-2017-9723 (The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
@@ -46887,17 +46868,13 @@ CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all And
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9695
RESERVED
-CVE-2017-9694
- RESERVED
+CVE-2017-9694 (While parsing Netlink attributes in ...)
NOT-FOR-US: Google drivers for Android
-CVE-2017-9693
- RESERVED
+CVE-2017-9693 (The length of attribute value for STA_EXT_CAPABILITY in ...)
NOT-FOR-US: Google drivers for Android
-CVE-2017-9692
- RESERVED
+CVE-2017-9692 (When an atomic commit is issued on a writeback panel with a NULL ...)
NOT-FOR-US: Google drivers for Android
-CVE-2017-9691
- RESERVED
+CVE-2017-9691 (There is a race condition in Android for MSM, Firefox OS for MSM, and ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
@@ -74931,7 +74908,7 @@ CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux
NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2
NOTE: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
NOTE: Fixed by: https://git.kernel.org/linus/a0ac402cfcdc904f9772e1762b3fda112dcc56a0 (v4.9)
-CVE-2016-9575 (Ipa before version 4.4.0-14 did not properly check the user's ...)
+CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not ...)
- freeipa 4.4.4-1 (bug #849950)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311
NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5ae5cd8572a18e8c29d86fe8f5d82b0021d6fc9
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5ae5cd8572a18e8c29d86fe8f5d82b0021d6fc9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180331/9b9e0594/attachment-0001.html>
More information about the Secure-testing-commits
mailing list