[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: ruby fixed
Moritz Muehlenhoff
jmm at debian.org
Sat Mar 31 19:41:45 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b504ebdb by Moritz Muehlenhoff at 2018-03-31T21:30:42+02:00
ruby fixed
- - - - -
816b9175 by Moritz Muehlenhoff at 2018-03-31T21:41:27+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,15 +1,15 @@
CVE-2018-9152
RESERVED
CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
- TODO: check
+ NOT-FOR-US: Kingsoft Internet Security
CVE-2018-9150
RESERVED
CVE-2018-9149
RESERVED
CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the session ...)
- TODO: check
+ NOT-FOR-US: Western Digital WD My Cloud
CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage ...)
- TODO: check
+ NOT-FOR-US: Gespage
CVE-2018-9146 (In Exiv2 0.26, there is an out-of-bounds read in ...)
TODO: check
CVE-2018-9145 (In Exiv2 0.26, there is a reachable assertion abort in the function ...)
@@ -17,21 +17,21 @@ CVE-2018-9145 (In Exiv2 0.26, there is a reachable assertion abort in the functi
CVE-2018-9144 (In Exiv2 0.26, there is an out-of-bounds read in ...)
TODO: check
CVE-2018-9143 (On Samsung mobile devices with M(6.0) and N(7.x) software, a heap ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9142 (On Samsung mobile devices with N(7.x) software, attackers can install ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9141 (On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9140 (On Samsung mobile devices with M(6.0) software, the Email application ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9139 (On Samsung mobile devices with N(7.x) software, a buffer overflow in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-9138 (An issue was discovered in cplus-dem.c in GNU libiberty, as distributed ...)
TODO: check
CVE-2018-9137
RESERVED
CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
- TODO: check
+ NOT-FOR-US: Jungo
CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...)
TODO: check
CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename ...)
@@ -43,7 +43,7 @@ CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt functi
CVE-2018-9131
RESERVED
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
- TODO: check
+ NOT-FOR-US: IBOS
CVE-2018-9129
RESERVED
CVE-2018-9128
@@ -69,9 +69,9 @@ CVE-2018-9119
CVE-2018-9118
RESERVED
CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a remote ...)
- TODO: check
+ NOT-FOR-US: WireMock
CVE-2018-9116 (An XXE vulnerability within WireMock before 2.16.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: WireMock
CVE-2018-9115
RESERVED
CVE-2018-9114
@@ -807,7 +807,7 @@ CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a Inf
CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
CVE-2018-8820 (An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based ...)
- TODO: check
+ NOT-FOR-US: Square 9
CVE-2018-8819
RESERVED
CVE-2018-8818
@@ -903,28 +903,28 @@ CVE-2018-8781
RESERVED
CVE-2018-8780 [ruby: Unintentional directory traversal by poisoned NUL byte in Dir]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
CVE-2018-8779 [ruby: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
CVE-2018-8778 [ruby: Buffer under-read in String#unpack]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
CVE-2018-8777 [ruby: DoS by large request in WEBrick]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -5159,7 +5159,7 @@ CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ..
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 ...)
- TODO: check
+ NOT-FOR-US: Twonky Server
CVE-2018-7202
RESERVED
CVE-2018-7201
@@ -5933,7 +5933,7 @@ CVE-2018-6915
RESERVED
CVE-2018-6914 [Unintentional file and directory creation with directory traversal in tempfile and tmpdir]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -9192,7 +9192,7 @@ CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and
NOTE: https://electronjs.org/blog/protocol-handler-fix
NOTE: https://nodesecurity.io/advisories/563
CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2018-5798
RESERVED
CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
@@ -9522,7 +9522,7 @@ CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16
- krb5 <unfixed> (bug #889684)
NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-5707
RESERVED
CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...)
@@ -10745,9 +10745,9 @@ CVE-2018-5226
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...)
NOT-FOR-US: Atlassian Bitbucket Server
CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial repository ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-5223 (Fisheye and Crucible did not correctly check if a configured Mercurial ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2018-5222
RESERVED
CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX ...)
@@ -11848,7 +11848,7 @@ CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced
CVE-2018-4842
RESERVED
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions < ...)
- TODO: check
+ NOT-FOR-US: TIM
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
NOT-FOR-US: Siemens
CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
@@ -13926,7 +13926,7 @@ CVE-2018-3824
CVE-2018-3823
RESERVED
CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Elastic X-Pack Security
CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a ...)
- kibana <itp> (bug #700337)
CVE-2018-3820 (Kibana versions after 6.1.0 and before 6.1.3 had a cross-site ...)
@@ -15481,7 +15481,7 @@ CVE-2017-17743 (Improper input sanitization within the restricted administration
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 [ruby: HTTP response splitting in WEBrick]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -20121,7 +20121,7 @@ CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Service
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1389
RESERVED
CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...)
@@ -20133,7 +20133,7 @@ CVE-2018-1386 (IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.
CVE-2018-1385
RESERVED
CVE-2018-1384 (IBM Business Process Manager 8.6 is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and ...)
NOT-FOR-US: AIX
CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This ...)
@@ -21127,9 +21127,9 @@ CVE-2018-1269
CVE-2018-1268
RESERVED
CVE-2018-1267 (Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1266 (Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1265
RESERVED
CVE-2018-1264
@@ -21193,13 +21193,13 @@ CVE-2018-1236
CVE-2018-1235
RESERVED
CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Agent
CVE-2018-1233 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Agent
CVE-2018-1232 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...)
- TODO: check
+ NOT-FOR-US: RSA Authentication Agent
CVE-2018-1231 (Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site ...)
NOT-FOR-US: Pivotal
CVE-2018-1229 (Pivotal Spring Batch Admin, all versions, contains a stored XSS ...)
@@ -21282,7 +21282,7 @@ CVE-2018-1193
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all ...)
NOT-FOR-US: Pivotal
CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
@@ -21475,7 +21475,7 @@ CVE-2018-1144
CVE-2018-1143
RESERVED
CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2018-1141 (When installing Nessus to a directory outside of the default location, ...)
NOT-FOR-US: Nessus
CVE-2017-17425 (This vulnerability allows remote attackers to execute arbitrary code ...)
@@ -25218,7 +25218,7 @@ CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util
CVE-2017-16874
RESERVED
CVE-2017-16873 (It is possible to exploit an unsanitized PATH in the suid binary that ...)
- TODO: check
+ NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-1000233
REJECTED
CVE-2017-1000222
@@ -25645,7 +25645,7 @@ CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote .
- ffmpeg 7:3.4.1-1
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...)
- TODO: check
+ NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-16838
RESERVED
CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/73413d29be9df9efb4896dc52e0989aeb18a1ff1...816b9175eb6e9415cfe46b4adac1e9ec3f14dae7
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/73413d29be9df9efb4896dc52e0989aeb18a1ff1...816b9175eb6e9415cfe46b4adac1e9ec3f14dae7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180331/7519ad21/attachment.html>
More information about the Secure-testing-commits
mailing list