[Git][security-tracker-team/security-tracker][master] 5 commits: Record three more CVEs fixed with mariadb-10.0
Salvatore Bonaccorso
carnil at debian.org
Fri May 11 19:34:11 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9fd45ff0 by Salvatore Bonaccorso at 2018-05-11T20:16:55+02:00
Record three more CVEs fixed with mariadb-10.0
- - - - -
fd80694a by Salvatore Bonaccorso at 2018-05-11T20:21:30+02:00
Record CVEs fixed in MariaDB 10.0.34
- - - - -
b035ff5b by Salvatore Bonaccorso at 2018-05-11T20:24:46+02:00
Record MariaDB 10.0.35 CVEs
- - - - -
34674b71 by Salvatore Bonaccorso at 2018-05-11T20:28:46+02:00
Add CVEs fixed in MariaDB 10.1.31
- - - - -
14f68684 by Salvatore Bonaccorso at 2018-05-11T20:33:06+02:00
Add CVEs adressed in MariaDB 10.1.33
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22062,8 +22062,11 @@ CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
NOT-FOR-US: Oracle
CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4176-1 DLA-1355-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4176-1 DLA-1355-1}
@@ -22072,8 +22075,11 @@ CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4176-1 DLA-1355-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2816 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #895997)
@@ -22095,8 +22101,11 @@ CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4176-1 DLA-1355-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2812 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #895997)
@@ -22191,8 +22200,11 @@ CVE-2018-2789 (Vulnerability in the Siebel Core - Server Framework component of
CVE-2018-2788 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2787 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2786 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #895997)
@@ -22201,8 +22213,11 @@ CVE-2018-2786 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2785 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2784 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2783 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
@@ -22210,13 +22225,19 @@ CVE-2018-2783 (Vulnerability in the Java SE, Java SE Embedded, JRockit component
- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
- openjdk-6 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4176-1 DLA-1355-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2780 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #895997)
@@ -22253,8 +22274,11 @@ CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
NOT-FOR-US: Oracle
CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4176-1 DLA-1355-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2770 (Vulnerability in the Oracle Adaptive Access Manager component of ...)
NOT-FOR-US: Oracle
@@ -22279,8 +22303,11 @@ CVE-2018-2767 [Use of SSL/TLS not enforced in client library (Return of BACKRONY
NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
NOTE: Oracle products.
CVE-2018-2766 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2765 (Vulnerability in the Oracle Security Service component of Oracle ...)
NOT-FOR-US: Oracle
@@ -22294,8 +22321,11 @@ CVE-2018-2762 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4176-1 DLA-1355-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2760 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion ...)
NOT-FOR-US: Oracle
@@ -22313,8 +22343,11 @@ CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service ...)
NOT-FOR-US: Oracle
CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4176-1 DLA-1355-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2754 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Oracle
@@ -22527,8 +22560,11 @@ CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics .
NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4091-1 DLA-1250-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.34, 10.1.31
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -22538,8 +22574,11 @@ CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management componen
NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4091-1 DLA-1250-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.34, 10.1.31
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2664 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
@@ -22612,8 +22651,11 @@ CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4091-1 DLA-1250-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.34, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2639 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -22677,8 +22719,11 @@ CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component
NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4091-1 DLA-1250-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.34, 10.1.31
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2621 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
NOT-FOR-US: Oracle
@@ -22705,8 +22750,11 @@ CVE-2018-2614 (Vulnerability in the Oracle FLEXCUBE Universal Banking component
CVE-2018-2613 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
NOT-FOR-US: Oracle
CVE-2018-2612 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
+ NOTE: Fixed in MariaDB 10.0.34, 10.1.31
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2611 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
@@ -22861,8 +22909,11 @@ CVE-2018-2563 (Vulnerability in the Solaris component of Oracle Sun Systems Prod
NOT-FOR-US: Oracle
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4091-1 DLA-1250-1}
+ - mariadb-10.1 <unfixed>
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1
- mysql-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.0.34, 10.1.31
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2561 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion ...)
NOT-FOR-US: Oracle
@@ -50726,6 +50777,7 @@ CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of Oracle
CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4002-1 DLA-1141-1}
- mariadb-10.2 <removed> (bug #884065)
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 <removed> (bug #878402)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -50740,6 +50792,7 @@ CVE-2017-10380 (Vulnerability in the Java Advanced Management Console component
CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-4002-1 DLA-1141-1}
- mariadb-10.2 <removed> (bug #884065)
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 <removed> (bug #878402)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -51016,6 +51069,7 @@ CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of Ora
NOT-FOR-US: Oracle
CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mariadb-10.2 <removed> (bug #884065)
+ - mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -925,7 +925,7 @@
{CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605 CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363 CVE-2017-1000365}
[jessie] - linux 3.16.43-2+deb8u3
[17 Aug 2017] DSA-3944-1 mariadb-10.0 - security update
- {CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653}
+ {CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10286 CVE-2017-10379 CVE-2017-10384}
[jessie] - mariadb-10.0 10.0.32-0+deb8u1
[14 Aug 2017] DSA-3943-1 gajim - security update
{CVE-2016-10376}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/789f249b70b26974606acd56dd32bdd5150b838a...14f6868486be478b40178e781f64b1d708358ddf
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/789f249b70b26974606acd56dd32bdd5150b838a...14f6868486be478b40178e781f64b1d708358ddf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180511/ba8da029/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list