[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 18 09:10:21 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2bd0b7e9 by security tracker role at 2018-05-18T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,4 @@
-CVE-2018-11232 [coresight: fix kernel panic caused by invalid CPU]
+CVE-2018-11232 (The etm_setup_aux function in ...)
- linux <not-affected> (Vulnerable code never present in unstable)
NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
CVE-2018-11231
@@ -14503,8 +14503,8 @@ CVE-2018-5829
RESERVED
CVE-2018-5828 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5827
- RESERVED
+CVE-2018-5827 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
+ TODO: check
CVE-2018-5826 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5825 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -20872,10 +20872,10 @@ CVE-2018-3570
RESERVED
CVE-2018-3569
RESERVED
-CVE-2018-3568
- RESERVED
-CVE-2018-3567
- RESERVED
+CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
+ TODO: check
+CVE-2018-3567 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
+ TODO: check
CVE-2018-3566 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3565
@@ -25804,18 +25804,18 @@ CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get acc
NOT-FOR-US: IBM API Connect
CVE-2018-1467
RESERVED
-CVE-2018-1466
- RESERVED
-CVE-2018-1465
- RESERVED
-CVE-2018-1464
- RESERVED
-CVE-2018-1463
- RESERVED
-CVE-2018-1462
- RESERVED
-CVE-2018-1461
- RESERVED
+CVE-2018-1466 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
+CVE-2018-1465 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
+CVE-2018-1464 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
+CVE-2018-1463 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
+CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
+CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
CVE-2018-1460
RESERVED
CVE-2018-1459
@@ -25860,18 +25860,18 @@ CVE-2018-1440
RESERVED
CVE-2018-1439
RESERVED
-CVE-2018-1438
- RESERVED
+CVE-2018-1438 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
CVE-2018-1437 (IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary ...)
NOT-FOR-US: IBM
CVE-2018-1436
RESERVED
CVE-2018-1435 (IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A ...)
NOT-FOR-US: IBM
-CVE-2018-1434
- RESERVED
-CVE-2018-1433
- RESERVED
+CVE-2018-1434 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
+CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+ TODO: check
CVE-2018-1432
RESERVED
CVE-2018-1431
@@ -26964,8 +26964,8 @@ CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.
NOT-FOR-US: Pivotal
CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not ...)
NOT-FOR-US: Cloud Foundry
-CVE-2018-1276
- RESERVED
+CVE-2018-1276 (Windows 2012R2 stemcells, versions prior to 1200.17, contain an ...)
+ TODO: check
CVE-2018-1275 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
- libspring-java <not-affected> (Partial fix for CVE-2018-1270 not applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1565307
@@ -34613,8 +34613,7 @@ CVE-2017-15857
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15856
RESERVED
-CVE-2017-15855
- RESERVED
+CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15854
RESERVED
@@ -57054,20 +57053,20 @@ CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that
CVE-2017-8375
RESERVED
CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b ...)
- {DSA-4192-1}
+ {DSA-4192-1 DLA-1380-1}
- libmad 0.15.1b-9
NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
NOTE: The patch from #508133 fixed things related to this, but did not fix this.
NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch
CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...)
- {DSA-4192-1}
+ {DSA-4192-1 DLA-1380-1}
- libmad 0.15.1b-9 (bug #287519)
NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
NOTE: "Duplicate with"/basically same as CVE-2017-8372
NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...)
- {DSA-4192-1}
+ {DSA-4192-1 DLA-1380-1}
- libmad 0.15.1b-9 (bug #287519)
NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bd0b7e92509a085362d178fe29e7d51b990a658
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bd0b7e92509a085362d178fe29e7d51b990a658
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180518/6d53120c/attachment.html>
More information about the debian-security-tracker-commits
mailing list