[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 18 09:10:21 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2bd0b7e9 by security tracker role at 2018-05-18T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,4 @@
-CVE-2018-11232 [coresight: fix kernel panic caused by invalid CPU]
+CVE-2018-11232 (The etm_setup_aux function in ...)
 	- linux <not-affected> (Vulnerable code never present in unstable)
 	NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
 CVE-2018-11231
@@ -14503,8 +14503,8 @@ CVE-2018-5829
 	RESERVED
 CVE-2018-5828 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5827
-	RESERVED
+CVE-2018-5827 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
+	TODO: check
 CVE-2018-5826 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5825 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -20872,10 +20872,10 @@ CVE-2018-3570
 	RESERVED
 CVE-2018-3569
 	RESERVED
-CVE-2018-3568
-	RESERVED
-CVE-2018-3567
-	RESERVED
+CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
+	TODO: check
+CVE-2018-3567 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
+	TODO: check
 CVE-2018-3566 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3565
@@ -25804,18 +25804,18 @@ CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get acc
 	NOT-FOR-US: IBM API Connect
 CVE-2018-1467
 	RESERVED
-CVE-2018-1466
-	RESERVED
-CVE-2018-1465
-	RESERVED
-CVE-2018-1464
-	RESERVED
-CVE-2018-1463
-	RESERVED
-CVE-2018-1462
-	RESERVED
-CVE-2018-1461
-	RESERVED
+CVE-2018-1466 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
+CVE-2018-1465 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
+CVE-2018-1464 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
+CVE-2018-1463 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
+CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
+CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
 CVE-2018-1460
 	RESERVED
 CVE-2018-1459
@@ -25860,18 +25860,18 @@ CVE-2018-1440
 	RESERVED
 CVE-2018-1439
 	RESERVED
-CVE-2018-1438
-	RESERVED
+CVE-2018-1438 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
 CVE-2018-1437 (IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary ...)
 	NOT-FOR-US: IBM
 CVE-2018-1436
 	RESERVED
 CVE-2018-1435 (IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A ...)
 	NOT-FOR-US: IBM
-CVE-2018-1434
-	RESERVED
-CVE-2018-1433
-	RESERVED
+CVE-2018-1434 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
+CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
+	TODO: check
 CVE-2018-1432
 	RESERVED
 CVE-2018-1431
@@ -26964,8 +26964,8 @@ CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.
 	NOT-FOR-US: Pivotal
 CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not ...)
 	NOT-FOR-US: Cloud Foundry
-CVE-2018-1276
-	RESERVED
+CVE-2018-1276 (Windows 2012R2 stemcells, versions prior to 1200.17, contain an ...)
+	TODO: check
 CVE-2018-1275 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
 	- libspring-java <not-affected> (Partial fix for CVE-2018-1270 not applied)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1565307
@@ -34613,8 +34613,7 @@ CVE-2017-15857
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15856
 	RESERVED
-CVE-2017-15855
-	RESERVED
+CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15854
 	RESERVED
@@ -57054,20 +57053,20 @@ CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that
 CVE-2017-8375
 	RESERVED
 CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b ...)
-	{DSA-4192-1}
+	{DSA-4192-1 DLA-1380-1}
 	- libmad 0.15.1b-9
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
 	NOTE: The patch from #508133 fixed things related to this, but did not fix this.
 	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch
 CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...)
-	{DSA-4192-1}
+	{DSA-4192-1 DLA-1380-1}
 	- libmad 0.15.1b-9 (bug #287519)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
 	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
 	NOTE: "Duplicate with"/basically same as CVE-2017-8372
 	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
 CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...)
-	{DSA-4192-1}
+	{DSA-4192-1 DLA-1380-1}
 	- libmad 0.15.1b-9 (bug #287519)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
 	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bd0b7e92509a085362d178fe29e7d51b990a658

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bd0b7e92509a085362d178fe29e7d51b990a658
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180518/6d53120c/attachment.html>

More information about the debian-security-tracker-commits mailing list