[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 30 09:10:29 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
002bcbc2 by security tracker role at 2018-05-30T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,42 @@
+CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" ...)
+ TODO: check
+CVE-2018-11558 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" ...)
+ TODO: check
+CVE-2018-11557 (YIBAN Easy class education platform 2.0 has XSS via the articlelist.php ...)
+ TODO: check
+CVE-2018-11556 (tificc in Little CMS 2.9 has an out-of-bounds write in the ...)
+ TODO: check
+CVE-2018-11555 (tificc in Little CMS 2.9 has an out-of-bounds write in the ...)
+ TODO: check
+CVE-2018-11554
+ RESERVED
+CVE-2018-11553
+ RESERVED
+CVE-2018-11552
+ RESERVED
+CVE-2018-11551
+ RESERVED
+CVE-2018-11550
+ REJECTED
+ TODO: check
+CVE-2018-11549 (An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS ...)
+ TODO: check
+CVE-2018-11548 (An issue was discovered in EOS.IO DAWN 4.2. ...)
+ TODO: check
+CVE-2018-11547 (md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based ...)
+ TODO: check
+CVE-2018-11546 (md4c 0.2.5 has a heap-based buffer over-read because ...)
+ TODO: check
+CVE-2018-11545 (md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because ...)
+ TODO: check
+CVE-2018-11544 (The Olive Tree Ftp Server application 1.32 for Android has Insecure ...)
+ TODO: check
+CVE-2018-11543
+ RESERVED
+CVE-2018-11542
+ RESERVED
+CVE-2018-11541
+ RESERVED
CVE-2018-XXXX [gitlab: Removing public deploy keys regression]
- gitlab <unfixed>
[stretch] - gitlab <not-affected> (Introduced in 10.1.6)
@@ -366,8 +405,8 @@ CVE-2018-11394
RESERVED
CVE-2018-11393
RESERVED
-CVE-2018-11392
- RESERVED
+CVE-2018-11392 (An arbitrary file upload vulnerability in /classes/profile.class.php ...)
+ TODO: check
CVE-2018-11391
RESERVED
CVE-2018-11390
@@ -814,14 +853,13 @@ CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6)
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22786
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
-CVE-2018-11235 [arbitary code execution via submodule names in .gitmodules]
- RESERVED
+CVE-2018-11235 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, ...)
+ {DSA-4212-1}
- git 1:2.17.1-1
NOTE: https://lkml.org/lkml/2018/5/29/889
CVE-2018-11234
RESERVED
-CVE-2018-11233 [possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory]
- RESERVED
+CVE-2018-11233 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, ...)
- git 1:2.17.1-1 (unimportant)
[stretch] - git 1:2.11.0-3+deb9u3
[jessie] - git 1:2.1.4-2.1+deb8u6
@@ -1322,8 +1360,8 @@ CVE-2018-11029
RESERVED
CVE-2018-11028
RESERVED
-CVE-2018-11027
- RESERVED
+CVE-2018-11027 (A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows ...)
+ TODO: check
CVE-2018-11026
RESERVED
CVE-2018-11025
@@ -1973,7 +2011,7 @@ CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant
CVE-2018-10756
RESERVED
CVE-2018-10755
- RESERVED
+ REJECTED
CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...)
- ncurses 6.1+20180210-3 (low)
[stretch] - ncurses <no-dsa> (Minor issue)
@@ -1988,8 +2026,8 @@ CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in mu
NOTE: Crash in CLI tool, no security impact
CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...)
NOT-FOR-US: Tagregator plugin for WordPress
-CVE-2018-10751
- RESERVED
+CVE-2018-10751 (A malformed OMACP WAP push message can cause memory corruption on a ...)
+ TODO: check
CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
NOT-FOR-US: D-Link
CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
@@ -2681,8 +2719,8 @@ CVE-2018-10468 (The transferFrom function of a smart contract implementation for
NOT-FOR-US: Ethereum
CVE-2018-10467
RESERVED
-CVE-2018-10466
- RESERVED
+CVE-2018-10466 (Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind ...)
+ TODO: check
CVE-2018-10465
RESERVED
CVE-2018-10464
@@ -10022,7 +10060,7 @@ CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that le
[jessie] - sam2p <no-dsa> (Will be fixed via point release)
NOTE: https://github.com/pts/sam2p/issues/28
CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ...)
- {DLA-1351-1 DLA-1350-1}
+ {DSA-4213-1 DLA-1351-1 DLA-1350-1}
- qemu 1:2.12~rc3+dfsg-1 (bug #892041)
- qemu-kvm <removed>
NOTE: https://git.qemu.org/?p=qemu.git;a=patch;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8
@@ -11880,8 +11918,8 @@ CVE-2018-6966
RESERVED
CVE-2018-6965
RESERVED
-CVE-2018-6964
- RESERVED
+CVE-2018-6964 (VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains ...)
+ TODO: check
CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before ...)
NOT-FOR-US: VMware
CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass ...)
@@ -15670,6 +15708,7 @@ CVE-2018-5774
CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) through ...)
NOT-FOR-US: python-markdown2 (not our markdown, different code base)
CVE-2017-18043 (Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) ...)
+ {DSA-4213-1}
- qemu 1:2.10.0+dfsg-2
[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
[wheezy] - qemu <not-affected> (vulnerable code not present)
@@ -16039,6 +16078,7 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...
[jessie] - libav <ignored> (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110
CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...)
+ {DSA-4213-1}
- qemu 1:2.12~rc3+dfsg-1 (bug #887392)
[jessie] - qemu <postponed> (Minor issue, can be fixed along in future DSA)
[wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA)
@@ -20995,10 +21035,10 @@ CVE-2018-3747
RESERVED
CVE-2018-3746
RESERVED
-CVE-2018-3745
- RESERVED
-CVE-2018-3744
- RESERVED
+CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when number is ...)
+ TODO: check
+CVE-2018-3744 (The html-pages node module contains a path traversal vulnerabilities ...)
+ TODO: check
CVE-2018-3743
RESERVED
CVE-2018-3742
@@ -21023,10 +21063,10 @@ CVE-2018-3736
RESERVED
CVE-2018-3735
RESERVED
-CVE-2018-3734
- RESERVED
-CVE-2018-3733
- RESERVED
+CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability due to ...)
+ TODO: check
+CVE-2018-3733 (crud-file-server node module before 0.9.0 suffers from a Path ...)
+ TODO: check
CVE-2018-3732
RESERVED
CVE-2018-3731
@@ -28513,6 +28553,7 @@ CVE-2017-17382 (Citrix NetScaler Application Delivery Controller (ADC) and NetSc
NOTE: https://support.citrix.com/article/CTX230238
NOTE: https://robotattack.org/
CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest users to ...)
+ {DSA-4213-1}
- qemu 1:2.11+dfsg-1 (bug #883625)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <postponed> (Can be fixed along in later update)
@@ -32766,6 +32807,7 @@ CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 allows SQL injection v
CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...)
+ {DSA-4213-1}
- qemu 1:2.12~rc3+dfsg-1 (bug #882136)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <postponed> (Can be fixed along in a future update)
@@ -34607,8 +34649,8 @@ CVE-2017-16155
RESERVED
CVE-2017-16154
RESERVED
-CVE-2017-16153
- RESERVED
+CVE-2017-16153 (gaoxuyan is vulnerable to a directory traversal issue, giving an ...)
+ TODO: check
CVE-2017-16152
RESERVED
CVE-2017-16151
@@ -34789,10 +34831,10 @@ CVE-2017-16064
RESERVED
CVE-2017-16063
RESERVED
-CVE-2017-16062
- RESERVED
-CVE-2017-16061
- RESERVED
+CVE-2017-16062 (node-tkinter was a malicious module published with the intent to ...)
+ TODO: check
+CVE-2017-16061 (tkinter was a malicious module published with the intent to hijack ...)
+ TODO: check
CVE-2017-16060
RESERVED
CVE-2017-16059
@@ -34819,8 +34861,8 @@ CVE-2017-16049
RESERVED
CVE-2017-16048
RESERVED
-CVE-2017-16047
- RESERVED
+CVE-2017-16047 (mysqljs was a malicious module published with the intent to hijack ...)
+ TODO: check
CVE-2017-16046
RESERVED
CVE-2017-16045
@@ -34893,8 +34935,8 @@ CVE-2017-16012
RESERVED
CVE-2017-16011
RESERVED
-CVE-2017-16010
- RESERVED
+CVE-2017-16010 (i18next is a language translation framework. When using the .init ...)
+ TODO: check
CVE-2017-16009
RESERVED
CVE-2017-16008
@@ -34907,8 +34949,8 @@ CVE-2017-16005
RESERVED
CVE-2017-16004
RESERVED
-CVE-2017-16003
- RESERVED
+CVE-2017-16003 (windows-build-tools is a module for installing C++ Build Tools for ...)
+ TODO: check
CVE-2017-16002
RESERVED
CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
@@ -34931,8 +34973,8 @@ CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils 2.29 allows remote attacker
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b
CVE-2017-15995
RESERVED
-CVE-2016-10698
- RESERVED
+CVE-2016-10698 (mystem-fix is a node.js wrapper for MyStem morphology text analyzer by ...)
+ TODO: check
CVE-2016-10697
RESERVED
CVE-2016-10696
@@ -34963,14 +35005,14 @@ CVE-2016-10684
RESERVED
CVE-2016-10683
RESERVED
-CVE-2016-10682
- RESERVED
-CVE-2016-10681
- RESERVED
-CVE-2016-10680
- RESERVED
-CVE-2016-10679
- RESERVED
+CVE-2016-10682 (massif is a Phantomjs fork massif downloads resources over HTTP, which ...)
+ TODO: check
+CVE-2016-10681 (roslib-socketio - The standard ROS Javascript Library fork for add ...)
+ TODO: check
+CVE-2016-10680 (adamvr-geoip-lite is a light weight native JavaScript implementation ...)
+ TODO: check
+CVE-2016-10679 (selenium-standalone-painful installs a start-selenium command line to ...)
+ TODO: check
CVE-2016-10678
RESERVED
CVE-2016-10677
@@ -34979,8 +35021,8 @@ CVE-2016-10676
RESERVED
CVE-2016-10675
RESERVED
-CVE-2016-10674
- RESERVED
+CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system. limbus-buildgen ...)
+ TODO: check
CVE-2016-10673
RESERVED
CVE-2016-10672
@@ -34995,8 +35037,8 @@ CVE-2016-10668
RESERVED
CVE-2016-10667
RESERVED
-CVE-2016-10666
- RESERVED
+CVE-2016-10666 (tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser ...)
+ TODO: check
CVE-2016-10665
RESERVED
CVE-2016-10664
@@ -35009,10 +35051,10 @@ CVE-2016-10661
RESERVED
CVE-2016-10660
RESERVED
-CVE-2016-10659
- RESERVED
-CVE-2016-10658
- RESERVED
+CVE-2016-10659 (poco - The POCO libraries, downloads source file resources used for ...)
+ TODO: check
+CVE-2016-10658 (native-opencv is the OpenCV library installed via npm native-opencv ...)
+ TODO: check
CVE-2016-10657
RESERVED
CVE-2016-10656
@@ -35027,8 +35069,8 @@ CVE-2016-10652
RESERVED
CVE-2016-10651
RESERVED
-CVE-2016-10650
- RESERVED
+CVE-2016-10650 (ntfserver is a Network Testing Framework Server. ntfserver downloads ...)
+ TODO: check
CVE-2016-10649
RESERVED
CVE-2016-10648
@@ -35057,8 +35099,8 @@ CVE-2016-10637
RESERVED
CVE-2016-10636
RESERVED
-CVE-2016-10635
- RESERVED
+CVE-2016-10635 (broccoli-closure is a Closure compiler plugin for Broccoli. ...)
+ TODO: check
CVE-2016-10634
RESERVED
CVE-2016-10633
@@ -35073,8 +35115,8 @@ CVE-2016-10629
RESERVED
CVE-2016-10628
RESERVED
-CVE-2016-10627
- RESERVED
+CVE-2016-10627 (scala-bin is a binary wrapper for Scala. scala-bin downloads binary ...)
+ TODO: check
CVE-2016-10626
RESERVED
CVE-2016-10625
@@ -35105,8 +35147,8 @@ CVE-2016-10613
RESERVED
CVE-2016-10612
RESERVED
-CVE-2016-10611
- RESERVED
+CVE-2016-10611 (strider-sauce is Sauce Labs / Selenium support for Strider. ...)
+ TODO: check
CVE-2016-10610
RESERVED
CVE-2016-10609
@@ -35125,8 +35167,8 @@ CVE-2016-10603
RESERVED
CVE-2016-10602
RESERVED
-CVE-2016-10601
- RESERVED
+CVE-2016-10601 (webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver ...)
+ TODO: check
CVE-2016-10600
RESERVED
CVE-2016-10599
@@ -35141,26 +35183,26 @@ CVE-2016-10595
RESERVED
CVE-2016-10594
RESERVED
-CVE-2016-10593
- RESERVED
+CVE-2016-10593 (ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads ...)
+ TODO: check
CVE-2016-10592
RESERVED
-CVE-2016-10591
- RESERVED
-CVE-2016-10590
- RESERVED
-CVE-2016-10589
- RESERVED
+CVE-2016-10591 (Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML ...)
+ TODO: check
+CVE-2016-10590 (cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node ...)
+ TODO: check
+CVE-2016-10589 (selenium-binaries downloads Selenium related binaries for your OS. ...)
+ TODO: check
CVE-2016-10588
RESERVED
CVE-2016-10587
RESERVED
-CVE-2016-10586
- RESERVED
+CVE-2016-10586 (macaca-chromedriver is a Node.js wrapper for the selenium ...)
+ TODO: check
CVE-2016-10585
RESERVED
-CVE-2016-10584
- RESERVED
+CVE-2016-10584 (dalek-browser-chrome-canary provides Google Chrome bindings for ...)
+ TODO: check
CVE-2016-10583
RESERVED
CVE-2016-10582
@@ -35171,32 +35213,32 @@ CVE-2016-10580
RESERVED
CVE-2016-10579
RESERVED
-CVE-2016-10578
- RESERVED
-CVE-2016-10577
- RESERVED
+CVE-2016-10578 (unicode loads unicode data downloaded from unicode.org into nodejs. ...)
+ TODO: check
+CVE-2016-10577 (ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 ...)
+ TODO: check
CVE-2016-10576
RESERVED
CVE-2016-10575
RESERVED
CVE-2016-10574
RESERVED
-CVE-2016-10573
- RESERVED
+CVE-2016-10573 (baryton-saxophone is a module to install and launch Selenium Server ...)
+ TODO: check
CVE-2016-10572
RESERVED
CVE-2016-10571
RESERVED
-CVE-2016-10570
- RESERVED
+CVE-2016-10570 (pngcrush-installer is an installer for Pngcrush. pngcrush-installer ...)
+ TODO: check
CVE-2016-10569
RESERVED
-CVE-2016-10568
- RESERVED
-CVE-2016-10567
- RESERVED
-CVE-2016-10566
- RESERVED
+CVE-2016-10568 (geoip-lite-country is a stripped down version of geoip-lite, ...)
+ TODO: check
+CVE-2016-10567 (product-monitor is a HTML/JavaScript template for monitoring a product ...)
+ TODO: check
+CVE-2016-10566 (install-nw is a module which quickly and robustly installs and caches ...)
+ TODO: check
CVE-2016-10565
RESERVED
CVE-2016-10564
@@ -35209,14 +35251,14 @@ CVE-2016-10561
RESERVED
CVE-2016-10560
RESERVED
-CVE-2016-10559
- RESERVED
-CVE-2016-10558
- RESERVED
+CVE-2016-10559 (selenium-download downloads the latest versions of the selenium ...)
+ TODO: check
+CVE-2016-10558 (aerospike is an Aerospike add-on module for Node.js. aerospike ...)
+ TODO: check
CVE-2016-10557
RESERVED
-CVE-2016-10556
- RESERVED
+CVE-2016-10556 (sequalize is an Object-relational mapping, or a middleman to convert ...)
+ TODO: check
CVE-2016-10555
RESERVED
CVE-2016-10554
@@ -35225,8 +35267,8 @@ CVE-2016-10553
RESERVED
CVE-2016-10552
RESERVED
-CVE-2016-10551
- RESERVED
+CVE-2016-10551 (waterline-sequel is a module that helps generate SQL statements for ...)
+ TODO: check
CVE-2016-10550
RESERVED
CVE-2016-10549
@@ -35277,8 +35319,8 @@ CVE-2016-10527
RESERVED
CVE-2016-10526
RESERVED
-CVE-2016-10525
- RESERVED
+CVE-2016-10525 (When attempting to allow authentication mode `try` in hapi, ...)
+ TODO: check
CVE-2016-10524
RESERVED
CVE-2016-10523
@@ -35293,16 +35335,16 @@ CVE-2016-10519
RESERVED
CVE-2016-10518
RESERVED
-CVE-2015-9244
- RESERVED
-CVE-2015-9243
- RESERVED
-CVE-2015-9242
- RESERVED
-CVE-2015-9241
- RESERVED
-CVE-2015-9240
- RESERVED
+CVE-2015-9244 (Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not ...)
+ TODO: check
+CVE-2015-9243 (When server level, connection level or route level CORS configurations ...)
+ TODO: check
+CVE-2015-9242 (Certain input strings when passed to new Date() or Date.parse() in ...)
+ TODO: check
+CVE-2015-9241 (Certain input passed into the If-Modified-Since or Last-Modified ...)
+ TODO: check
+CVE-2015-9240 (Due to a bug in the the default sign in functionality in the keystone ...)
+ TODO: check
CVE-2015-9239
RESERVED
CVE-2015-9238
@@ -35311,12 +35353,12 @@ CVE-2015-9237
RESERVED
CVE-2015-9236
RESERVED
-CVE-2015-9235
- RESERVED
-CVE-2014-10068
- RESERVED
-CVE-2014-10067
- RESERVED
+CVE-2015-9235 (In jsonwebtoken node module before 4.2.2 it is possible for an ...)
+ TODO: check
+CVE-2014-10068 (The inert directory handler in inert node module before 1.1.1 always ...)
+ TODO: check
+CVE-2014-10067 (paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by ...)
+ TODO: check
CVE-2014-10066
RESERVED
CVE-2014-10065
@@ -37251,6 +37293,7 @@ CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest
[wheezy] - xen <no-dsa> (Patches too intrusive to backport)
NOTE: https://xenbits.xen.org/xsa/advisory-237.html
CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...)
+ {DSA-4213-1}
- qemu 1:2.11+dfsg-1 (bug #880832)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <postponed> (Can be fixed along in a future update)
@@ -37328,6 +37371,7 @@ CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data
CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans ...)
NOT-FOR-US: PSFTPd
CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...)
+ {DSA-4213-1}
- qemu 1:2.11+dfsg-1 (bug #880836)
[jessie] - qemu <not-affected> (I/O channels driver websockets introduced later)
[wheezy] - qemu <not-affected> (I/O channels driver websockets introduced later)
@@ -37778,6 +37822,7 @@ CVE-2017-15125
RESERVED
NOT-FOR-US: Red Hat CloudForms
CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older ...)
+ {DSA-4213-1}
- qemu 1:2.12~rc3+dfsg-1 (bug #884806)
[jessie] - qemu <postponed> (Can be fixed along in later update)
[wheezy] - qemu <postponed> (Can be fixed along in later update)
@@ -37803,6 +37848,7 @@ CVE-2017-15120 [Crafted CNAME answer can cause a denial of service]
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html
CVE-2017-15119 [DoS via large option request]
RESERVED
+ {DSA-4213-1}
- qemu 1:2.11+dfsg-1 (bug #883399)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -38142,7 +38188,7 @@ CVE-2017-15040
CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a ...)
NOT-FOR-US: Zurmo
CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...)
- {DLA-1129-1 DLA-1128-1}
+ {DSA-4213-1 DLA-1129-1 DLA-1128-1}
- qemu 1:2.10.0+dfsg-2 (bug #877890)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -66796,7 +66842,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi
CVE-2017-5716
REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...)
- {DSA-4188-1 DSA-4187-1 DLA-1369-1}
+ {DSA-4213-1 DSA-4188-1 DSA-4187-1 DLA-1369-1}
- linux 4.15.11-1
NOTE: https://spectreattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/002bcbc2548c9e771bc376262d5e177cc5f9dabb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/002bcbc2548c9e771bc376262d5e177cc5f9dabb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180530/de46cbef/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list