[Git][security-tracker-team/security-tracker][master] automatic update

Sat Nov 3 20:11:12 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
083199f1 by security tracker role at 2018-11-03T20:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12,8 +12,8 @@ CVE-2018-18911
 	RESERVED
 CVE-2018-18910
 	RESERVED
-CVE-2018-18909
-	RESERVED
+CVE-2018-18909 (xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of ...)
+	TODO: check
 CVE-2018-18908
 	RESERVED
 CVE-2018-18907
@@ -6199,7 +6199,7 @@ CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a "
 	- limesurvey <itp> (bug #472802)
 CVE-2018-16396 [Tainted flags are not propagated in Array#pack and String#unpack with some directives]
 	RESERVED
-	{DLA-1558-1}
+	{DSA-4332-1 DLA-1558-1}
 	- ruby2.5 <unfixed> (bug #911920)
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -6207,7 +6207,7 @@ CVE-2018-16396 [Tainted flags are not propagated in Array#pack and String#unpack
 	NOTE: https://github.com/ruby/ruby/commit/a2958f6743664006d21fc0bafd4ca6214df1d429
 CVE-2018-16395 [OpenSSL::X509::Name equality check does not work correctly]
 	RESERVED
-	{DLA-1558-1}
+	{DSA-4332-1 DLA-1558-1}
 	- ruby-openssl <unfixed> (bug #911918)
 	- ruby2.5 <unfixed> (bug #911919)
 	- ruby2.3 <removed>
@@ -10393,18 +10393,21 @@ CVE-2018-14663
 CVE-2018-14662
 	RESERVED
 CVE-2018-14661 (It was found that usage of snprintf function in feature/locks ...)
+	{DLA-1565-1}
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
 CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...)
+	{DLA-1565-1}
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=9232f3937f81749120e2b1150116b09e7c575354
 CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
+	{DLA-1565-1}
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
@@ -10422,12 +10425,14 @@ CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in
 CVE-2018-14655
 	RESERVED
 CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse ...)
+	{DLA-1565-1}
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21534/
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=923d0a56525111e1e24db19817419b4519a98090
 CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...)
+	{DLA-1565-1}
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
@@ -10436,11 +10441,13 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13
 CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...)
+	{DLA-1565-1}
 	- glusterfs <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
 CVE-2018-14651 (It was found that the fix for CVE-2018-10927, CVE-2018-10928, ...)
+	{DLA-1565-1}
 	- glusterfs <unfixed>
 	[stretch] - glusterfs <not-affected> (Incomplete fixes for CVE-2018-109{26,27,28,29,30} not applied)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/083199f1a747510ba6c85ab89b648d3f7523c76a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/083199f1a747510ba6c85ab89b648d3f7523c76a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181103/1e92e601/attachment.html>
