[Git][security-tracker-team/security-tracker][master] Add four new keepalived issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc54ac17 by Salvatore Bonaccorso at 2018-11-09T07:41:08Z
Add four new keepalived issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,6 +2,11 @@ CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock up host]
 	- xen <unfixed>
 	[stretch] - xen <postponed> (Hold back until next DSA)
 	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
+CVE-2018-19115 [heap-based buffer overflow when parsing HTTP status]
+	- keepalived <unfixed>
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
+	NOTE: https://github.com/acassen/keepalived/pull/961
+	NOTE: https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9
 CVE-2018-19114 (An issue was discovered in MinDoc through v1.0.2. It allows attackers ...)
 	NOT-FOR-US: MinDoc
 CVE-2018-19113
@@ -159,12 +164,24 @@ CVE-2018-19048
 	RESERVED
 CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application ...)
 	NOT-FOR-US: mPDF
-CVE-2018-19046
-	RESERVED
-CVE-2018-19045
-	RESERVED
-CVE-2018-19044
-	RESERVED
+CVE-2018-19046 [unsafe handling of /tmp files]
+	RESERVED
+	- keepalived <unfixed>
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
+	NOTE: https://github.com/acassen/keepalived/issues/1048
+CVE-2018-19045 [unsafe modes for temporary files]
+	RESERVED
+	- keepalived <unfixed>
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
+	NOTE: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
+	NOTE: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
+	NOTE: ttps://github.com/acassen/keepalived/issues/1048
+CVE-2018-19044 [improper check for pathnames with symlinks]
+	RESERVED
+	- keepalived <unfixed>
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
+	NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
+	NOTE: https://github.com/acassen/keepalived/issues/1048
 CVE-2018-19043
 	RESERVED
 CVE-2018-19042



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc54ac170841efa00fc7d132b3f20cfa81b505ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc54ac170841efa00fc7d132b3f20cfa81b505ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181109/f74cd191/attachment.html>