[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 20 08:10:22 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe4f05f5 by security tracker role at 2018-11-20T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2018-19366
+ RESERVED
CVE-2018-19365
RESERVED
CVE-2018-19364 [Use-after-free due to race condition while updating fid path]
@@ -3947,8 +3949,8 @@ CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the ...
NOT-FOR-US: Advantech WebAccess
CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...)
NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-17906
- RESERVED
+CVE-2018-17906 (Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and ...)
+ TODO: check
CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0 ...)
NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This ...)
@@ -9407,6 +9409,7 @@ CVE-2018-15690
CVE-2018-15689
RESERVED
CVE-2018-15688 (A buffer overflow vulnerability in the dhcp6 client of systemd allows ...)
+ {DLA-1580-1}
- network-manager 1.14.4-2
[stretch] - network-manager 1.6.2-3+deb9u2
[jessie] - network-manager <not-affected> (vulnerable code not present)
@@ -9425,6 +9428,7 @@ CVE-2018-15687 (A race condition in chown_one() of systemd allows an attacker to
NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692
NOTE: https://github.com/systemd/systemd/pull/10517
CVE-2018-15686 (A vulnerability in unit_deserialize of systemd allows an attacker to ...)
+ {DLA-1580-1}
- systemd 239-12 (bug #912005)
[stretch] - systemd <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1687
@@ -43981,7 +43985,7 @@ CVE-2018-3283 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3282 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1570-1 DLA-1566-1}
+ {DSA-4341-1 DLA-1570-1 DLA-1566-1}
- mariadb-10.1 1:10.1.37-1 (bug #912848)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.24-1 (bug #911221)
@@ -44060,7 +44064,7 @@ CVE-2018-3253 (Vulnerability in the Oracle Virtual Directory component of Oracle
CVE-2018-3252 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2018-3251 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1570-1}
+ {DSA-4341-1 DLA-1570-1}
- mariadb-10.1 1:10.1.37-1 (bug #912848)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.24-1 (bug #911221)
@@ -44247,7 +44251,7 @@ CVE-2018-3176 (Vulnerability in the Hyperion Common Events component of Oracle .
CVE-2018-3175 (Vulnerability in the Hyperion Common Events component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-3174 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1570-1 DLA-1566-1}
+ {DSA-4341-1 DLA-1570-1 DLA-1566-1}
- mariadb-10.1 1:10.1.37-1 (bug #912848)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.24-1 (bug #911221)
@@ -44303,7 +44307,7 @@ CVE-2018-3158 (Vulnerability in the Oracle Hospitality Cruise Fleet Management .
CVE-2018-3157 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-11 11.0.1+13-1
CVE-2018-3156 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1570-1}
+ {DSA-4341-1 DLA-1570-1}
- mariadb-10.1 1:10.1.37-1 (bug #912848)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.24-1 (bug #911221)
@@ -44346,7 +44350,7 @@ CVE-2018-3144 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3143 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1570-1}
+ {DSA-4341-1 DLA-1570-1}
- mariadb-10.1 1:10.1.37-1 (bug #912848)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.24-1 (bug #911221)
@@ -44496,7 +44500,7 @@ CVE-2018-3083
CVE-2018-3082 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOT-FOR-US: Oracle MySQL 8
CVE-2018-3081 (Vulnerability in the MySQL Client component of Oracle MySQL ...)
- {DLA-1566-1 DLA-1407-1}
+ {DSA-4341-1 DLA-1566-1 DLA-1407-1}
- mariadb-10.1 1:10.1.34-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
@@ -44533,7 +44537,7 @@ CVE-2018-3068 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources ..
CVE-2018-3067 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOT-FOR-US: Oracle MySQL 8
CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1566-1 DLA-1488-1}
+ {DSA-4341-1 DLA-1566-1 DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
@@ -44542,13 +44546,13 @@ CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-3065 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3064 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1488-1}
+ {DSA-4341-1 DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
NOTE: MariaDB: Fixed in 10.0.36, 10.1.35
CVE-2018-3063 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1566-1 DLA-1488-1}
+ {DSA-4341-1 DLA-1566-1 DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.5 <removed>
@@ -44562,7 +44566,7 @@ CVE-2018-3060 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-3059 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
NOT-FOR-US: Oracle
CVE-2018-3058 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1566-1 DLA-1488-1}
+ {DSA-4341-1 DLA-1566-1 DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
@@ -45085,7 +45089,7 @@ CVE-2018-2821 (Vulnerability in the PeopleSoft Enterprise PeopleTools component
CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1407-1 DLA-1355-1}
+ {DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45098,7 +45102,7 @@ CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1407-1 DLA-1355-1}
+ {DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45126,7 +45130,7 @@ CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1407-1 DLA-1355-1}
+ {DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45234,7 +45238,7 @@ CVE-2018-2789 (Vulnerability in the Siebel Core - Server Framework component of
CVE-2018-2788 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2787 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1407-1}
+ {DSA-4341-1 DLA-1407-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45248,7 +45252,7 @@ CVE-2018-2786 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2785 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2784 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1407-1}
+ {DSA-4341-1 DLA-1407-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45261,7 +45265,7 @@ CVE-2018-2783 (Vulnerability in the Java SE, Java SE Embedded, JRockit component
- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
- openjdk-6 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1407-1}
+ {DSA-4341-1 DLA-1407-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45269,7 +45273,7 @@ CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOTE: Fixed in MariaDB 10.0.35, 10.1.33
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1407-1 DLA-1355-1}
+ {DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45310,7 +45314,7 @@ CVE-2018-2773 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
NOT-FOR-US: Oracle
CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1407-1 DLA-1355-1}
+ {DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45326,7 +45330,7 @@ CVE-2018-2769 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1566-1 DLA-1407-1}
+ {DSA-4341-1 DLA-1566-1 DLA-1407-1}
- mariadb-10.2 <removed>
- mariadb-10.1 1:10.1.34-1
- mariadb-10.0 <removed>
@@ -45345,7 +45349,7 @@ CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOTE: Strictly speaking though the CVE would be only for Oracle MySQL, for practical
NOTE: reasons still tracking as well MariaDB here.
CVE-2018-2766 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1407-1}
+ {DSA-4341-1 DLA-1407-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45363,7 +45367,7 @@ CVE-2018-2762 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1407-1 DLA-1355-1}
+ {DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45385,7 +45389,7 @@ CVE-2018-2757
CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service ...)
NOT-FOR-US: Oracle
CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4176-1 DLA-1407-1 DLA-1355-1}
+ {DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.22-1 (bug #895997)
@@ -45602,7 +45606,7 @@ CVE-2018-2670 (Vulnerability in the Oracle Financial Services Profitability ...)
CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1407-1 DLA-1250-1}
+ {DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 1:10.1.34-1 (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -45616,7 +45620,7 @@ CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management component of ...)
NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1407-1 DLA-1250-1}
+ {DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 1:10.1.34-1 (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -45693,7 +45697,7 @@ CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1407-1 DLA-1250-1}
+ {DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 1:10.1.34-1 (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -45761,7 +45765,7 @@ CVE-2018-2624 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component
CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1407-1 DLA-1250-1}
+ {DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 1:10.1.34-1 (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -45793,7 +45797,7 @@ CVE-2018-2614 (Vulnerability in the Oracle FLEXCUBE Universal Banking component
CVE-2018-2613 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
NOT-FOR-US: Oracle
CVE-2018-2612 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DLA-1407-1}
+ {DSA-4341-1 DLA-1407-1}
- mariadb-10.1 1:10.1.34-1 (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.21-1 (bug #887477)
@@ -45954,7 +45958,7 @@ CVE-2018-2564 (Vulnerability in the Oracle WebCenter Content component of Oracle
CVE-2018-2563 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Oracle
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1 DLA-1407-1 DLA-1250-1}
+ {DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
- mariadb-10.1 1:10.1.34-1 (bug #898444)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1
@@ -50343,6 +50347,7 @@ CVE-2018-1050 (All versions of Samba from 4.0.0 onwards are vulnerable to a deni
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2018-1050.html
CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount and ...)
+ {DLA-1580-1}
- systemd 234-1
[stretch] - systemd <postponed> (Minor issue, can either be included in future DSA or point release)
[wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
@@ -58576,6 +58581,7 @@ CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injectio
CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...)
NOT-FOR-US: Thornberry NDoc
CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...)
+ {DSA-4341-1}
- mariadb-10.2 <removed> (bug #884065)
- mariadb-10.1 1:10.1.34-1 (bug #885345)
- mariadb-10.0 <undetermined>
@@ -74191,7 +74197,7 @@ CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <removed> (bug #878402)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4002-1 DLA-1407-1 DLA-1141-1}
+ {DSA-4341-1 DSA-4002-1 DLA-1407-1 DLA-1141-1}
- mariadb-10.2 <removed> (bug #884065)
- mariadb-10.1 10.1.29-1
- mariadb-10.0 <removed>
@@ -74530,7 +74536,7 @@ CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component
CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4002-1 DLA-1407-1 DLA-1141-1}
+ {DSA-4341-1 DSA-4002-1 DLA-1407-1 DLA-1141-1}
- mariadb-10.2 <removed> (bug #884065)
- mariadb-10.1 10.1.29-1
- mariadb-10.0 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe4f05f5c07040457a7e6451bbd00635b78ddf50
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe4f05f5c07040457a7e6451bbd00635b78ddf50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181120/98c87834/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list