[Git][security-tracker-team/security-tracker][master] Add new tinc issues (CVE-2018-16758, CVE-2018-16738 and CVE-2018-16737)

Salvatore Bonaccorso carnil at debian.org
Mon Oct 8 15:57:26 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
853dc267 by Salvatore Bonaccorso at 2018-10-08T14:56:25Z
Add new tinc issues (CVE-2018-16758, CVE-2018-16738 and CVE-2018-16737)

Check the notes for determining which of the two CVE-2018-16738 or
CVE-2018-16737 does apply for the respective suite.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2915,6 +2915,8 @@ CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from ...
 	NOT-FOR-US: EasyCMS
 CVE-2018-16758
 	RESERVED
+	- tinc 1.0.35-1
+	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
 CVE-2018-16757
 	RESERVED
 CVE-2018-16756
@@ -2978,8 +2980,15 @@ CVE-2018-16739
 	RESERVED
 CVE-2018-16738
 	RESERVED
+	- tinc 1.0.35-1
+	[jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
+	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
+	NOTE: This CVE is specific for tinc versions which did had mitigations put
+	NOTE: in place for the Sweet32 attack in tinc 1.0.30.
 CVE-2018-16737
 	RESERVED
+	- tinc 1.0.31-1
+	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
 CVE-2018-16736 (In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the ...)
 	NOT-FOR-US: rcfilters plugin for Roundcube
 CVE-2018-16735



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/853dc267745a1afc4e9bc2ac13a70404c917349a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/853dc267745a1afc4e9bc2ac13a70404c917349a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181008/b2378169/attachment.html>

More information about the debian-security-tracker-commits mailing list