[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 26 09:10:34 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cec20b7e by security tracker role at 2018-10-26T08:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,10 @@
-CVE-2018-18655 [information disclosure]
+CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI ...)
+ TODO: check
+CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup Appliance ...)
+ TODO: check
+CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a user's ...)
- prayer <unfixed> (bug #911842)
-CVE-2018-18654 [package build vulnerable to insecure use of /tmp]
+CVE-2018-18654 (Crossroads 2.81 does not properly handle the /tmp directory during a ...)
- crossroads <unfixed> (unimportant; bug #911877)
NOTE: Issue exploitable only during build of package
CVE-2018-18651 (An issue was discovered in Xpdf 4.00. catalog->getNumPages() in ...)
@@ -1937,8 +1941,8 @@ CVE-2018-17906
RESERVED
CVE-2018-17905
RESERVED
-CVE-2018-17904
- RESERVED
+CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This ...)
+ TODO: check
CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
NOT-FOR-US: SAGA1-L8B
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All ...)
@@ -9682,8 +9686,8 @@ CVE-2018-14667
RESERVED
CVE-2018-14666
RESERVED
-CVE-2018-14665 [Privilege escalation and file overwrite in X.Org X server]
- RESERVED
+CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An incorrect ...)
+ {DSA-4328-1}
- xorg-server 2:1.20.3-1
NOTE: Introduced by: https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7d04d47814a5b3a9fdd162249fea74c (1.19.0)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
@@ -15614,7 +15618,7 @@ CVE-2018-12386 (A vulnerability in register allocation in JavaScript can lead to
- firefox-esr 60.2.2esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used for SSL ...)
- {DSA-4304-1}
+ {DSA-4327-1 DSA-4304-1}
- firefox 62.0.2-1
- firefox-esr 60.2.1esr-1
- thunderbird 1:60.2.1-1
@@ -15631,7 +15635,7 @@ CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible Cli
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set a ...)
- {DSA-4304-1}
+ {DSA-4327-1 DSA-4304-1}
- firefox 62.0-1
- firefox-esr 60.2.1esr-1
- thunderbird 1:60.2.1-1
@@ -15649,6 +15653,7 @@ CVE-2018-12381 (Manually dragging and dropping an Outlook email message into the
CVE-2018-12380
RESERVED
CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains a very ...)
+ {DSA-4327-1}
- firefox 62.0-1 (unimportant)
- firefox-esr 60.2.0esr-1 (unimportant)
[stretch] - firefox-esr 60.2.0esr-1~deb9u2
@@ -15657,7 +15662,7 @@ CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index is ...)
- {DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -15665,7 +15670,7 @@ CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378
CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver timers ...)
- {DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -15673,7 +15678,7 @@ CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver tim
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377
CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...)
- {DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -41906,6 +41911,7 @@ CVE-2018-3216
CVE-2018-3215 (Vulnerability in the Oracle Endeca Information Discovery Integrator ...)
NOT-FOR-US: Oracle
CVE-2018-3214 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
CVE-2018-3213 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
@@ -41984,6 +41990,7 @@ CVE-2018-3185 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-3184 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion ...)
NOT-FOR-US: Oracle
CVE-2018-3183 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4326-1}
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
@@ -41993,6 +42000,7 @@ CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-3181 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
NOT-FOR-US: Oracle
CVE-2018-3180 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -42026,6 +42034,7 @@ CVE-2018-3170 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3169 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -42078,6 +42087,7 @@ CVE-2018-3150 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-10 10.0.2+13-2
- openjdk-11 11.0.1+13-1
CVE-2018-3149 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -42107,6 +42117,7 @@ CVE-2018-3141 (Vulnerability in the Hyperion Essbase Administration Services ...
CVE-2018-3140 (Vulnerability in the Hyperion Essbase Administration Services ...)
NOT-FOR-US: Oracle
CVE-2018-3139 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -42118,6 +42129,7 @@ CVE-2018-3137 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3136 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
+ {DSA-4326-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -52836,6 +52848,7 @@ CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500 all
CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500 allows ...)
NOT-FOR-US: Zoho
CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...)
+ {DSA-4327-1}
- firefox 62.0-1 (unimportant)
- firefox-esr 60.2.0esr-1 (unimportant)
[stretch] - firefox-esr 60.2.0esr-1~deb9u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec20b7eb7267f16b8aa1b3729412a6f5ab3a5c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec20b7eb7267f16b8aa1b3729412a6f5ab3a5c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181026/3931d50a/attachment.html>
More information about the debian-security-tracker-commits
mailing list