[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 1 09:10:22 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
47bb8d64 by security tracker role at 2018-09-01T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2018-16301
+ RESERVED
+CVE-2018-16300
+ RESERVED
+CVE-2018-16299
+ RESERVED
+CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an ...)
+ TODO: check
+CVE-2018-16297
+ RESERVED
+CVE-2018-16296
+ RESERVED
+CVE-2018-16295
+ RESERVED
+CVE-2018-16294
+ RESERVED
+CVE-2018-16293
+ RESERVED
+CVE-2018-16292
+ RESERVED
+CVE-2018-16291
+ RESERVED
+CVE-2018-16290
+ RESERVED
+CVE-2018-16289
+ RESERVED
+CVE-2018-16288
+ RESERVED
+CVE-2018-16287
+ RESERVED
+CVE-2018-16286
+ RESERVED
+CVE-2018-16285
+ RESERVED
+CVE-2018-16284
+ RESERVED
+CVE-2018-16283
+ RESERVED
+CVE-2018-16282
+ RESERVED
CVE-2018-16281
RESERVED
CVE-2018-16280
@@ -1813,8 +1853,8 @@ CVE-2018-15516
RESERVED
CVE-2018-15515
RESERVED
-CVE-2018-15514
- RESERVED
+CVE-2018-15514 (HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 ...)
+ TODO: check
CVE-2018-15513
RESERVED
CVE-2018-15512
@@ -2550,16 +2590,16 @@ CVE-2018-15163
RESERVED
CVE-2018-15162
RESERVED
-CVE-2018-15161
- RESERVED
-CVE-2018-15160
- RESERVED
-CVE-2018-15159
- RESERVED
-CVE-2018-15158
- RESERVED
-CVE-2018-15157
- RESERVED
+CVE-2018-15161 (** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...)
+ TODO: check
+CVE-2018-15160 (** DISPUTED ** The libesedb_catalog_definition_read function in ...)
+ TODO: check
+CVE-2018-15159 (** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...)
+ TODO: check
+CVE-2018-15158 (** DISPUTED ** The libesedb_page_read_values function in ...)
+ TODO: check
+CVE-2018-15157 (** DISPUTED ** The libfsclfs_block_read function in libfsclfs_block.c ...)
+ TODO: check
CVE-2018-15156 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...)
NOT-FOR-US: OpenEMR
CVE-2018-15155 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 ...)
@@ -2643,7 +2683,7 @@ CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 2018.1.3
NOT-FOR-US: Telerik
CVE-2018-15121 (An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. ...)
NOT-FOR-US: Auth0 auth0-aspnet
-CVE-2018-15120 (libpango in Pango before 1.42.4, as used in hexchat and other ...)
+CVE-2018-15120 (libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other ...)
- pango1.0 1.42.4-1 (low)
[stretch] - pango1.0 <not-affected> (Vulnerable code not present)
[jessie] - pango1.0 <not-affected> (Vulnerable code not present)
@@ -3136,6 +3176,7 @@ CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before
NOTE: Fixed by: https://github.com/php/php-src/commit/0e097f2c96ce31b16fa371981045f224e5a37160
NOTE: Introduced in: https://github.com/php/php-src/commit/5146d9f8ac170d8ba7109370d732d56dc0777578
CVE-2018-14883 (An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, ...)
+ {DLA-1490-1}
- php7.2 7.2.8-1
- php7.1 7.1.20-1
- php7.0 7.0.31-1
@@ -3214,6 +3255,7 @@ CVE-2018-14853
CVE-2018-14852
RESERVED
CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...)
+ {DLA-1490-1}
- php7.2 7.2.8-1
- php7.1 7.1.20-1
- php7.0 7.0.31-1
@@ -3789,6 +3831,7 @@ CVE-2018-14624 [Server crash through modify command with large DN]
CVE-2018-14623
RESERVED
CVE-2018-14622 (A null-pointer dereference vulnerability was found in libtirpc before ...)
+ {DLA-1487-1}
[experimental] - libtirpc 1.0.2-0.1
- libtirpc <unfixed> (bug #907608)
[stretch] - libtirpc <no-dsa> (Minor issue)
@@ -8624,6 +8667,7 @@ CVE-2018-1000541
CVE-2018-1000540 (LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd ...)
NOT-FOR-US: LoboEvolution
CVE-2018-1000539 (Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper ...)
+ {DSA-4283-1}
- ruby-json-jwt 1.9.4-1 (bug #902721)
NOTE: https://github.com/nov/json-jwt/pull/62
NOTE: https://github.com/nov/json-jwt/commit/3393f394f271c87bd42ec23c300727b4437d1638
@@ -10211,19 +10255,19 @@ CVE-2018-12100 (Sonatype Nexus Repository Manager before 3.12.0 has XSS in multi
CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. ...)
- grafana <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/grafana/grafana/pull/11813
-CVE-2018-12098 (The liblnk_data_block_read function in liblnk_data_block.c in liblnk ...)
+CVE-2018-12098 (** DISPUTED ** The liblnk_data_block_read function in ...)
- liblnk 20180626-1 (bug #901962)
[stretch] - liblnk <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
NOTE: https://github.com/libyal/liblnk/commit/cb7fe0c66a5a01c19f1953fc7814c4fedfdc5785
NOTE: https://github.com/libyal/liblnk/issues/32
-CVE-2018-12097 (The liblnk_location_information_read_data function in ...)
+CVE-2018-12097 (** DISPUTED ** The liblnk_location_information_read_data function in ...)
- liblnk 20180626-1 (bug #901962)
[stretch] - liblnk <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
NOTE: https://github.com/libyal/liblnk/commit/cb7fe0c66a5a01c19f1953fc7814c4fedfdc5785
NOTE: https://github.com/libyal/liblnk/issues/32
-CVE-2018-12096 (The liblnk_data_string_get_utf8_string_size function in ...)
+CVE-2018-12096 (** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in ...)
- liblnk <unfixed> (bug #901962)
[stretch] - liblnk <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
@@ -11112,23 +11156,23 @@ CVE-2018-11733
RESERVED
CVE-2018-11732
RESERVED
-CVE-2018-11731 (The libfsntfs_mft_entry_read_attributes function in ...)
+CVE-2018-11731 (** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in ...)
- libfsntfs <unfixed> (low)
[stretch] - libfsntfs <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
-CVE-2018-11730 (The libfsntfs_security_descriptor_values_free function in ...)
+CVE-2018-11730 (** DISPUTED ** The libfsntfs_security_descriptor_values_free function ...)
- libfsntfs <unfixed> (low)
[stretch] - libfsntfs <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
-CVE-2018-11729 (The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c ...)
+CVE-2018-11729 (** DISPUTED ** The libfsntfs_mft_entry_read_header function in ...)
- libfsntfs <unfixed> (low)
[stretch] - libfsntfs <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
-CVE-2018-11728 (The libfsntfs_reparse_point_values_read_data function in ...)
+CVE-2018-11728 (** DISPUTED ** The libfsntfs_reparse_point_values_read_data function ...)
- libfsntfs <unfixed> (low)
[stretch] - libfsntfs <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
-CVE-2018-11727 (The libfsntfs_attribute_read_from_mft function in ...)
+CVE-2018-11727 (** DISPUTED ** The libfsntfs_attribute_read_from_mft function in ...)
- libfsntfs <unfixed> (low)
[stretch] - libfsntfs <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
@@ -11138,7 +11182,7 @@ CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 al
NOT-FOR-US: Libmobi
CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows ...)
NOT-FOR-US: Libmobi
-CVE-2018-11723 (The libpff_name_to_id_map_entry_read function in ...)
+CVE-2018-11723 (** DISPUTED ** The libpff_name_to_id_map_entry_read function in ...)
- libpff <unfixed> (low; bug #901967)
[stretch] - libpff <no-dsa> (Minor issue)
[jessie] - libpff <no-dsa> (Minor issue)
@@ -13529,6 +13573,7 @@ CVE-2018-10874 (In ansible it was found that inventory variables are loaded from
NOTE: https://github.com/ansible/ansible/pull/42067
NOTE: https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
CVE-2018-10873 (A vulnerability was discovered in SPICE before version 0.14.1 where ...)
+ {DLA-1489-1 DLA-1486-1}
- spice <unfixed> (bug #906315)
- spice-gtk <unfixed> (bug #906316)
NOTE: https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
@@ -18972,7 +19017,7 @@ CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in YzmCMS
NOT-FOR-US: YzmCMS
CVE-2018-8755 (NuCom WR644GACV devices before STA006 allow an attacker to download ...)
NOT-FOR-US: NuCom
-CVE-2018-8754 (The libevt_record_values_read_event() function in ...)
+CVE-2018-8754 (** DISPUTED ** The libevt_record_values_read_event() function in ...)
{DSA-4160-1}
- libevt 20180317-1 (bug #893431)
NOTE: https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734
@@ -20614,6 +20659,7 @@ CVE-2018-8041
RESERVED
NOT-FOR-US: Apache Camel Mail component
CVE-2018-8040 (Pages that are rendered using the ESI plugin can have access to the ...)
+ {DSA-4282-1}
- trafficserver 7.1.4+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/2
NOTE: https://github.com/apache/trafficserver/pull/3926
@@ -20762,12 +20808,14 @@ CVE-2018-8006 [Cross-site scripting (XSS) via QueueFilter parameter]
NOTE: Admin console not enabled in the Debian package, see #702670)
NOTE: Fixed in 5.15.5, 5.16.0
CVE-2018-8005 (When there are multiple ranges in a range request, Apache Traffic ...)
+ {DSA-4282-1}
- trafficserver 7.1.4+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/4
NOTE: https://github.com/apache/trafficserver/pull/3106
NOTE: https://github.com/apache/trafficserver/pull/3124
NOTE: https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
CVE-2018-8004 (There are multiple HTTP smuggling and cache poisoning issues when ...)
+ {DSA-4282-1}
- trafficserver 7.1.4+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/5
NOTE: https://github.com/apache/trafficserver/pull/3192
@@ -26280,12 +26328,12 @@ CVE-2018-6261
RESERVED
CVE-2018-6260
RESERVED
-CVE-2018-6259
- RESERVED
-CVE-2018-6258
- RESERVED
-CVE-2018-6257
- RESERVED
+CVE-2018-6259 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a ...)
+ TODO: check
+CVE-2018-6258 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a ...)
+ TODO: check
+CVE-2018-6257 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a ...)
+ TODO: check
CVE-2018-6256
RESERVED
CVE-2018-6255
@@ -35776,6 +35824,7 @@ CVE-2018-3068 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources ..
CVE-2018-3067 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOT-FOR-US: Oracle MySQL 8
CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
@@ -35784,11 +35833,13 @@ CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-3065 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3064 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
NOTE: MariaDB: Fixed in 10.0.36, 10.1.35
CVE-2018-3063 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.5 <removed>
@@ -35802,6 +35853,7 @@ CVE-2018-3060 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2018-3059
RESERVED
CVE-2018-3058 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1488-1}
- mariadb-10.1 1:10.1.35-1
- mariadb-10.0 <removed>
- mysql-5.7 5.7.23-1 (bug #904121)
@@ -40419,6 +40471,7 @@ CVE-2018-1320
CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause ...)
NOT-FOR-US: Apache Allura
CVE-2018-1318 (Adding method ACLs in remap.config can cause a segfault when the user ...)
+ {DSA-4282-1}
- trafficserver 7.1.4+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/3
NOTE: https://github.com/apache/trafficserver/pull/3195
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47bb8d6433015da290b88e0bbb39b9891326f1fa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47bb8d6433015da290b88e0bbb39b9891326f1fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180901/c17b576c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list