[Git][security-tracker-team/security-tracker][master] new opensc issues

Moritz Muehlenhoff jmm at debian.org
Tue Sep 4 19:41:25 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d4cbcca by Moritz Muehlenhoff at 2018-09-04T18:41:01Z
new opensc issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114,7 +114,7 @@ CVE-2018-16412 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in th
 CVE-2018-16411
 	RESERVED
 CVE-2018-16410 (Vanilla before 2.6.1 allows SQL injection via an invitationID array to ...)
-	TODO: check
+	NOT-FOR-US: Vanilla
 CVE-2018-16409 (In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET ...)
 	NOT-FOR-US: Go Git Service
 CVE-2018-16408 (D-Link DIR-846 devices with firmware 100.26 allow remote attackers to ...)
@@ -144,7 +144,7 @@ CVE-2018-16400
 CVE-2018-16399
 	RESERVED
 CVE-2018-16398 (In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as ...)
-	TODO: check
+	NOT-FOR-US: Twistlock AuthZ Broker
 CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2018-16396
@@ -154,11 +154,17 @@ CVE-2018-16395
 CVE-2018-16394
 	RESERVED
 CVE-2018-16393 (Several buffer overflows when handling responses from a Gemsafe V1 ...)
-	TODO: check
+	- opensc <unfixed> (low)
+	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
 CVE-2018-16392 (Several buffer overflows when handling responses from a TCOS Card in ...)
-	TODO: check
+	- opensc <unfixed> (low)
+	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b2a356323a9ff2024d041cf2d7e89dd3
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
 CVE-2018-16391 (Several buffer overflows when handling responses from a Muscle Card in ...)
-	TODO: check
+	- opensc <unfixed> (low)
+	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
 CVE-2018-16390
 	RESERVED
 CVE-2018-16389



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d4cbcca8fd8ab8afba9880b7bfbc094bdcfb9d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d4cbcca8fd8ab8afba9880b7bfbc094bdcfb9d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180904/2655cdf8/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list