[Git][security-tracker-team/security-tracker][master] Add reference to reported bug for glusterfs

Salvatore Bonaccorso carnil at debian.org
Wed Sep 19 21:21:14 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5673d80 by Salvatore Bonaccorso at 2018-09-19T20:20:38Z
Add reference to reported bug for glusterfs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15753,20 +15753,20 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its .
 	- cobbler <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/9
 CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
 	NOTE: https://review.gluster.org/21068
 CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
 CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
 CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
 CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
 CVE-2018-10925 (It was discovered that PostgreSQL versions before 10.5, 9.6.10, ...)
 	{DSA-4269-1}
@@ -15786,7 +15786,7 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client
 	NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4
 	NOTE: https://review.gluster.org/20723
 CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
 	NOTE: https://review.gluster.org/21069
 CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted input file, ...)
@@ -15825,17 +15825,17 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien
 	NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5
 	NOTE: https://www.postgresql.org/about/news/1878/
 CVE-2018-10914 (It was found that an attacker could issue a xattr request via ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
 	NOTE: https://review.gluster.org/21071
 CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
 	NOTE: https://review.gluster.org/21071
 CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop ...)
 	NOT-FOR-US: Keycloak
 CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
 	NOTE: https://review.gluster.org/21067
 CVE-2018-10910 [ailure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices]
@@ -15852,7 +15852,7 @@ CVE-2018-10909
 CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on ...)
 	NOT-FOR-US: ovirt
 CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
 	NOTE: https://review.gluster.org/21070
 CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is ...)
@@ -15864,7 +15864,7 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i
 CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper ...)
 	NOT-FOR-US: Red Hat CloudForms Management Engine
 CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file ...)
-	- glusterfs <unfixed>
+	- glusterfs <unfixed> (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
 	NOTE: https://review.gluster.org/21072
 CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1.9.0 and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5673d80d8dfa8f2b2c6c6b2d6363dd1923252e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5673d80d8dfa8f2b2c6c6b2d6363dd1923252e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180919/b3f71b14/attachment.html>

More information about the debian-security-tracker-commits mailing list