[Git][security-tracker-team/security-tracker][master] Merge changes included in 9.8 point release
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 16 10:09:25 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4999854a by Salvatore Bonaccorso at 2019-02-16T10:09:10Z
Merge changes included in 9.8 point release
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6311,7 +6311,7 @@ CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configur
[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
- twitter-bootstrap3 3.4.0+dfsg-1
- [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
NOTE: https://github.com/twbs/bootstrap/issues/27045
NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
@@ -6323,7 +6323,7 @@ CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-v
[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
- twitter-bootstrap3 3.4.0+dfsg-1
- [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
NOTE: https://github.com/twbs/bootstrap/issues/27044
NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
@@ -6337,7 +6337,7 @@ CVE-2018-20674 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before ...)
CVE-2016-10735 (In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is ...)
- twitter-bootstrap4 <not-affected> (Fixed before initial upload to Debian)
- twitter-bootstrap3 3.4.0+dfsg-1
- [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
NOTE: https://github.com/twbs/bootstrap/commit/bcad4bcb5f5a9ef079b2883a48a698b35261e083 (v4.0.0-beta.2)
NOTE: https://github.com/twbs/bootstrap/commit/29f9237f735b90dbc89e003db0c62dec2db0b308 (v3.4.0)
@@ -11790,14 +11790,14 @@ CVE-2018-20453 (The getlong function in numutils.c in libdoc through 2017-10-23
NOTE: Crash in CLI tool, no security impact
CVE-2018-20452 (The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid ...)
- r-cran-readxl 1.2.0.9000-1 (bug #919324)
- [stretch] - r-cran-readxl <no-dsa> (Minor issue)
+ [stretch] - r-cran-readxl 0.1.1-1+deb9u2
NOTE: https://github.com/evanmiller/libxls/issues/35
CVE-2018-20451 (The process_file function in reader.c in libdoc through 2017-10-23 has ...)
- catdoc <unfixed> (unimportant; bug #919526)
NOTE: Crash in CLI tool, no security impact
CVE-2018-20450 (The read_MSAT function in ole.c in libxls 1.4.0 has a double free that ...)
- r-cran-readxl 1.2.0.9000-1 (bug #919324)
- [stretch] - r-cran-readxl <no-dsa> (Minor issue)
+ [stretch] - r-cran-readxl 0.1.1-1+deb9u2
NOTE: https://github.com/evanmiller/libxls/issues/34
CVE-2018-20449
RESERVED
@@ -11834,7 +11834,7 @@ CVE-2018-20434
CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in ...)
{DLA-1621-1}
- c3p0 0.9.1.2-10 (bug #917257)
- [stretch] - c3p0 <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - c3p0 0.9.1.2-9+deb9u1
NOTE: https://github.com/zhutougg/c3p0/commit/2eb0ea97f745740b18dd45e4a909112d4685f87b
CVE-2018-20432
RESERVED
@@ -22071,17 +22071,17 @@ CVE-2018-19201
CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c allows ...)
{DLA-1581-1}
- uriparser 0.9.0-1 (bug #913817)
- [stretch] - uriparser <no-dsa> (Minor issue)
+ [stretch] - uriparser 0.8.4-1+deb9u1
NOTE: https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539
CVE-2018-19199 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an ...)
{DLA-1581-1}
- uriparser 0.9.0-1 (bug #913817)
- [stretch] - uriparser <no-dsa> (Minor issue)
+ [stretch] - uriparser 0.8.4-1+deb9u1
NOTE: https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f
CVE-2018-19198 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an ...)
{DLA-1581-1}
- uriparser 0.9.0-1 (bug #913817)
- [stretch] - uriparser <no-dsa> (Minor issue)
+ [stretch] - uriparser 0.8.4-1+deb9u1
NOTE: https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e
CVE-2018-19207 (The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before ...)
NOT-FOR-US: WordPress plugin wp-gdpr-compliance
@@ -22799,7 +22799,7 @@ CVE-2018-18899
CVE-2018-18898
RESERVED
- libemail-address-list-perl 0.06-1
- [stretch] - libemail-address-list-perl <no-dsa> (Minor issue)
+ [stretch] - libemail-address-list-perl 0.05-1+deb9u1
[jessie] - libemail-address-list-perl <ignored> (Minor issue)
NOTE: https://github.com/bestpractical/email-address-list/commit/a22e6b233443fe3ad1a408e50ecbd7237674817d
NOTE: https://github.com/bestpractical/email-address-list/commit/6dd5021a6e5df2e8c86a163dc2e180a76a38e63b
@@ -25461,7 +25461,7 @@ CVE-2018-17943
CVE-2018-17942 (The convert_to_decimal function in vasnprintf.c in Gnulib before ...)
{DLA-1543-1}
- gnulib 20140202+stable-3.1 (low; bug #910757)
- [stretch] - gnulib <no-dsa> (Minor issue)
+ [stretch] - gnulib 20140202+stable-2+deb9u1
NOTE: pspp affecting bug: https://savannah.gnu.org/bugs/?func=detailitem&item_id=54686
NOTE: https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html
NOTE: https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35
@@ -28156,7 +28156,7 @@ CVE-2018-16850 (postgresql before versions 11.1, 10.6 is vulnerable to a to SQL
NOTE: Fixed in 11.1, 10.6
CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH private ...)
- mistral 7.0.0-2 (low; bug #912714)
- [stretch] - mistral <no-dsa> (Minor issue)
+ [stretch] - mistral 3.0.0-4+deb9u1
NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
CVE-2018-16848
RESERVED
@@ -29171,7 +29171,7 @@ CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions &l
CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...)
{DLA-1585-1}
- ruby-rack 1.6.4-6 (bug #913005)
- [stretch] - ruby-rack <no-dsa> (Minor issue)
+ [stretch] - ruby-rack 1.6.4-4+deb9u1
NOTE: Fixed by: https://github.com/rack/rack/commit/e5d58031b766e49687157b45edab1b8457d972bd (master)
NOTE: Fixed by: https://github.com/rack/rack/commit/313dd6a05a5924ed6c82072299c53fed09e39ae7 (2.0.6)
NOTE: Fixed by: https://github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594 (1.6.11)
@@ -33764,7 +33764,7 @@ CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1.
NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813
CVE-2018-14644 (An issue has been found in PowerDNS Recursor from 4.0.0 up to and ...)
- pdns-recursor 4.1.7-1 (bug #913162)
- [stretch] - pdns-recursor <no-dsa> (Minor issue)
+ [stretch] - pdns-recursor 4.0.4-1+deb9u4
[jessie] - pdns-recursor <ignored> (Minor issue)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
NOTE: https://downloads.powerdns.com/patches/2018-07/
@@ -33829,7 +33829,7 @@ CVE-2018-14626 (PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and Po
[stretch] - pdns <not-affected> (Vulnerable code present only in >= 4.1.0)
[jessie] - pdns <not-affected> (Vulnerable code not present)
- pdns-recursor 4.1.7-1 (bug #913162)
- [stretch] - pdns-recursor <no-dsa> (Minor issue)
+ [stretch] - pdns-recursor 4.0.4-1+deb9u4
[jessie] - pdns-recursor <not-affected> (Vulnerable code not present)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
NOTE: https://downloads.powerdns.com/patches/2018-05/
@@ -35477,7 +35477,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container
[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
- [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
NOTE: https://github.com/twbs/bootstrap/issues/26423
@@ -35504,7 +35504,7 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-
[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
- [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
NOTE: https://github.com/twbs/bootstrap/issues/26423
NOTE: https://github.com/twbs/bootstrap/issues/26625
@@ -39141,6 +39141,7 @@ CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in
NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 for Perl ...)
- libemail-address-perl 1.912-1 (unimportant; bug #901873)
+ [stretch] - libemail-address-perl 1.908-1+deb9u1
NOTE: Possibility of DoS vs. usability issue for Email::Address
NOTE: https://github.com/Perl-Email-Project/Email-Address/issues/19
NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
@@ -42937,13 +42938,13 @@ CVE-2018-11238
RESERVED
CVE-2018-11237 (An AVX-512-optimized implementation of the mempcpy function in the GNU ...)
- glibc 2.27-4 (low; bug #899070)
- [stretch] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23196
CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 ...)
- glibc 2.27-4 (low; bug #899071)
- [stretch] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22786
@@ -42985,7 +42986,7 @@ CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in ...)
- glibc 2.27-3
- [stretch] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <not-affected> (Vulnerable code not present)
- eglibc <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22644
@@ -44121,10 +44122,10 @@ CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the avail
NOTE: https://pagure.io/SSSD/sssd/issue/3766
CVE-2018-10851 (PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and ...)
- pdns 4.1.5-1 (bug #913163)
- [stretch] - pdns <no-dsa> (Minor issue; will be fixed via point release)
+ [stretch] - pdns 4.0.3-1+deb9u3
[jessie] - pdns <ignored> (Minor issue)
- pdns-recursor 4.1.7-1 (bug #913162)
- [stretch] - pdns-recursor <no-dsa> (Minor issue)
+ [stretch] - pdns-recursor 4.0.4-1+deb9u4
[jessie] - pdns-recursor <ignored> (Minor issue)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html
NOTE: https://downloads.powerdns.com/patches/2018-03/
@@ -48784,7 +48785,7 @@ CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when ...)
{DLA-1412-1 DLA-1387-1}
- cups 2.2.6-1
- [stretch] - cups <no-dsa> (Minor issue)
+ [stretch] - cups 2.2.1-8+deb9u3
NOTE: https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
NOTE: https://github.com/apple/cups/issues/5143
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...)
@@ -61601,7 +61602,7 @@ CVE-2018-4701
CVE-2018-4700 [Linux session cookies used a predictable random number seed]
RESERVED
- cups 2.2.10-1 (bug #915909)
- [stretch] - cups <no-dsa> (Minor issue)
+ [stretch] - cups 2.2.1-8+deb9u3
[jessie] - cups <no-dsa> (Minor issue)
NOTE: https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c (2.2.10)
NOTE: https://github.com/apple/cups/commit/b9ff93ce913ff633a3f667317e5a81fa7fe0d5d3 (2.3b6)
@@ -71730,14 +71731,14 @@ CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a ..
NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
CVE-2017-1000409 (A buffer overflow in glibc 2.5 (released on September 29, 2006) and ...)
- glibc 2.25-5 (bug #884133)
- [stretch] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
CVE-2017-1000408 (A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...)
- glibc 2.25-5 (bug #884132)
- [stretch] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -72415,7 +72416,7 @@ CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability .
NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
CVE-2018-1046 (pdns before version 4.1.2 is vulnerable to a buffer overflow in ...)
- pdns 4.1.2-1 (bug #898255)
- [stretch] - pdns <no-dsa> (local DoS when parsing untrusted files)
+ [stretch] - pdns 4.0.3-1+deb9u3
[jessie] - pdns <not-affected> (Vulnerable code not present)
[wheezy] - pdns <not-affected> (Vulnerable code not present)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html
@@ -74563,7 +74564,7 @@ CVE-2017-16998
REJECTED
CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ...)
- glibc 2.25-6 (bug #884615)
- [stretch] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -76980,7 +76981,7 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul
{DSA-4059-1 DLA-1201-1}
- libxcursor 1:1.1.14-3.1 (bug #883792)
- wayland 1.14.0-2 (bug #889681)
- [stretch] - wayland <no-dsa> (Minor issue)
+ [stretch] - wayland 1.12.0-1+deb9u1
[jessie] - wayland <no-dsa> (Minor issue)
[wheezy] - wayland <not-affected> (vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
@@ -79413,7 +79414,7 @@ CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware 2.1.7
NOT-FOR-US: Cisco
CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...)
- glibc 2.25-3 (low; bug #879955)
- [stretch] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed> (low)
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -79740,7 +79741,7 @@ CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4
CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...)
[experimental] - glibc 2.26-0experimental0
- glibc 2.25-3 (low; bug #879500)
- [stretch] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed> (low)
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -79749,7 +79750,7 @@ CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or l
CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an ...)
[experimental] - glibc 2.26-0experimental0
- glibc 2.25-3 (low; bug #879501)
- [stretch] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed> (low)
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -160022,6 +160023,7 @@ CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows rem
- opensmtpd 5.7.3p1-1 (bug #800787)
CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...)
- libemail-address-perl 1.912-1 (bug #868170; unimportant)
+ [stretch] - libemail-address-perl 1.908-1+deb9u1
[jessie] - libemail-address-perl <no-dsa> (Minor issue)
[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
@@ -181315,7 +181317,7 @@ CVE-2015-4467 (The chmd_init_decomp function in chmd.c in libmspack before 0.5 d
NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-9275 (ARC 5.21q allows directory traversal via a full pathname in an archive ...)
- arc 5.21q-6 (low; bug #774527)
- [stretch] - arc <ignored> (Minor issue)
+ [stretch] - arc 5.21q-4+deb9u1
[jessie] - arc <ignored> (Minor issue)
[wheezy] - arc <no-dsa> (Minor issue)
[squeeze] - arc <no-dsa> (Minor issue)
@@ -186754,7 +186756,7 @@ CVE-2014-8146 (The resolveImplicitLevels function in common/ubidi.c in the Unico
CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 ...)
{DSA-3112-1 DLA-128-1}
- sox 14.4.2-2 (bug #773720)
- [stretch] - sox <no-dsa> (Minor issue, will be fixed via point release)
+ [stretch] - sox 14.4.1-5+deb9u1
NOTE: The two needed patches were added in 14.4.1-5 but not to the series file
NOTE: so the patches got not applied during build.
CVE-2014-8144 (Cross-site request forgery (CSRF) vulnerability in doorkeeper before ...)
@@ -251650,7 +251652,7 @@ CVE-2011-2768 (Tor before 0.2.2.34, when configured as a client or bridge, sends
CVE-2011-2767 (mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl ...)
{DLA-1507-1}
- libapache2-mod-perl2 2.0.10-3 (bug #644169)
- [stretch] - libapache2-mod-perl2 <no-dsa> (Minor issue, can be fixed via point release)
+ [stretch] - libapache2-mod-perl2 2.0.10-2+deb9u1
NOTE: https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=126984
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1623265#c3
=====================================
data/next-point-update.txt
=====================================
@@ -1,77 +1,3 @@
-CVE-2017-16612
- [stretch] - wayland 1.12.0-1+deb9u1
-CVE-2018-16849
- [stretch] - mistral 3.0.0-4+deb9u1
-CVE-2018-19200
- [stretch] - uriparser 0.8.4-1+deb9u1
-CVE-2018-19199
- [stretch] - uriparser 0.8.4-1+deb9u1
-CVE-2018-19198
- [stretch] - uriparser 0.8.4-1+deb9u1
-CVE-2011-2767
- [stretch] - libapache2-mod-perl2 2.0.10-2+deb9u1
-CVE-2018-16471
- [stretch] - ruby-rack 1.6.4-4+deb9u1
-CVE-2018-1046
- [stretch] - pdns 4.0.3-1+deb9u3
-CVE-2018-10851
- [stretch] - pdns 4.0.3-1+deb9u3
-CVE-2018-10851
- [stretch] - pdns-recursor 4.0.4-1+deb9u4
-CVE-2018-14626
- [stretch] - pdns-recursor 4.0.4-1+deb9u4
-CVE-2018-14644
- [stretch] - pdns-recursor 4.0.4-1+deb9u4
-CVE-2017-18248
- [stretch] - cups 2.2.1-8+deb9u3
-CVE-2018-4700
- [stretch] - cups 2.2.1-8+deb9u3
-CVE-2018-20433
- [stretch] - c3p0 0.9.1.2-9+deb9u1
-CVE-2017-15670
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2017-15671
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2017-15804
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2017-1000408
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2017-1000409
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2017-16997
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2017-18269
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2018-11236
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2018-11237
- [stretch] - glibc 2.24-11+deb9u4
-CVE-2016-10735
- [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
-CVE-2018-14040
- [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
-CVE-2018-14042
- [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
-CVE-2018-20676
- [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
-CVE-2018-20677
- [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
-CVE-2018-20450
- [stretch] - r-cran-readxl 0.1.1-1+deb9u2
-CVE-2018-20452
- [stretch] - r-cran-readxl 0.1.1-1+deb9u2
-CVE-2014-8145
- [stretch] - sox 14.4.1-5+deb9u1
-CVE-2015-9275
- [stretch] - arc 5.21q-4+deb9u1
-CVE-2018-18898
- [stretch] - libemail-address-list-perl 0.05-1+deb9u1
-CVE-2015-7686
- [stretch] - libemail-address-perl 1.908-1+deb9u1
-CVE-2018-12558
- [stretch] - libemail-address-perl 1.908-1+deb9u1
-CVE-2018-17942
- [stretch] - gnulib 20140202+stable-2+deb9u1
CVE-2017-12424
[stretch] - shadow 1:4.4-4.1+deb9u1
CVE-2015-9261 [busybox: pointer misuse unziping files]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4999854a28a7d2d13c92232fc219ed45118980f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4999854a28a7d2d13c92232fc219ed45118980f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190216/c91bd63b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list