[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 15 20:10:27 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7125f939 by security tracker role at 2019-01-15T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2019-6317
+ RESERVED
+CVE-2019-6316
+ RESERVED
+CVE-2019-6315
+ RESERVED
+CVE-2019-6314
+ RESERVED
+CVE-2019-6313
+ RESERVED
+CVE-2019-6312
+ RESERVED
+CVE-2019-6311
+ RESERVED
+CVE-2019-6310
+ RESERVED
+CVE-2019-6309
+ RESERVED
+CVE-2019-6308
+ RESERVED
+CVE-2019-6307
+ RESERVED
+CVE-2019-6306
+ RESERVED
+CVE-2019-6305
+ RESERVED
+CVE-2019-6304
+ RESERVED
+CVE-2019-6303
+ RESERVED
+CVE-2019-6302
+ RESERVED
+CVE-2019-6301
+ RESERVED
+CVE-2019-6300
+ RESERVED
+CVE-2019-6299
+ RESERVED
+CVE-2019-6298
+ RESERVED
+CVE-2019-6297
+ RESERVED
+CVE-2019-6296 (Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id ...)
+ TODO: check
+CVE-2019-6295 (Cleanto 5.0 has SQL Injection via the ...)
+ TODO: check
+CVE-2019-6294 (An issue was discovered in EasyCMS 1.5. There is CSRF via the ...)
+ TODO: check
+CVE-2018-20719 (In Tiki before 17.2, the user task component is vulnerable to a SQL ...)
+ TODO: check
+CVE-2018-20718 (In Pydio before 8.2.2, an attack is possible via PHP Object Injection ...)
+ TODO: check
+CVE-2018-20717 (In the orders section of PrestaShop before 1.7.2.5, an attack is ...)
+ TODO: check
+CVE-2018-20716 (CubeCart before 6.1.13 has SQL Injection via the validate[] parameter ...)
+ TODO: check
+CVE-2018-20715 (The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL ...)
+ TODO: check
+CVE-2018-20714 (The logging system of the Automattic WooCommerce plugin before 3.4.6 ...)
+ TODO: check
+CVE-2018-20713 (Shopware before 5.4.3 allows SQL Injection by remote authenticated ...)
+ TODO: check
+CVE-2017-18358 (LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later ...)
+ TODO: check
+CVE-2017-18357 (Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort ...)
+ TODO: check
+CVE-2017-18356 (In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an ...)
+ TODO: check
CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in ...)
TODO: check
CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...)
@@ -5230,8 +5298,7 @@ CVE-2019-3813
RESERVED
CVE-2019-3812
RESERVED
-CVE-2019-3811 [sssd: fallback_homedir returns '/' for empty home directories in passwd file]
- RESERVED
+CVE-2019-3811 (A vulnerability was found in sssd. If a user was configured with no ...)
- sssd <unfixed> (bug #919051)
NOTE: Upstream ticket: https://pagure.io/SSSD/sssd/issue/3901
NOTE: Pull request: https://github.com/SSSD/sssd/pull/703
@@ -12814,31 +12881,31 @@ CVE-2018-19627 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bdc33cfaecb1b4cf2c114ed9015713ddf8569a60
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-55.html
CVE-2018-19626 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector ...)
- {DSA-4359-1}
+ {DSA-4359-1 DLA-1634-1}
- wireshark 2.6.5-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c5a65115ebab55cfd5ce0a855c2256e01cab6449
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-52.html
CVE-2018-19625 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine ...)
- {DSA-4359-1}
+ {DSA-4359-1 DLA-1634-1}
- wireshark 2.6.5-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14466
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc4d209f39132a4ae05675a11609176ae9705cfc
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-51.html
CVE-2018-19624 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector ...)
- {DSA-4359-1}
+ {DSA-4359-1 DLA-1634-1}
- wireshark 2.6.5-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15280
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3e319db1107b08fc3be804b6d449143ec9aa0dec
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-56.html
CVE-2018-19623 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector ...)
- {DSA-4359-1}
+ {DSA-4359-1 DLA-1634-1}
- wireshark 2.6.5-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-53.html
CVE-2018-19622 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector ...)
- {DSA-4359-1}
+ {DSA-4359-1 DLA-1634-1}
- wireshark 2.6.5-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15250
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b7555d32d11862f0e500ec466ad6bfe54190076
@@ -22852,8 +22919,7 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express
- qemu-kvm <not-affected> (support for Controller Memory Buffers added later)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce
-CVE-2018-16846 [ListBucket max-keys has no defined limit in the RGW codebase]
- RESERVED
+CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated ceph ...)
- ceph <undetermined>
NOTE: http://tracker.ceph.com/issues/35994
NOTE: https://github.com/ceph/ceph/commit/ab29bed2fc9f961fe895de1086a8208e21ddaddc
@@ -24920,13 +24986,13 @@ CVE-2018-16060
CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow ...)
NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
- {DSA-4315-1}
+ {DSA-4315-1 DLA-1634-1}
- wireshark 2.6.3-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html
CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
- {DSA-4315-1}
+ {DSA-4315-1 DLA-1634-1}
- wireshark 2.6.3-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5
@@ -37198,6 +37264,7 @@ CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-30.html
CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC ...)
+ {DLA-1634-1}
- wireshark 2.6.1-1 (bug #900708)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703
@@ -37210,12 +37277,14 @@ CVE-2018-11358 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.9
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ccb1ac3c8cec47fbbbf2e80ced80644005c65252
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-31.html
CVE-2018-11357 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP ...)
+ {DLA-1634-1}
- wireshark 2.6.1-1 (bug #900708)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ab8a33ef083b9732c89117747a83a905a676faf6
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-28.html
CVE-2018-11356 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS ...)
+ {DLA-1634-1}
- wireshark 2.6.1-1 (bug #900708)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
@@ -42669,24 +42738,25 @@ CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b0228945dc74ee82d2ab4a4e7af2bdfe7b75910
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a ...)
- {DLA-1388-1}
+ {DLA-1634-1 DLA-1388-1}
- wireshark 2.4.6-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14485
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0fbc50f9b9219be54d6db47f04b65af19696a7c7
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
- {DLA-1388-1}
+ {DLA-1634-1 DLA-1388-1}
- wireshark 2.4.6-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9268 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
- {DLA-1388-1}
+ {DLA-1634-1 DLA-1388-1}
- wireshark 2.4.6-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14483
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c69d710d2bf39fe633800db65efddf55701131b6
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9267 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ {DLA-1634-1}
- wireshark 2.4.6-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14482
@@ -42700,6 +42770,7 @@ CVE-2018-9266 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9d3714e767cb104dcfa1647935fa5960b16bb8e1
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9265 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+ {DLA-1634-1}
- wireshark 2.4.6-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14480
@@ -42714,12 +42785,13 @@ CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissecto
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0290a62be0fca8da9bb190f59dc1fe26c1d65024
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-16.html
CVE-2018-9263 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector ...)
- {DLA-1388-1}
+ {DLA-1634-1 DLA-1388-1}
- wireshark 2.4.6-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-23.html
CVE-2018-9262 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector ...)
+ {DLA-1634-1}
- wireshark 2.4.6-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14469
@@ -42732,12 +42804,13 @@ CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissect
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66bc372716e04d6a8afdf6712583c9b5d11fee55
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-18.html
CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 ...)
- {DLA-1388-1}
+ {DLA-1634-1 DLA-1388-1}
- wireshark 2.4.6-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-17.html
CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector ...)
+ {DLA-1634-1}
- wireshark 2.4.6-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
@@ -42758,6 +42831,7 @@ CVE-2018-9257 (In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an .
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-22.html
CVE-2018-9256 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector ...)
+ {DLA-1634-1}
- wireshark 2.4.6-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467
@@ -47738,7 +47812,7 @@ CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissecto
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e8be5adae469ba563acfad2c2b98673e1afaf901
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7420 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser ...)
- {DLA-1353-1}
+ {DLA-1634-1 DLA-1353-1}
- wireshark 2.4.5-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14403
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=129e41f9f63885ad8224ef413c2860788fb9e849
@@ -47750,13 +47824,13 @@ CVE-2018-7419 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissect
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bebd3a1f50b0a27738d8d3da5b33c1b392eb7273
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-14.html
CVE-2018-7418 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector ...)
- {DLA-1353-1}
+ {DLA-1634-1 DLA-1353-1}
- wireshark 2.4.5-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14410
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=29d920b8309905dda11ad397596fe8aafc9b4bf7
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-13.html
CVE-2018-7417 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector ...)
- {DLA-1353-1}
+ {DLA-1634-1 DLA-1353-1}
- wireshark 2.4.5-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14409
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81216a176b25dd8a616e11808a951e141a467009
@@ -47985,7 +48059,7 @@ CVE-2018-7337 (In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-08.html
CVE-2018-7336 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol ...)
- {DLA-1353-1}
+ {DLA-1634-1 DLA-1353-1}
- wireshark 2.4.5-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c
@@ -48017,6 +48091,7 @@ CVE-2018-7332 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7331 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ {DLA-1634-1}
- wireshark 2.4.5-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444
@@ -48061,26 +48136,27 @@ CVE-2018-7326 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=293b999425e998d6cde0d9149648e421ea7687d0
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7325 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ {DLA-1634-1}
- wireshark 2.4.5-1 (low)
[wheezy] - wireshark <not-affected> (vulnerable code introduced later)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7be234d06ea39ab6a88115ae41d71060f1f15e3c
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7324 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- {DLA-1353-1}
+ {DLA-1634-1 DLA-1353-1}
- wireshark 2.4.5-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14413
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9e7695bbee18525eaa6d12b32230313ae8a36a81
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7323 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- {DLA-1353-1}
+ {DLA-1634-1 DLA-1353-1}
- wireshark 2.4.5-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14412
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f9199ea8cff56c6704e9828c3d80360b27c4565
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5d45b69b590cabc5127282d1ade3bca1598e5f5c
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7322 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- {DLA-1353-1}
+ {DLA-1634-1 DLA-1353-1}
- wireshark 2.4.5-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14411
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afc780e2c796e971bb7d164103f4f0d10d3c25b5
@@ -58455,6 +58531,7 @@ CVE-2017-17999 (SQL injection vulnerability in RISE Ultimate Project Manager 1.9
CVE-2017-17998
RESERVED
CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL ...)
+ {DLA-1634-1}
- wireshark 2.4.0-1
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-02.html
@@ -59151,6 +59228,7 @@ CVE-2018-3601 (A password hash usage authentication bypass vulnerability in Tren
CVE-2018-3600 (A external entity processing information disclosure (XXE) ...)
NOT-FOR-US: Trend Micro
CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wireshark ...)
+ {DLA-1634-1}
- wireshark 2.4.4-1 (bug #885831)
[wheezy] - wireshark <ignored> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295
@@ -64188,8 +64266,8 @@ CVE-2018-1774 (IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerab
NOT-FOR-US: IBM
CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an ...)
NOT-FOR-US: IBM
-CVE-2018-1772
- RESERVED
+CVE-2018-1772 (IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site ...)
+ TODO: check
CVE-2018-1771 (IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands ...)
NOT-FOR-US: IBM
CVE-2018-1770 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
@@ -75704,6 +75782,7 @@ CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT disse
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-42.html
CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the ...)
+ {DLA-1634-1}
- wireshark 2.4.2-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068
@@ -80091,6 +80170,7 @@ CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissecto
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-39.html
CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM ...)
+ {DLA-1634-1}
- wireshark 2.4.1-1
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929
@@ -87325,6 +87405,7 @@ CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML .
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3c7168cc5f044b4da8747d35da0b2b204dabf398
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html
CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a ...)
+ {DLA-1634-1}
- wireshark 2.2.0~rc1+g438c022-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13603
@@ -87341,12 +87422,14 @@ CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissec
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-34.html
CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could ...)
+ {DLA-1634-1}
- wireshark 2.4.0-1 (low; bug #870172)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4e54dae7f0d7840836ee6d5ce1e688f152ab2978
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html
CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector ...)
+ {DLA-1634-1}
- wireshark 2.4.0-1 (bug #870172)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797
@@ -91944,6 +92027,7 @@ CVE-2017-9768
CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali ...)
NOT-FOR-US: Quali CloudShell
CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows ...)
+ {DLA-1634-1}
- wireshark 2.4.0-1 (low; bug #870175)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
@@ -98486,12 +98570,14 @@ CVE-2017-7748 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissecto
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581
CVE-2017-7747 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector ...)
+ {DLA-1634-1}
- wireshark 2.2.6+g32dac6a-1
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-18.html
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5cfd52d6629cf8a7ab67c6bacd3431a964f43584
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559
CVE-2017-7746 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector ...)
+ {DLA-1634-1}
- wireshark 2.2.6+g32dac6a-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-19.html
@@ -98614,6 +98700,7 @@ CVE-2017-7704 (In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an .
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8
CVE-2017-7703 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector ...)
+ {DLA-1634-1}
- wireshark 2.2.6+g32dac6a-1 (low)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-12.html
@@ -98637,7 +98724,7 @@ CVE-2017-7701 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissecto
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13557
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=fa31f69b407436d0946f84baa0acdcc50962bf7a
CVE-2017-7700 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file ...)
- {DLA-858-1}
+ {DLA-1634-1 DLA-858-1}
- wireshark 2.2.6+g32dac6a-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-14.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478
@@ -101406,8 +101493,7 @@ CVE-2017-6930 (In Drupal versions 8.4.x versions before 8.4.5 when using node ac
CVE-2017-6926 (In Drupal versions 8.4.x versions before 8.4.5 users with permission ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/sa-core-2018-001
-CVE-2017-6925 [Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass]
- RESERVED
+CVE-2017-6925 (In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/SA-CORE-2017-004
CVE-2017-6924 [REST API can bypass comment approval - Access Bypass]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7125f939bd325af344532a76090f907b35ed5012
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7125f939bd325af344532a76090f907b35ed5012
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190115/9e142535/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list